You know that Android and Google are sitting at the same table. It's become a part of your life, and you're more or less comfortable knowing that they're talking about you. But, what exactly are they saying?

The Google/Android Relationship

Tech giant Google launched Android as a mobile operating system back in 2008. The mobile OS and supported devices run their own systems, but they also support (read, "require") apps and services that are owned and operated by Google.

There's only so much that a mobile operating system can learn about you. There's only so much that Google, even with all of its apps and services, can know about you. But what information does Android send back to Google?

Understanding and Managing App Data

A good rule of thumb is that if you give an app permission to harvest data, it will. That's part of the difference between privacy, anonymity, and security. Sometimes, we give up privacy when we think we're maintaining anonymity. Sometimes, we focus on security but forget how much we give away.

You can learn which apps have access to your data, and take that access away, within your Android device's settings. Open your Settings menu and select Apps & notifications and then App permissions. This screen is organized by the system and information that is accessed. Within each page, you can toggle which apps you allow that access.

Unfortunately, that's not the end of Android's data sharing with Google. Some applications that are necessary for your phone to function won't work properly if you disable them. Some share data even if you've never actually used them. And, according to a recent study, some share data even if they don't have permission to.

Does Android Share Data You Don't Know About?

A recent study by a researcher at Trinity College in Dublin found that Google's Pixel 2 phone sends data to Google almost every four minutes. This data includes device identifiers, the phone number, cookies, the IP address that the device is connected to, and even MAC addresses of nearby devices.

According to the study,

"Both iOS and Google Android transmit telemetry despite the user explicitly opting out of this."

"Telemetry" is a very nebulous term referring to any data that is recorded at a site other than that where it is collected. According to Google, this data in this context includes:

  • the number of times a device has been rebooted
  • whether or not the device has been rooted
  • details related to the mobile carrier
  • the device's battery level
  • the device's volume settings

Transferring data like this requires a network connection, and apps establishing and using these connections are supposed to ask for permission when they are opened and used for the first time. However, study authors found that this data can be sent by Android apps that have not received these permissions:

"Pre-installed apps/services are also observed to make network connections despite having never been opened or used (...) These include the YouTube app, Chrome, Google Docs, Safety Hub, Google Messaging, the clock, and the Google Search Bar."

In addition to essentially ignoring when users denied certain permissions to certain devices, Google has a history of pressuring device manufacturers to hide these settings in the first place.

The Good, the Bad, and the Complicated

The bad news is that, while Google's data sets and Android's data sets may be more-or-less harmless on their own, Google having access to Android data sets allows them to link application data to specific users. The good news is, all of this data is tricky to get (provided you aren't Google, that is).

This data is sent via encrypted connections. Study authors had to use specially modified phones and access points to understand the data that was being transmitted. The authors also identified one potential venue to avoid this illicit data collection:

  1. Start the handset with the network connection disabled.
  2. Disable all the Google components.
  3. Establish a network connection.

Of course, the downside of this is it will essentially turn your device into a paperweight. After all, even the clock was found to be sending data. So, unless you're really comfortable with downloading and using apps from places other than Google's app store, this method is very limited.

There's still more good news: Google has been cracking down on how Android apps collect data. Further, the study was carried out on a device running Android 10. Today's devices run Android 11, and Android 12 is on its way with a raft of new privacy features.

Do You Trust Google? Do You Have a Choice?

In the end, the question of what data Android shares with Google may not have a clear answer. We can ask questions like what Android data Google has and what Android data we trust Google with, but these questions may not be as important as asking whether we really have a choice.