Google’s latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.
Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.
“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews…
… “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said…
This doesn’t seem surprising at all. Isn’t that what Google Play Services is for? If you don’t want it, custom ROMs are easily installed.
What’s surprising about their stock ROM having tracking and phoning home? Use Grapheneos.
You still have to trust their black box Titan security chip that’s only in Pixels, that they pinky promised to open source but never did.
You will have to inevitably trust someone somewhere for every phone, unfortunately. At least the Titan has been tested in the real world, and it’s not like it’s phoning home on it’s own or anything.
You can’t say no to Google’s surveillance
Yes you can: https://grapheneos.org/
I was just wondering earlier today if Google kept the bootloader open to allow custom OS installation only because they had other hardware on the phone that would send them their information anyways, possibly through covert side channels.
Like they could add listeners for cell signals that pick up data encoded in the lower bits of timestamps attached to packets, which would be very difficult to detect (like I’m having trouble thinking of a way to determine if that’s happening even if you knew to look for it).
Or maybe there’s a sleeper code that can be sent to “wake up” the phone’s secret circuitry and send bulk data when Google decides they want something specific (since encoding in timestamps would be pretty low bandwidth), which would make detection by traffic analysis more difficult, since most of the time it isn’t sending anything at all.
This is just speculation, but I’ve picked up on a pattern of speculating that something is technically possible, assuming there’s no way they’d actually be doing that, and later finding out that it was actually underestimating what they were doing.
I don’t mean to discredit your opinion, but it is pure speculation and falls in the category of conspiracy theories. There are plenty of compelling arguments, why this is likely completely wrong:
- Google Pixels have less than 1% of the global smartphone market share, in fact, they are currently only sold in
12(the Pixel 9 is sold in 32 countries, my bad, I had an outdated number in mind) countries around the world. Do you really think that Google would spend all the money in research, custom manufacturing, software development and maintenance to extract this tiny bit of data from a relatively small number of users? I’d say more than 90% of Pixel owners use the Stock OS anyways, so it really doesn’t matter. And Google has access to all the user data on around 70% of all the smartphones in the world through their rootkits (Google Play services and framework, which are installed as system apps and granted special privileges), which lets them collect far more data than they ever could from Pixel users. - Keeping this a secret would also immensely difficult and require even more resources, making this even less profitable. Employees leave the company all the time, after which they might just leak the story to the press, or the company could get hacked and internal records published on the internet. Since this would also require hardware modifications, it’s also likely that it would get discovered when taking apart and analyzing the device. PCB schematics also get leaked all the time, including popular devices like several generations of iPhones and MacBooks.
- Lastly, the image damage would be insane, if this ever got leaked to the public. No one would ever buy any Google devices, if it was proven that they actually contain hardware backdoors that are used to exfiltrate data.
You’re right that it’s pure speculation just based on technical possibilities and I hope you’re right to think it should be dismissed.
But with the way microchip design (it wouldn’t be at the PCB level, it would be hidden inside the SoC) and manufacturing work, I think it’s possible for a small number of people to make this happen, maybe even a single technical actor on the right team. Chips are typically designed with a lot of diagnostic circuitry that could be used to access arbitrary data on the chip, where the only secret part is, say, a bridge from the cell signal to that diagnostic bus. The rest would be designed and validated by teams thinking it’s perfectly normal (and it is, other than leaving an open pathway to it).
Then if you have access to arbitrary registers or memory on the chip, you can use that to write arbitrary firmware for one of the many microprocessors on the SoC (which isn’t just the main CPU cores someone might notice has woken up and is running code that came from nowhere), and then write to its program counter to make it run that code, which can then do whatever that MP is capable of.
I don’t think it would be feasible for mass surveillance, because that would take infrastructure that would require a team that understands what’s going on to build, run, and maintain.
But it could be used for smaller scale surveillance, like targeted at specific individuals.
But yeah, this is just speculation based on what’s technically possible and the only reason I’m giving it serious thought is because I once thought that it was technically possible for apps to listen in on your mic, feed it into a text to speech algorithm, and send it back home, hidden among other normal packets, but they probably aren’t doing it. But then I’d hear so many stories about uncanny ads that pop up about a discussion in the presence of the phone and more recently it came out that FB was doing that. So I wouldn’t put it past them to actually do something like this.
