Google collects metadata from Android phones

The article seems to imply that this is a recent addition to the privacy policy. Google keeps archived versions of their privacy policies (<a href="https:&#x2F;&#x2F;www.google.de&#x2F;intl&#x2F;en&#x2F;policies&#x2F;privacy&#x2F;archive&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.google.de&#x2F;intl&#x2F;en&#x2F;policies&#x2F;privacy&#x2F;archive&#x2F;</a>), and you can easily see that the &quot;telephony log information&quot; was added in the March 1st 2012 revision of the Google privacy policy.<p>You can see a summary on <a href="https:&#x2F;&#x2F;www.eff.org&#x2F;deeplinks&#x2F;2012&#x2F;02&#x2F;what-actually-changed-google&#x27;s-privacy-policy" rel="nofollow">https:&#x2F;&#x2F;www.eff.org&#x2F;deeplinks&#x2F;2012&#x2F;02&#x2F;what-actually-changed-...</a><p>As the EFF mentions, this was a big privacy policy change, and it was widely announced. For example, I searched through my emails right now and found an email from Google (on my @gmail.com address) on 2012-01-28 announcing the change and asking me to &quot;please take a few minutes to read our updated Privacy Policy and Terms of Service at <a href="http:&#x2F;&#x2F;www.google.com&#x2F;policies&quot;" rel="nofollow">http:&#x2F;&#x2F;www.google.com&#x2F;policies&quot;</a>.<p>For completeness sake, the diff from the changes on June 28th: <a href="https:&#x2F;&#x2F;www.google.de&#x2F;intl&#x2F;en&#x2F;policies&#x2F;privacy&#x2F;archive&#x2F;20160325-20160628&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.google.de&#x2F;intl&#x2F;en&#x2F;policies&#x2F;privacy&#x2F;archive&#x2F;20160...</a><p>Disclaimer: I work at Google, but not on anything related to this. I speak for myself, not for the company.<p>EDIT: Interestingly, the language in the 2012 unified privacy policy matches very closely the language that was used in Google Voice&#x27;s privacy policy since 2009: <a href="https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20090315193708&#x2F;https:&#x2F;&#x2F;www.google.com&#x2F;voice&#x2F;help&#x2F;privacy" rel="nofollow">https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20090315193708&#x2F;https:&#x2F;&#x2F;www.googl...</a><p>&gt; Google&#x27;s servers also automatically collect telephony log information (including calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information, and types of calls).

Are people really surprised about this anymore? I can&#x27;t say that I am. Google is a company which makes a lot of money off of their platforms. I expect them to be collecting data wherever and whenever they can. I see stories like this every day but I&#x27;ve become accustomed to it because it&#x27;s such a normal practice nowadays, especially from a company like google which provides so many advertising services. I&#x27;m not saying this is a good thing, absolutely not. I&#x27;m just saying that I&#x27;ve come to expect this kind of thing in the current day and age.

For what it&#x27;s worth, I have my doubts that this applies to a generic call&#x2F;sms on any old Android device. I would think it&#x27;s more likely to apply to services such as the Hangouts calling or Google Voice, and probably Google Fi, all of which make sense to collect that data, but the privacy policy doesn&#x27;t absolve itself of that.<p>&gt; When this Privacy Policy applies<p>&gt; Our Privacy Policy applies to all of the services offered by Google Inc. and its affiliates, including YouTube, <i>services Google provides on Android devices</i>, and services offered on other sites (such as our advertising services), but excludes services that have separate privacy policies that do not incorporate this Privacy Policy.

So, we are pretty much bound to choose between Android and iOS, because of the whole apps platform thing.<p>I&#x27;ve always considered Google to be evil if not proven otherwise. It is a simple conflict of interest to trust Google with the user&#x27;s privacy. They make money by creating profiles on users and serving relevant ads. I&#x27;d be an idiot to keep on asking them to play nice and respect my privacy.<p>Apple on the other hand seems to be aligned to respect privacy in principle, and publicly claims it doesn&#x27;t violate user&#x27;s privacy. But, there is no way to verify their system because of the proprietary nature. So I treat them as less evil.<p>Before you suggest something like Replicant. They are only slightly better than the feature phones because of the lack of the new and fancy apps and with a label that reads &quot;If you need serious privacy stay away from any telephony-enabled device&quot; <a href="http:&#x2F;&#x2F;www.replicant.us&#x2F;freedom-privacy-security-issues.php" rel="nofollow">http:&#x2F;&#x2F;www.replicant.us&#x2F;freedom-privacy-security-issues.php</a><p>So, I guess the only choice is to stay paranoid and not trust your phone with any sensitive private data.

