Cargando…
On the data privacy practices of Android OEMs
In this paper we present the first in-depth measurement study looking at the data privacy practices of the proprietary variants of the Android OS produced by Samsung, Xiaomi, Huawei and Realme. We address two questions: how are identifiers used in network connections and what types of data are trans...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Public Library of Science
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9847909/ https://www.ncbi.nlm.nih.gov/pubmed/36652407 http://dx.doi.org/10.1371/journal.pone.0279942 |
| _version_ | 1784871578376339456 |
|---|---|
| author | Liu, Haoyu Patras, Paul Leith, Douglas J. |
| author_facet | Liu, Haoyu Patras, Paul Leith, Douglas J. |
| author_sort | Liu, Haoyu |
| collection | PubMed |
| description | In this paper we present the first in-depth measurement study looking at the data privacy practices of the proprietary variants of the Android OS produced by Samsung, Xiaomi, Huawei and Realme. We address two questions: how are identifiers used in network connections and what types of data are transmitted. To answer these, we decrypt and decode the network traffic transmitted by a range of Android handsets. We find that all of the OEMs make undue use of long-lived hardware identifiers such as the hardware serial number, handset IMEI and so fail to follow best privacy practice. Hardware identifiers are also linked to the handset user’s real identity when they sign in to an OEM account on the handset. All of the OEMs collect the list of apps installed in a handset. This is a privacy concern since the list of installed apps can be used to profile user traits and preferences. All of the OEMs collect analytics/telemetry data, raising obvious privacy concerns. |
| format | Online Article Text |
| id | pubmed-9847909 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | Public Library of Science |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-98479092023-01-19 On the data privacy practices of Android OEMs Liu, Haoyu Patras, Paul Leith, Douglas J. PLoS One Research Article In this paper we present the first in-depth measurement study looking at the data privacy practices of the proprietary variants of the Android OS produced by Samsung, Xiaomi, Huawei and Realme. We address two questions: how are identifiers used in network connections and what types of data are transmitted. To answer these, we decrypt and decode the network traffic transmitted by a range of Android handsets. We find that all of the OEMs make undue use of long-lived hardware identifiers such as the hardware serial number, handset IMEI and so fail to follow best privacy practice. Hardware identifiers are also linked to the handset user’s real identity when they sign in to an OEM account on the handset. All of the OEMs collect the list of apps installed in a handset. This is a privacy concern since the list of installed apps can be used to profile user traits and preferences. All of the OEMs collect analytics/telemetry data, raising obvious privacy concerns. Public Library of Science 2023-01-18 /pmc/articles/PMC9847909/ /pubmed/36652407 http://dx.doi.org/10.1371/journal.pone.0279942 Text en © 2023 Liu et al https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. |
| spellingShingle | Research Article Liu, Haoyu Patras, Paul Leith, Douglas J. On the data privacy practices of Android OEMs |
| title | On the data privacy practices of Android OEMs |
| title_full | On the data privacy practices of Android OEMs |
| title_fullStr | On the data privacy practices of Android OEMs |
| title_full_unstemmed | On the data privacy practices of Android OEMs |
| title_short | On the data privacy practices of Android OEMs |
| title_sort | on the data privacy practices of android oems |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9847909/ https://www.ncbi.nlm.nih.gov/pubmed/36652407 http://dx.doi.org/10.1371/journal.pone.0279942 |
| work_keys_str_mv | AT liuhaoyu onthedataprivacypracticesofandroidoems AT patraspaul onthedataprivacypracticesofandroidoems AT leithdouglasj onthedataprivacypracticesofandroidoems |