A new report from Cybernews has focussed on the web traffic between Google and its latest flagship smartphone, the Google Pixel 9 Pro XL.
VIEW GALLERY – 2 IMAGES
The report states that cybersecurity researchers at Cybernews analyzed the Pixel 9 Pro XL’s web traffic and determined that even before any app is installed, the smartphone sends private user data back to Google servers. More specifically, the analysis found “Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google” and within this packet of data is private information such as a users email address, phone number, location, network status, and other telemetry data.
Additionally, security researcher Aras Nazarovas said the Google Pixel 9 Pro XL periodically attempts to download and run new code, “potentially opening up security risks.” The key takeaways from the analysis were private user information being sent back to Google in the background every 15 minutes, the device automatically connecting to device management and policy enforcement endpoints, which suggests Google has remote control capabilities.
“The Pixel 9 Pro XL repeatedly uses PII for authentication, configuration, and logging. This practice doesn’t align with the industry’s best anonymization practices and appears excessive. The smartphone transmits the user’s email address, location, and phone number, even when utilizing a variety of other identifiers for the user and the device,” Nazarovas said
Furthermore, the analysis uncovered the Pixel device connected to services such as Face Grouping endpoints without consent from the user, and in some instances the calculator app leaked calculations history.
“The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said