
Google reportedly peeks into Android data to gain edge over third-party apps - pjmlp
https://arstechnica.com/tech-policy/2020/07/android-user-data-gives-google-edge-over-third-party-apps-report-says/
======
aasasd
Android 10 (on googlephones) has a feature called ‘digital wellbeing’ that can
measure how much I gawk at the screen, and show that to me. Interesting, I
think, let's see if that data stays locally. The only piece of info on data
usage that I've found is a link to Google's overarching privacy policy. Oy
vey. Some data-processing features in the settings are marked with ‘data stays
on the phone’—but this one isn't. So I have to _assume_ that ‘wellbeing’
snitches to Google, and can't use it.

“Collection of data is disclosed to and controllable by users”? Well, if the
users presume that collection is going on unless said otherwise, then maybe.

Annoying thing is, I'd quite want to use the voice assistant. Do I like to
fiddle with integrations and workflows? Oh boy. Damn well I do. Do I know that
my voiceprint won't turn up on Google's servers the minute I use the
assistant? Nope.

(Btw, another baffling trait of the Android ecosystem is how many well-known
and widely-used hackish tools are closed-source: those from XDA and such.
“Flash this binary to root your phone”, “install this blob for low-level
customizations”. Eeeeh? I think I'll just disable all Google's misfeatures
instead, for now.)

~~~
propogandist
The digital wellbeing app is pretty much spyware. If you disable Google Play
Service, the Wellbeing app (which cannot be disabled) will constantly complain
that it won't work properly... The app has, among other permissions, the
requirement to have full network access.

Similarly, if you use the default Gboard (keyboard) on Android, it's
constantly trying to call home to Google servers, as with most other stock
apps.

Android is just increasingly becoming spyware and best route is installing
AOSP without GApps. Unfortunately, Google seems to be keen on limiting this
behavior and increasing their lock-in with recent changes to Android, making
it harder for the open source community to have control over the OS.

~~~
mav3rick
Google Play Services are the crux of the implementation of core services. If
you're not okay with that don't buy the phone or install something else on it.

~~~
sli
It may feel good to say it, because you get to offload the responsibility onto
consumers rather than the entity committing questionable (but legal) acts, but
in reality "just don't do X" is never going to affect any sort of change. It's
simply shifting blame onto people with no power to do anything.

More to the point, you're essentially recommending that everyone pony up
$1000+ for an iPhone. None of those lesser known options (or modern dumb
phones) are known to the average smartphone user, average people don't know
anything about these hardened Android forks, etc. Boycotts are really not very
reliable, because most of it is exactly this: just telling people to do a
boycott and then stopping there. I know it's not reasonable to expect everyone
floating ideas to have a plan for implementation, but when it comes to these
kind of boycott suggestions, _nobody_ has a plan. That's why shifting the
responsibility onto the consume isn't going to work. You're not going to
mobilize near enough people.

You know what does work, though? Strong privacy regulations with harsh
penalties.

~~~
robin_reala
$399+, not $1000+.

~~~
GeekyBear
More to the point, that $399 original iPhone SE is starting it's sixth year of
OS and security updates.

Less than $70 per supported year.

~~~
wincy
I just got my wife the new SE and MAN it feels weird to use because it’s just
so QUICK! It’s a really amazing phone for the price.

------
ocdtrekkie
What truly flabbergasts me is that businesses today still feel that Google's
platforms and services can help their business.

The reality is, if you are a business, _Google is your competitor_. Which
means Google getting a hold of any information about your business should be
part of your _threat model_.

You may not be in Google's sights today, but you very well could be tomorrow.
And they will use your usage of their platforms to screw you.

~~~
jadbox
In my direct experience being in SV startups for over 10yrs, this is also true
for all major tech companies. They all abuse their platform power to enter
into a new market segment. Just a few days ago this journal was published:
[https://www.wsj.com/articles/amazon-tech-startup-echo-
bezos-...](https://www.wsj.com/articles/amazon-tech-startup-echo-bezos-alexa-
investment-fund-11595520249)

~~~
tmpz22
What's funny to me is despite wielding all this power and network effects -
when tech giants try to enter new markets they fail at a seemingly higher rate
then start-ups and other businesses. They have a ten mile head start and are
still losing the race consistently. Which is probably good for most consumers.

~~~
Guest19023892
I think they just expect a higher return than smaller start-ups. I mean, if
Google tries to make a new service and it's 'only' generating a few million in
revenue, that's not very exciting and they'll either i. directly kill the
service, or ii. gamble with aggressive methods of growth that likely kill the
service.

Meanwhile, give a start-up with 5 people a few million in revenue, and they'll
be jumping with joy at their success. Plus they'll have a lot more passion,
and more carefully manage risk while growing the business.

------
throwaway189262
We desperately need a standardized open source phone. The raspberry pi of
phones. Linux may be a better platform than AOSP. Android and iOS were
designed for control first.

Control over apps, control over the store, over what users are allowed to do.
If you don't need any of that to make money why not run a regular Linux
distro.

Opens source phones will never be mainstream. Same as desktop Linux. But it
would be nice to have a widely supported option for those of us that care

~~~
burtonator
HN loves to talk about how Open Source and distributed system are going to
change the world.

