Google’s latest flagship, the Pixel 9 Pro XL, has been allegedly found to be sending excessive amounts of personal data to Google servers, raising concerns about user privacy.
Cybernews researchers have claimed to find potential privacy concerns with the Google Pixel 9 Pro XL smartphone. Their analysis shows that every 15 minutes, the device sends data packets to Google, including information like location, email address, phone number, network status, and other telemetry. The phone also periodically attempts to download and run new code, which could introduce security risks.
Researchers used a “man-in-the-middle” approach to intercept traffic between the phone and Google’s servers. The phone sent personally identifiable information (PII) to various endpoints, including Device Management, Policy Enforcement, and Face Grouping. It also transmitted location data even when GPS was disabled, relying on nearby Wi-Fi networks for estimation.
Another observation was that the phone communicated with services without the user’s explicit consent. It contacted Google Photos’ Face Grouping feature even though the researchers did not interact with the Photos app, highlighting potential concerns around biometric data processing. Additionally, the Voice Search feature sent various data points, such as the number of times the device was restarted and a list of installed apps.
The phone also frequently checked in with Google servers to potentially download new software packages. It reached out to a staging environment service, indicating that it has the capability for remote software installation. This raised concerns about user control over the device.
While the device did not transmit data to third parties during the observation period, it did regularly request scam-related number updates, presumably for its call-screening feature. “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device,” said Aras Nazarovas, Cybernews researcher. Google has not yet responded to these findings.
(Source)
Comments