Shocked reading the headline? Well anyone would be, as due to the onion scams and threat to privacy due to smartphones, users try to be more careful and aware before giving access to permissions like location being tracked, or some files being shared with an app or website.
A report by Cybernews today has alarmed the people online. In their latest research, the publication has found out that Google tracks your location every 15 minutes even with GPS disabled. Cybernews researchers took the latest Pixel 9 Pro XL smartphone with a new Google account and default settings to focus on what all a new smartphone sends to the company. Researchers used a man-in-the-middle approach to intercept the traffic between the smartphone and Google’s servers.
As per Aras Nazarovas, a security researcher at Cybernews, “Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks.”
It was also revealed that the phone constantly requests experiments and configurations tries accessing the stain environment, and connects to device management and policy enforcement endpoints, suggesting Google’s remote control capabilities. Pixel devices also connected to services that were not used, nor explicit consent was given, such as Face grouping endpoints, causing privacy and ownership concerns while the calculator app, in some conditions, also leaked calculation history to unauthenticated users with physical access.
The device sent potentially excessive and sensitive data that includes the number of times the device was restarted, time elapsed since powering on, and a list of apps installed on the device, including sideloaded ones.
All these points raised concerns about eroding user privacy and control. However other than the company’s servers, the data was not shared to any other third-party app.
Cybernews reached out to Google with these findings to which the company explained that core Play services enable key functionality on every certified Android device. Everyone can check what data is collected. It is revealed that data transmissions are needed for legitimate services regardless of the device model, manufacturer, or even OS.
