Android Messages and Dialer apps allegedly sent data to Google without consent

Martin Brinkmann
Mar 22, 2022
Google Android
|
33

In the research paper "What Data Do The Google Dialer and Messages Apps On Android Send to Google?", Trinity College professor Douglas J. Leith claims that the Google applications Messages and Dialer are sending data to Google without user consent.

google android-dialer messages data sending

Both applications are installed on over a billion Android devices each. Google Messages is the default messaging application that many manufacturers and mobile phone companies ship as the default application for messaging on their devices. The same is true for Dialer, as it is the default phone application on many Android devices.

The paper notes that Google does not provide specific privacy policies for the two applications in question, even though Google requires that third-party developers do provide privacy policies. The applications link to Google's generic consumer privacy policy only.

ADVERTISEMENT

The researcher analyzed the data that the Google Messages and Google Dialer applications sent to Google on Android handsets. According to the research paper, linked here the following data is sent when the Messages application sends or receives messages

When an SMS message is sent/received the Google Messages app sends a message to Google servers recording this event, the time when the message was sent/received and a truncated SHA256 hash of the message text. The latter hash acts to uniquely identify the text message. The message sender’s phone number is also sent to Google, so by combining data from handsets exchanging messages the phone numbers of both are revealed

Google Messages submits data about the event, including the time messages were received or sent, a truncated hash of the message text, and the sender's phone number, to Google. The hash may identify the message according to the researcher, and if Google Messages is used on both handsets, Google gets both phone numbers involved in the conversation.

Google Dialer sends similar logs to Google. The data includes the time and the call duration according to the research paper.

When a phone call is made/received the Google Dialer app similarly logs this event to Google servers  together with the time and the call duration.

The data that is sent to Google "is tagged with the handset Android ID" according to the researcher. The ID is linked to Google user accounts and thus the identify of the user.

Additionally, both applications submit data about user interactions within the applications. Nature and timings of interactions, e.g., viewing an app screen, searching contacts, or browsing an SMS conversation, are also submitted to Google according to the paper.

If "See caller and spam ID" is enabled, which it is by default, Google Dialer sends the phone number of each incoming call and the time of the call to Google as well.

The applications have no opt-out that prevents the data from being submitted to Google.

The data is sent to Google via the Google Play Services Clearcut logger service and Google/Firebase Analytics according to the researcher.

The Google Messages and Dialer apps send data to Google via two channels: (i) the Google Play Services Clearcut logger service and (ii) Google/Firebase Analytics. Recent Android measurement studies have noted the large volume of data sent by Google Play Services to Google servers on most Android handsets. A substantial component of this data is sent by the Clearcut logger service within Google Play Services. However, the data transmission is largely opaque, being binary encoded with little public documentation.

The Register received confirmation by Google that the "paper's representations [..] are accurate". Additional details, including information about the test setup and code, are available in the research paper.

Android users may switch to different applications that may take over the tasks of the default applications. For instance, Simple Dialer: Phone Calls, as a replacement for the Google Dialer application, and Simple SMS Messenger. as a replacement for Google Messages.

Now You: which dialer and messaging apps do you use?

Summary
Android Messages and Dialer apps allegedly sent data to Google without consent
Article Name
Android Messages and Dialer apps allegedly sent data to Google without consent
Description
Google Messages and Dialer on Android send data to Google without user consent according to a research paper.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. motang said on March 22, 2022 at 1:34 pm
    Reply

    Not that surprised.

  2. Shiva said on March 22, 2022 at 1:47 pm
    Reply

    Oh, he is the same author of “Web Browser Privacy: What Do Browsers Say When They Phone Home?” , paper that I read some times ago also posted by someone here.

    Simple Dialer and Simple SMS Messenger works well. They are among the first apps I installed.

    1. jmro said on March 22, 2022 at 6:52 pm
      Reply

      are you talking about the simple orange icons apps? there is something i don’t like about the apps, maybe the locked options, i am not sure; but like with the simple keyboard i use the other simple keyboard.

      1. Shiva said on March 22, 2022 at 8:08 pm
        Reply

        As a far I know the only locked option is the choice of icon colors. Instead the interesting option of the related app ‘Simple Contacts’ is: ‘Show private contacts to Simple Dialer, Simple SMS and Simple Calendar’. Outside this ‘package’ option there there is no short of alternatives.

        I dont’ use ‘Simple Keyboard’ or the other app, honestly I am waiting for something like ‘Simple voice typing’ like this project I periodically monitor: https://github.com/ccoreilly/LocalSTT

      2. Yash said on March 23, 2022 at 8:19 am
        Reply

        Check Dicio too, available on F-Droid. Haven’t tried it yet, probably never will, but its an assistant.

      3. Shiva said on March 23, 2022 at 2:30 pm
        Reply

        @Yash
        Yep. There is the new Dicio app and I have tried it. Interesting project, I also monitor it in case of future developments towards Kõnele or LocalSTT. I also took a look at a FlorisBoard’s feature request related to STT.

