Report: Google Monitors Android Users Prior to App Launch

Uncategorized Mihnea


It is generally acknowledged that using a smartphone indicates that some company, somewhere, is monitoring your activities. Nonetheless, many users believe that this monitoring starts only once they begin using their device. For those on Android, that belief might not be accurate.

A recent investigation by D.J. Leith from Trinity College Dublin explored the realm of device identifiers, trackers, and analytics cookies on Android smartphones. The results showed that Google starts tracking individuals prior to them launching any application. Leith discovered at least 14 cookies, trackers, and device identifiers that are generated and kept on Android devices nearly right after the initial setup.

Even more alarming, it seems there is no option to permanently opt out of this monitoring.

“No consent is requested or provided for the retention of any of these cookies and other information, the intentions are not disclosed, and there is no option to opt-out from this data retention,” Leith noted in the report. “A significant portion of this information remains stored even when the device is dormant after a factory reset and no Google applications have ever been accessed by the user—meaning they were not generated in response to services specifically requested by the user.”

### The Implication of Google Sign-In

Leith indicates that this monitoring is linked to the process of signing into Android. When users access their Google account, they are automatically logged into all the preinstalled Google applications, ranging from the Google Play Store to Gmail. This automatic log-in facilitates tracking across various services.

Some of these trackers and cookies have publicly available definitions. For example, the DSID cookie, according to [Google’s policies](https://policies.google.com/technologies/cookies), is “utilized to recognize a signed-in user on non-Google websites so that the user’s ad personalization settings are honored accordingly.” Nevertheless, Leith notes that Google’s description is unclear and does not explain why the cookie is present on Android devices even when no applications have been accessed.

Another particularly tenacious tracker, the Google Android ID, was also highlighted. Leith found that this device identifier is established during setup, endures a factory reset, and keeps sending user data even if the individual is not logged into a Google account.

### Difficulty in Opting Out

Leith’s analysis elaborates on the 14 trackers he identified, along with their origins, storage sites, and roles. However, the main point is that users need to sift through a complicated array of settings and permissions to disable some of these trackers—and even so, there remains no method to entirely opt out or eliminate them all.

### Increased Scrutiny on Google’s Privacy Practices

Google has encountered heightened criticism regarding its privacy and security practices. Recently, the company incited backlash by [unilaterally installing SafetyCore](https://mashable.com/article/android-safetycore-how-to-stop-google-from-scanning-your-photos) on Android devices. This feature was intended to bolster security by screening sensitive content, yet Google neglected to inform users about its purpose or functionality before deploying it without consent.

Conversely, Google’s [rehabilitated Results About You tool](https://mashable.com/article/google-results-about-you-online-privacy) received a more favorable response, as it offers users a simpler method to eliminate their personal information from Google Search.

Ultimately, Leith’s investigation underscores the magnitude of Google’s monitoring on Android devices—even before users actively interact with their phones. Without clear opt-out options, Android users may find themselves with limited control over the information being gathered about them.