Googleās latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.
Cybernews researchers analyzed the new Pixel 9 Pro XL smartphoneās web traffic, focusing on what a new smartphone sends to Google.
āEvery 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,ā said Aras Nazarovas, a security researcher at Cybernewsā¦
ā¦ āThe amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,ā Nazarovas saidā¦
You canāt say no to Googleās surveillance
Yes you can: https://grapheneos.org/
I was just wondering earlier today if Google kept the bootloader open to allow custom OS installation only because they had other hardware on the phone that would send them their information anyways, possibly through covert side channels.
Like they could add listeners for cell signals that pick up data encoded in the lower bits of timestamps attached to packets, which would be very difficult to detect (like Iām having trouble thinking of a way to determine if thatās happening even if you knew to look for it).
Or maybe thereās a sleeper code that can be sent to āwake upā the phoneās secret circuitry and send bulk data when Google decides they want something specific (since encoding in timestamps would be pretty low bandwidth), which would make detection by traffic analysis more difficult, since most of the time it isnāt sending anything at all.
This is just speculation, but Iāve picked up on a pattern of speculating that something is technically possible, assuming thereās no way theyād actually be doing that, and later finding out that it was actually underestimating what they were doing.
I donāt mean to discredit your opinion, but it is pure speculation and falls in the category of conspiracy theories. There are plenty of compelling arguments, why this is likely completely wrong:
- Google Pixels have less than 1% of the global smartphone market share, in fact, they are currently only sold in
12(the Pixel 9 is sold in 32 countries, my bad, I had an outdated number in mind) countries around the world. Do you really think that Google would spend all the money in research, custom manufacturing, software development and maintenance to extract this tiny bit of data from a relatively small number of users? Iād say more than 90% of Pixel owners use the Stock OS anyways, so it really doesnāt matter. And Google has access to all the user data on around 70% of all the smartphones in the world through their rootkits (Google Play services and framework, which are installed as system apps and granted special privileges), which lets them collect far more data than they ever could from Pixel users. - Keeping this a secret would also immensely difficult and require even more resources, making this even less profitable. Employees leave the company all the time, after which they might just leak the story to the press, or the company could get hacked and internal records published on the internet. Since this would also require hardware modifications, itās also likely that it would get discovered when taking apart and analyzing the device. PCB schematics also get leaked all the time, including popular devices like several generations of iPhones and MacBooks.
- Lastly, the image damage would be insane, if this ever got leaked to the public. No one would ever buy any Google devices, if it was proven that they actually contain hardware backdoors that are used to exfiltrate data.
Youāre right that itās pure speculation just based on technical possibilities and I hope youāre right to think it should be dismissed.
But with the way microchip design (it wouldnāt be at the PCB level, it would be hidden inside the SoC) and manufacturing work, I think itās possible for a small number of people to make this happen, maybe even a single technical actor on the right team. Chips are typically designed with a lot of diagnostic circuitry that could be used to access arbitrary data on the chip, where the only secret part is, say, a bridge from the cell signal to that diagnostic bus. The rest would be designed and validated by teams thinking itās perfectly normal (and it is, other than leaving an open pathway to it).
Then if you have access to arbitrary registers or memory on the chip, you can use that to write arbitrary firmware for one of the many microprocessors on the SoC (which isnāt just the main CPU cores someone might notice has woken up and is running code that came from nowhere), and then write to its program counter to make it run that code, which can then do whatever that MP is capable of.
I donāt think it would be feasible for mass surveillance, because that would take infrastructure that would require a team that understands whatās going on to build, run, and maintain.
But it could be used for smaller scale surveillance, like targeted at specific individuals.
But yeah, this is just speculation based on whatās technically possible and the only reason Iām giving it serious thought is because I once thought that it was technically possible for apps to listen in on your mic, feed it into a text to speech algorithm, and send it back home, hidden among other normal packets, but they probably arenāt doing it. But then Iād hear so many stories about uncanny ads that pop up about a discussion in the presence of the phone and more recently it came out that FB was doing that. So I wouldnāt put it past them to actually do something like this.
This is just speculation, but Iāve picked up on a pattern of speculating that something is technically possible, assuming thereās no way theyād actually be doing that, and later finding out that it was actually underestimating what they were doing.
As the saying goes, just because youāre paranoid, doesnāt mean youāre wrong.
The answer that will put this question to bed is open source hardware. Thankfully weāre close to having viable options, finally.
I will never understand buying a google phone just to deGoogle it. why would you give them money.
Iāve seen the reasoning, I just ā¦
@averyminya @Andromxda grapheneos is SOTA of android security, and it only supports pixels, thats why
Right, like I said Iāve seen the reasoning. It just seems like giving money to the very company youāre all trying to avoid, which in turn is just funding for Google to be more invasive.