As digital security becomes increasingly important thanks to the growing number of connected devices in the world, we are seeing a simultaneous surge in reports holding tech companies up to scrutiny on their security policies and data collection practices. Google is one of the tech giants currently facing questions on the way it keeps tabs on its users. Just recently, the company was found to be tracking a user’s location even after the location services were disabled on a device. Following the revelation, the company was sued in the US, opening a window for more such lawsuits to follow.
Now, a new report on Google’s data collection practices, a 55-page dossier, published by Digital Content Next, claims that the company passively collects user data from platforms like Android and Chrome, through applications like Search, YouTube and Maps, publisher tools like Google Analytics and AdSense, and advertiser tools like AdMob and AdWords.
“Less obvious ways for Google to collect data are “passive” means, whereby an application is instrumented to gather information while it’s running, possibly without the user’s knowledge,” claims the report.
The study conducted to understand what data Google collects, draws on four key sources: First, Google’s My Activity and Takeout tools, which describe information collected during the use of Google’s user-facing products; Second, Data intercepted as it is sent to Google server domains while Google or 3rd-party products are used; Third, Google’s privacy policies (both general and product-specific); and Fourth, other 3rd-party research that has examined Google’s data collection efforts.
The findings of the study note that a dormant, stationary Android phone with, Chrome active in the background, communicated location information to Google 340 times during a 24-hour period, or at an average of 14 data communications per hour. The location information constituted 35% of all the data samples sent to Google as per the study. In contrast, on an Apple iOS device with Safari (where neither Android nor Chrome were used), Google could not collect any appreciable data (location or otherwise) in the absence of a user interaction with the device.
Google, meanwhile, has called the report “wildly misleading” and an intentional malicious effort by the author of the report Douglas C. Schmidt, a professor who the company says was a witness against it in a copyright case. "This report is commissioned by a professional DC lobbyist group, and written by a witness for Oracle in their ongoing copyright litigation with Google," a Google spokesperson told CNET in an email statement. "So, it's no surprise that it contains wildly misleading information."
Google and Oracle have been engrossed in a copyright battle since 2010. Oracle had alleged that Google was aware of Android not using a proper Java license and that the company copied its APIs resulting in a copyright violation. In March 2018, the United States Court of Appeals for the Federal Circuit ruled in favour of Oracle.