External Publication
Visit Post

Does Sandboxed Google Play send data to Google

Privacy Guides Community [Unofficial] April 5, 2026
Source

ph00lt0:

provide any source?

The Google Play Services support page4 states that data is collected for

(i) security and fraud prevention, (ii) to provide, maintain and improve Google Play Services APIs and core services and (iii) to provide Google services such as syncing of bookmarks and contacts.

However, few details are given as to the actual data collected. Google have also publicly stated that Google Play Services data is “essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds.”

The work reported here is the first close look at the actual data sent by the Clearcut logger component of Google Play Services. It is limited in nature – we focus only on the data that the Messages and Dialer apps send via Google Play Services. This is due to the time-consuming nature, in the absence of public documentation, of the work involved in decoding the binary data sent by Google Play Services. Nevertheless, our measurements are already enough to establish that the data sent goes beyond what is suggested by the Google Play Services support page and Google’s public statements.

The data sent is not simply system health data (battery and CPU statistics and the like), device configuration data needed to check for updates, syncing of contacts and account details etc, but rather extends to details of the phone calls and SMS messages sent/received by users, and of user interactions with the Messages and Dialer apps (which SMS conversations viewed and when, dialing of phone numbers and so on).

We note that we made a request using Google’s https://takeout.google.com/ portal for the data associated with the Google user account used in our tests. The response to this request did not include the call/SMS and user interaction log data that we observed to be collected.

While we report here on Android 11 measurements, we observed the same behaviour on a Pixel 4a handset running Android 12.

scss.tcd.ie

privacyofdialerandsmsapps.pdf

1167.64 KB

ph00lt0:

elaborate

android.telephony.SubscriptionManager.PHONE_NUMBER_SOURCE_CARRIER & android.telephony.SubscriptionManager.PHONE_NUMBER_SOURCE_UICC.

Discussion in the ATmosphere

Loading comments...