Corporate Accountability Project · Technology & Data Rights
◆ Class Action Settlement
Google Secretly Drained Android Users’ Cellular Data for Years
Over 100 million Americans paid for data Google took without permission. A $135 million settlement exposes how the world’s most powerful tech company treated user resources as its own.
TL;DR
For nearly a decade, Google’s Android operating system quietly consumed cellular data that users paid for out of their own pockets, transferring information to Google’s servers in the background without users’ knowledge or genuine consent. This wasn’t a bug. It was a deliberate system built into the core of Android, the operating system running on the phones of more than 100 million Americans. Google profited from infrastructure that users funded, while maintaining a toggle that falsely implied people could opt out. The $135 million settlement reached in January 2026 confirms the harm was real and the scale was massive. This is what corporate surveillance looks like when it hides inside your phone bill.
Demand genuine transparency from the companies that run your devices. Your data plan is yours. Your consent is not a formality.
📊 Key Numbers
$135M
Total non-reversionary settlement fund
100M+
Android users affected across the U.S.
$1.05B
Max potential damages calculated by plaintiffs’ expert
$300M/yr
Estimated annual cellular data prospectively saved by injunction
5+ years
Duration of litigation before settlement
2017–2026
Settlement class period
📄 Breakdown of Misconduct
Core Allegations: What Google Did
Unauthorized data transfers · 7 points
| 01 | Google’s Android operating system secretly consumed cellular data paid for by users while their devices sat idle in pockets, purses, and on nightstands while they slept. | high |
| 02 | The data transfers were triggered by GMS Core (Google Play Services), software installed on virtually every Android phone sold in the United States, meaning no user could escape the conduct simply by adjusting settings. | high |
| 03 | Transfers occurred “in the background, when you are not directly interacting with your device, including when the device’s screen is locked,” as Google would later be required to disclose in the settlement. | high |
| 04 | Google transferred user data to its own servers for purposes including advertising support, product development, and ecosystem monitoring, all funded by the cellular plans users were paying monthly fees for. | high |
| 05 | Plaintiffs analyzed billions of pages of Android user data logs and reviewed Google’s proprietary source code across nearly 50 in-person sessions, producing evidence that documented the transfers at scale. | medium |
| 06 | The Ninth Circuit reversed a lower court dismissal of the conversion claim, holding that the claim “was pleaded properly and should not have been dismissed,” validating the core legal theory against Google. | high |
| 07 | A related California state court case, Csupo v. Google, resulted in a 9-to-3 jury verdict against Google on the same underlying facts, confirming that the allegations had substantial merit. | high |
The Consent Illusion: A Toggle That Did Nothing
False controls · 5 points
| 01 | Google maintained an “allow background data usage” toggle in Google Play Services settings that purported to give users control over mobile data use, but generally did not disable the background transfers at issue in the lawsuit. | high |
| 02 | The settlement requires Google to deactivate and gray out this toggle entirely, preventing users from being misled into believing they have control they do not actually have. | high |
| 03 | Google’s Terms of Service and Help Center pages failed to disclose that system services may use cellular data in the background, leaving users unable to make informed decisions about their device or plan. | high |
| 04 | The Android device setup flow, which all new users must complete before using a phone, contained no clear disclosure that Google would consume users’ paid cellular data automatically and without the ability to stop it. | medium |
| 05 | The settlement mandates that Google add an explicit “Use of cellular data” section to the setup flow, including a new “Accept” button, so future users must actively consent to practices they had previously never been told about. | medium |
Profit Over People: Revenue Prioritized Over User Rights
Financial incentives · 4 points
| 01 | The transfers supported advertising, product development, and the Android ecosystem, all of which generate revenue for Google, meaning user-funded cellular data directly subsidized Google’s commercial operations. | high |
| 02 | Plaintiffs’ damages expert calculated Google’s total potential damages at over $1 billion using industry average cellular data pricing, a figure that reflects just how systematically Google was extracting value from users’ paid data plans. | high |
| 03 | The injunction’s value is estimated at over $600 million across its two-year term, based on the prospective annual savings of approximately $300 million in cellular data that users would otherwise continue to lose. | medium |
| 04 | Google argued that the harm to each individual user was “negligible” in dollar terms, effectively defending its mass appropriation of user property by pointing out that each individual theft was too small to matter on its own. | high |
