Google collected data from the Message and Phone apps… without telling users

The Googles Messages and Google Telephone applications, natively installed on a number of smartphones, would have discreetly collected a certain amount of personal data, without having informed the user beforehand.

The Google Messages application // Source: Frandroid

Google Messages and Google Phone are applications used for texting and calling functions. They come pre-installed on millions of devices, including Pixel and Samsung Galaxy smartphones. However, it turns out that they would have collected and sent user data to Google servers, without first informing the user or obtaining his consent, potentially violating the GDPR put in place by the European Union.

Data collection without consent

He is the researcher Douglas Leith, professor of computer science at Trinity College (Dublin), who published the results of his research on the issue at the end of February. It reveals that the SMS applications Google Messages, and calls, Google Phone, collected and sent data concerning user communications to Google Play services, as well as to Google’s service, Firebase Analytics.

But what exactly are these data? They include a hash (hashes in English) of the messages, which makes it possible to link sender and recipient, as well as their timestamp. The Phone app sent information such as call times and durations, as well as contacted phone numbers.

It seems normal that a certain amount of data is transmitted for the proper functioning of applications and communications. What is not, however, is that the user is not informed at any time of the collection of this information. These two applications, which are pre-installed on many phones, do not include a privacy policy that can be viewed by the user – a document that Google requires for third-party applications.

Worse, if you download your personal data via the Google Takeout platform, this data is not included there.

On their Google Play pages, both applications do have a link to the Google Privacy Policy. But this is neither specific to each of the applications, nor detailed, and is also not presented to someone who opens these pre-installed apps on their phone.

Google is well aware of the problem

Douglas Leith shared his findings with Google in November, making several proposals and ways to improve them. The firm has already applied some of them. “We have worked constructively with this team to address their feedback, and we will continue to do so,” a Google spokesperson said, according to the media The Register.

Douglas Leith’s article above all raises the problem of GDPR compliance: Google must logically be looking into the matter.

To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.

Leave a Comment