Preinstalled Android Apps are Harvesting and Sharing Your Data

“Many Android phones ship with software that has been pre-installed by the smartphone vendor…

…Not only did preinstalled applications harvest geolocation information, personal email, phone call metadata and contacts, but some of them even monitored which applications users installed and opened. In many cases, personal information was funneled straight back to advertising companies.”

—Danny Bradbury, “Preinstalled Android apps are harvesting and sharing your data.” Naked Security. March 27, 2019.

At this point, if you were unaware of the fact that the feudal internet, i.e., Amazon, Apple, Facebook, Google and Microsoft, make their money through surveillance, you aren’t paying attention. These companies are trying to convince you that they care about your privacy. It’s a lie. Consider a recent Apple commercial:

It’s bullshit. The problem with Apple is that that they made almost $11 billion dollars in revenue in the first quarter of 2019 selling software services, such as the App Store, iTunes, Apple Pay and now Apple News. So, they are the advertiser. It’s not privacy. It’s a business strategy of captivity, just like Netflix. The goal is to keep you paying for devices and subscriptions, and selling ads undermines the model.

Apple is a walled garden or ecosystem. It’s designed for lock in. It’s the Hotel California of the feudal internet. You can check out any time you like (by buying an Android device), but you can never leave (because Apple services don’t work right on Android and vice versa).

Another point? You have zero control over your information. Apple can decide to focus on their iAd network tomorrow, if it serves their business interests. Privacy is simply a differentiator today. It very well might not be tomorrow.

If you’re on an Android device, unlike with Apple, you can always install a custom ROM, like LineageOS. So, there is some choice with Android beyond the default.. But, what does that really mean?

Looking at the LineageOS stats page, ~1.75 million devices have the most popular ROM on them. The number of mobile device users worldwide? ~4.5 billion. That’s about 0.04% of devices, a statistical nullity.

Even if you have the technical expertise to install LineageOS or manage to buy a device off eBay, you still have the problem that most Android apps require GApps, which phones home to Google. Of course, they need your location for Google Maps to work for you, but your interaction with the Google Maps app works for Google as well, which turns around and uses your location information for advertising, e.g., making restaurant suggestions, building it’s own products, etc. Did that hardware store you just went to have handicapped access? Google wants to know.

Amazon, Apple and Netflix seem similar in that they are working off selling services and subscriptions. So, they are less focused on advertising. But, they are trying to drive sales, just as any advertiser. On the other end, there is Google and Facebook which are primarily about advertising. Microsoft is probably somewhere in-between these two extremes.

Then, you have all the also-rans. Comcast, the telecommunication companies, app developers and untold others who will use any information they can get, by hook or by crook, to make money. In the end, you pay for a device that has been subject to data sharing agreements that have not been disclosed to you, the user.

It’s particularly galling when you pay for a device or service, such as for cable or a telecommunications network access, and the company you buy it from turns around and sells the details of your usage to the highest bidder. At least with a “free” service like Facebook, you know you are the product. When you are paying for a device or service, you might think you are also not the product. But, that would be a mistake.

Again, it’s a question of lock in. Don’t like Comcast? What’s the alternative? Don’t like AT&T? When every other telecommunications company does exactly the same thing, what are you going to do, change your carrier? No carrier is talking about privacy. Most people probably assume who they call and their location information is private, but it isn’t.

You can do things to limit your exposure to surveillance capitalism. You can install Linux on your computers. You can install LineageOS on your phone. You can use a VPN. You can get off social media. You can be careful about what apps you install. But, even with all of that, the environment is such that you’ll still show up, whether it is through facial recognition software applied to someone else’s social media account or some other means.

Surveillance capitalism is never going to be about privacy. It’s useful to limit our exposure to the degree possible through technical means, but this approach is limited. Other strategies need to be developed, such as legal, economic and so forth, so that the incentives change. So, long as most services are concentrated in the hands of a few feudal internet companies, surveillance capitalism will be maximally exploitive.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s