Study | PRVCY.world

Scientific research and information about data leaks

A scientific study (conducted by the School of Computer Science & Statistics, Trinity College Dublin, Ireland) shows that both iOS and Google’s Android operating system transmit telemetry data, even though users do not want it.

The study reveals which data is sent from Android OS and iOS to Google or Apple. The result for Apple devices is shocking: Despite opting out, information about nearby devices is sent to Apple every 4.5 minutes.

To view the study, please check out the following PDF:

Download

Mobile Handset Privacy:
Measuring The Data iOSand Android Send to Apple And Google
Douglas J. Leith

School of Computer Science & Statistics,
Trinity College Dublin, Ireland
25th March, 2021

The key quotes from the research paper:

Both iOS and Google Android transmit telemetry data, even if the user expressly opts out.

We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that both iOS and Google Android exchange data with Apple/Google approximately every 4.5 minutes, even when the device is minimally configured and idle. The phone’s IMEI, hardware serial number, SIM serial number and IMSI, phone number, etc. are shared with Apple and Google. Both iOS and Google Android transmit telemetry data, even if the user explicitly opts out. When a SIM card is inserted, both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, such as other phones and the home gateway, along with their GPS location to Apple.

A look into the details:

Depending on the device, it connects to android.googleapis.com/checkin approximately every 6 hours, sending many device identifiers:

				
					POST https://android.googleapis.com/checkinHeaders
Cookie:NID=204=sa8sIUm5eJ9...NabihZ3RNI
POST body decoded as protobuf:
2:3876027569814251330 //AndroidId
<...>
  6: "27205" //Mobile operator
  7: "27211" //SIM operator
  8: "WIFI::"
  <...>
    16 {1: "27211" //SIM operator
    2: "Tesco Mobile" //Mobile carrier
<...>
6: "272110103800000" //SIM IMSI, uniquely identifiescaller on cellular network
7: "0AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" //MobileGroup ID Level 1
8: "\025\345" //SHA-256 hash of SIM IMSI
<...>
9: "e60d4b46d158" //Wifi MAC address
10: "357537080984248" //IMEI
11: "" //When user is logged in this reports the user emailaddress
12: "Europe/Dublin"
13:0x41559e6d59911873 //Security token
14: 3
15: "bfMkwynjHzXGBPc2WT62otR8JkI="
16: "HT7AC1A04090" //Handset hardware serial number
<...>
24: "CgYqtj3OocES-2UKBoGpQIpsRtIQQA...Sy6P2voE9Sz" //Droidguard device key
<...>