Google’s latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.

Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.

“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews…

… “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said…

    • Southern Boy@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      What is the advantage over Calyx/Lineage/iode OS on compatible devices? I just don’t want Google to have any of my money at all. Buying a privacy solution from them recoups their loss.

      • RubberElectrons@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        I like calyx, might try graphene some day. But I absolutely won’t run Google’s play services ala graphene. It’s sandboxed, supposedly, but why run it at all?

        Calyx uses microG, a much smaller, fully open source emulator of Google’s services.

        • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          3 months ago

          but why run it at all?

          Because it is unfortunately required by some apps. microG is not a viable alternative, as it requires root access on the device, which drastically reduces the security. It also has worse compatibility than Sandboxed Play services, and doesn’t offer much of a benefit. It still downloads and executes proprietary Google blobs in the background in order to function. Apps that require Google services also include a proprietary Google library, making microG essentially useless. It’s an open source layer that sits between a proprietary library and a proprietary network service, using proprietary binaries and requiring root access. You gain absolutely nothing from using it, and significantly increases the attack surface of your device.

          fully open source emulator

          This is simply false, as I explained, only a tiny bit of what microG requires to function is open source

          You’re far better off using Sandboxed Play services on GrapheneOS

      • Tazerface@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        I don’t know about Calyx or Iode but Lineage doesn’t allow for a locked bootloader. This is a massive security hole and without security, sooner or later, your privacy will be violated.

        Currently, GrapheneOS on a newer Pixel are the only phones that Celebrite can’t breach. Celebrite machines are cheap enough that the border guards and your local cops probably have one. In my country, it’s the law that a cop is allowed to examine a phone during a traffic stop.

        • sleepyplacebo@rblind.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 days ago

          Schools even have Cellebrite devices now, that is how prolific they have become. GrapheneOS has a duress password to wipe the phone and you can block all data or even power to the USB port while the phone is running. If you blocked all power to the USB port while the phone is on the only way to charge it is if it is fully turned off putting your encrypted data at rest. You can just disable data on the USB port options menu in GrapheneOS if you don’t want to completely turn off the whole port.

          You probably already know this stuff I was just mentioning it for people reading this comment section. :)

        • Chulk@lemmy.ml
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          In my country, it’s the law that a cop is allowed to examine a phone during a traffic stop.

          One underrated feature of the Graphene OS is that you can set a duress PIN that wipes your entire phone when entered.

          • Tazerface@sh.itjust.works
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            2 months ago

            I have the duress pin/password set, the pin is written on a post-it in the case.

            I should clarify, the cop can give the phone a once over but not connect to a machine or clone the phone. Cloning is a bit more involved - legally speaking.

            • Chulk@lemmy.ml
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              Oh, I was mostly leaving the comment for other people who might be interested in the feature.

              the pin is written on a post-it in the case.

              That’s not a bad idea. If someone steals the phone, they might inadvertently erase it for you if they find that post-it.

              • Tazerface@sh.itjust.works
                link
                fedilink
                arrow-up
                1
                ·
                5 days ago

                I have a new strategy on the Duress. If a thief can easily reset the phone, which is what the Duress password does, they can sell the phone at a pawnshop. I now use a Duress pin that the cops will have access to but a thief wouldn’t. Examples of this are date or birth, s.i.n.