It says this right before the bolded part:<p>&quot;When you use our services or view content provided by Google, we automatically collect and store certain information in server logs. This includes:&quot;<p>I am not sure this applies to regular phone calls, no? Can someone explain here because I am certainly not understanding. Is this only for, say, Google Voice or related services that they have?

It mentions that google collects the data in server logs, the telephony in this case may be referring to google voice and not android OS since using android doesn&#x27;t necessarily imply you&#x27;re using google servers. (The play store, google services, etc does but can be avoided)

A Gooxit would be in order.<p>From time to time I wonder why the EU accepts foreign companies stealing so much personal data. China did the right thing. We should learn from them. India, afaik, also has better protection.

Is the calling or called number only passed when &quot;Caller ID by Google&quot; is enabled?<p><a href="https:&#x2F;&#x2F;support.google.com&#x2F;nexus&#x2F;answer&#x2F;3459196?hl=en" rel="nofollow">https:&#x2F;&#x2F;support.google.com&#x2F;nexus&#x2F;answer&#x2F;3459196?hl=en</a>

I don&#x27;t care what people say, the ethics, or legality, you should consider dumping fake identifying info.<p><a href="http:&#x2F;&#x2F;xposed.info&#x2F;" rel="nofollow">http:&#x2F;&#x2F;xposed.info&#x2F;</a><p><a href="http:&#x2F;&#x2F;xprivacy.eu&#x2F;" rel="nofollow">http:&#x2F;&#x2F;xprivacy.eu&#x2F;</a><p>Use apps from other app stores, in my case F-Droid.

And people freak out about some Microsoft telemetry collection.

To me, this is no different than someone from Toyota demanding I tell them where I&#x27;m going, who I&#x27;m going with and for how long every time I drive somewhere because I drive a Toyota and those are the terms.<p>Google is kinda like having a psycho girl&#x2F;boy-friend that wants to know your every move. Creepy.

As I&#x27;ve said before, I&#x27;d love to have an open source dumbphone. I know there are some big duct tape and PCB examples out there, but something polished and minimalistic would be fine with me. I think there would be a solid niche market in the current climate. I wouldn&#x27;t buy a new one every other year and it would be way easier to lock down.<p>You can&#x27;t buy an open source 2d printer, but can buy and build 3d OSS ones no problem. In like kind, I don&#x27;t think people find dumbphones interesting anymore, sadly. Actually, why print at all when you can &quot;Google Cloud Print&quot;?

I know that at least Sprint already does this. You can typically see your call log on the bills, but getting text messages requires a notarized form.<p><a href="https:&#x2F;&#x2F;support.sprint.com&#x2F;support&#x2F;article&#x2F;Get_your_text_message_usage_details&#x2F;a9035f32-ee60-43ec-8895-d9c84712488d" rel="nofollow">https:&#x2F;&#x2F;support.sprint.com&#x2F;support&#x2F;article&#x2F;Get_your_text_mes...</a>

Half the enterprise apps I know stop working on cyanogen. Is there an alternative? Also is there a way to separate work and personal phone usage on a single device? Tools like mobile iron seem to demand all of my info be made available for whatever it deems fit for the corporate I work for.

I was typing in a mac terminal, and needed to google something unrelated. Only to find google auto suggested on a very obscure command I just typed into the terminal. I&#x27;m almost certain keystrokes are logged when the chrome browser is running on a mac.

Is there an Android fork where this isn&#x27;t a problem and which you could suggest?

I&#x27;d be more upset about this if I weren&#x27;t already using Google Voice and Hangouts to make all of my SMS&#x27;s and calls so I know Google is watching - I&#x27;d rather give that info to Google than give it to my telco.

I assume the reach of HN means more than a few people who are reading this thread are currently working with telemetry or tracking data. Yet rarely do I see any posts offering an insider&#x27;s perspective of how it is used. Obviously there are privacy and ethical barriers, not to mention NDAs. But without the opposing view these discussions are always heavily slanted toward the &quot;data collection is bad&quot; opinion with no evidence that the data being collected is actually being used in the nefarious ways being speculated.<p>Who will be the Snowden of the advertising industry?

This most likely also collects call (meta) data about any phone called from Android and anyone calling a number terminating on an Android phone.

Additionally, Ursidae defecate in forest biomes.

Does someone really wonder about that?