  3. Toxic said on March 22, 2022 at 2:03 pm
    Reply

    Shocked “pikachu” face…google doing something to a user without users consent??? nah…this is racist news and Russian propaganda

  4. Mortified Beyond Belief said on March 22, 2022 at 2:32 pm
    Reply

    I can’t stop crying.

  5. TimH said on March 22, 2022 at 3:33 pm
    Reply

    Massive breach of DMCA for those in Europe.

  6. Coriy said on March 22, 2022 at 3:49 pm
    Reply

    I’ve been using a Messenger alternative, QKSMS, and I’ve been looking into alternate dialers, like Koler. Yes, I could use the Simple Apps but I’d rather not be so limited to one source / app ecosystem.

  7. Ipnonymous said on March 22, 2022 at 4:04 pm
    Reply

    You named them already, simple dialer and simple sms from f-droid. The only thing to be aware of is sometime the apps dont show the name of the person but just the phone number. This was resolved by reinstalling them. Not sure if i installed in the wrong sequence or if i missed allowing a permission somewhere, but reinstallation solved the issue. I am super happy with them.

  8. Yash said on March 22, 2022 at 7:14 pm
    Reply

    Go ahead and install LineageOS without GSF. GrapheneOS is only available for Pixels.

    If that is too extreme, atleast replace all OEM apps and all Google Apps bar Play services, System Webview and Maps. And don’t use Google login in your Android.

  9. Andy Prough said on March 22, 2022 at 9:09 pm
    Reply

    In addition to the simple dialer and simple sms apps from f-droid, you can use the NetGuard app which allows you to restrict system services such as the Google Play service from having network access.

    1. Dennis said on March 23, 2022 at 6:20 am
      Reply

      *I think* you can do the almost same thing with the ExpressVPN app: Set ‘split tunneling’ (“only allow selected apps to use the VPN”) then, in Android settings, set “Block connections without VPN”.

      Now, there’s a warning message in the ExpressVPN app that states, “If ‘Block connections without VPN’ is enabled in Android Settings, split tunneling will not work” — but this is precisely what we want — as it appears that the only apps that have any network access at all now are the selected apps (Bromite, a QR code reader, and F-Droid, in my case.) Though this is not how split tunneling is designed to be used, I can confirm this does prevent unselected installed apps from accessing the network altogether, though I wonder if this also actually prevents system apps (and Google’s telemetry) from accessing the network……

      I might mention, too, that one cannot use NetGuard and a VPN app together due to the limitations of the Android system.

      1. Andy Prough said on March 24, 2022 at 5:52 am
        Reply

        That’s a good point, I’m trying that now. Seems to work. The nice thing about NetGuard is it’s basically a one-click setup. With the VPN split tunneling, I’m going to have to figure out the system apps that I can cut off and still have the device working by going through them one at a time. For anyone not already using a VPN with split tunneling, I’d say that NetGuard is the way to go.

  10. ShintoPlasm said on March 23, 2022 at 10:30 am
    Reply

    Tried Simple SMS Messenger but for some reason it mis-displays the dates of many conversations (all seemingly having taken place on the same date in April 2021). Maybe a problem reading the SMS database correctly?

    Another alternative (for the more courageous among us) would be to use Signal for SMS/MMS messaging. Though I think I can no longer import existing texts into Signal without a weird hack.

    1. Yash said on March 24, 2022 at 5:42 am
      Reply

      QKSMS, available on F-Droid. Works better than Simple SMS IMO.

      1. ShintoPlasm said on March 25, 2022 at 12:32 pm
        Reply

        Isn’t QKSMS abandonware at this point? Hasn’t been updated in ages.

  11. Torin Doyle said on March 23, 2022 at 1:11 pm
    Reply

    Google up to their usual unethical shenanigans.

  12. Tachy said on March 23, 2022 at 3:19 pm
    Reply

    If this suprised you, your too ignorant to own a cell phone.

  13. Mystique said on March 23, 2022 at 3:35 pm
    Reply

    From the makers of Chrome comes… SPYWARE! Foisted upon all unsuspecting users.
    What a surprise!
    I wrote a very thorough comment on youtube for great alternatives to many apps and services for android phones and how to remove and/or null said apps and surprise surprise my comment was immediately deleted by youtube and not the channel itself.

    You just can’t trust google and a lot of people seem to think we should just roll over and let google have their way with the internet and completely submit to their will… sounds like a recipe for disaster to me.

    Google being unethical… why I never! Perish the thought!

  14. Chris said on March 23, 2022 at 9:50 pm
    Reply

    Use CalyxOS or GrapheneOS. Problem solved!

  15. Chris said on March 23, 2022 at 9:52 pm
    Reply

    Use CalyxOS or GrapheneOS. Problem solved! Has been flawless for me the last couple years now. Would never go back to stock.

    1. ShintoPlasm said on March 28, 2022 at 10:23 am
      Reply

      Not if you need banking apps.

