Smartphones that run Android operating systems could be spying on their owners, and there is no way to stop it, according to a new study from a team of researchers at Trinity College in Dublin.

The academics conducted an in-depth measurement study and examined data sent from Android OS, operating on Samsung, Huawei, Realme, and Xiaomi devices.

What they found was startling, “even when minimally configured and the handset is idle, these vendors customised Android variants transmit substantial amounts of information to the OS developer and to third parties (Google, Microsoft, LinkedIn, Facebook etc.) that have pre-installed apps.”

They noted that ‘while occasional communication with OS servers is to be expected, the observed data transmission goes well beyond this and raises a number of privacy concerns. There is no opt-out from this data collection.”

So-called ‘system apps’ are a vital feature of Android devices. They are pre-installed on the device and cannot be deleted as they are stored on a protected read-only part of the disk. These apps, which include the GApps package from Google as well as LinkedIn, Microsoft and Facebook, have enhanced rights that are not granted to apps that the user installs.

While intercepting the data sent from these apps, they noted that Samsung, Xiaomi, Huawei and Realme Android OS’s transmit a “substantial volume of data” to the app developer. When compared to more privacy focussed OS’s, very little data was transmitted. This, the report’s authors said, showed that data collection wasn’t necessary but rather an option of the developer.

But it was not just the volume of data that the researchers considered disturbing, it was its nature as well. They found the phone’s permanent identification systems, telemetry data, and information on apps and how long and often they are used. 

Regarding apps, this is particularly problematic as what apps a person has on their phone can reveal personal information about them, including sexual orientation, mental health, and religion.

The report said that “this can reveal user interests and traits. The list of apps can also act as a handset fingerprint, unique to only a small number of handsets, and so be used for tracking.”

Apps on the phone, including the Google Play store, are also tied to a user’s bank card or a payment processor and their email address. This means the concept of anonymised data is almost impossible to maintain. Furthermore, according to the report, tracking users’ locations can infer someone’s identity “with high probability”, according to the report.

There is also no way to opt-out of or switch off this kind of data harvesting or decide how it should be limited. This puts users in an impossible position; be surveilled by developers or give up their smartphone completely.

As smartphones continue to proliferate, many users are simply unaware of how much of their data is used. Around one-quarter of mobile apps with more than 1 billion downloads sell their users private data or use it for monetary gain. Many also transmit data, including that which uniquely identifies the device, insecurely, to third parties.

“The Android open-source model facilitates harmful behaviours and backdoors to sensitive data without user consent while uncovering potential relationships between manufacturers, network operators, and third-parties,” the report concludes.

Facebook, one of the apps mentioned in the report, has a long string of privacy-related woes. These include the harvesting and dissemination of data to now-defunct Cambridge Analytica. The company reportedly used the data to manipulate voters and sway public opinion for the gain of paying political entities.

They have also come under fire for not dealing with hateful content and misinformation on their platform. This includes a lawsuit filed by Reporters Without Borders, an ongoing SEC suit, and whistleblower Frances Haugen.

The former Facebook employee went public earlier this month with claims that amongst other things, Facebook allowed and even prioritised divisive content as it was more lucrative for them. She revealed that the company was well aware of the harm its algorithms caused, but continued allowing them anyway.