The question to ask is whether Google would release a sequel to &quot;The Lives of Others&quot; [0].<p>[0] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;The_Lives_of_Others" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;The_Lives_of_Others</a>

It&#x27;s a minor quibble but is it accurate to put the project under the US &quot;government&quot; umbrella (@usgov)? I don&#x27;t think the USG existed in any meaningful sense before confederation.

&quot;Fuck these guys&quot;

Every major OS collects telemetry data, and most mobile OSes have an &quot;advertising ID&quot; (which you can disable.) This is to be expected in a world of &quot;big data.&quot;

This is completely fucking ridiculous.<p><i>Of course</i> Google&#x27;s privacy policy says they can store that information. That&#x27;s why I can go to google.com&#x2F;voice and get a comprehensive, time-ordered, millisecond-precision (if you poke around the network tab a bit - I forgot that epoch values started &quot;12&quot; back then!) list of<p>&gt; your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls.<p>that I have made over the past 6 years, 10 months, and 20-something days.<p>This is a service they provided, that I&#x27;m using, if the data were not there, I would have gotten rid of my gvoice number, found a service that preserved my data like any self-respecting service provider (I&#x27;m really at a loss here - is this <i>not</i> available on iOS?) and complained loudly that Google Caused Data Loss For Users and should probably get hit with a lawsuit for damages.<p>I cannot believe how one-sided the discussion here is.<p>The claim that GOOG is capturing all this data on all calls and texts on all android devices is -completely- unsubstantiated. There&#x27;s one link to a german-language blog, whose (admittedly, Google-) translated claim seems to be that they tested - a - phone. One. With phone calls. Did they test SMS too? Was there a network connection to google&#x27;s servers? The omission could just be the translation, but right now I think this is actually a story with 181 comments about, at most, a phone that also has hangouts, that pings the server to tell google to mark their user as being in a call.<p>Completely ridiculous.<p>My only affiliation with Google is as a user.<p>Oh, and let&#x27;s not forget here, that if Google <i>were</i> trying to subtly reinterpret &quot;your use of our services&quot; as &quot;we capture everything from all Android devices&quot;, why on earth would they do a time-synchronized, easily-reproducible log when the call starts? (And how would they already have the call duration, blah blah blah at that time?) I can assure you, they&#x27;re quite familiar with queuing data on the device to be sent later.<p>The most irritating comment thread I&#x27;ve read in a long time. None of what is being claimed is even remotely cogent, on the <i>face</i> of it, and the reaction is just an endless woe-is-me of &quot;what did you expect, we all saw this coming, what can ya do, the companies these days, they&#x27;re just not like they used to be&quot; I mean, is this a brexit hangover or what?<p>Just sprinkle on a little &quot;the NSA does exactly thing tho omg&quot; and &quot;metadata===murder&quot; (yup, I think of you as js fanboys, that&#x27;s how bad it is) just and... yeah, the expletive is necessary. Completely fucking ridiculous.

So we need a fork that runs sans Gapps

i always assumed they went with &#x27;ok, google ..&#x27; so that it could be legally considered consent

<a href="https:&#x2F;&#x2F;github.com&#x2F;SilenceIM&#x2F;Silence" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;SilenceIM&#x2F;Silence</a>

from google browser bar to google browser to google os to google isp. so nosy

before we jump to conclusions not based by facts..BB collects same info as part of device metric measuring..its a common secret that most mobile OSes both open source and closed source do this..<p>While BB gave Canda authorities access..Google by default does not..