But it could be used for smaller scale surveillance, like targeted at specific individuals
Why would this only be present in Pixels then? Google isn’t interested in specific people. Intelligence agencies are. This would mean, that every phone in the world needs to be compromised using this sophisticated, stealthy technology, which is even more unlikely.
If it is present there, it doesn’t imply it’s only present there.
And we really have no idea how close of a relationship Google, or any other corp for that matter, has with various intelligence agencies. Same thing with infiltrations by intelligence agencies.
And no, it doesn’t mean that every phone in the world is compromised with this, which wouldn’t be that sophisticated, just stealthy. The sophisticated part would be part of the normal design process, it’s called DFT or design for test if you want to read about it, used legitimately to determine what parts of the chip have manufacturing flaws for chip binning.
Most phones don’t have an unlocked bootloader, and this post is about the data Google is pulling on factory pixels.
Why would they do all the work on the software side and then themselves offer a device that allows you to remove their software entirely? And if it’s worth it just from the “make more money from people who only want unlocked phones”, why isn’t it more common?
Mind you, my next phone might still be a pixel. Even if this stuff is actually there, I wouldn’t expect to be targeted. I can’t help but wonder about it, though, like just how deep does the surveillance or surveillance potential go?
The Pixel is a good phone to test the latest android features for development purposes. I would imagine to some degree they are trying to target developers interested in testing software by offering the ability to unlock and relock the bootloader. This fosters a vibrant developer community and encourages innovation. Certain things can be tested in an android emulator but it helps to have a real device to test as well.
Pixels often ship with hardware features that other phones later include. For example Pixel 8 was the first phone with hardware memory tagging extensions and if developers wanted to test that feature they would buy a Pixel first and then use that experience with the devices their company is manufacturing. Pixels are often released with new android versions that implement android features and APIs the way they were intended to work. There have been cases of OEMs releasing devices with broken implementations of standard android features.
Pixel was the first phone with Strongbox as well. Additionally, It was the first android phone with satellite connectivity.
It also attracts the segment of the market that just enjoys modifying their phones as well. So basically they are targeting the power user community and developers. Despite the Pixel having the ability to install custom verified boot keys and custom OSs, Google knows that very few users use those features so it does not cut into their Play Store and Play Services market share very much.
And we really have no idea how close of a relationship Google, or any other corp for that matter, has with various intelligence agencies
Ok let’s assume this is true, and US intelligence agencies have actually backdoored all US phone manufacturers. What about foreign phones? If this was true, someone the NSA is interested in could just defend themselves by e.g. buying a Chinese phone. All this effort, just to be defeated by foreign phone manufacturers? It wouldn’t be worth it, which is why it’s so highly unlikely.
- Google Pixels have less than 1% of the global smartphone market share, in fact, they are currently only sold in
GrapheneOS
Do they have passkeys yet
Edit: passkeys support. Last year when I checked they didn’t support pass keys yet.
What does that even mean? It’s not the function of an OS to have passkeys.
I’m not sure because I’m on a OnePlus device running a lineage OS.
Who truly owns the device is a question that has been answered ever since Android came into being.
Ask yourself: do you have root access to YOUR phone? No you don’t: Google does.
It’s the so-called “Android security model”, which posits that the users are too dumb to take care of themselves, so Google unilaterally decides to administer their phone on their behalf without asking permission.
Which of course has nothing to do with saving the users from their own supposed stupidity and everything to do with controlling other people’s private property to exfiltrate and monetize their data.
How this is even legal has been beyond me for 15 years.
Weirdly, Pixels are actually the best Android phones for installing custom ROMs, at least out of the major manufacturers. So for me, there isn’t another choice, because I can finance a Pixel, and I can’t finance a Fairphone or something.
GrapheneOS is really the furthest away from Google you can get on an Android phone and it’s mainly developed for Pixel.
do you have root access to YOUR phone?
Yes. On a Pixel 9 Pro Fold.
Ironically, Google Pixels are among the few (US available) brands that still let you fully unlock the BL
Yes. On a Pixel 9 Pro Fold.
Not if you run the stock OS you don’t.
