Professor Douglas Leith of Trinity College in London presented a study that demonstrated the amount of data that Google’s Phone and Messages apps for Android can acquire from users.
It turns out that Google was secretly gathering call logs and text messages from its users. According to the study, Google Play Services’ blanket policies inform customers that the business will gather data relating to phone updates or data synchronization between devices.
The data that Google had been gathering, according to the study, was outside the scope of Google’s privacy standards. The messaging app, for example, saves the content of your messages as well as their timestamps. It then creates a hash of the data to keep it anonymous before sending a portion of it to Google’s servers.
While hashes are difficult to undo, professor Leith believes that in the case of smaller communications, hashes can be undone and some of the message content recovered.
Because the hash includes an hourly timestamp, producing hashes for all possible combinations of timestamps and target messages and comparing them to the observed hash for a match would be required.
The phone app keeps track of incoming and outgoing calls, as well as the time and duration of each call. These were also tagged with your unique Android phone ID, implying that by matching the ID with timestamps and call data, you could conceivably track someone.
According to Google, it collects phone data for spam protection and caller ID. Although the firm claimed that it only collected logs for numbers that were not in your contact list, this does not explain the fact that users were given no way to opt out.
Google announced certain modifications to the way it collects data from these apps following the publication of the research. It claimed to have anonymized call log data by rounding timestamps to the nearest hour. Google has revealed that the phone app will begin doing this immediately.
In addition, the Google Messages app will no longer collect SIM Card ID, data from incoming message senders, or hashed message contents. All of these modifications have been rolled out starting with Google Phone version 75 and Google Messages version 10.9.
