Paper zeigt: iOS als auch Google Android übertragen trotz Opt-Out Telemetrie-Daten

In einem Paper wurde untersucht, welche Daten Android und iOS an Google bzw. Apple senden. Sehr informativ. Ich zitiere mal das Fazit:

We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handsetphone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing.

Besonders hervorzuheben:

Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this.

Weshalb wundert mich das nicht mehr? Ich muss da offenbar schon vollständig abgestumpft sein.

Ein Blick in die Details:

When the Google Pixel 2 is left idle, roughly every 6 hours it makes a connection to android.googleapis.com/checkin that sends many device identifiers:

POST https://android.googleapis.com/checkinHeaders
Cookie:NID=204=sa8sIUm5eJ9...NabihZ3RNI
POST body decoded as protobuf:
2:3876027569814251330 //AndroidId
<...>
  6: "27205" //Mobile operator
  7: "27211" //SIM operator
  8: "WIFI::"
  <...>
    16 {1: "27211" //SIM operator
    2: "Tesco Mobile" //Mobile carrier
<...>
6: "272110103800000" //SIM IMSI, uniquely identifiescaller on cellular network
7: "0AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" //MobileGroup ID Level 1
8: "\025\345" //SHA-256 hash of SIM IMSI
<...>
9: "e60d4b46d158" //Wifi MAC address
10: "357537080984248" //IMEI
11: "" //When user is logged in this reports the user emailaddress
12: "Europe/Dublin"
13:0x41559e6d59911873 //Security token
14: 3
15: "bfMkwynjHzXGBPc2WT62otR8JkI="
16: "HT7AC1A04090" //Handset hardware serial number
<...>
24: "CgYqtj3OocES-2UKBoGpQIpsRtIQQA...Sy6P2voE9Sz" //Droidguard device key
<...>

Zumindest auf Android kann man dieser ungebremsten Datensammelwut entkommen:

Du kannst den Blog aktiv unterstützen! Mitmachen ➡