Google collects 20x more telemetry from Android than Apple from iOS

Professor Douglas J. Leith of Trinity College Dublin has published a research study on how Google collects telemetry from Andrid and Apple from iOS.

To collect statistics and conduct analysis, the expert studied the traffic coming from iOS and Android devices to Apple and Google servers at various stages of device operation, for example:

• at the first start after restoring the factory settings;
• when the SIM card is inserted/removed;
• when the phone is idle;
• when viewing the settings screen;
• when geolocation is enabled / disabled;
• when the user enters the pre-installed app store.

At the same time, the study took into account that data can be collected both by the operating system itself and by default applications, including search engines (Siri, OkGoogle), cloud storage (iCloud, Google Drive), maps and geolocation services (Apple Maps, Google Maps), photo storage (ApplePhoto, Google Photos). Dividing this activity, Leith focused specifically on collecting OS data.

As a result, the professor came to the conclusion that “both iOS and Google Android collect telemetry, despite the fact that the user has clearly refused this [option].” Worse, “this data is shared with companies even if the user is not logged in (even if they have never logged in).”

According to the document, Apple tends to collect more types of data from its iOS devices, but Google collects “noticeably more data.”

“In the first 10 minutes after launch, the Pixel smartphone sends about 1 MB of data to Google, while the iPhone sends about 42 KB of data to Apple. When the phones are idle, the Pixel sends roughly 1MB of data to Google every 12 hours, compared to the iPhone sending 52K to Apple. That is, Google collects about 20 times more data from mobile devices than Apple”, — the expert writes.

Data collection occurs every 264 seconds on inactive Apple devices and once every 255 seconds on Android smartphones (even when the phone is not in use).

Also, both operating systems communicate with their servers when users browse settings screens or when a new SIM card is inserted into the device.

In addition, Professor Leith observed a number of pre-installed applications and services that also connected to Apple and Google servers (even before these applications were opened and used):

“In particular, on iOS, Siri, Safari, and iCloud are among such applications, and on Google Android, there are Youtube, Chrome, Google Docs, Safety hub, Google Messaging, Clock and Google Search applications.”

Such extensive telemetry can lead to at least two major problems. First, it can be used to link physical devices to personal information that both companies are likely to use for advertising purposes. Second, the telemetry collection process allows manufacturers to track the location of users based on their IP addresses.

The Record, as well as the Trinity College professor himself, asked Apple and Google representatives to comment on the findings of the scientific work. Apple did not respond to inquiries from the professor and journalists, and Google promised Leith to publish publicly available documentation on the data collected, although they did not give an exact date when this would happen.

“This report details these messages to help ensure that the iOS or Android software is up to date, services are running as expected, and the phone is safe and efficient”, – told in Google.

In addition, the manufacturer disputes the very methodology of data collection. According to Google, the study underestimates the volume of iOS telemetry and excludes certain types of traffic, which skews the results.

Let me remind you that we wrote that iOS 14.5 will hide users ’IP from Google, as well as that Hackers used old 0-day vulnerability in iOS since 2018.