Security News > 2022 > March > The first step to data privacy is admitting you have a problem, Google

In the case of computer science professor Douglas Leith, this truth is that Google has been taking detailed notes of every telephone call and SMS message made and received on the default Android apps.

In brief, Leith set up a man-in-the-middle attack on his phones to crack open the data links' HTTPS/SSL encryption.

He dug out as much as possible about the services Google was using to log this data, which involved doing the sort of things we're not supposed to do, like side-loading APKs from third-party app stores.

So if an actual professor of computer science can't find out about the full data privacy provision of just two apps, what chance do the rest of us have? If the security we demand to keep our data safe from attackers is instead shielding it from our own scrutiny, to protect abuse?

A lot of the data involved was under cover of "Analytics," vaguely defined and never explained, some of which were deemed essential and some of which were optional.

Google knows what every byte of that data is, and what it's used for.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/28/google_data_privacy/