Corporate Accountability Failures: What Google Got Away With
Weak penalties, delayed accountability · 5 points
| 01 | The $135 million settlement represents at most 12.9% of plaintiffs’ calculated maximum damages using industry average pricing, and potentially only 6.8% of the approximately $2 billion in total potential damages through 2025. | high |
| 02 | No Google executive faces personal accountability under the settlement. The company pays from a corporate fund while the individuals who designed, approved, and maintained this system face no consequences. | high |
| 03 | Google settled without admitting wrongdoing, meaning it faces no official legal finding that its conduct was unlawful despite over five years of litigation and a $135 million payment. | high |
| 04 | Individual settlement payments are estimated at less than $16 per class member, while attorneys’ fees may reach up to $39.8 million, nearly 30% of the total fund. | medium |
| 05 | The injunctive reforms, while meaningful, are set to remain in effect for only two years minimum, leaving open the possibility that Google modifies or weakens the disclosures once the settlement period expires. | medium |
Regulatory Failures: No Agency Caught This
Oversight gaps · 4 points
| 01 | This evidence was developed independently by plaintiffs’ counsel, without relying on any prior government investigation or private litigation, meaning no regulatory agency identified or acted on the conduct before private citizens brought suit. | high |
| 02 | The FTC and FCC, the two agencies most responsible for consumer data protection and telecommunications oversight, played no role in the five-year litigation that ultimately produced the first meaningful accountability for this conduct. | high |
| 03 | Google’s initial motion to dismiss succeeded at the district court level, meaning the conduct would have gone entirely without redress had plaintiffs not appealed successfully to the Ninth Circuit. | medium |
| 04 | The case underscores a structural gap in U.S. privacy law: no federal comprehensive data protection statute exists that would have straightforwardly prohibited Google’s background cellular data transfers and provided a direct enforcement mechanism. | high |
Economic Fallout: Who Paid the Price
Financial harm to users · 4 points
| 01 | More than 100 million American Android users were included in the class, meaning the economic harm from unauthorized cellular data consumption extended to roughly a third of the U.S. population. | high |
| 02 | Users with limited or tiered data plans suffered the most direct harm; the unauthorized transfers could push users toward data caps or incur overage charges on plans where additional data comes at a premium. | high |
| 03 | The harm disproportionately affects lower-income users on prepaid or limited data plans, for whom every megabyte of cellular data has measurable financial cost. Unlimited plan users still paid indirectly through plan pricing that assumes standard data consumption. | high |
| 04 | Because individual damages are small (estimated at roughly $9.98 per person using plaintiffs’ methodology), class action was the only viable legal mechanism. Individual users had no practical path to recover the value Google extracted from them. | medium |
🕐 Timeline of Events
Nov 2017
Start of the class period. Android users outside California began to be affected by the unauthorized background cellular data transfers from this date forward.
Nov 2020
Plaintiffs Joseph Taylor, Mick Cleary, and Jennifer Nelson filed the initial class action complaint, alleging Google secretly appropriated cellular data from Android users without consent.
Feb 2021
Google moved to dismiss the complaint, beginning a multi-year legal battle over whether plaintiffs had viable claims against the tech giant.
Sep 2022
District court granted Google’s motion to dismiss. Plaintiffs appealed to the Ninth Circuit, refusing to let the case die in the lower court.
Feb 2024
Ninth Circuit reversed the dismissal, holding the conversion claim “was pleaded properly and should not have been dismissed.” The case returned to district court with new momentum.
Jul 2025
Related California case (Csupo v. Google) produced a 9-to-3 jury verdict against Google on the same underlying facts, confirming the strength of the allegations just as federal settlement talks intensified.
Aug 2025
Federal court heard arguments on class certification and expert challenges (Daubert motions). The court signaled skepticism about plaintiffs’ damages methodology, increasing settlement pressure.
Nov 2025
Parties executed a term sheet for the proposed settlement. Special settlement counsel were engaged on both sides to protect class members’ interests independently of litigation counsel.
Dec 23, 2025
Parties executed a definitive $135 million Settlement Agreement.
Jan 27, 2026
Plaintiffs filed for preliminary court approval of the settlement, setting a February 17, 2026 hearing and targeting a final approval hearing in June 2026.
💬 Direct Quotes from the Legal Record
QUOTE 1
The scope of Google’s covert data extraction
Core Allegations
“While Plaintiffs’ Android devices are in their purses and pockets, and even while sitting seemingly idle on Plaintiffs’ nightstands as they sleep, Google’s Android operating system secretly appropriates cellular data paid for by Plaintiffs.”
