On The Data Privacy Practices Of Android OEMs

Haoyu Liu, Paul Patras, Douglas J. Leith

Research output: Contribution to journalArticlepeer-review

Abstract / Description of output

In this paper we present the first in-depth measurement study looking at the data privacy practices of the proprietary variants of the Android OS produced by Samsung, Xiaomi, Huawei and Realme. We address two questions: how are identifiers used in network connections and what types of data are transmitted. To answer these, we decrypt and decode the network traffic transmitted by a range of Android handsets. We find that all of the OEMs make undue use of long-lived hardware identifiers such as the hardware serial number, handset IMEI and so fail to follow best privacy practice. Hardware identifiers are also linked to the handset user’s real identity when they sign in to an OEM account on the handset. All of the OEMs collect the list of apps installed in a handset. This is a privacy concern since the list of installed apps can be used to profile user traits and preferences. All of the OEMs collect analytics/telemetry data, raising obvious privacy concerns.
Original languageEnglish
Article numbere0279942
Number of pages15
JournalPLoS ONE
Issue number1
Publication statusPublished - 18 Jan 2023


Dive into the research topics of 'On The Data Privacy Practices Of Android OEMs'. Together they form a unique fingerprint.

Cite this