This article has been updated to clarify that Google messages send partial SHA256 hashes. This allows you to determine the content of the message only in the case of SMS.
Another case could be a data privacy breach, we found that Google's messaging and phone apps are secretly sending text messages and call history to the server.
According to a research paper published by Douglas Reese, a professor of computer science at Trinity College Dublin, Google's messaging and communication apps collected user communication data without prior alerts (via recording). In effect, this has deprived users of the opportunity to opt out of data collection.
The paper states that "the data sent by Google messages contains a hash of the message body, so the exchange of messages can link the sender and the recipient." "The data sent by Google Dialer includes the duration and duration of the call, which allows you to link the two phones involved in the call."
Note that the message only sends a 128-bit value message hash to the Google server. However, Lease believes that the hash is difficult to undo, but in the case of SMS it can identify some content.
"A colleague told me that, in principle, it's probably possible," Reese told the register. “Since the hash contains an hourly timestamp, we need to create a hash of the timestamp and all the target groups of the message and compare it to the observed hash to match it. , Given the latest computing power, it is possible with SMS. "
As part of the process, phone numbers and incoming and outgoing logs were also collected. This information is sent to Google's servers via the Google Play services Clearcut Recorder Service and Firebase Analytics Service.
According to the newspaper, the Google app does not have a privacy policy that describes the data it collects. Ironically, this is a strict requirement for third-party apps in the Play Store.
To be fair, the Google Play Services clearly indicate to users that we collect certain data for security and fraud prevention purposes. However, it is largely unknown why data collection includes message and call log content.
Many of the best Android phones, including his Samsung Galaxy S22 series and Google Pixel, are preloaded with the Google Messages app. The Phone app, on the other hand, is the default dialer app for many models of Chinese brands such as Xiaomi and Realme.
This means that both apps are installed on millions of devices sold worldwide. Given the sheer reach, recent results should be a major privacy concern for people using these apps.
Leith has provided Google with a list of change recommendations, including adding an app privacy policy to both apps that clearly explains what data is being collected and why.
So far, Google has implemented six of Leith's nine recommendations. This includes adding a link to Google's consumer privacy policy. But there is still a lot to do.