Deciphering Samsung's Telemetry: Navigating the Maze of Privacy Policies

In the past week, an analysis of the Samsung Galaxy Fold discovered a high number of DNS queries, with a significant portion blocked by Glacier's Secure DNS, highlighting distinct privacy challenges for Samsung smartphones.

Over the last seven days, our love for the beautiful Samsung Galaxy Fold hardware led us to scrutinize the labyrinthine world of privacy policies, third-party partnerships, and the seemingly incessant data flow from our device. 

We did a test with our Samsung Galaxy Z Fold 3 and found approximately 30,000 DNS queries were made over a 7 day period, and nearly half of them were blocked by Glacier's Secure DNS system, which had no visual negative effect to the usability of the device. What makes it even more peculiar is that we do not have any social media apps on this device. 

To provide some context, it's worth mentioning that in comparison, only 8% of our Apple iPhone 14 Pro and 11% of our Google Pixel 7 DNS traffic was blocked, highlighting the unique privacy challenges posed by Samsung smartphones.  So we have some questions.

1. What is Telemetry Data?

Telemetry data refers to the collection of various types of information from your smartphone. This data typically includes device usage statistics, crash reports, and sometimes, even location information. Smartphone manufacturers and app developers gather telemetry data to improve their products, enhance user experience, and troubleshoot issues. However, the concern with telemetry data lies in the extent of information collected and how it is used. 

2. Advertising Data and Data Brokers Techniques

Smartphone users often face a barrage of targeted advertisements. This is made possible through the collection of personal information, such as browsing history, location, and app usage patterns. Data brokers are entities that specialize in amassing and selling such data to advertisers and other interested parties. These practices raise serious privacy concerns, as users may not be aware of how their information is being used. 

3. Native Device Trackers

Native smartphone OS telemetry data in Android refers to the information collected by the operating system itself regarding the device's usage and performance. This data is primarily intended for diagnostic and analytical purposes to help improve the operating system's performance, identify issues, and enhance user experience.

Observing packets sent from a mobile handset might seem like a straightforward task, but it turns out to be quite challenging for privacy analysis. Researchers at the University of Edinburgh UK and Trinity College Dublin set up the studied handsets to connect via WiFi to a controlled access point and employ tcpdump to capture outgoing traffic. However, this approach has limited utility for privacy analysis due to several key reasons.

Firstly, most packet payloads are encrypted. This encryption is not solely due to the widespread use of HTTPS for data transfer but also because the message data is frequently subject to additional encryption by the sender, utilizing a cipher that might not be explicitly defined through meta-data. This is especially true when dealing with sensitive data, a practice known as end-to-end encryption.

Secondly, before encryption, data is often encoded in a binary format that lacks public documentation. This lack of transparency makes it challenging to decipher the encoded data and understand what data is being sent and where it's going.

4. Why Samsung Smartphones Are Privacy Nightmares

At Glacier, we love Samsung’s hardware. However, when it comes to privacy, the experience can be akin to navigating a labyrinth of policies and notifications. But why are Samsung's privacy policies so numerous, and why do we constantly receive notifications about modifications to these policies?

It's not uncommon for users to encounter multiple policies covering different aspects of their devices, applications, and services. This proliferation of policies is often a result of Samsung's diverse product offerings, including smartphones, smart TVs, home appliances, and more.

Samsung smartphones have faced criticism for their privacy practices. Reports have highlighted issues related to data collection, third-party partnerships, and pre-installed apps. 

5. What is Secure DNS?

Glacier Secure DNS has powerful DNS filtering or DNS security which can safeguard your privacy while using the internet. Glacier filters out malicious websites, block tracking attempts and provides a layer of protection against cyber threats. We were also able to use Glacier’s analytics page to track the number of requests that were blocked on our test Samsung device.

6. How Glacier Can Help Organizations Prevent Data Leakage and User Tracking

Glacier is an innovative solution that empowers organizations to protect sensitive data and user privacy. It combines advanced encryption and access control features to ensure that data remains secure, even in the face of evolving threats. By implementing Glacier, organizations can prevent data leakage and tracking of users through privacy-invasive techniques, enhancing their overall security and compliance efforts.

Smartphone security and privacy are of paramount importance in our digital age. To protect your privacy, it's crucial to understand the various aspects of data collection and tracking techniques employed by smartphone manufacturers, app developers, and advertisers. By taking control of your settings, using protective DNS services, and implementing solutions like Glacier, you can ensure that your data remains private and secure in an increasingly data-driven world.

Photo by Jonas Leupe on Unsplash