Study Warns Android Phones From Samsung, Xiaomi And Others Are Spying On Users
Credit: Trinity College Dublin
More specifically, the researchers found that Samsung, Xiaomi, Huawei, and Realme handsets collect device and user identifiers, device configuration information, and arguably most damning, user event logging (as a form of "telemetry.") Only Samsung and Xiaomi devices were found to log significant amounts of user interaction event data, though -- the other devices mainly focused on resettable user identifiers.
That's not too comforting given that the researchers also demonstrate how gathered data that is linked to these resettable user identifiers (such as advertising IDs) can still be linked back to the original device and user. Furthermore, the researchers comment that the biggest culprit behind data harvesting is in fact Google itself. In the paper, they say that "Google Play Services and the Google Play store collect large volumes of data from all of the handsets," excepting the /e/OS device, as that OS does not use Google Play services.
The authors go on to note "the opaque nature of this data collection," commenting that Google doesn't provide any documentation, and that the payloads are delivered as binary-encoded data generated by intentionally-obfuscated code. Apparently, they have been in discussions with Google to have the Android creator publish documentation for this data collection/telemetry, "but to date that has not happened."
The study is quite in-depth and filled with technical jargon, but it's still worth a read if you're even tangentially interested in the topic. You can find the PDF document on the Trinity College Dublin website.