Android automatically backs up your Wi-Fi passwords to your Google account, where they’re synced to your future Android devices. This is a convenient feature that saves you from entering Wi-Fi passwords over and over, but it means that Google likely knows all your Wi-Fi passwords. And, given recent revelations about PRISM and the NSA’s ability to demand data from Google without a warrant, the NSA likely has access to all of them. But Wi-Fi passwords aren’t the only thing that Google — and therefore the US government and other governments around the world — can get from your phone.
Google may be fairly harmless — sure, it uses your data to target ads to you, but it has an incentive to behave responsibly. But this isn’t just about Google. The US government and other governments around the world having access to this data is potentially more concerning. Google says all this data is encrypted in transit, but Google holds the keys and could decrypt it whenever they wanted (or were made to).
Android tracks your phone’s location by default. It uses this information to make your life easier — for example, Google Now will display weather, places of interest, and travel directions related to your current location. It can also use this information to allow you to track your lost phone online if you enable the Android Device Manager feature.
This feature is useful and enables many of the best features in Google Now, but it also means that Google has a log of where you’ve been.
Scanning Nearby Wi-Fi Networks
Android scans for nearby Wi-Fi networks and uses their names to help estimate your location faster. By default, your device automatically uploads “anonymous” location data from Wi-Fi networks and cell towers to Google. But how anonymous would this data be if the NSA demanded Google tie it to users and hand it over? Even if Google were doing this, they wouldn’t be allowed to tell us.
As we mentioned above, Google automatically backs up your Wi-Fi data to the cloud if you leave the “Back up my data” setting enabled. This means that any Wi-Fi passwords you enter aren’t just secured on your device, but are stored tied to your Google account on Google’s servers.
Contacts & Calendar Events
Sure, your emails are obviously in Google’s hands if you use Gmail. However, other included apps also synchronize with Google’s services. For example, by default, contacts you add to your phone’s People app are synchronized with Google Contacts online and calendar events you add are synchronized to Google Calendar.
This integration with Google services is part of what makes Android so useful. It ensures you have backups of your data and allows you to access it via the web and on your other devices but it also means that Google will have your phone’s contacts and calendar events stored on their servers by default.
Browser History, Open Tabs, Passwords and More
Android now includes Chrome as its default web browser. If you set up Chrome sync, Chrome will behave just like it does on the desktop — synchronizing your browser history, open tabs, bookmarks, and even saved passwords online so you’ll have access to them from other Chrome browsers. Google is quick to say that this data is encrypted, but Google holds the encryption key and could decrypt it if the NSA asked.
Miscellaneous App Data
Some apps — but not all apps — automatically synchronize their app data with Google via Android’s backup feature. This allows them to synchronize game saves and other app data between your Android devices. So some other miscellaneous app data is also available to Google and the NSA.
Some App Usage
App developers can include Google Analytics tracking in their apps. This allows the developer to see how many people are actually using their app, how much the users use the app, and identify features no one uses. It’s just like how similar tracking data is used to improve websites. However, it also means that Google has information about when and how you use certain apps — assuming the developer included Google Analytics tracking features.
Android now prompts you to set up automatic uploading of your photos to Google+ Photos. This is a very useful feature, ensuring you’ll never have to manually upload or copy photos off your phone again. However, it obviously means that Google has all the photos you take stored on their servers if you enable it.
Of course, if you used Dropbox‘s automatic upload feature on Android or switched to an iPhone and used the iCloud Photo Stream feature, your photos would also be stored online via the online photo storage service.
What About Call Logs and SMS Messages?
As far as we know, call logs and SMS messages are not backed up to Google’s servers. They certainly haven’t been restored to any of our devices after wiping them, so if they are being backed up, Google is creating a copy only for themselves — not too likely.
Of course, this data is obviously available to Google if you use Google Voice. But it shouldn’t be synced on typical Android phones. This is a blind spot in Android’s synchronization, however — we wouldn’t be surprised to see Google start to sync this data in a future release of Android.
Should You Worry?
So, should you worry? Well, we’d like to say no. Google likely knows a lot about you, but it uses this data to tailor experiences to you — see the awesome Google Now — and target higher-value ads to you. Google also likely has no real interest in some of this data — why would Google really want a list of all Wi-Fi passwords in the world? They’re just collecting that data so they can make your life easier.
Sure, your Android smartphone is tracking you — but so are iPhones, Windows Phones, and the websites you visit. Data is constantly being collected by everyone, including your phone company and Internet service provider. We could write similar articles about how the iPhone, Windows Phone, and other platforms collect and store data.
We’d like to say you shouldn’t care. But recent revelations have thrown us all. NSA employees have used their access to vast amounts of data to track their love interests — it’s possible that your location data could be sucked up and government employees could use their access to spy on your movements. Even Google themselves faced this problem when Google engineer David Barksdale was fired for using his low-level access to spy on and harass teens and other Google users back in 2010.
So, should you actually worry about how your Android phone is tracking you? Only insofar as you should worry about all the other tracking that’s already going on — the data being uploaded from Android phones is just one more example of how much data we’re unknowingly sharing with corporations every day. It also demonstrates just how much data governments around the world have access to without appropriate safeguards, limitations, or oversight.
But don’t let us answer this question for you — let us know whether you’re worried or not in the comments. Have you disabled any of these features? Are you worried about Google, the NSA, or other governments having access to this data? Leave a comment below and share your reaction.
Image Credit: SNappa2006 on Flickr