My comment was generic. The vast majority of Android users don’t unlock their bootloader and install a custom ROM. The people who do that are fringe users.
My point was that when the normal state of affairs is Google controlling YOUR property that YOU paid with YOUR hard-earned, and you have to be technically competent and willing to risk bricking your device to regain control, that’s full-blown dystopia right there.
out of interest, what use cases do you have in mind that require root access?
I used to use a root based solution to block ads system wide via hosts but now I just use ublock origin in Firefox.
what use cases do you have in mind that require root access?
Ownership.
Nah. The only thing root does is massively decrease security. To actually own your phone, you need to install a proper, FOSS, private and secure OS in the first place. Pixels are great, because they support GrapheneOS.
I own my Pixel 8 Pro. No root. GrapheneOS. So, your logic is therefore flawed.
It’s so ironic that Pixels are the go to devices for privacy roms these days.
All this shit is probably happening at the hardware level too, with 100 different backdoors you can’t remove with your megamind plan of installing a custom rom.
The silicon probably has the ability to live stream all sensor data directly to the NSA using the fanciest ML compression technology lmao.
It’s so ironic that Pixels are the go to devices for privacy roms these days.
It’s so ironic it’s a show-stopper for me. I’m not paying fucking Google to escape the Google dystopia. Nosiree! That’s just too rich for me.
This is why I own a Fairphone running CalyxOS. Yes, I know GrapheneOS is supposedly more secure - I say supposedly because I think 95% of users don’t have a threat model that justifies the extra security really. But I don’t care: my number one priority is not giving Google a single cent. If it means running a less secure OS, I’m fine with that.
There’s no way on God’s green Earth I’m buying a Pixel phone to run a deGoogled OS. That’s such an insane proposition I don’t even know how anybody can twist their brain into believing this is a rational thing to do.
I say supposedly because I think 95% of users don’t have a threat model that justifies the extra security really.
Does street cred with my Cybersecurity peers count as a threat model?
I’m definitely one of the users of GrapheneOS that you’re talking about. My threat model is “this is fucking cool!”
Also, the grass is always greener on the other side. I want a Fair phone.
Google doesnt make the big bucks on phonesales. Even buying a new ( I refurbish mine myself) and putting GOS on it is worse for Google than buying anything else and run it with gapps.
I think some people buy used/refurbished.
Wait for the 9 to hit refurb market, boom. Google phone without paying Google.
That’s why I buy my phones used or refurbished. It’s also cheaper and more environmentally friendly.
Citation needed. I get that it’s healthy not to trust anyone, but with the amount of security research that goes into these devices if something like that was happening then we would know about it.
- Applies to every phone, smart or simple, can be combatted with a £5 Faraday bag
- That is about monitoring by your network, nothing to do with the phone manufacturer really
- A ten year old article about Samsung phones
- An exploit affecting lots of phones that seems like it was fixed
So a few interesting points, but nothing even slightly like what OP was suggesting.
can be combatted with a £5 Faraday bag
I don’t consider that a reasonable solution for most people, and there are many posts claiming those almost never work well enough. You could also make the argument that it shouldn’t be necessary in the first place.
That is about monitoring by your network
I don’t think it matters to most people, as you are still tracked by having the phone physically with you, which is what people are against.
A ten year old article about Samsung phones
Are you suggesting Samsung phones should have ever been allowed to spy on people? Or that this doesn’t highlight a bigger issue? I don’t see why this should get a pass at all.
An exploit affecting lots of phones that seems like it was fixed
I think it’s very much a real threat, and leaked docs show world governments and bad actors actively use such exploits routinely for years, including keeping previously unknown exploits a secret to use for themselves.
I understand your desire to turn talking points into nothingburgers but I feel like this is not only disingenuous but against the entire principal of security and privacy. Of course we all have our own individual threat models, but to dismiss another person’s model because you think it shouldn’t matter to anyone, doesn’t seem like a good idea to me.
Look, I’m not trying to say there aren’t real security/privacy issues that aren’t being exploited right now, my citation needed was regarding this comment:
The silicon probably has the ability to live stream all sensor data directly to the NSA using the fanciest ML compression technology lmao.
The articles you linked are real issues that have been documented, OP was arguing that Google phones specifically are bad because of this statement they pulled out of their arse.
