I'm about to buy my first Android phone. My understanding is that, in order to download apps and get updates from Google Play, I need to be permanently signed into a Google account that's linked to my name via credit card information.
I find Google's privacy policy too ambiguous to understand what data is logged from Android users. I don't want to share more information than the device needs to operate.
Here are some steps I plan to take already:
My questions:
- What other information does Android send to Google by default?
- What actions should I take to minimise data collection from Google and other apps? (I'll be using stock Android 4.2 on a Nexus 4.)
- Is Android still a good choice if I don't plan to use Google's services?
Answer
Android is FACC
Android might be many things, but certainly not "privacy first". At least not if you want to use Google Playstore as a ressource for your apps. While at creation (initialization) of your google-account on your Android device, you are asked "Do you want to store your data with Google?", this only means "Backups of your apps and their data, as far as they support it". Soon you will discover that your contacts and calendars are automatically synced with Google servers, without asking you, unless you explicitly opted out of that.
So if there are any firsts, it's FACC: Android comes Free of charge, is Ad supported, Cloud based, and highly Customizable. Nobody will argue the first and last items are very appreciable, while "the cloud" is fine with most, and the ads are mostly "accepted" (as long as they are not too agressive, like e.g. Airpush).
So what data do Google services collect?
Nick checked some sources (namely, Google's privacy policy), and reported in a below comment:
Google says it logs your "phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls" in their privacy policy. It also logs your IP address.
But it doesn't say if this info is logged for Android users specifically, or if it's only collected from other services such as Google Voice. And it doesn't say whether it logs data even if you're logged out of Android services.
Sometimes what's missing speaks as well (sometimes even louder than the facts mentioned). So starting with the "worst-case scenario", we won't be too much shocked later on. Having created a Google account or not: as soon as a network connection is available, data can be uploaded to any servers. System apps can access identifying data such as imei or IMSI, your phone number, or even your locally stored contacts and calendars (yepp, paranoia-mode enabled again), and with an available network, they could transfer all data they have available anywhere. (Careful: I did not say they do so, just they could).
We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). Google may associate your device identifiers or phone number with your Google Account.
(Source: Google Collection, see below)
Never forget: While Android itself is Open Source, many apps are not. But also keep in mind: this is not just the case with Android, but with any other system as well.
If you want to read some more on Google's privacy:
There's one really scary part:
We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
(emphasis mine; source: Google Collection, see above)
First steps for privacy
At the very first you could check in advance how the device you want to buy comes configured. In most cases, there will be a lot of bloatware pre-installed, which contributes to the "data share". While you cannot really be forced to use those apps, it sometimes is not really possible to get rid of them without rooting. So the less bloatware there is, the better.
rooting is not always an option, as in most countries this will void your warranty. Otherwise you could decide for a more privacy-friendly custom-rom. So when you've got your new device, you will have to carefully check all options whether they might be intrusive to your privacy:
- say "No" to above mentioned "Backup to Google" question. Otherwise, next to the list of apps you've installed from Google Play (which Google knows anyway), and data from several apps, also sensitive information like e.g. your WiFi passwords find their way into the cloud.
- before you enter any contact or calendar data, make sure to have the sync disabled for them (see Settings→Accounts & Sync). You can still export your contact list easily direct from within the contacts app -- but if you are going to import anything again after e.g. a factory-reset or on a new device, make sure to check the sync options before that (that was how Google got my data, when I forgot that one time).
- if you enable Google's location service, this will also send "anonymized" data about places you've been. I placed "anonymized" in quotation marks, as a study recently showed that de-anonymization can be easily achieved. So you might want to turn that off as well.
Android without Google?
Wouldn't it be more consequent then to use Android without Google? This question has been discussed more than once. And yes, it is certainly possible (and before you say it's a "contradiction in terms", I could split hairs and argue that Android is not developed "by Google", but by the AOSP, the Android Open Source Project). You will have to sacrifice some things (as e.g. a big part of the apps on Google Play are hard to find outside Google Play, for example). But if that's a price you are willing to pay to protect your privacy at max, here are some readings for you:
Privacy with Android and Google?
Okay, the above approach might be a bit too exaggerated for the most (but hey, only because we are paranoid, that doesn't mean nobody's after us, right?). So what's the way in the middle? I mean, aside the "first steps" mentioned above?
There are many things. In First steps for privacy I already described how to prepare a fresh, unbloated Android that comes with the Google Apps. Now let's look what to care for next:
Pre-installed apps
There might come some pre-installed apps not belonging to the Android core system. And not "really needed" for the privacy-concerned. Stuff like Google+ or Facebook. Starting with Android 4.0, we can simply go to Settings→Apps→Manage Apps, and disable those we don't want to use. This also might give a boost to performance and improve battery-life, as it rids us of several "background services" those apps were running. At startup. Even if we never started them.
Installing new apps
Don't click on everything fancy (well, need to remember that for a later part: ads in apps). Of course look around what sounds useful or interesting to you. But make sure to read through the comments (at least scan through them) for possible obstacles. Ignore those one-word comments like "great" and "shit", and also those just declaring "download problems" and the like. They do not speak about the app. But check if there were any privacy concerns in the past, or any other trouble for that sake.
