Android - What information does stock Android send to Google by default, and how do I opt-out?
Android is FACC
Android might be many things, but certainly not "privacy first". At least not if you want to use Google Playstore as a ressource for your apps. While at creation (initialization) of your google-account on your Android device, you are asked "Do you want to store your data with Google?", this only means "Backups of your apps and their data, as far as they support it". Soon you will discover that your contacts and calendars are automatically synced with Google servers, without asking you, unless you explicitly opted out of that.
So if there are any firsts, it's FACC: Android comes Free of charge, is Ad supported, Cloud based, and highly Customizable. Nobody will argue the first and last items are very appreciable, while "the cloud" is fine with most, and the ads are mostly "accepted" (as long as they are not too agressive, like e.g. Airpush).
So what data do Google services collect?
Nick checked some sources (namely, Google's privacy policy), and reported in a below comment:
Google says it logs your "phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls" in their privacy policy. It also logs your IP address.
But it doesn't say if this info is logged for Android users specifically, or if it's only collected from other services such as Google Voice. And it doesn't say whether it logs data even if you're logged out of Android services.
Sometimes what's missing speaks as well (sometimes even louder than the facts mentioned). So starting with the "worst-case scenario", we won't be too much shocked later on. Having created a Google account or not: as soon as a network connection is available, data can be uploaded to any servers. System apps can access identifying data such as imei or IMSI, your phone number, or even your locally stored contacts and calendars (yepp, paranoia-mode enabled again), and with an available network, they could transfer all data they have available anywhere. (Careful: I did not say they do so, just they could).
We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). Google may associate your device identifiers or phone number with your Google Account.
(Source: Google Collection, see below)
Never forget: While Android itself is Open Source, many apps are not. But also keep in mind: this is not just the case with Android, but with any other system as well.
If you want to read some more on Google's privacy:
- New Google Privacy Policy: Explained (01/2012)
- Google’s in the Privacy Hot Seat Again (03/2012)
- Google Collection: What is collected? An excerpt of the privacy policy (06/2012)
- The Truth About Android Security (10/2012)
There's one really scary part:
We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
(emphasis mine; source: Google Collection, see above)
First steps for privacy
At the very first you could check in advance how the device you want to buy comes configured. In most cases, there will be a lot of bloatware pre-installed, which contributes to the "data share". While you cannot really be forced to use those apps, it sometimes is not really possible to get rid of them without rooting. So the less bloatware there is, the better.
rooting is not always an option, as in most countries this will void your warranty. Otherwise you could decide for a more privacy-friendly custom-rom. So when you've got your new device, you will have to carefully check all options whether they might be intrusive to your privacy:
- say "No" to above mentioned "Backup to Google" question. Otherwise, next to the list of apps you've installed from Google Play (which Google knows anyway), and data from several apps, also sensitive information like e.g. your WiFi passwords find their way into the cloud.
- before you enter any contact or calendar data, make sure to have the sync disabled for them (see Settings→Accounts & Sync). You can still export your contact list easily direct from within the contacts app -- but if you are going to import anything again after e.g. a factory-reset or on a new device, make sure to check the sync options before that (that was how Google got my data, when I forgot that one time).
- if you enable Google's location service, this will also send "anonymized" data about places you've been. I placed "anonymized" in quotation marks, as a study recently showed that de-anonymization can be easily achieved. So you might want to turn that off as well.
Android without Google?
Wouldn't it be more consequent then to use Android without Google? This question has been discussed more than once. And yes, it is certainly possible (and before you say it's a "contradiction in terms", I could split hairs and argue that Android is not developed "by Google", but by the AOSP, the Android Open Source Project). You will have to sacrifice some things (as e.g. a big part of the apps on Google Play are hard to find outside Google Play, for example). But if that's a price you are willing to pay to protect your privacy at max, here are some readings for you:
- Can an Android phone run without Google?
- Guide: How To Use Your Android Phone Without Google
- "Android without Google" discussion @ XDA-Developers
- XDA developers are also working on a pendant to Google Apps. The project is called NOGAPPS.
Privacy with Android and Google?
Okay, the above approach might be a bit too exaggerated for the most (but hey, only because we are paranoid, that doesn't mean nobody's after us, right?). So what's the way in the middle? I mean, aside the "first steps" mentioned above?
There are many things. In First steps for privacy I already described how to prepare a fresh, unbloated Android that comes with the Google Apps. Now let's look what to care for next:
Pre-installed apps
There might come some pre-installed apps not belonging to the Android core system. And not "really needed" for the privacy-concerned. Stuff like Google+ or Facebook. Starting with Android 4.0, we can simply go to Settings→Apps→Manage Apps, and disable those we don't want to use. This also might give a boost to performance and improve battery-life, as it rids us of several "background services" those apps were running. At startup. Even if we never started them.
