Finding out that your phone was transmitting data to a corporation while it was idle on your nightstand is somewhat unsettling. There are no open apps. The screen is dark. You’re asleep. Additionally, packets containing your information were still traveling through Google’s infrastructure, utilizing your cellular data rather than theirs.
That is the main accusation in what has turned out to be one of the most illuminating tech lawsuits in recent memory. In the case of Taylor v. Google LLC, Google is accused of creating an Android operating system that continuously transmits user data to its servers without meaningful consent, even when users have disabled location services or closed apps. Google has consistently denied any wrongdoing. However, without acknowledging fault, the business consented to pay $135 million to resolve the federal class action lawsuit in January. An estimated 100 million Android users nationwide are covered by that agreement, which is presently awaiting final court approval at a hearing scheduled for June 23.
Pausing on that number is worthwhile. There are 100 million people whose phones are allegedly using the cellular data they paid for to run silent errands for a trillion-dollar corporation. The plaintiffs used the legal term “conversion” to refer to taking someone else’s property. When used to describe invisible data streams, the term may sound almost charming, but the underlying allegation is grave: Google profited from something that belonged to users, and users never consented to it.
This case feels larger than a single lawsuit because of the pattern it fits into. A California jury had already found against Google in a related state case, Csupo v. Google, just months before the federal settlement was made public, giving California Android users $314 million. It is noteworthy that the verdict went to trial. Before things get that far, Google usually makes a settlement. The jury’s decision to support the plaintiffs after hearing the evidence indicates that the underlying behavior was difficult to explain away.
Everyone outside of that California group—basically, the entire nation—is covered by the $135 million federal settlement. Residents of the United States who used an Android device on a cellular plan at any time after November 12, 2017, are eligible claimants. Before the final hearing, users can register their preferred payment method on the settlement website, which is currently operational. That portion is fairly simple. What they will actually get is less clear.
After deducting taxes, legal fees, and administrative expenses, each claimant receives about $1. Depending on how many people actually submit claims, it might be a little higher. That math makes it difficult not to feel a little dejected. The individual payout is comparable to what you would find between the seat cushions of a car, and the case alleges years of unlawful data harvesting from hundreds of millions of devices. Even though the settlement amount is substantial in name, it seems to be more focused on closure than consequences.
One significant non-monetary change that Google did consent to was amending its Google Play terms of service to clearly state that cellular data may be used in the absence of Wi-Fi and that some data transfers occur passively, even when a device isn’t actively in use. From now on, users will be asked for their consent when setting up their devices. It’s still unclear if that constitutes true transparency or legal cover. The bar for informed consent hidden in a setup screen has never been very high.
As we’ve watched this develop over the past few months, a more general question about Google as well as the architecture of contemporary mobile software keeps coming up. How many other variations of this are already occurring if a company can discreetly program a device to send data over cellular networks in the background without users noticing? One particular question was addressed by the lawsuit. It opened a few dozen more.
