Your phone could be spying on you quietly, reporting activities even as innocuous as what times you unlock your screen back to the manufacturer without your knowledge. As the world of consumer electronics becomes increasingly filled with 'always online' smart devices, this privacy problem is only going to get worse.
Earlier this week, mathematician and software engineer Christopher Moore posted a revealing blog about his experience with OnePlus, in which he discovered that the OnePlus OxygenOS was running discreet but very detailed analytics in the background.
Chris first found this out earlier this year by accident after proxying the internet traffic from his OnePlus 2 phone through a specialized security tool.
What he discovered was that OxygenOS was collecting timestamped metrics on certain events and transmitting the data back to OnePlus. This mechanism seems to be firmly anchored in the source code of the operating system, making it very difficult for the user to control without rooting the phone. This kind of activity can have a legitimate use for developers, but the data being harvested went far beyond what tech support might be interested in.
The data collected by OnePlus on Oxygen OS is quite extensive. They include battery life, the Android version, mobile phone signal, IMEI, serial number, the numbers you call, WiFi and SSID information, MAC addresses, the opening and closing of apps, activities within the apps, turning the screen on and off, and much more. In a nutshell: what you're doing with your phone, and when and where you're doing it.
That's more than enough information to trace back to the individual user, and probably much more than most of us are comfortable sending to a corporation. What's worse, when Chris contacted OnePlus to inquire how to shut the data collection off, they were unwilling so advise him on how to disable it. Turning to the user community, he found that others had been aware of the problem but had been similarly ignored.
Since Chris' blog had brought more public attention to the issue, we reached out to OnePlus for comment, and were provided with the following statement:
We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.
That's nice to know now, but it still amounts to a LOT of users having a ton of data collected on the sly, even if at this point some of those who follow the tech news cycle decide to take action. This is mainly due to the fact that the analytics aren't opt-in, they are automatically running and in the hope that the user doesn't notice and try to turn it off. And most users just aren't tech-savvy enough to notice.
As Chris mentions, something like this should really be opt-in or have an easy off switch. After a negative public reaction, OnePlus have come out and said that they will tweak OxygenOS to make it opt-in and to stop collecting "telephone numbers, MAC Addresses and WiFi information." They still haven't been able to satisfactorily explain how exactly this kind of information was supposed to help with after-sales support.
Our data is a precious resource, and not just to OnePlus
OnePlus doesn't come out of this looking very good, but if we get real about this, they are not going to be the only ones discreetly gathering our personal data and hoping we don't notice. That data is very valuable, and corporations are going to do their best to harvest as much as they can, any way they can, with our explicit consent and without.
Earlier this week, we wrote about how Google's Pixel 2 event contained many implicit hints that point the way to the future of data collection. The smartphone will only be a small, increasingly insignificant part of the data-harvesting machine. We as users are increasingly moving into an environment where we are surrounded by an always-online, AI-assisted technological ecosystem. As tech companies compete to gather as much user data as possible, knowledge is power.
User data is ostensibly collected for commercial purposes. Basically, this information is used as market research by companies to better advertise their products to us, and to develop future products to suit our tastes and needs. Even if you find advertising annoying, the prospect of being offered more personalized products is hardly terrifying. But that's not the whole story.
You'd have to be terribly naive about the relationship of business to power to be unable to imagine a downside to this level of data collection. It's not tinfoil hat stuff. Just think, for example, about how many silicon valley CEOs have been government advisers, or own influential media platforms. The influence of big data analytic companies on elections. The persistent rumors that Mark Zuckerberg will run for president of the United States. Peter Thiel's warm relationship with anti-democracy "intellectual" Curtis Yarvin.
As more of our personal data ends up concentrated in the hands of a few powerful individuals with political as well as business collections, it's important to be aware that your devices aren't just learning about you so that they can offer to sell you a new shiny thing in your favorite shape or color.
So who watches the watchmen?
Data-hungry corporations will do their best to try to convince us that they can totally regulate themselves, guys. As we stand upon the advent of widespread AI, there have been multiple organisations and think tanks set up to consider the social and ethical consequences (by companies that have been caught illegally harvesting personal data without people's consent, oops!). Naturally, there will be plenty of hard-working people with good intentions working on this. But corporations are profit-making machines, and will weigh ethical concerns against their bottom line.
Government regulation may to some degree mitigate the worst abuses of data at the hands of private corporations. But tech companies will likely be ahead of the curve in know-how and have already proven themselves experts in circumventing government regulation. That's without even considering their influence in shaping policy to begin with.
For people that don't necessarily trust corporations to have our best interests at heart, it's up to us to get more informed about the technology around us, and we can't only listen to what manufacturers are willing to tell us up front. Helpful experts like Chris are great to have, and instrumental given that we can't all be security specialists. But nonetheless, it would be good if we all took time to learn a little more about the tech jungle we're going to live in, lest we get eaten by lions.
We're all tech geeks here, and none of us are prepared to trash our devices and go live off the grid, scraping lichen off trees for our sustenance. You bet that I will continue to be extremely online and playing with AI as soon as possible.The Androidpit editorial team continues to inform ourselves and our readers about future technology, and potential privacy issues that come with it. Consumer electronics are becoming smarter, and it wouldn't hurt if we users did, too.
Are you worried about private companies harvesting your data without you knowing? Or do you think there's no real risk?
Source: Christopher Moore