How well do Samsung, Xiaomi, and Oppo protect your privacy?
Samsung, Xiaomi, Oppo, Realme, OnePlus, in fact, every single Android manufacturer is directly connected to Google when it comes to the mobile operating system as well as its implementation of privacy features. Hence, can we really trust them to protect our personal data?
Do you feel the same way as well? The tides do seem to be turning, where public opinion is becoming more and more interested in privacy and data protection. However, don't you think that it is a little bit silly to count on Google (or Apple), and the rest of the GAFAM, to regulate itself without encroaching on our privacy?
And isn't it even more ridiculous, that on the Android side, to think that software manufacturers who are dependent on Google will be more respectful of your data than to each other? Isn't your privacy in danger of being relegated to the status of an afterthought without any actual significance, such as a 2MP macro sensor that makes up part of a smartphone's hardware specifications simply to pad it up?
Google collects our data all the time and we can't do anything about it
Google and Apple are constantly collecting data from your smartphone which is then sent to their respective servers on a regular basis - even when you are not using the device. On Android, such data collection would nevertheless be on a far larger scale than on iOS.
In a study that was published on March 25 and conducted by Douglas J. Leith, who is a computer security researcher at Trinity College Dublin, he compared data collection and transfer on both Android and iOS platforms.
According to the results that was first reported by ArsTechnica, it turned out that while both iOS and Android do collect data non-stop on devices, Google's mobile operating system collects about 20 times more data than its Apple counterpart.
According to Douglas Leith, both iOS and Android transmit so-called "telemetry" data to their parent company, even when the user is not logged in or has explicitly configured their privacy settings to remain opted out from such an exercise.
This telemetric data concerns the insertion of a SIM card, browsing through your various screens, or the smartphone settings. According to the researcher, even when inactive, each device connects to its server on an average of once every 4.5 minutes.
And it doesn't stop at the OS level. Native apps or pre-installed services were also busy making network connections of their own, even when they are not launched at all, according to the study. While iOS automatically sends Apple data from Siri, Safari, and iCloud, Android collects data from Chrome, YouTube, Google Docs, Safetyhub, Google Messenger, the device's clock as well as the Google search bar.
Within his research parameters, Douglas Leith discovered that in the U.S. alone, Android collectively collects about 1.3 TB of data every 12 hours compared to 5.8 GB for iOS over the same period.
Obviously, Google has swiftly denied the results of the study by claiming that the research parameters were wrong. The American technology giant assures that this data is comparable to basic diagnostic and operational data such as those that are sent by modern cars to car manufacturers.
"This study details these communications, which ensure that the iOS or Android software is up-to-date, that the services work as preseen, and that the phone is secure and operating efficiently," reads the Google statement relayed by Ars Technica under the right of reply.
The researcher considers the situation worrisome since the data collected by the two OSes can be easily linked to the user's name, email address, credit card data, and possibly other devices that they own. In addition, constant connections to the servers reveal the device's IP address unnecessarily and, by extension, the user's location.
"Currently, there are few, if any, realistic options to prevent this type of data sharing," the researcher concluded.
Manufacturers are collecting our data quietly via their native apps
The mere fact that one of the most read articles on our site is a tutorial on how to disable ads in MIUI on your Xiaomi smartphone already says enough. I'm not a fan of China-bashing at all, neither do I live in Sinophobia by associating all Chinese hardware and software with spying efforts.
There is no such thing as good data collection or good targeted advertising, and this kind of predatory behavior knows no nationality or boundaries. Regardless, it's impossible not to mention Xiaomi concerning this topic. The manufacturer has been the subject of some very big scandals in recent memory.
And, if the manufacturer offers many options to "protect" its data as I was able to point out in my MIUI 12 review, there are many features that prevent Xiaomi from collecting your personal data. It's quite ironic that it offers over 6 different ways of blocking targeted ads via its own native apps.
But Xiaomi is obviously not alone in this matter. Every Android manufacturer, even among those reputed to be the cleanest like OnePlus or Samsung, do contain privacy infringements.
And even if you make a massive "opt out" by disabling all tracking/collection switches, the basic fact is that "telemetric" data will still be collected whether you like it or not. Google claims that their collection is essential to the proper functioning of your smartphone.
Not to mention the unnecessary difficulty that Google imposes on us to even perform this "opt out". There is no central page to deactivate everything at once. Instead, you will have to access at least 4 different pages via your Google account settings (some overlays have shortcuts to the privacy menu) and disable your data tracking manually.
It's almost as though it was done on purpose, right?
Android manufacturers have incentives to make privacy less accessible
But why beat up on Android manufacturers then? They do not have control over what Google does. And certain manufacturers like Xiaomi or Samsung have put a strong emphasis on security and data protection in their respective overlays, whether it's in the OS or native apps.
The problem is that no matter how many privacy "features" there are in which a manufacturer may implement in its overlay, the overlay is still Android-based at the end of the day. And this relationship is highly unbalanced in terms of the amount of leeway given to the manufacturer.
The main issue should therefore be to make the few options more accessible for everyone, and Google will have to work on that. A manufacturer, if it really wanted to focus on privacy, should make the privacy settings more visible in the settings of its overlay, so that just about anyone can access them easily.
Indeed, Samsung, Xiaomi, Oppo, and all other "licensed" Android manufacturers have to abide by the Compatibility Definition Document, which is a type of master list containing all of the requirements that manufacturers will have to meet from a software standpoint in order to be compatible with the latest version of Android. So far, there has been nothing out of the ordinary to take note of.
But according to excerpts from a case file pitting the Arizona Attorney General in the US against Google, the balance of power between Mountain View and Android manufacturers is even more lopsided than what we think. According to these extracts that were relayed by Business Insider on May 29, Google is said to have intentionally made access to certain privacy features more laborious and pressured some manufacturers to do the same with their own Android skins.
So let me clarify that these are allegations invoked by the equivalent of the U.S. Attorney's Office representing the interests of the State of Arizona nearly a year ago. This is not a judgment or a ruling. And these excerpts were made public at the request of two private organizations, Digital Content Next and News Media Alliance, which represent online content publishers.
According to the documents, Google allegedly collected geolocation data even when users turned off such collection and that it would have succeeded in pressuring LG to relegate the switch to activate/deactivate geolocation to the second page [editor's note: in the quick access menu]. Whatever it is, LG is out of the smartphone business now, so that is a moot point, but who are we to say that the same has not happened to other manufacturers?
Accessibility of privacy features is therefore an issue that is almost as important as their very existence in Google's OS and manufacturers' Android overlays. It's no coincidence that Google has placed a lot of emphasis on this aspect with Android 12.
The biggest problem is that no matter which overlay you use: Samsung's OneUI, Xiaomi's MIUI, or Oppo's ColorOS, Google continues to collect our data, and there's currently no way to stop that from happening.
You can do something about it. But it requires a rootable device and the willingness to abandon google's apps. Lineageos microg is the simplest solution for the average tech interested person. It also means you're usually 12-18 months behind new releases for the support to hit your device. Look up your device's build name, then check the download list for your build.
If you're techier, then Linux phones are slowly improving.
The lesson is commercial software is being weaponized against the consumer. Abusive policy, abusive subscriptions.... FOSS and Open Hardware is the future of privacy. Start learning the underlying software now and be ready to jump.