Then make sure to check the permissions the app requests. Do they make sense (in the context of what the app is supposed to do)? Critical combinations for privacy are e.g. access to personal data (contacts, calendars, etc) with internet. Or simply internet -- as they could send anything. How hard you argue depends on the grade of paranoia you cultivate :)
Privacy helpers
Sometimes it's not avoidable to risk some permissions: of course a web browser needs internet access, as does a SMS app need access to your messages. So how to control or restrict them?
There are several helpers around (see e.g. this list at lisisoft, will take you a while to scan through it :). You can hide sensitive information using...
- password stores
- locked galleries
- crypt containers (see e.g. Droid Crypt)
All these things do not even require your device to be rooted. But really forbidding apps to access things (or control their access) won't work without root. Examples have already be named in bassmadrigal's answer:
- LBE Privacy Guard controls access to your data (call-logs, contacts, etc.), to critical functions (initiate calls, access location data, etc.) plus firewall your device (control which apps might access the net via WiFi, mobile data). Careful when you're running JellyBean or higher: the playstore version of this app is known to cause boot-loops there. Rather check XDA-developers, they have a fixed version.
- PDroid comes in several variants: PDroid Privacy Protection being the original one, followed up by PDroid Manager and OpenPDroid. Other than LBE, these cannot be installed as an app, but need additional preparations -- as they are deeply integrated into the system. This not only adds another layer of protection -- but OpenPDroid is even OpenSource, which adds another layer of trust as well.
See also how to fake my personal information.
Want some shocking details?
Visit your Google Dashboard, log in with your Google account. Here you can find out whom you contacted most frequently, and what other data Google collected from you.
What happens with all your data when you die, or for any other reason become inactive?
Ooops? Yes, also something one should keep in mind in this context: Plan your digital afterlife. The linked article introduces the new Inactive Account Manager:
You can tell us what to do with your Gmail messages and data from several other Google services if your account becomes inactive for any reason.
For example, you can choose to have your data deleted — after three, six, nine or 12 months of inactivity. Or you can select trusted contacts to receive data [...]
(Read more in the linked article)
Protect your device
Now you've taken care no data is leaving your device, even locked data away in "data vaults", and secured the "back-doors" -- you should not leave the front-door wide open. Go to Settings→Security and set up a screen lock. Multiple choices here:
- the good-old PIN code. Not really secure. At least not, if you use King Roland's PIN for Druidia's planet shield (or president Screw's for his briefcase; in case you do not know Spaceballs, the PIN was "12345" for both). Also not your birthdate or something like that.
- a pattern-lock. More secure, as a relation to data retrievable by social-engineering is quite unlikely.
- a password can be highly secure, if you use all characters available: letters (upper and lower case), numbers, special chars. And make it long. E.g.
Ti1$spnc3h!
-- how to remember that? Check: "This is a $uper secure password nobody can 3asily hack!"
Anti-theft protection
Also a lot of solutions on the playstore. Highly praised solutions include Cerberus anti theft, avast! Mobile Security, and more. If your device gets lost, with a good anti-theft protection you can
- check its position
- sound an alarm
- remotely back-up (retrieve) stored data, before you...
- remote-wipe the entire device including its sensitive data
and optimally, the anti-theft app automatically informs you in case the thief changes the SIM. It hides itself (stealth mode) and, with root available, can even protect itself against a factory-reset by integrating into the /system
partition. So the only chance a thief has is to immediately switch-off the device, put it into a Faraday cage, and flash a new ROM while it's still in there...
Anti-virus
...you can left out, if you've followed above steps. Yes, there certainly is malware around. But with all the protection levels taken, and careful selection of sources as well as the apps themselves, risk is absolutely minimal. I never had malware on any of my devices, though I've tested a lot of apps over the past years. After all, Anti-virus (or rather anti-malware, as yet there was no virus sighted for Android) might give a false sense of security ("What shall happen? I've got that Anti-virus."), as they cannot really detect everything (no heuristics, e.g.), but rather check against a database of known malware mainly.
Backup
Last but not least: Having turned off all Google services (or at least restricted them to a minimum), you will need an alternative backup. To be honest: even if you've decided to answer "Yes" to the above question of "Do you want to backup your data with Google?", you will need a good backup -- as that "Google backup" might be many things, but for sure not complete (apps must explicitly support it by implementing its API, which is done by few apps).
For this, if your device is rooted, I strongly recommend a little investion: do yourself (and your device) some good, and buy Titanium Backup PRO. You won't regret it. TiBu is a very powerful tool to backup and restore apps including their data, restore parts of nandroid backups (see: nandroid tag wiki and backup tag wiki for details), freeze/unfreeze apps, detach apps from the playstore, and much more. Scheduled backups included. Stored to your sdcard or, if you really want to, to the cloud.
Not being rooted, but having a device with Android 4.0 or higher? Take a look at Carbon - App Sync and Backup, so you can at least backup all your apps and their data, plus some of the system data. Scheduled backups are planned here as well.
Additionally, you might want to take a look at Full Backup of non-rooted devices for more details on this topic.
Conclusion
As I wrote, there usually isn't a simple answer. You can use "Android without Google", cut down all network connections, and so on -- but at latest when you also take out your SIM, it's no longer a smartphone. Android is designed to be network enabled, from its very beginning.
You could say "who cares", and let it all go -- and complain when it's too late.
Usually you have to find a way in the middle, deciding how much of your privacy you are willing to sacrifice for how much comfort/convenience. I just listed possibilities, showed what is to be found where, and what solutions exist to protect your privacy the one way or the other. Hopefully, my elaborations will help you making your decisions.
No comments:
Post a Comment