- Persistent Device Identifiers
My id is (1 digit changed to preserve my privacy):
38400000-8cf0-11bd-b23e-30b96e40000d
Android assigns Advertising IDs, unique identifiers that apps and advertisers use to track users across installations and account changes. Google explicitly states:
“The advertising ID is a unique, user-resettable ID for advertising, provided by Google Play services. It gives users better controls and provides developers with a simple, standard system to continue to monetize their apps.”
Source: Google Android Developer Documentation
This ID allows apps to rebuild user profiles even after resets, enabling persistent tracking.
- Tracking via Cookies
Android’s web and app environments rely on cookies with unique identifiers. The W3C (web standards body) confirms:
“HTTP cookies are used to identify specific users and improve their web experience by storing session data, authentication, and tracking information.”
Source: W3C HTTP State Management Mechanism
https://www.w3.org/Protocols/rfc2109/rfc2109
Google’s Privacy Sandbox initiative further admits cookies are used for cross-site tracking:
“Third-party cookies have been a cornerstone of the web for decades… but they can also be used to track users across sites.”
Source: Google Privacy Sandbox
https://privacysandbox.com/intl/en_us/
- Ad-Driven Data Collection
Google’s ad platforms, like AdMob, collect behavioral data to refine targeting. The FTC found in a 2019 settlement:
“YouTube illegally harvested children’s data without parental consent, using it to target ads to minors.”
Source: FTC Press Release
https://www.ftc.gov/news-events/press-releases/2019/09/google-youtube-will-pay-record-170-million-settlement-over-claims
A 2022 study by Aarhus University confirmed:
“87% of Android apps share data with third parties.”
Source: Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
https://dl.acm.org/doi/10.1145/3534593
- Device Fingerprinting
Android permits fingerprinting by allowing apps to access device metadata. The Electronic Frontier Foundation (EFF) warns:
“Even when users reset their Advertising ID, fingerprinting techniques combine static device attributes (e.g., OS version, hardware specs) to re-identify them.”
Source: EFF Technical Analysis
https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
- Hardware-Level Tracking
Google’s Titan M security chip, embedded in Pixel devices, operates independently of software controls. Researchers at Technische Universität Berlin noted:
“Hardware-level components like Titan M can execute processes that users cannot audit or disable, raising concerns about opaque data collection.”
Source: TU Berlin Research Paper
https://arxiv.org/abs/2105.14442
Regarding Titan M: Lots of its rsearch is being taken down. Very few are remaining online. This is one of them available today.
"In this paper, we provided the first study of the Titan M chip, recently introduced by Google in its Pixel smartphones. Despite being a key element in the security of these devices, no research is available on the subject and very little information is publicly available. We approached the target from different perspectives: we statically reverse-engineered the firmware, we audited the available libraries on the Android repositories, and we dynamically examined its memory layout by exploiting a known vulnerability. Then, we used the knowledge obtained through our study to design and implement a structure-aware black-box fuzzer, mutating valid Protobuf messages to automatically test the firmware. Leveraging our fuzzer, we identified several known vulnerabilities in a recent version of the firmware. Moreover, we discovered a 0-day vulnerability, which we responsibly disclosed to the vendor."
Ref: https://conand.me/publications/melotti-titanm-2021.pdf
- Notification Overload
A 2021 UC Berkeley study found:
“Android apps send 45% more notifications than iOS apps, often prioritizing engagement over utility. Notifications act as a ‘hook’ to drive app usage and data collection.”
Source: Proceedings of the ACM on Human-Computer
Interaction
https://dl.acm.org/doi/10.1145/3411764.3445589
How can this be used nefariously?
Let's say you are a person who believes in Truth and who searches all over the net for truth. You find some things which are true. You post it somewhere. And you are taken down.
You accept it since this is ONLY one time.
But, this is where YOU ARE WRONG.
THEY can easily know your IDs - specifically your advertising ID, or else one of the above. They send this to Google to know which all EMAIL accounts are associated with these IDs. With 99.9% accuracy, AI can know the correct Email because your EMAIL and ID would have SIMULTANEOUSLY logged into Google thousands of times in the past.
Then they can CENSOR you ACROSS the internet - YouTube, Reddit, etc. - because they know your ID. Even if you change your mobile, they still have other IDs like your email, etc. You can't remove all of them. This is how they can use this for CENSORING. (They will shadow ban you, you wont know this.)
Thanks for sharing the link! I wouldn't have known about it otherwise.