Are You Being Tracked? Here's How Your Android Device Might Be Monitoring You
Generally speaking, when we talk about how your Android phone might be tracking your location and other personal data, we're talking about third-party apps, not Google's apps that are baked into the operating systems. Enough apps collect enough information about you, natively and from other apps, that we've become acutely aware of it. To the point that if you start seeing ads that feel too targeted, a sense of panic can kick in. In particular, there's the ever-present concern that Meta's apps, OS permissions be damned, are listening in on our in-person private conversations, which has proliferated so widely that Instagram head Adam Mosseri had to deny it in a CBS News interview in 2019.
That said, concerns about third-party apps do some work to obscure that Android and its integrated apps are tracking you in all sorts of ways. We don't always think of it that way because a lot of it is rooted in ways that we want Android to track us. But it still means that there's a whole lot of sensitive personal data on your phone, even under the best of circumstances. Even if you trust Google with your information, it's best to know exactly what's being collected and how it's used, so let's take a look at that, as well as how, far too often, there's no way to opt out of much of this data collection.
Google Assistant will try to remember your parking spot on its own
This one isn't necessarily exclusively going on behind the scenes like the other entries are, but it's obscure enough that you probably don't know about it. You may be aware that you can use the Google Maps app to manually place a pin so it can remember a parking spot for you. But it's a lot less likely you know that Google Assistant can figure out where you parked and send a notification card reminding you of where that parking spot is. Originally a Google Now feature before being revived in 2019 as part of Google Assistant, it's entirely guesswork, and the accuracy of those guesses can vary.
That iffy accuracy is why it's not something that pops up every time you park, and it seems like Google knows this because the Google Assistant support page doesn't mention the automatic feature, just how to tell the app where you parked. Regardless, it's an instructive example of the kind of guesswork that tech companies can do with personal data to give you results that make you question if apps are listening in on you. In the same way that Facebook or Instagram may serve you ads about topics you've never looked up online based on guesswork involving your location, demographic data, and the demographic data of people around you, Google Assistant can guess where you parked based on your location, what's around that location, and your car's movements.
Leveraging a list of your installed apps
An October 2021 Kaspersky blog post about a study from researchers at the University of Edinburgh and Trinity College lays out various ways Android phones can track users. (The methodology involved opting out of data collection at first boot when asked, not installing any additional apps, and only using each handset for phone calls.) One tracking method seems innocuous on the surface but less so when you think about how it might be used. That would be your list of installed apps. At first glance, you might think it's no big deal, as obviously, the Google Play Store tracks what apps we use. The knowledge that this can be isolated and harvested to use in conjunction with other personal data, though, paints a more concerning picture.
You might have religion-centered apps on your phone that effectively tell Google and OEMs what religion you practice. Perhaps more invasively, there are apps whose mere existence on your phone can tell someone a lot about your health, especially your mental health. If you have an app centered on recovering from addiction on your phone, then it stands to reason that you're a recovering addict. If you have a psychotherapy-centric telemedicine app installed on your phone, like BetterHelp, then you're probably in therapy. You get the idea: These apps existing on your phone bundled with other variables, like location data, can reveal distressingly intimate details through AI guesswork.
Device identifiers
The aforementioned Kaspersky blog post puts a heavy focus on the degree to which Google and OEMs collect the various unique identifiers that tie you to a specific handset. Most people probably wouldn't mind data being collected that's largely uniform across a specific model smartphone and can be used to troubleshoot problem apps, like basic hardware, firmware, and operating system specs, as well as related matters like battery drain. You want developers to be able to troubleshoot problem apps, after all. But unique identifiers are a different story.
The university study found that Android phones generally transmit the phone's Google Advertising ID (which can be changed but generally isn't by the vast majority of users), the device serial number, the radio module's IMEI code, and the SIM card number. The serial and IMEI number being among the data collected means that you could change your phone number, factory reset the phone, and/or even install a custom Android ROM on it, but it could still theoretically be tied to you.
Phone call duration and other app using timing
The aforementioned study noted that the Xiaomi phone being tested "uploads a time history of the app windows viewed by the handset user to Xiaomi servers." Combined with other data, it's not difficult to imagine how this could get invasive. The most obvious example, cited by the study, is the phone dialer/call app. In theory, your phone could draw a lot of inferences from, for example, making a long phone call after you'd spent the previous two hours at an oncologist's office.
In the same section of the study, it's also explained how, on the Huawei handset being tested, the preinstalled keyboard, Microsoft SwiftKey, generally considered one of the best Android keyboards, "logs when the keyboard is used within an app, uploading to Microsoft servers a history of app usage over time." If you're actively typing in your text messaging app for an extended period, that can lead to similar conclusions to those that AI can draw from a long phone call. And on both the Xiaomi and Huawei phones, the preinstalled version of Google Messages logged every single time a text message was sent.
"I think we have completely missed the massive and ongoing data collection by our phones, for which there is no opt-out," said Trinity College's Prof. Doug Leith in a statement released to promote the publication of the study. "We've been too focused on web cookies and ... badly-behaved apps."