Analysis:Fundamental problem with Android

To contextualise the underlying problem with lack of privacy on Androids, a brief word on how a modern Android phone is made probably helpful.

Hardware
Virtually no company makes Android phones from scratch. A company looking to release an Android smartphone typically approaches an original equipment manufacturer (so called OEM) who sells ready made or mostly-complete phone parts ready for customisation. In a typical smartphone, Samsung might provide the screen, Qualcomm provides the system on chip (SoC) and Sony might provide the camera module. The phone manufacturer does their best to fit the components in the particular end-user budget. Then they work to make these components work well together in under Android by developing a customised version of the operating system and while hardware engineers fit those components into a case they may or may not have designed. One marketing budget later, and Android phone is born.

Of course, certain manufacturers, like Samsung, and certain high-end phones may enjoy a larger degree of freedom, with custom components being made for specific phones, but that is far more rare than one might imagine. Fundamentally, 'making' an Android phone is process of building a Frankenstein's smartphone and smoothing out the rough edges.

Thus the manufacture does not have a great level of control over the hardware. This causes them to want to differentiate themselves from the competition by producing their own software skins; custom versions of Android that often look and feel different, but in the end remain under the boot of Google.

Software
Once the phone is made, the manufacturer takes the base code of Android, commonly known as AOSP and modifies it to their liking. This may include addition of new features or new code supporting specific hardware of the device. It also includes baking in of device drivers, provided by the OEMs. However, these modification can be quite superficial, as the any major changes are restricted by a set of guidelines called Android Compatibility Definition Document (CDD).

Any Android phone outside of China is essentially unsellable without access to Google services, most notably access to the app store, Google Play Store. This means that if the manufacturer is to offer access to all the everyday apps users are used to, they must follow the rules Google lays out in the CDD and the related licensing agreers. Those rules also mandate that the manufacturer ships, alongside their own software, bundle of software commonly referred as the Google Play Services.

While Android itself is at least nominally open source, Google Play Services are a black box. A bundle of proprietary software which only Google fully understands. They do provide useful services to app developers and users, such as coarse location lookup, but it also leverages this access to collect virtually unlimited amount of private information. Google Play Services also run as system software, giving them almost unfettered access to all aspects of the phone. Worse still, they can be updated remotely independently of system software, and without user's active consent and understanding. Google of course say that they only use this info in accordance with law and their privacy policy, but this privacy policy is a dense legal document which only the lawyers who wrote it can hope to understand.

Resultant business model
Stuck between inflexible costs of hardware components, strict rules made by Google and fierce competition from other manufacturers, most manufacturers are reduced to razor thing margins. The manufacturers try to improve this position by offering their own services((This is why you always have at least two different browsers on Android phones.)). Given that end users will not pay for those services, the only way manufacturers can make this worth their while is by adding another layer of software and tools which monitor the user and track every aspect of their life, to be monetised and sold to first advertiser that will pay.