Are we still surprised that Google has oodles of data about us?

Not really. But users have started to expect better. (Heyyyy, GDPR — and those hundreds of news sites that still aren’t complying.)

The Associated Press’s investigation into the search-engine-plus’s determined location tracking — a.k.a. storing your location data even when you’ve specifically opted out — last week could have triggered a wave of consumer aghastness over user data. (See: Cambridge Analytica and Facebook, though the stakes for that were a wee bit different.) It did trigger a class-action lawsuit brought by a San Diego-based Android user, announced yesterday:

According to a complaint filed late Friday, Google falsely assures people they won’t be tracked if they turn the “Location History” feature on their phones to “off,” and instead violates their privacy by monitoring and storing their movements….

The help section of Google’s website now says that turning Location History off “does not affect other location services” in phones, and that some location data may be saved through other services, such as Search and Maps.

Google has also been juggling the European Union’s negative feelings (and a $5 billion fine) toward Android’s alleged anti-competitive practices, as CEO Sundar Pichai said it “sends a troubling signal in favor of proprietary systems over open platforms.” The EU’s commission said that about 80 percent of smart mobile devices worldwide run on Android.

Now, new research from Vanderbilt professor Douglas Schmidt and shared by trade association and frequent Facebook/Google battler Digital Content Next fills out more of the picture of what data Google is collecting. (A Google spokesperson would like you to know that “this report is commissioned by a professional DC lobbyist group, and written by a witness for Oracle in their ongoing copyright litigation with Google. So, it’s no surprise that it contains wildly misleading information.”) The key findings:

• A dormant, stationary Android phone (with the Chrome browser active in the background) communicated location information to Google 340 times during a 24-hour period, or at an average of 14 data communications per hour. In fact, location information constituted 35 percent of all the data samples sent to Google.
• For comparison’s sake, a similar experiment found that on an iOS device with Safari but not Chrome, Google could not collect any appreciable data unless a user was interacting with the device. Moreover, an idle Android phone running the Chrome browser sends back to Google nearly fifty times as many data requests per hour as an idle iOS phone running Safari.
• An idle Android device communicates with Google nearly 10 times more frequently as an Apple device communicates with Apple servers. These results highlighted the fact that Android and Chrome platforms are critical vehicles for Google’s data collection. Again, these experiments were done on stationary phones with no user interactions. If you actually use your phone the information collection increases with Google.
• Google has the ability to associate anonymous data collected through passive means with the personal information of the user. Google makes this association largely through advertising technologies, many of which Google controls. Advertising identifiers—which are purportedly “user anonymous” and collect activity data on apps and third-party webpage visits—can get associated with a user’s real Google identity through passing of device-level identification information to Google servers by an Android device.
• Likewise, the DoubleClick cookie ID—which tracks a user’s activity on the third-party webpages—is another purportedly “user anonymous” identifier that Google can associate to a user’s Google account. It works when a user accesses a Google application in the same browser in which a third-party webpage was accessed previously.
• A major part of Google’s data collection occurs while a user is not directly engaged with any of its products. The magnitude of such collection is significant, especially on Android mobile devices, arguably the most popular personal accessory now carried 24/7 by more than 2 billion people.

Read the full paper from Schmidt (no relation) here.