Research maps Google’s data collection via Android, Chrome and ads
Recent research by Douglas Schmidt, a scientist at the American Vanderbilt University, maps the data collection via various Google platforms, for example via an Android device. Google calls the research misleading.
The research is called Google Data Collection. For example, the findings of the study deal with data collection based on the Android device. A distinction is made between active and passive data. The first group includes data generated by user actions, such as activity on YouTube and search terms in Maps or Search. The research focuses primarily on passive data, which was mapped by comparing network traffic from a single Android device and a single iPhone while not in use.
Over a 24-hour period, the Android device made about 900 requests to Google servers, about 35 percent of which were related to the device’s location. The iPhone made 50 times fewer requests to Google services and 10 times fewer requests to Apple services during the same period. In total, the traffic between the Android device and Google amounted to 4.4MB per day, which would be six times more than the traffic between the iPhone and Google’s servers. The study mentions in an appendix that location requests may contain various types of information, but does not specify this in the cited passage.
Requests during 24 hours of inactivity (left) and requests during a ‘typical day’.
Google responded to The Washington Post about the investigation, stating, “The investigation was commissioned by a professional lobby group and written by an Oracle witness in the copyright case against Google. Therefore, it is not surprising that it contains highly misleading information.” The newspaper notes that the research was paid for by Digital Content Next, a lobbying group for the publishing industry, which is more often critical of Google.
The investigation also claims that it is possible for Google to link anonymous identifiers, for example via Google advertising service DoubleClick, to a user’s Google account. This would happen because Android devices perform a periodic ‘check-in’ in which it sends this information. It would also be possible to associate information from a DoubleClick cookie with a Google account, even if someone is using Chrome’s incognito mode or a similar mode in another browser. For example, if a user visits a site that uses DoubleClick and then logs into Gmail, IDs associated with both services are sent to DoubleClick in a request. That would pose a problem if users don’t regularly delete their cookies.
When The Washington Post asked Google to name the misleading parts of the report, the company referred to how Chrome works and incognito mode and stated that it doesn’t associate anonymous activity with Google accounts when people log in. In addition, in incognito mode, data would be deleted if turned off. Google further claims that it does not link anonymous data from advertising cookies to user accounts.
One of the ways in which Schmidt made the data collection transparent is via an Android device, which was used for an ‘average day’ after it was provided with a new Google account and a new SIM card. The Chrome browser and the advertising ecosystem were also examined. The researcher then looked at what exactly was collected via ‘My Activity’ and the Takeout function. He also examined network traffic using a proxy. Other information about Google’s data collection came from privacy policy and previous research.
A further conclusion from the study is that a user of an Android device with Chrome shares a lot of data with Google, even though he avoids popular services of the company. Through an iPhone, Google would not have access to location data, but would be able to collect approximately the same amount of advertising data.