← The Signal
8 min read

Your Phone Pings Google 340 Times a Day. Here's the Study.

A stock Android phone contacts Google roughly 340 times per day — even at idle. A peer-reviewed study from Trinity College Dublin measured it. Here's what they found.

In 2021, Professor Douglas Leith at the School of Computer Science and Statistics, Trinity College Dublin, published a peer-reviewed study titled “Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google.” The methodology was straightforward: take a Pixel 2 running stock Android and an iPhone 8 running stock iOS, put them in a controlled network environment, and measure every byte they transmit — at startup, at idle, and during basic interactions like inserting a SIM card or browsing settings.

The results weren’t ambiguous. A stock Android device contacted Google servers approximately 340 times per day while sitting idle. The iPhone contacted Apple roughly 60 times per day under the same conditions. Both phones were just sitting there. No apps open. No user interaction. Talking to their manufacturers anyway.

DAILY CONNECTIONS TO MANUFACTURER (IDLE DEVICE) 0 100 200 300 400 connections/day Android iOS 340 60 Source: Leith, D.J. (2021), Trinity College Dublin | First-boot data: Android ~1 MB vs iOS ~42 KB

What Gets Sent

The data transmitted wasn’t vague telemetry. Leith’s team intercepted and decoded the payloads. Android sent the IMEI (your device’s unique hardware identifier), hardware serial number, SIM serial number, phone number, device IDs (including the Google Advertising ID), and Wi-Fi MAC address. Location services were disabled during testing. It didn’t matter — Google still received data tied to nearby Wi-Fi access points and cell towers, which is functionally location data. You can turn off the toggle. The phone keeps talking.

At first boot after a factory reset, the Pixel transmitted approximately 1MB of data to Google before the user touched anything. The iPhone sent about 42KB to Apple. Google collected roughly 20 times more data at startup. Within minutes of powering on — before the owner had opened a single app or agreed to a single prompt — the phone had already shipped hardware identifiers, location-adjacent signals, and device fingerprints to Google’s servers.

Leith also tested what happens when you engage Google’s opt-out mechanisms. Disable personalized ads. Turn off location history. Decline usage diagnostics. The volume of data transmission barely changed. The identifiers kept flowing. The connections to Google’s servers continued on the same schedule. The toggles controlled what Google said it would do with the data. They did not control whether the data left your phone.

The Pipeline After Collection

Here’s where the study ends and the business model begins.

Google doesn’t just collect this data for internal use. Their entire advertising infrastructure — the system that generated $264.6 billion in ad revenue in 2023 (Alphabet 10-K filing) — depends on building behavioral profiles granular enough to predict what you’ll buy, where you’ll go, and what you’ll click. The data your phone sends 340 times a day feeds that machine directly.

But the data doesn’t stay with Google. It enters a pipeline. Over 4,000 data brokers operate in the United States alone, according to research from the Vermont Attorney General’s office and Privacy Rights Clearinghouse. Location data, device identifiers, behavioral signals, and inferred demographics flow from collection platforms into aggregation networks within 24 to 48 hours. Companies you’ve never heard of — Babel Street, Venntel, Gravy Analytics, Near Intelligence — buy, license, repackage, and resell this data in bulk. Your phone’s 340 daily pings become rows in databases sold to advertisers, insurers, employers, landlords, and law enforcement.

When Location Data Becomes Surveillance

In 2022, the Associated Press and Electronic Frontier Foundation reported on Fog Data Science, a small Virginia-based company that had quietly assembled a massive database of phone location data purchased from commercial brokers. Fog sold access to this database directly to local law enforcement agencies across the United States — at least 18 agencies confirmed — allowing police to track individuals’ movements without obtaining a warrant.

No probable cause. No judicial oversight. A cop with a subscription to a private company, drawing a geofence on a map, pulling up every phone that passed through a protest, a clinic, a church, a bar. The data trail that made it possible started with the same kind of silent transmissions Leith measured — device identifiers and location signals sent without the user’s knowledge or meaningful consent.

The Fog Data Science case wasn’t an anomaly. It was the business model working as designed. In 2023, Near Intelligence — a location data broker that claimed coverage of 1.6 billion devices globally — filed for bankruptcy after the Wall Street Journal reported the company had sold location data derived from prayer apps to a defense contractor, which then provided it to U.S. military and intelligence agencies. Data that started as a phone’s background ping to an ad network ended up in a national security database.

The Real-World Cost

The downstream effects aren’t theoretical. Insurance companies use behavioral and location data to adjust premiums — a 2023 report from The Markup found that data brokers sell “health risk scores” to insurers based on purchasing behavior, location patterns, and app usage. Employers run background checks that pull from data broker aggregations. Landlords use tenant screening services fed by the same pipelines.

A phone that contacts Google 340 times a day generates roughly 124,000 data transmissions per year per device. Multiply that across 3.3 billion active Android devices worldwide (Statista, 2024). The scale of passive data collection happening right now — on phones in pockets, on nightstands, sitting idle on kitchen counters — is the largest surveillance infrastructure ever constructed. It wasn’t built by a government. It was built by an advertising company and subsidized by the people carrying the devices.

What Google Says

Google’s own privacy policy, updated January 2024, states that the company may share data with “affiliates, other companies and organizations” for purposes including “advertising and measurement,” “safety and fraud prevention,” and “legal compliance.” The policy runs thousands of words. The opt-out mechanisms are scattered across multiple settings pages, sub-menus, and separate Google account dashboards. Leith’s study demonstrated that even when you navigate every one of those toggles, the phone still transmits identifiers on the same schedule.

The architecture is the point. The defaults ship configured for maximum data collection. The opt-outs are cosmetic. The hardware itself — the baseband processor, the pre-installed Google Play Services framework, the system-level processes that run before any user app loads — is designed to maintain a persistent connection to Google’s infrastructure. You can’t uninstall Google Play Services on a stock Android phone. It has system-level privileges. It runs at boot. It doesn’t ask.

Professor Leith’s paper was peer-reviewed and published in the proceedings of the IEEE Security and Privacy on the Internet of Things workshop. The methodology has been cited by the Irish Council for Civil Liberties, the Norwegian Consumer Council, and multiple data protection authorities across the EU. The numbers aren’t contested.

The alternative is a phone that doesn’t call home. A device running a privacy-focused operating system with Google’s tracking infrastructure stripped out entirely — no Play Services, no silent telemetry, no 340 daily pings to Mountain View. That’s what a de-googled phone is. Same hardware. Same apps (sideloaded through privacy-respecting stores). Zero background transmissions to Google.

The 340 pings stop when you stop using software designed to send them.

googleandroidlocation trackingdata collectionprivacy
$199 Starter Kit — Most Popular