Source URL: https://www.theregister.com/2025/03/04/google_android/
Source: Hacker News
Title: How Google tracks Android device users before they’ve even opened an app
Feedly Summary: Comments
AI Summary and Description: Yes
Summary: The research by Doug Leith exposes significant privacy concerns surrounding Android’s data handling practices, particularly regarding the use of advertising cookies and device identifiers without user consent. This raises alarms for compliance with laws like GDPR and poses implications for user privacy.
Detailed Description: The findings from Doug Leith’s research indicate systemic issues related to user privacy on Android devices, emphasizing unauthorized data collection practices that could violate data protection laws. Key points include:
– **Unauthorized Data Collection**: The study highlights that Android users have tracking mechanisms active on their devices immediately, even before using any apps.
– **Lack of User Consent**: Google reportedly does not ask for consent for identifiers like the “DSID” cookie and the Android ID, which actively convey personal data back to Google.
– **DSID Cookie**:
– Created soon after the user logs into a Google account.
– Used for personalized advertising without users’ explicit consent.
– Lasts two weeks, potentially tracking user behavior across the web.
– **Google Android ID**:
– A unique identifier linked to a user’s Google account triggered during the device’s first connection with Google Play Services.
– Continues to transmit data even after a user logs out, requiring a factory reset for removal.
– Leith posits this could be classified as PII under GDPR, raising compliance concerns.
– **Compliance with GDPR**:
– The research suggests potential violations of the General Data Protection Regulation, particularly due to the lack of consent and clarity surrounding the use of personal identifiers.
– **Response from Google**: Google’s spokesperson provided a non-committal response regarding the legal interpretations presented in the report, asserting that user privacy is a priority and that they abide by all relevant laws.
– **User Frustration with SafetyCore**:
– A recent feature called Android System SafetyCore scans user photos for explicit content without prior user consent.
– Negative reception from users regarding its installation and the inability to opt out completely brings to light ongoing privacy concerns with how Google implements these features.
The article underscores the critical need for improved transparency and user-informed consent mechanisms regarding data privacy practices, particularly within technologies that handle sensitive personal data. This has far-reaching implications for regulatory compliance and user trust, and it calls for security and compliance professionals to reassess data handling practices in the tech industry.