Google’s latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.

Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.

“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews…

… “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said…

  • refalo@programming.dev
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    3 months ago

    can be combatted with a £5 Faraday bag

    I don’t consider that a reasonable solution for most people, and there are many posts claiming those almost never work well enough. You could also make the argument that it shouldn’t be necessary in the first place.

    That is about monitoring by your network

    I don’t think it matters to most people, as you are still tracked by having the phone physically with you, which is what people are against.

    A ten year old article about Samsung phones

    Are you suggesting Samsung phones should have ever been allowed to spy on people? Or that this doesn’t highlight a bigger issue? I don’t see why this should get a pass at all.

    An exploit affecting lots of phones that seems like it was fixed

    I think it’s very much a real threat, and leaked docs show world governments and bad actors actively use such exploits routinely for years, including keeping previously unknown exploits a secret to use for themselves.

    I understand your desire to turn talking points into nothingburgers but I feel like this is not only disingenuous but against the entire principal of security and privacy. Of course we all have our own individual threat models, but to dismiss another person’s model because you think it shouldn’t matter to anyone, doesn’t seem like a good idea to me.