prism company in data collection shocker

I’m managing editor of mobilsicher.de (<a href="https:&#x2F;&#x2F;mobilsicher.de" rel="nofollow">https:&#x2F;&#x2F;mobilsicher.de</a>), the news site this story originated from. We are a relatively new site (launched in Sept. 2015) and only now looked into this.<p>The fact that it had remained undetected because no one had taken a closer look at it for several years does not mean that the questions we ask are unwarranted.<p>Peter Schaar, former German federal commissioner for data security and - at the time - chairman of the ARTICLE 29 Data Protection Working Party of the EU, says Google’s practices may even violate fundamental rights under German and European law.<p>The current German federal commissioner for data security is looking into it because of our reporting, so does the commissioner for data security of the German federal state of Hamburg, which has authority over Google because the company’s German headquarters are located there.<p>We will hopefully hear from them shortly on how they assess the situation. Also, a request for a statement from the Irish DPC (Google’s EU headquarters are located in Dublin) is under way.<p>Researching our original story, we of course asked Google to answer our questions on whose data exactly is collected under the provisions of the private policy, what data is collected, for how long, where it is stored and why Google thinks it can justify this data collection and processing on consent to their terms and services alone.<p>Now, after the story was picked up by dpa, Germany’s largest national news agency, and several influential tech news sites (German language only, Golem: <a href="http:&#x2F;&#x2F;www.golem.de&#x2F;news&#x2F;ueberwachung-google-sammelt-gespraechsprotokolle-von-android-geraeten-1606-121856.html" rel="nofollow">http:&#x2F;&#x2F;www.golem.de&#x2F;news&#x2F;ueberwachung-google-sammelt-gesprae...</a> | heise: <a href="http:&#x2F;&#x2F;www.heise.de&#x2F;newsticker&#x2F;meldung&#x2F;Google-Wirbel-um-private-Vorratsdatenspeicherung-mit-Android-3252902.html" rel="nofollow">http:&#x2F;&#x2F;www.heise.de&#x2F;newsticker&#x2F;meldung&#x2F;Google-Wirbel-um-priv...</a>), Google has now issued a statement that poses more questions than it answers. We published our story today (<a href="https:&#x2F;&#x2F;mobilsicher.de&#x2F;aktuelles&#x2F;google-speichert-telefondaten-welche-bleibt-offen" rel="nofollow">https:&#x2F;&#x2F;mobilsicher.de&#x2F;aktuelles&#x2F;google-speichert-telefondat...</a>) and also provided an English language version (Google admits it collects telephony log information, doesn’t specify which exactly - <a href="https:&#x2F;&#x2F;mobilsicher.de&#x2F;uncategorized&#x2F;google-admits-it-collects-telephony-log-information-doesnt-specify-which-exactly" rel="nofollow">https:&#x2F;&#x2F;mobilsicher.de&#x2F;uncategorized&#x2F;google-admits-it-collec...</a>) because we think this discussion is very relevant for an international community.<p>We are a small team but will keep reporting on this, trying to clarify the legal situation as well as the technical details. For this we’ll be doing more of our own analysis. In case any of you has helpful information, i.e. logs showing telephony data being transmitted to servers, please let us know (m.spielkamp at mobilsicher.de). But please make sure it can be reproduced by us, otherwise we’ll have a hard time using it.

No shit

In other news, water is wet.

duh.

Companies should rather post diffs, not &quot;we updated the policy&quot;.[1] I don&#x27;t intend to spend my time to go through myself, it&#x27;s hard enough for one company, not a myriad of services we use nowadays.<p>But I guess this is a nasty way to implement some unpopular policies, then point the finger at the user stating he complied to it.<p>[1] And by fixing this I mean make it a law.

Just go on activity controls and disable &quot;device information&quot;: <a href="https:&#x2F;&#x2F;myaccount.google.com&#x2F;activitycontrols?hl=en&amp;pli=1&amp;otzr=1" rel="nofollow">https:&#x2F;&#x2F;myaccount.google.com&#x2F;activitycontrols?hl=en&amp;pli=1&amp;ot...</a>

If you are using an Android or any other Google product you should assume every piece of data is being collected. If you don&#x27;t want that, move to iOS.

Says the guy using a free gmail.com email address.

But what is the paid alternative of all this privacy invasion? Even Apple is doing it now.

This clause was carried over from the Google Voice privacy policy when Google merged all of their policies into one in 2012.

I&#x27;m somewhat amazed at the near uniformity of opinions on this thread that having such information collected by Google (or other company) is an obvious bad thing. And that decision of millions of everyday people to give up their &quot;privacy&quot; in such a way is a very unfortunate reality of modern life.<p>I am open to argument, but it seems to me that most experience of terrible problems on the internet come from malware, browser hijacks, spam, basically the actions of criminals.<p>IMO, the only hope for a &quot;civilian&quot; in maintaining a semblance of online security is to rely upon the large providers of mass computing services.<p>I do not know of anyone who has had a negative experience as the result of not having a high level of online privacy.<p>From actions undertaken by the government or business.<p>The closest I know of is cases where individuals have been arrested on possessing or accessing child porn. There are also numerous examples in the media of people involved in the drug trade, or sex industries.<p>I don&#x27;t think your average citizen is going to be swayed by such accounts that they should undertake costly efforts to protect themselves from such activities. On the contrary, I would hazard a guess that they would see the surrender of such &quot;liberties&quot; to be a net benefit to society.<p>I&#x27;m not saying this is a correct view, I could be persuaded that it&#x27;s not, but I have yet been so persuaded. I&#x27;m befuddled by apparent disconnect here.