Installing new apps
Don't click on everything fancy (well, need to remember that for a later part: ads in apps). Of course look around what sounds useful or interesting to you. But make sure to read through the comments (at least scan through them) for possible obstacles. Ignore those one-word comments like "great" and "shit", and also those just declaring "download problems" and the like. They do not speak about the app. But check if there were any privacy concerns in the past, or any other trouble for that sake.
Then make sure to check the permissions the app requests. Do they make sense (in the context of what the app is supposed to do)? Critical combinations for privacy are e.g. access to personal data (contacts, calendars, etc) with internet. Or simply internet -- as they could send anything. How hard you argue depends on the grade of paranoia you cultivate :)
Privacy helpers
Sometimes it's not avoidable to risk some permissions: of course a web browser needs internet access, as does a SMS app need access to your messages. So how to control or restrict them?
There are several helpers around (see e.g. this list at lisisoft, will take you a while to scan through it :). You can hide sensitive information using...
- password stores
- locked galleries
- crypt containers (see e.g. Droid Crypt)
All these things do not even require your device to be rooted. But really forbidding apps to access things (or control their access) won't work without root. Examples have already be named in bassmadrigal's answer:
- LBE Privacy Guard controls access to your data (call-logs, contacts, etc.), to critical functions (initiate calls, access location data, etc.) plus firewall your device (control which apps might access the net via WiFi, mobile data). Careful when you're running JellyBean or higher: the playstore version of this app is known to cause boot-loops there. Rather check XDA-developers, they have a fixed version.
- PDroid comes in several variants: PDroid Privacy Protection being the original one, followed up by PDroid Manager and OpenPDroid. Other than LBE, these cannot be installed as an app, but need additional preparations -- as they are deeply integrated into the system. This not only adds another layer of protection -- but OpenPDroid is even OpenSource, which adds another layer of trust as well.
See also how to fake my personal information.
Want some shocking details?
Visit your Google Dashboard, log in with your Google account. Here you can find out whom you contacted most frequently, and what other data Google collected from you.
What happens with all your data when you die, or for any other reason become inactive?
Ooops? Yes, also something one should keep in mind in this context: Plan your digital afterlife. The linked article introduces the new Inactive Account Manager:
You can tell us what to do with your Gmail messages and data from several other Google services if your account becomes inactive for any reason.
For example, you can choose to have your data deleted — after three, six, nine or 12 months of inactivity. Or you can select trusted contacts to receive data [...]
(Read more in the linked article)
Protect your device
Now you've taken care no data is leaving your device, even locked data away in "data vaults", and secured the "back-doors" -- you should not leave the front-door wide open. Go to Settings→Security and set up a screen lock. Multiple choices here:
- the good-old PIN code. Not really secure. At least not, if you use King Roland's PIN for Druidia's planet shield (or president Screw's for his briefcase; in case you do not know Spaceballs, the PIN was "12345" for both). Also not your birthdate or something like that.
- a pattern-lock. More secure, as a relation to data retrievable by social-engineering is quite unlikely.
- a password can be highly secure, if you use all characters available: letters (upper and lower case), numbers, special chars. And make it long. E.g.
Ti1$spnc3h!
-- how to remember that? Check: "This is a $uper secure password nobody can 3asily hack!"
Anti-theft protection
Also a lot of solutions on the playstore. Highly praised solutions include Cerberus anti theft, avast! Mobile Security, and more. If your device gets lost, with a good anti-theft protection you can
- check its position
- sound an alarm
- remotely back-up (retrieve) stored data, before you...
- remote-wipe the entire device including its sensitive data
and optimally, the anti-theft app automatically informs you in case the thief changes the SIM. It hides itself (stealth mode) and, with root available, can even protect itself against a factory-reset by integrating into the /system
partition. So the only chance a thief has is to immediately switch-off the device, put it into a Faraday cage, and flash a new ROM while it's still in there...
Anti-virus
...you can left out, if you've followed above steps. Yes, there certainly is malware around. But with all the protection levels taken, and careful selection of sources as well as the apps themselves, risk is absolutely minimal. I never had malware on any of my devices, though I've tested a lot of apps over the past years. After all, Anti-virus (or rather anti-malware, as yet there was no virus sighted for Android) might give a false sense of security ("What shall happen? I've got that Anti-virus."), as they cannot really detect everything (no heuristics, e.g.), but rather check against a database of known malware mainly.
Backup
Last but not least: Having turned off all Google services (or at least restricted them to a minimum), you will need an alternative backup. To be honest: even if you've decided to answer "Yes" to the above question of "Do you want to backup your data with Google?", you will need a good backup -- as that "Google backup" might be many things, but for sure not complete (apps must explicitly support it by implementing its API, which is done by few apps).