Apache and Linux were open source. The Internet was designed to be
distributed. We failed.

We still had centralization. We still have SPoF...

The issue is economic, not technical.

When corporations like Amazon and Google have _severely_ unfair competitive
advantages we're going up in this situation again and again and again.

The only way to change this is to reform tax law.

~~~
kazagistar
And the only way to reform tax law is to reform speech law to prevent blatant
corruption.

------
thatha7777
Unsurprising. Another decade-old example: in the pre-iPhone/pre-Android era,
when Google Maps was available on BlackBerry, Google created a vast database
that associated cellphone tower locations to addresses, on the (smart)
assumption that the “from” location is usually where you are.

They used this as a negotiating tactic for acquisitions they made in the
space...

~~~
sukilot
How does knowing where you are affect acquisitions? And why wouldn't they know
just from talking to the target?

~~~
nitrogen
I'm not sure, but I think the OP meant that Google pointed out "we already
have this DB, so you're _really_ not worth _that_ much to us" in negotiations
with location data vendors.

------
xondono
To me the most worrying is that while I intellectually know this is bad,
emotionally it gets a solid “meh” from me.

Google is desensitizing us to this kind of bad behavior, to the point that
this sounds like it’s only half the story, or not such a bug deal.

~~~
jarfil
All I care about is whether this is opt-in and whether I can decide to not
give then that data.

Other than that, Google being able to process more data about their own
platform than others, is something to be expected.

~~~
xondono
Agreed, but there’s a lot to say about what’s the default and how you are
supposed to opt-out.

If Google is artificially inflating opt-out costs for the user, then that’s
something to watch for.

------
lightgreen
> collects sensitive Android user data

Looks like it’s basic metrics like how often the app is launched. It is not
sensitive (user content of the apps would be sensitive).

It is an antitrust issue but barely a security/privacy issue.

~~~
jevgeni
Didn’t HN collectively loose their s..t when Microsoft did something similar
with Win 10 telemetry?

~~~
fierarul
Microsoft did and continues doing that, correct? I don't remember any article
on them stopping that or even explain what telemetry contains.

~~~
jevgeni
There is no suggestion that Google stopped said practice as well. But the
indignation on HN (at least) is usually left for anything but Google.

You can see what information (broadly) Microsoft collects through Windows 10
in the opt-in screen for telemetry. More detailed information has been
published here: [https://docs.microsoft.com/en-us/windows/privacy/required-
wi...](https://docs.microsoft.com/en-us/windows/privacy/required-windows-
diagnostic-data-events-and-fields-2004)

------
dannyr
If Google is really doing this, you'd think they could make messaging and
social media apps that are actually competitive.

~~~
nicoburns
Data won't get you very far here. You actually need good product/UX design.

~~~
mrweasel
Based on their current product line up I doubt that Google has a single UX
designer employed.

------
IgorPartola
This is the kind of crap that convinced me to switch to Apple handsets back in
the day when they were still a pain to use for various reasons (remember
upgrading by connecting to iTunes with a cable?). Apple does some shady shady
things but not with my privacy.

Incidentally though they do have some settings you might want to check out
though. One in particular let Facebook spy on your other apps so fine tune
their ads.

~~~
izacus
This is a bizarre post considering that Apple collects very similar data via
their analytics (there's an opt-out you need to select on your iOS device to
opt out) and Apple Store itself (which counts downloads and knows about every
update, install and uninstall of an app on your iOS device with no alternative
option for you as a user).

If you really care about your privacy in this case, Apple devices won't save
you either. The difference is just in the fact that ArsTechnica decided not to
write an article about it, but your data is being uploaded all the same :/

~~~
coldcode
No the difference with Apple is they don't make money off of your data, they
make money selling you devices. Google needs to know about your data in order
to sell it or ads or whatever to third parties.

~~~
IgorPartola
They don’t need your data to show you ads. DDG has a really nice post about
that. They do it because they can and because they can sell the data itself.
That sucks.

------
zodiakzz
>The data was used earlier this month in India, where Google planned to roll
out a competitor app to TikTok.

Ah! I was hoping the Google Cemetery meme would die out soon. Not so fast I
guess.

~~~
aasasd
And here I thought that ‘stories’ on Youtube is a competitor to Tiktok.

Apparently in this day only carpet-bombing with services bears fruit.

------
markosaric
Google loves to devour all the data it can so best to keep them as far away as
possible from the devices and properties that you own and control.

------
thoraway1010
For everyone one of the apple / google huge privacy breach headlines /
comments some quick thoughts.

Google and Apple can at least plausibly infrastructure an anonymized data
collection service and control access to it reasonably.

\- You probably should worry more about the per user per connection logs your
"loggless" VPN provider keeps in crappy open to the world datastores.

