Friday, November 22, 2024

How Google Is Tracking Your Location Even Without GPS Enabled

Must read

One of the more troubling findings was that the Pixel 9 Pro XL has built-in remote management capabilities.

A recent investigation by the Cybernews research team revealed significant privacy and security concerns surrounding Google‘s latest flagship smartphone, the Pixel 9 Pro XL. According to the study, the phone frequently transmits user data to Google, including personally identifiable information (PII) like location, email address, phone number, and network status, even before any apps are installed.

The smartphone sends a data packet to Google every 15 minutes, and every 40 minutes, it performs a “check-in,” detailing system features such as firmware version and SIM card carrier, even when location services are disabled.

Security researcher Aras Nazarovas highlighted that the phone’s periodic data transmission practices, which include the user’s PII, are excessive and do not align with best industry anonymization practices. Additionally, the phone contacts Google’s services, such as Google Photos’ Face Grouping, without the user’s explicit consent, raising concerns about biometric data privacy.

One of the more troubling findings was that the Pixel 9 Pro XL has built-in remote management capabilities. The phone uses a “CloudDPC” package, typically found on enterprise devices, which could allow Google to control device settings and perform remote actions without user awareness. The device also communicated with a staging environment, signalling capability for remote software installation, which researchers warned could pose a security risk if malicious actors accessed the development endpoint.

The phone also maintained a continuous connection with Google’s experimental endpoint, potentially for A/B testing or user interface modifications. While the investigation did not uncover any harmful actions, researchers expressed concern that this infrastructure could be used for remote control or unauthorized software installation.

On a positive note, researchers observed no data transmissions to third parties, and the phone regularly checked for updates on scam-related phone numbers, likely for its call-screening feature.

Google responded to the findings, stating that data transmissions are necessary for legitimate services across all devices, regardless of manufacturer, model, or operating system. The company also emphasized that data collection is required for essential functions like software updates and personalized experiences. Additionally, Google pointed out that the conditions under which the phone was tested (rooted) could lead to unintended data transmissions not typical of regular device usage.

Latest article