For this, if your device is rooted, I strongly recommend a little investion: do yourself (and your device) some good, and buy Titanium Backup PRO. You won't regret it. TiBu is a very powerful tool to backup and restore apps including their data, restore parts of nandroid backups (see: nandroid tag wiki and backup tag wiki for details), freeze/unfreeze apps, detach apps from the playstore, and much more. Scheduled backups included. Stored to your sdcard or, if you really want to, to the cloud.
Not being rooted, but having a device with Android 4.0 or higher? Take a look at Carbon - App Sync and Backup, so you can at least backup all your apps and their data, plus some of the system data. Scheduled backups are planned here as well.
Additionally, you might want to take a look at Full Backup of non-rooted devices for more details on this topic.
Conclusion
As I wrote, there usually isn't a simple answer. You can use "Android without Google", cut down all network connections, and so on -- but at latest when you also take out your SIM, it's no longer a smartphone. Android is designed to be network enabled, from its very beginning.
You could say "who cares", and let it all go -- and complain when it's too late.
Usually you have to find a way in the middle, deciding how much of your privacy you are willing to sacrifice for how much comfort/convenience. I just listed possibilities, showed what is to be found where, and what solutions exist to protect your privacy the one way or the other. Hopefully, my elaborations will help you making your decisions.
You don't need to sign into Google. But without access to the Play Store, you do limit the apps you can install on your phone. Many apps are available in alternative stores like Amazon, but I don't think they have all of them. When you first start up the phone, it should ask you for your existing Google or to create a new one. There should be a skip option there.
If you do still want the benefits of Play Store, then you can sign into an account and limit things as you have plans to do.
What other information does Android send to Google by default?
Android itself will send anonymous data, such as Android version, device, carrier, and country to Google for usage statistics. I am not positive if this is sent through Play Store usage or if there is some code in the phone that does this. If it is the latter, there is no way to disable it.
What actions should I take to minimise data collection from Google and other apps? (I'll be using stock Android 4.2 on a Nexus 4.)
Limiting your use of Google apps will certainly be the biggest way to minimize data going to Google. For other apps, pay attention to the permissions that apps ask for when you install them. If you aren't happy with the permissions, many times the developer will explain the reason for the permissions needed (Read Phone State and Identity is used to make sure the phone isn't in a call, Get location may be used for localized ads in free apps). If you still aren't happy, don't install the app and try to find an alternative.
Also, if you do decide to use a Google account for access to the Play Store, keep in mind that certain apps/services are already set to sync with Google. To disable syncing for those apps/services go to Settings -> Google -> your username. Under this menu will show all apps and services that will sync with Google. Uncheck any you don't want synced. Keep in mind, any that are not synced will not be recoverable if your phone goes belly-up without a backup (like your contacts), so if you choose not to sync those, I would make regular backups of any important data. Google also features an account backup, which can sync certain Android settings like your wifi networks and bluetooth pairings and can restore those when a phone is wiped. This should be one of the settings when you do the initial setup of your device, but if not, or you want to check, you can verify what it is set to at Settings -> Backup and Reset -> Back Up My Data/Automatic Restore.
If you are rooted, there are apps/mods you can install that can allow you to limit specific permissions for each and every app (Permissions Denied, LBE Privacy Guard, PDroid, etc - each app/mod has its own requirements/limitations, check them out to find out which one will work best for you and what you are currently running on your phone). While this can help alleviate concerns about what apps can access, it can also cause unexpected issues with those apps if they do require a permission that was revoked. It can take some testing to get things where you want them.
Is Android still a good choice if I don't plan to use Google's services?
While running without Google does remove some of the benefits/functionality of running an Android device, it doesn't remove all fo them. You still get a easily customized OS that allows pretty much every default app to be replaced with an alternative 3rd-party app. Don't like the dialer? Replace it. Don't like the text messaging app? Cool, check out a couple of the big 3rd-party ones and see which one you like. I am definitely a fan of Android, even without Google's presence in the OS (although, personally, I wouldn't want to run it without my Google accounts linked, but it is still certainly feasible). I am not familiar enough with the privacy practices of other OSs, but I can't imagine they would be much better than Google's. Privacy practices are probably quite similar between all the major mobile OSs. Android may be a bit more singled out due to the tie-in with all of Google's services, but that ends up only becoming a concern if you decide to use those services. Android does allow you to sideload apps (install apps from outside the Play Store) by enabling a checkmark in the settings (it will pop up the first time you try and do it and ask you to enable it). I know that can only be accomplished on iOS after you jailbreak it (not sure about other OSs).
Another thing to consider, especially since you will be using a Nexus 4 is to look into custom ROMs. Many ROMs will not include any of the proprietary Google apps (like Play Store and Gmail) and only allow you access to it after you flash a gapps package (Google Apps). This removes everything "Google" related from Android (except for maybe that anonymous usage statistics I mentioned above). I run CyanogenMod on my Nexus 4 (albeit with the gapps package), and it runs great and adds additional features on top of what stock Android 4.2 includes. I see a lot of people on the CM forums running CM without Google's proprietary stuff included.