💡 This quote from the original complaint captures the essence of the misconduct: Google was taking user resources continuously, around the clock, including during hours when users had every reasonable expectation their phones were doing nothing.
QUOTE 2
The court’s finding that the conversion claim was valid
Core Allegations
“The conversion claim was pleaded properly and should not have been dismissed.”
💡 The Ninth Circuit’s reversal of the dismissal was a watershed moment. It established that what Google did could legally constitute conversion: taking someone else’s property without permission. Users’ paid cellular data is their property. Google used it anyway.
QUOTE 3
Required settlement disclosure: background transfers cannot be turned off
The Consent Illusion
“Google Play services may use your mobile data” and these transfers “cannot be turned off.”
💡 This language, which Google will now be required to include in its Help Center documentation, is an extraordinary admission. For years, Google did not disclose that these transfers were unavoidable. Users had no way to stop something they did not know was happening.
QUOTE 4
Required setup flow disclosure: what users must now be told
The Consent Illusion
“Some of these communications may happen in the background, when you are not directly interacting with your device, including when the device’s screen is locked. You can control some of the communications through user settings… but some of the communications cannot be turned off. You are responsible for any fees incurred from third parties (such as your mobile carrier) in connection with these cellular communications.”
💡 This settlement-mandated disclosure is a direct acknowledgment that Google was using users’ data in ways they could not control, without informing them, and without accepting responsibility for the resulting carrier fees. The fact that this language did not exist before 2026 tells you everything about Google’s prior approach to transparency.
QUOTE 5
The court’s skepticism about damages: how low could they go
Corporate Accountability Failures
“I could imagine there is a scenario where the fair market value of data like this is like negligible, like really negligible.”
💡 The judge’s comment during the August 2025 hearing reflects the fundamental tension at the heart of tech accountability: the individual harm from each data transfer was small, even if the aggregate harm was massive. This is exactly how Big Tech evades meaningful accountability. The theft is real; the per-person dollar amount is designed to be too small to matter.
QUOTE 6
Plaintiffs’ evidence was built from the ground up
Regulatory Failures
“This evidence was developed independently by Plaintiffs, without relying on any prior government investigation or private litigation.”
💡 There was no government investigation. No regulator uncovered this. Private citizens and their attorneys did what federal agencies failed to do, spending five years and tens of millions in resources to hold a trillion-dollar company accountable for taking what was not its to take.
QUOTE 7
The injunction’s estimated value to users
Profit Over People
“Plaintiffs’ economist has calculated that the injunctive relief provided by the Settlement Agreement will avoid the prospective conversion of approximately $300 million worth of cellular data per year using the industry average price.”
💡 Three hundred million dollars per year in cellular data. That is what Google’s practices cost Android users annually, according to the same data analysis that informed the settlement. The $135 million users will receive is less than half of a single year’s ongoing harm. The injunction stopping future transfers is worth more than the cash settlement itself.
QUOTE 8
The misleading toggle Google must now deactivate
The Consent Illusion
“Until now, this toggle has purported to give users the ability to turn off Google Play Service’s use of mobile data in the background, but generally has not disabled the transfers at issue in this case.”
💡 This is a fake off-switch. For years, Google showed users a control that appeared to stop background data usage but did not actually do so. This is not a design flaw. It is a design choice that prioritized Google’s data collection over users’ stated preferences.
💬 Commentary
❓
What exactly did Google do that was wrong?
▼
Google’s Android operating system transferred data to Google’s servers in the background, using cellular data that users were paying for through their mobile carriers, without clearly disclosing this was happening and without users’ genuine informed consent. The transfers happened even when phones appeared idle, including when screens were locked and users were asleep. The data supported Google’s commercial operations, including advertising infrastructure. Google simultaneously maintained a settings toggle that falsely implied users could stop the transfers, but the toggle generally did not work as advertised.
❓
Is $135 million actually a meaningful penalty for Google?
▼
In straightforward terms: no. Google generated over $350 billion in revenue in 2024 alone. A $135 million settlement represents roughly 14 hours of Google’s annual revenue. Plaintiffs themselves estimate maximum potential damages at over $1 billion, and the injunction’s estimated annual value is $300 million per year. The settlement is the best outcome achievable given the legal risks involved, including significant uncertainty about damages methodology. But calling it meaningful accountability for a company of Google’s scale would be misleading. This is a cost of doing business, not a deterrent.
