430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google fined $314M for misusing idle Android users’ data

Google must pay $314M after a California court ruled it misused idle Android users’ data. The case ends a class-action suit filed in August 2019. A San Jose jury ruled that Google misused Android users’ cell phone data and must pay over $314.6 million in damages to affected users in California. Google is liable for […]

Google Big Sleep

Google must pay $314M after a California court ruled it misused idle Android users’ data. The case ends a class-action suit filed in August 2019.

A San Jose jury ruled that Google misused Android users’ cell phone data and must pay over $314.6 million in damages to affected users in California.

Google is liable for collecting data from idle Android phones without consent, placing unfair costs on users for its own benefit. The class action, filed in 2019, represents around 14 million Californians and claims the company used the data for ads while consuming users’ cellular data.

The plaintiffs claimed that the Android system used their cellular data to send various info back to the company, even when phones were idle and no apps were open. They argued that Google could’ve limited this to Wi-Fi, but chose to use cellular networks instead, costing users data without their consent. This, they said, violated California law and meant Google should repay users for the data it quietly used for its own gain.

“Although Google could make it so that these transfers happen only when the phones are connected to Wi-Fi, Google instead designed these transfers so they can also take place over a cellular network,” plaintiffs said. “Google’s unauthorized use of their cellular data violates California law and requires Google to compensate Plaintiffs for the value of the cellular data that Google uses for its own benefit without their permission.”

The plaintiffs showed that a Samsung Galaxy S7 with default settings sent 8.88MB/day of cellular data, with 94% going to Google, about 389 transfers daily. The data, mostly log files, wasn’t urgent and could’ve waited for Wi-Fi. Yet the company didn’t offer a Wi-Fi-only option, using users’ cellular plans instead. Another test in 2018 found a dormant Android device with Chrome open sent around 900 transfers daily, far more than an idle iPhone, which offered better user control over such data sharing.

Plaintiffs’ attorney Glen Summers called the verdict a strong affirmation of the company’s misconduct and the case’s validity.

“[the verdict] forcefully vindicates the merits of this case and reflects the seriousness of Google’s misconduct.” said Summers.

Google argued no harm occurred and users had consented via its policies. A separate federal lawsuit with similar claims, representing users from the other 49 states, is also underway and is set for trial in April 2026.

The tech giant plans to appeal, saying the decision misunderstands Android’s core services.

“[The verdict] misunderstands services that are critical to the security, performance, and reliability of Android devices.” said company spokesperson Jose Castaneda.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Google)