Another way one of the big Tech companies, this time Google, harvest data exposed

May 14, 2018 |

It is trite to say that Google lives off data.  That is the blood that flows through its veins and makes it the financial behemoth it is today.  It is not particularly discerning about how it gets data as Oracle has highlighted to the Australian in quite an impressive exclusive report We’re paying telcos to help Google spy on us.  Those using Android devices on smart phones have, according to Oracle, been transferring data to Google.  Worse still, telcos appear to be transferring data to Google for payment.  Google claims there has been consent, a truly vexed issue in privacy documents and permissions.  That side of the story needs more information. The story has also been covered by the Guardian playing catch up.  It has also been reported in the Register and the Daily Telegraph.

The article provides:

More than 10 million Australian consumers are unwittingly paying with their telco plans to send personal data about every ­moment of their lives to Google, one of the world’s wealthiest companies.

Google is spying on Australians using Android mobile devices by harvesting vast troves of valuable personal data to sell ­targeted advertising.

Technology experts from American software business Oracle believe the transfer of data from the phones to Google equates to about a gigabyte of data a month, costing Australians about $560 million a year.

Smartphones and tablets running Google’s Android operating system continue to track a user’s exact location when location services are turned off and even when the phone does not have a SIM card or apps installed, according to an Oracle presentation seen by The Australian last week.

Australian Competition & Consumer Commission chairman Rod Sims, who has seen the findings in a separate presentation by Oracle, said the consumer watchdog would follow up with its own inquiries.

“We found the Oracle presentation very interesting and we are certainly going to follow up,” Mr Sims, who is currently looking at Google as part of a wider investigation into the digital media market, said yesterday.

“We need to fully check out the claims. We will use our information-gathering powers to check out everything that comes to us.”

Google’s advertising revenue, which makes up 86 per cent of its core business, grew 24 per cent year-over-year to $US26.6 billion ($34.4bn) in the three months ended March 31, 2018.

Google argues the tracking of data is done with the permission of phone users, but questions are being raised about whether users are giving meaningful, informed or valid consent.

There is no mention of Android or mobile devices in Google’s privacy policy, which refers only to “Google services”.

The policy states: “When you use Google services, we may collect and process information about your actual location.

“We use various technologies to determine location, including IP address, GPS and other sensors that may, for example, provide Google with information on nearby devices, Wi-Fi access points and mobile towers.”

When a user agrees to Google’s privacy policy and turns on location services, the resulting data can pinpoint with absolute detail where users are travelling, and whether they are “still”, “on foot”, “walking”, “exiting vehicle”, “on bicycle”, “tilting”, “running”, or “in vehicle” using the phone’s motions sensors.

The live simulation by Oracle showed how Android devices transmitted the address of mobile phone towers, Wi-Fi stations and Bluetooth networks back to Google’s servers.

A barometric-pressure sensor in the Android phone also tells Google which floor of a building a user is on, information that emergency medical responders do not have access to.

Google uses the data for geo-targeted advertising in shopping malls to work out whether a user is in proximity to a particular retail store.

Personal data is sent to Google as an “activity log” as reams of data which is deducted from a user’s telco plan.

“Activity logs” could be making consumers exceed their monthly data allowance, with Oracle experts claiming the secret “Google tax” equates to about a gigabyte of data, a significant portion of many consumers’ data plans.

Would you give a third party ­access to your personal data if you believed you would be able to save more on a phone plan, and pay lower data charges, and enjoy better deals?

Data harvesting is key to the astonishing growth of Google’s parent company Alphabet, which recently reported a surge in profit in quarterly results, its strongest earnings growth since the fourth quarter of 2009.

With a market value of $US753 billion ($998bn), Alphabet is forecast to post revenue of $117 billion in the current financial year.

A Google spokesman said: “Google is completely focused on protecting our users’ data while making the products they love work better for them. Users can see what data is collected and how it’s used in one easy place, My Account, and control it all from there.

“All location sharing on Android is opt-in by the user. We provide users with notice and control over the collection, sharing and use of location in order to provide a better mobile experience on Android devices. Any location data that is sent back to Google location servers is anonymised and is not tied or traceable to a specific user.”

The Telsyte Australian Smartphone and Wearable Devices Market Study 2018 found Android devices made up 55 per cent of all units sold in 2017.

There are now some 19.3 million smartphone users in Australia, with 10.3 million using Androids.

Android phone user Aneeq Choudhry, who uses a Samsung Galaxy smartphone, said it had to be a consumer’s choice whether personal data was collected and shared.

“They could be sharing your data with other corporations to sell you things or basically sell your personal information,” he said. “It could be your personal information as well as certain transactions.”

He said a corporation accessing data was a lot more worrying than an individual and it was also more concerning when it was a foreign corporation.

Europe’s new data regime comes into effect this month. The general data protection regulation forces companies like Google to take far more care of personal data, backed by €1 billion ($1.6bn) fines.

It comes after a federal appeals court revived Oracle’s multibillion-dollar copyright infringement claims against Google.

In March a court ruled that Google’s use of Oracle’s Java programming technology wasn’t “fair”.

The case dates back to 2010, when Oracle alleged Google’s Android smartphone operating system infringed copyrights related to Oracle’s Java platform. Oracle has sought $US9 billion in damages previously

The story is timely given the ACCC, one of Australia’s more active regulators (though far from perfect), is undertaking a Digitals Platform Inquiry which has received submissions from a range of interests including Google. Rod Sims has indicated an interest in the Oracl presnetation.

Interestingly there was no submission from any privacy or privacy related organisations to the ACCC enquiry.  That is a slip and a half.  This partly explains why the privacy and data protection culture in Australia is so weak.  The civil society groups are quite ineffective.

On the subject of ineffective, the Australian Information Commissioner has issued the following statement:

The OAIC met with Oracle and is considering information it provided about Google location services. We are making inquiries with Google, and are working closely with the ACCC on this issue.

It is quite a curious world where the privacy regulator is effectively following the ACCC’s lead.  As with anything, nature abhors a vacuum and the ACCC is filling the gap left by the Australian Information Commissioner.

Leave a Reply