If you use the Google Messages and Google Phone apps as your default apps for messages and phone calls, you will probably want to change them after reading this article. Not surprisingly at all, Google uses both of these apps to—guess what—spy on you (via Android Police).
According to Douglas Leith, a computer science professor working at Trinity College Dublin, Google Messages and Google Phone apps send personal information to Google’s servers without users’ consent. In his paper titled “What Data Do The Google Dialer and Messages Apps on Android Send to Google?” Leith sheds some light on what information these apps collect and how they send it to Google.
What information do Google Messages and Google Phone apps send to Google?
Both the Google Messages and Google Phone apps tell Google when you send and receive messages and when you make and receive phone calls. This allows the two phones participating in the communication to be connected. Furthermore, these apps collect and send information about your communications, such as hashed versions of your messages and the time they were sent or received, both your and the other person’s phone numbers, call logs of the incoming and outgoing calls, and their duration.
But Google Messages and Google Phone apps aren’t only collecting and sending information about your messages and phone calls. According to Douglas Leith, both applications record your interactions with them and then send these recordings to Google. He gave an example of a user that views an SMS conversation or searches for their contacts within the apps. The actions and their timing will be recorded and, afterward, sent to Google, which will allow a “detailed picture of app usage over time to be reconstructed.”
There are two channels through which the Google Messages and Google Phone apps send the collected information to Google: the Google Play Services Clearcut logger and Google/Firebase Analytics. Also, because the sent data is tagged with the user’s Android ID, which is linked to their Google account because they are logged into their account on their phone, Google can easily find out the real-world identity of users.
Now, Google doesn’t lie that its apps don’t collect some personal information. According to Google, the message hash is collected to assist the company in detecting message sequencing bugs. Google also explains the tracking of users’ interactions as a way to determine whether an app was successful by counting the number of downloads and how many people used the app after installing it.
