Google’s latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.

Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.

“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews…

… “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said…

  • Buddahriffic@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    3 months ago

    If it is present there, it doesn’t imply it’s only present there.

    And we really have no idea how close of a relationship Google, or any other corp for that matter, has with various intelligence agencies. Same thing with infiltrations by intelligence agencies.

    And no, it doesn’t mean that every phone in the world is compromised with this, which wouldn’t be that sophisticated, just stealthy. The sophisticated part would be part of the normal design process, it’s called DFT or design for test if you want to read about it, used legitimately to determine what parts of the chip have manufacturing flaws for chip binning.

    Most phones don’t have an unlocked bootloader, and this post is about the data Google is pulling on factory pixels.

    Why would they do all the work on the software side and then themselves offer a device that allows you to remove their software entirely? And if it’s worth it just from the “make more money from people who only want unlocked phones”, why isn’t it more common?

    Mind you, my next phone might still be a pixel. Even if this stuff is actually there, I wouldn’t expect to be targeted. I can’t help but wonder about it, though, like just how deep does the surveillance or surveillance potential go?

    • sleepyplacebo@rblind.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      5 days ago

      The Pixel is a good phone to test the latest android features for development purposes. I would imagine to some degree they are trying to target developers interested in testing software by offering the ability to unlock and relock the bootloader. This fosters a vibrant developer community and encourages innovation. Certain things can be tested in an android emulator but it helps to have a real device to test as well.

      Pixels often ship with hardware features that other phones later include. For example Pixel 8 was the first phone with hardware memory tagging extensions and if developers wanted to test that feature they would buy a Pixel first and then use that experience with the devices their company is manufacturing. Pixels are often released with new android versions that implement android features and APIs the way they were intended to work. There have been cases of OEMs releasing devices with broken implementations of standard android features.

      Pixel was the first phone with Strongbox as well. Additionally, It was the first android phone with satellite connectivity.

      It also attracts the segment of the market that just enjoys modifying their phones as well. So basically they are targeting the power user community and developers. Despite the Pixel having the ability to install custom verified boot keys and custom OSs, Google knows that very few users use those features so it does not cut into their Play Store and Play Services market share very much.

    • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 months ago

      And we really have no idea how close of a relationship Google, or any other corp for that matter, has with various intelligence agencies

      Ok let’s assume this is true, and US intelligence agencies have actually backdoored all US phone manufacturers. What about foreign phones? If this was true, someone the NSA is interested in could just defend themselves by e.g. buying a Chinese phone. All this effort, just to be defeated by foreign phone manufacturers? It wouldn’t be worth it, which is why it’s so highly unlikely.

      • helloworld55@lemm.ee
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        3 months ago

        Well to this point (I don’t 100% believe this flavor of state surveillance theory but) you cannot buy phones made my foreign manufacturers and have them work in the US. For example, Oppo, Huawei, Xiaomi, all do not work on USA cell networks, and you can’t buy them unless you go through an import process. Just to name a few of the many. But granted, those are all Chinese manufacturers. EDIT** I was wrong, apparently with the right settings you can get most phones to work on US cell networks

        • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          Oppo, Huawei, Xiaomi, all do not work on USA cell networks

          Wait what? Is that actually true? What if you are a foreigner visiting the US and bring your e.g. Oppo phone with you? You can’t use it? Even with a foreign SIM?

      • Buddahriffic@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        This argument assumes that they’d only do something if they could get perfect coverage, which isn’t very compelling for me. IMO the question should be “would it give enough access to more information to be worth it”, not “it’s only worth it if it gives access to all information”.

        And, as the other commenter mentioned, it is difficult to get some Chinese phones, though not impossible and if this whole line of thought plays into that, the reasoning is probably as much about cutting off their access to this kind of thing as it would be about making it harder to avoid western agencies doing this. They’ve said the first one out loud (they being politicians justifying blocking Huawei), and wouldn’t have said the second part either way.

        • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          This argument assumes that they’d only do something if they could get perfect coverage

          Doing this and not covering like half of the phones out there would be even dumber, and way too risky. It’s not just about Chinese phones, the most popular smartphone vendor, Samsung, is from South Korea. Yeah, South Korea is a US ally, and the NSA might have some kind of crazy deal in place with them to backdoor their phones, but that would exponentially increase the risk, as not only would the NSA and all the US phone manufacturers have to keep this a secret, the South Korean government as well as Samsung, which is a massive corporation with hundreds of thousands of employees, would also have to make sure that none of this gets leaked to the public. This is way too unrealistic, and can easily be dismissed as a conspiracy theory.

          • Buddahriffic@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            3 months ago

            I think you’re greatly overestimating the number of people who would need to be involved. It could be done by one person in the right RTL design position. ASIC validation doesn’t involve exhaustively searching for any backdoors that bridge between something accessible with low privileges to something that is supposed to require higher privileges.

            And if someone else did notice that, there’s a good chance it would just be a “thanks for reporting that, I’ll fix it” without a root cause investigation about how it got there, especially if it gets reported to the one who put it there in the first place.