Skip to main content

Google Phone & Messages address potential privacy concerns, reduce call & message metadata collection

In response to a research paper outlining the data collected by Google’s Phone and Messages apps, including call and text records, the company has updated both apps to better respect privacy.

As initially reported this morning by The Register, a new research paper has been published by Professor Douglas Leith of Trinity College Dublin, detailing the data collected by apps that are powered by Google Play Services. Specifically, the paper focuses in on just two apps, Google Messages and Google Phone, the core SMS/MMS/RCS and dialer apps that are used by default on the Pixel series and other brands of Android phones. Each app has been installed over 1 billion times.

Google Play Services informs all users that it collects data necessary for things like updating your phone and syncing data, but the new research showed it would be possible to more deeply link data about a particular person or to connect multiple people. Importantly, the data being sent that was discovered in the paper did not appear to be covered under Google’s Privacy Policies, nor was it possible to opt out in most cases.

For each potential privacy violation in the paper, Trinity College has offered a recommendation of how Google can better generalize the information to simultaneously keep meaningful analytics and maintain an individual’s privacy. Google has been working closely with Trinity College for the past few months to implement these changes where appropriate, as noted below.

In Google Phone, any time you receive an incoming call while the “See caller and spam ID” toggle is active, the incoming phone number and the current time are sent to Google’s servers, unless the number is in your contacts. The researchers note that Google Chrome has already solved a similar problem, with the Safe Browsing system not sending the URLs you’re browsing to Google servers.

For comparison, Chrome sends a hashed (and therefore somewhat protected) version of the URL to the server, which is used to download the appropriate block lists. Google has said that they are investigating whether this solution would be a good fit for spam protection and caller ID in the Phone app.


For a quick (and oversimplified) explanation, hashing is most often used to ensure two pieces of data are the same without needing to keep the original information on-hand. For example, instead of storing your actual account password, servers will keep a hash of the password. The important thing is that hashing is intended to be a one-way process, meaning you shouldn’t be able to get the original info (be it a password, message, file, etc.) from the hash.

That said, it’s possible in theory to crack the original info from only the hash, though doing so requires a significant amount of computing power and time.


Additionally, Google Phone logged the exact time (down to the millisecond) and duration of your incoming and outgoing phone calls, tagged with your phone’s unique “Android ID.” By matching up those timestamps, it would be possible for Google to theoretically track the individuals involved in any given phone call.

Before any changes were made, Google has said they were already anonymizing that data within their servers by rounding the incoming timestamps to the nearest hour. To better reflect that reality, the Google Phone app will now do that rounding on your phone, ensuring Google servers never have the precise data.

Google Messages also has a similar logging system, though its went a bit further by including a (shortened and) hashed version of your actual message contents. While hashing usually serves as good enough protection, given its one-way nature, it’s in the realm of possibility to get the original message from the hash with enough computing resources. According to Google, these message hashes were used to make fine adjustments to the app to better ensure that your incoming and outgoing messages appeared in the correct order.

Other data being collected and logged by Google Messages included the sender of incoming messages (said to be used to help Google better identify one-time password messages) and your SIM card’s ID (said to be used for certain Google Fi features). Google Messages has now altogether ceased collecting all of these data points.

These critical privacy-focused improvements have already rolled out widely starting in February, arriving in Google Phone version 75 and Google Messages version 10.9. Looking ahead, Google is also going to make more of its privacy policy and data collection information more accessible in these apps through “Privacy Tours” for new and existing users alike. Google Phone will also soon make it easier to be aware that spam protection is enabled and that it is sending incoming unknown phone numbers to Google.

On the whole, these are good changes that needed to be made, but it does raise broader concerns about the data collection that could be taking place within other Google apps, as this study was solely focused on Messages and Phone.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Kyle Bradshaw Kyle Bradshaw

Kyle is an author and researcher for 9to5Google, with special interests in Made by Google products, Fuchsia, and uncovering new features.

Got a tip or want to chat? Twitter or Email. Kyle@9to5mac.com