Your Android app is tracking you, just so you know
and why control your data is important
Google’s Android app tracks what you do and access your data in various ways. As the provider of the top web browser, the top mobile platform, and the number one search engine in the world, Google employs both active and passive ways to collect your data.
You sign up to any of its numerous applications (YouTube, Gmail, Google Search etc) and you are hooked: you start communicating your information to the tech giant. It’s that simple and plain since it involves your active participation.
The passive way is a bit vague. Information is gathered while running Google platforms like Android and Chrome; applications like YouTube; publisher tools like Google Analytics; and advertiser tools such as AdWords — possibly without the user’s knowledge.
With over two billion monthly active users worldwide (as well as 53% of the total US mobile OS market as at Jan. 2018) and connected with Google’s ecosystem through Google Play Services, Android helps collect personal user information such as names, mobile phone numbers and credit card numbers, in some cases and other device-related information such as apps used, websites visited and location coordinates.
Google also keeps tabs on Gmail messages to monitor your purchases, your trips, your flights, and your upcoming bills while developers employ side and covert channels to gather information that would allow software makers and advertisers to track users across devices, websites and apps.
This tracking could include accessing shared storage on an SD card to obtain information like a device’s IMEI number which is useful for tracking purposes because, unlike the Advertiser ID, it cannot be reset or changed.
A dormant, stationary Android phone (with Chrome active in the background) can communicate location information to Google 340 times during a 24-hour period, or at an average of 14 data communications per hour. It makes location information constitute 35% of all the data samples sent to Google, findings show.
Android sends periodic updates to Google servers, including device type, cell service carrier name, crash reports, and information about apps installed on the phone. The screenshot of Incognito app’s data control shows how android apps are requesting huge amount of data even if you are not using them!
Android, which is the most popular mobile phone operating system, implements a permission-based system to regulate access to these sensitive resources by third-party applications.
By design, access to an Android user’s permission-protected resources including location by an app can lead to all third-party services embedded in it gaining the access as well — though the permission model requires obtaining user consent before an app is granted access and ensuring that an app cannot access resources for which the user has not granted consent.
However, a finding shows that a number of side and covert channels are being used by apps to circumvent the Android permissions system thus impacting hundreds of millions users though the exploits may not necessarily be malicious and intentional.
The apps circumvent the Android permission model in different ways such that they still access information even when they have been denied permission by a security mechanism. This they do despite the circumvention of Android permissions and collection of information by absenting users’ consent or in a misleading way have been considered unfair and deceptive.
Your data should be YOURS
Whereas the Android permissions system is meant to protect users’ privacy and sensitive system resources from deceptive, malicious, and abusive actors hence an app should not be able to access data protected by that permission once a user denies it. However, that is not always the case.
An investigation found that Google continues to track your mobile device including storing your location data even when you’ve opted out of its tracking services and a privacy setting that says it will prevent Google from doing so. Google is reportedly doing the tracking of Android users by collecting the addresses of nearby cell phone towers even if all location services were off.
Former U.S. presidential candidate, Andrew Yang, notes that users’ data continue to be commodified and packaged for those who want to occupy users’ attention. They profit from the practices as they influence users actions and attitudes by feeding us information that maximizes our engagement while pushing us in specific directions to the detriment of our democracy, mental health, and free will.
How to avoid being tracked
Yang’s weight is behind the fight for our data property rights through the California’s Consumer Privacy Act (the CCPA) which became effective on January 1, an effort being driven by Humanity Forward in partnership with the Data Dividend Project.
The CCPA, which stipulates that every Californian should have the right to know what personal information is being collected, the right to access that data, the right to know who it’s being sold to, and the right to opt out of those sales, has been enforced as at July 1.
Meanwhile, the release of Android Q, the next version of Google’s mobile OS, is set to fix Android’s broken permission system which allows apps to circumvent the Android permission model to still access users information even with a security mechanism.
In the meantime, there are certain parts of your device that can be reset or changed to restrict access to your personal data. There is the option of resetting the Web & App Activity section which covers everything you do on the web while signed into Google, everything you search for and everything you do inside its apps according to your preferences.
You can also change the setting of your location history which largely gathers data from your phone as stored by Google — but the records of places you’ve been to show on a map.
Other aspects that could be changed to your desire include the Device Information section which largely covers phones and tablets that you connect to your Google account; the Voice & Audio Activity section where all your Google Assistant commands, whether said to your phone or to a smart speaker, get stored; and the YouTube Search History and YouTube Watch History.
Android VPNs can also improve your privacy — although with some downsides which include reducing the speed of download and uploads depending on factors like the location of the VPN servers and the network infrastructure the VPN provider can access.
We created Incognito on Android, a fast and secure VPN with data control and ad-block functions to make sure you can stay incognito and worry-free whenever, wherever you want to be.
