Google Settles Class Action Over Unauthorized Cellular Data Transmission from Android Devices
What Happened – A U.S. federal class‑action lawsuit (Taylor et al. v. Google LLC) alleges that Android phones transmitted user data over cellular networks without consent, even when the device was idle and apps were closed. Google has agreed to a $135 million settlement, offering up to $100 per eligible user.
Why It Matters for TPRM –
- Unauthorised data flows expose end‑users and can signal broader privacy‑control gaps in a vendor’s mobile OS.
- Settlement funds and legal exposure highlight the financial risk of relying on platforms with opaque data‑handling practices.
- Organizations must assess whether their Android‑based BYOD or MDM programs inherit these privacy liabilities.
Who Is Affected – Mobile‑OS users, enterprises with Android device fleets, BYOD programs, and any third‑party services that embed Android SDKs.
Recommended Actions – Review contracts and privacy clauses with Google and Android OEMs; verify that your MDM/EMM policies enforce user‑consent controls for cellular data; monitor settlement communications for claim eligibility; consider alternative OS platforms for high‑risk workloads.
Technical Notes – The suit claims Google’s Android OS sent telemetry and usage data over cellular connections regardless of user settings, effectively a mis‑configuration or undocumented feature. No specific CVE is cited. Data types include device identifiers, location pings, and app usage metrics. Source: ZDNet Security