  16. Ada B said on March 30, 2022 at 5:57 am
    Reply

    Why does everyone need a banking app? I keep all my financials on mobile browser only locked down Firefox or Tor. The only issue I run into is Mobile Deposits. And don’t forget about Progressive Web Apps. Some items I use the developer signs everything so it can all be validated but there is never an apk or anything to be installed. Simply PWA. One guy, CMU grad go figure, has PWA app that can now run as your photo gallery, note taking, media player,etc.

    Oh, and completely 100% open source, all servers in EU, and green energy. Even built in shortcuts so Mac and Windows users can use their same keys for bold and all and the markdown encoding is just done WYSIWYG. There are many many more of these for a lot of good reasons. Like Uber has built PWA because with developing markets, the PWA is so small that the app PWA version can launch within 5 seconds on a 2G network. Not a typo, 2G. That is one thing Google will not get credit for though. While it was a market share item, Google has pushed developers to make phones and apps work on devices that someone in developing world on 2G/3G connection can use. It never gets the like Apple, Samsung, etc. but if you look at tradeshows for what is being brought into developing markets (and often kept away from the rest so they can remind you each year that the phone you bought last year is way outdated) , you will see a lot of good and a lot of scary.

  17. Ada B said on March 30, 2022 at 6:34 am
    Reply

    This is one mess Google really did try to stay out of and did provide a method to get themselves out of the loop. The mechanism to get them out of it is in a whitepaper not directly related to this but if you look into their open source VPN documentation for keying infrastructure and how to pass the key/credential between independent parties, like one person as the A combo and other has the B, they never know each others, and cannot validate access without each other. There is a reason for this.

    With losses of GDPR, their push for manufacturers and developers to make phones affordable in to people without much money and only 2G connections, 3G at best.

    They started pushing in 2016. Messages was not a popular idea because it would be one more item in any anti-trust items later on. They would have to deal with a lot carriers in a lot of countries. They would be seen as big brother. Meanwhile Apple is claiming iPhone is privacy while it has been known for years that the encryption key to iMessages is stored in iCloud backups which Apple does have access to as court orders have shown as have other state actors. They wanted the carriers to do it themselves but there were issues over identity, encryption, etc. In 2019/2020 Google finally said ‘enough’, we will just push it ourselves. Back in 2016 when they started, was also when Facebook pushed out devices, false info spread, etc. and you had Burma start with the Rohingya genocides.

    It became apparent there was never going to be encryption over SMS without Google themselves stepping in. Hopes for carriers was done, never could agree. Large platforms like WhatsApp had been bought out. Niche players had bands of users but nothing that could be used quick and easy from a ‘dumb’ phone.

    No idea how this is going to play out. No one wants Google in charge of it including Google. They do not need this money and it it will only cause them trouble. They left themselves a way out in some of the white papers, I know the VPN ones you can look up. Not going much more into other ones in case they were related to some review or something or I would provide more but the VPN ones I know are out there and provide a decent picture off how Google can hand off the service.

    Now the question, to who? Apple controls their own hardware and software and can’t keep their stuff locked down well at all. Government entity than you bring in questions of politics and judicial powers, etc. I have been watching this saga for 6+ years now and honestly feel like Google wants it in court and says here you go, you figure out how to manage encryption with 100s of parities fighting over how to do it and they just leave the room.

    Thoughts? There is no right or wrong answer, no matter what way you go you are picking the lesser of 2 evils at some point in this line and Google is not the one who wants to be in this one.

  18. James said on March 31, 2022 at 1:10 pm
    Reply

    Thanks for sharing. This is really helpful.

  19. Hank in TN said on May 7, 2022 at 4:15 am
    Reply

    I also further wonder and suspect that the Phone Manufacturer may be Spying on those Calls and Text Messages by modifying those apps or some part/s of Android.

    Likewise for your Cell Service Provider company, especially if the Phone is “Branded”. Sold by the given provider company. With some of their apps built in.

    I really hate the lack of Privacy that has come to be.
    Between the near complete control of the corporations. Both legal and functional.
    And the apathy and lack of knowledge of the majority of the people.
    I miss the days when anti-virus on your computer was a new thing and about all you needed. Or thought you did anyway.

  20. Michael said on June 11, 2022 at 10:43 pm
    Reply

    Thank you so much for sharing this amazing piece of information. You’re doing really amazing job Keep it up

  21. Adi said on August 13, 2022 at 8:53 pm
    Reply

    While it was a market share item, Google has pushed developers to make phones and apps work on devices that someone in the developing world on 2G/3G connection can use. It never gets the like Apple, Samsung, etc. but if you look at tradeshows for what is being brought into developing markets (and often kept away from the rest so they can remind you each year that the phone you bought last year is way outdated), you will see a lot of good and a lot of scary.

  22. Wonderpush said on August 22, 2022 at 2:01 pm
    Reply

    Nice article! It is helpful because sometimes we get unnecessary notifications. It will be helpful for people who want to turn on or off the notification in their androids.

  23. Me said on August 30, 2022 at 8:26 pm
    Reply

    I face the same problem. Please give me proper solution to resolve this thanks

  24. Argen said on September 1, 2022 at 9:13 am
    Reply

    Thanks for sharing. This is really useful!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.