\- The data sniffing and tracking your own ISP is doing.

\- The uninstallable malware / bloatware etc that comes on huge number of
phones built by third parties (ie, not google or apple).

Whenever I sign up for a "free" service (like google analytics or its
equivalent for android) I am under almost no illusion that google isn't also
using that data to help track users access the web target them, figure out
what ads to show on my site (if I let them) etc etc.

And yes, we will find out that facebook tracks the URLs of sites people share
on their platform and "snoopes" on that to figure out popularity trends. And
twitter will watch tweet metrics related to their competitors. I wonder if we
will get some headlines over those issues.

Finally, some folks come up with weird threat models - google is out to get me
and now they can. Heads up, google could get you before this as well if they
cared to. Can you imagine a govt having google's power. That would be a near
dictatorship!

------
gerash
This is an unfair advantage but I don't think is specific to Google. I don't
know whether Apple collects such consumer usage metrics or not but Amazon,
Walmart, Costco, etc. they all monitor consumer metrics and might end up
building a competing product/service based on those metrics.

~~~
izacus
Apple certanly collects metrics about AppStore downloads (they're after all
available to developers with [https://developer.apple.com/app-store-
connect/analytics/](https://developer.apple.com/app-store-connect/analytics/)
). There's also a decent chunk of analytics going from iOS (probably order of
magnitde less than Android though) you need to opt out of.

------
mcintyre1994
I always assumed they’d be doing this. Given that Facebook went as far as
buying a VPN company and then turning it into spyware to get a fraction of
that data, it’d be surprising to me for Google not to be using what they have.

------
elisharobinson
why AB test when your competition can do it for you ... SMH come on google

------
Uptrenda
Copying boring social apps seems like such a waste of the talent and
creativity at Google. They should focus more on innovation instead of this
kind of cut-throat bs.

~~~
xenospn
Google doesn’t innovate anymore. They acquire and throw most of their
acquisitions in the trash.

~~~
flutterdude420
Alpha Zero and Quantum supremacy don't count as innovation?

------
0xy
>"The API doesn't obtain any information about in-app activity and our
collection of this data is disclosed to and controllable by users"

Google is excellent at this kind of word maneuver, designed to confuse and
mislead.

Google gets confronted about an egregious practice, and a PR representative
responds with "well, we would absolutely never do [slightly worse unrelated
thing]". This happens over and over again.

They get caught, MSM blindly repeats Google PR talking points with enormous
spin and PR manuevering, and everyone forgets until the next scandal.

~~~
0xWTF
I have to say, my experience working with Google is that they actually resist
the acquisition of information that's not in the public domain in a lot of
ways. I've seen them fund another company's development team to do work, even
buying the other company hardware for the task, just to avoid the data. I've
seen them consciously exclude engineering tools you'd think are right up their
alley, because the tools would acquire data which, while entirely in-scope and
on-mission, could be considered too sensitive in some context.

If they're collecting this data, I strongly suspect they feel obligated to,
maybe even compelled too. Possibly for purposes like app security, user
security, OS security, user experience, etc.

~~~
the_pwner224
> If they're collecting this data, I strongly suspect they feel obligated to,
> maybe even compelled too. Possibly for purposes like app security, user
> security, OS security, user experience, etc.

This doesn't really make sense; none of those are compelling use cases for
such invasive data collection. And this _additional new_ tracking does not
seem very useful for security, and even then there's no reason for all of the
data to leave the device if it's for security.

~~~
tdeck
Play collects certain metrics about app usage because app developers want them
(not sure how much overlap there is with what's described in the article).

Source:

[https://support.google.com/googleplay/android-
developer/answ...](https://support.google.com/googleplay/android-
developer/answer/139628?co=GENIE.Platform%3DDesktop&hl=en)

------
swiley
There is not a single good “mobile os.”

Trash all of them and just put GNU/Linux on your devices if you really have to
have a smart phone.

~~~
vdfs
Android run on GNU/Linux, problem is not in the kernel but user land apps will
track you

~~~
nitrogen
It doesn't run GNU, or at least not much of it.

~~~
swiley
It doesn’t run _any_ of it. Much of the architecture of the OS seems to be
built around avoiding the GPL in the kernel. That’s part of why older devices
can’t get updates.

------
gigatexal
The temptation to exploit data you collect is too high. Best not to collect
this data in the first place.

------
dynjo
Honestly is anyone surprised..

~~~
fxtentacle
If you fill a trough, pigs will come.

We have this saying in Germany about data collection. What it means is you can
usually assume that given enough time, companies will do the worst with the
data that exists, so the only reasonable approach is to never collect so much
data in the first place.

~~~
ssss11
I like that saying.

And i agree companies should only be allowed to gather the minimal data
necessary in a given situation.

------
jacquesm
Not three days ago there was this article about another company where people
were immediately saying with great authority that Google would never do this.

------
arkanciscan
It's too bad there's not an open platform where apps can be deployed without a
centralized proprietary app store...

