Google must pay $314M after a California court ruled it misused idle Android users’ data. The case ends a class-action suit filed in August 2019.
A San Jose jury ruled that Google misused Android users’ cell phone data and must pay over $314.6 million in damages to affected users in California.
Google is liable for collecting data from idle Android phones without consent, placing unfair costs on users for its own benefit. The class action, filed in 2019, represents around 14 million Californians and claims the company used the data for ads while consuming users’ cellular data.
The plaintiffs claimed that the Android system used their cellular data to send various info back to the company, even when phones were idle and no apps were open. They argued that Google could’ve limited this to Wi-Fi, but chose to use cellular networks instead, costing users data without their consent. This, they said, violated California law and meant Google should repay users for the data it quietly used for its own gain.
“Although Google could make it so that these transfers happen only when the phones are connected to Wi-Fi, Google instead designed these transfers so they can also take place over a cellular network,” plaintiffs said. “Google’s unauthorized use of their cellular data violates California law and requires Google to compensate Plaintiffs for the value of the cellular data that Google uses for its own benefit without their permission.”
The plaintiffs showed that a Samsung Galaxy S7 with default settings sent 8.88MB/day of cellular data, with 94% going to Google, about 389 transfers daily. The data, mostly log files, wasn’t urgent and could’ve waited for Wi-Fi. Yet the company didn’t offer a Wi-Fi-only option, using users’ cellular plans instead. Another test in 2018 found a dormant Android device with Chrome open sent around 900 transfers daily, far more than an idle iPhone, which offered better user control over such data sharing.
Plaintiffs’ attorney Glen Summers called the verdict a strong affirmation of the company’s misconduct and the case’s validity.
“[the verdict] forcefully vindicates the merits of this case and reflects the seriousness of Google’s misconduct.” said Summers.
Google argued no harm occurred and users had consented via its policies. A separate federal lawsuit with similar claims, representing users from the other 49 states, is also underway and is set for trial in April 2026.
The tech giant plans to appeal, saying the decision misunderstands Android’s core services.
“[The verdict] misunderstands services that are critical to the security, performance, and reliability of Android devices.” said company spokesperson Jose Castaneda.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Google)