❓
Did Google admit wrongdoing?
▼
No. Like the vast majority of large corporate settlements, this one allows Google to pay $135 million and implement operational changes without officially admitting that it did anything illegal. This is a structural problem with how corporate accountability works in the United States. Companies can engage in harmful conduct at massive scale, settle for a fraction of the harm caused, and walk away with no formal legal finding that they violated the law. The mandatory disclosures and consent requirements Google must now implement are, however, a functional admission that what it was doing before was inadequate.
❓
How is this different from the data privacy cases we hear about all the time?
▼
Most data privacy cases involve the unauthorized collection or sale of personal information, browsing data, or location history. This case is about something more concrete and more clearly quantifiable: money. The cellular data Google transferred was a paid resource that users purchased from their mobile carriers. This is not just a privacy violation; it is a property rights violation. Google took something that literally cost users money on their monthly bills, without asking, while maintaining a fake control that implied they had a choice. That combination of financial harm and active deception makes this case particularly egregious.
❓
Who was most harmed by this?
▼
The class includes over 100 million Americans who used Android phones with cellular data plans between November 2017 and the date of final judgment. The people most economically harmed were those on limited, prepaid, or tiered data plans where cellular data has a direct and visible cost. For someone on a 2GB prepaid plan paying by the megabyte, background transfers that cannot be turned off represent a real, recurring financial drain. These are disproportionately lower-income users. The harm falls hardest on those with the least ability to absorb it.
❓
Why did it take over five years to get here?
▼
Because Google fought every step of the way. The company successfully got the case dismissed at the district court level, forcing an appeal to the Ninth Circuit. It mounted extensive challenges to class certification, challenged plaintiffs’ expert witnesses, and pushed arguments that would have reduced damages to nearly zero. Google has vast legal resources and the institutional incentive to litigate aggressively, because settlements set precedent. Every case it drags out becomes a lesson to other potential plaintiffs about the cost of taking on a trillion-dollar company. This is not unusual. It is the system working exactly as corporations want it to.
❓
Does the settlement actually change Google’s behavior going forward?
▼
Partially. The injunction requires Google to add transparent disclosures to its Terms of Service, Help Center, and new device setup screens. It also requires Google to deactivate the misleading data toggle. These are real changes that will give future Android users information they previously did not have. However, the disclosures will still be buried in setup flows and Terms of Service that most users accept without reading. The injunction lasts a minimum of two years, after which Google may seek modifications. It stops short of requiring Google to ask for separate, explicit consent before background data transfers occur, which would be the most meaningful protection.
❓
What can I do to prevent this from happening again?
▼
There are several concrete steps. First, contact your federal representatives to support comprehensive federal data privacy legislation that would prohibit background data transfers without explicit, opt-in consent. Second, look into data-monitoring apps that show you which apps are consuming cellular data in the background so you can detect future unauthorized use. Third, if you receive notice about this settlement, participate: submit your payment election. Doing nothing means less money back to affected users. Fourth, follow organizations like the Electronic Frontier Foundation (EFF) and Consumer Reports Digital Lab, which track and publicize corporate data abuses. Finally, recognize that the only reason this settlement happened is because private citizens refused to accept a dismissal and fought for five years. That matters. Collective action and sustained legal pressure are the tools that actually move corporations.
❓
Could this happen with other tech companies or apps?
▼
Almost certainly. The legal theory established in this case, that background cellular data transfers without consent can constitute conversion (a form of property theft), applies to any app or operating system that consumes your paid mobile data without your knowledge. The fact that this took a class action lawsuit to uncover, and that no federal regulator identified the conduct, suggests that similar practices may exist elsewhere and are simply not yet subject to legal challenge. The absence of a federal comprehensive digital privacy law means the only check on these practices remains the costly, time-consuming, and uncertain process of private litigation.
💡 Explore Corporate Misconduct by Category
Corporations harm people every day — from wage theft to pollution. Learn more by exploring key areas of injustice.
- 💀 Product Safety Violations — When companies risk lives for profit.
- 🌿 Environmental Violations — Pollution, ecological collapse, and unchecked greed.
- 💼 Labor Exploitation — Wage theft, worker abuse, and unsafe conditions.
- 🛡️ Data Breaches & Privacy Abuses — Misuse and mishandling of personal information.
- 💵 Financial Fraud & Corruption — Lies, scams, and executive impunity.
