Google’s latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.

Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.

“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews…

… “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said…

  • @[email protected]
    link
    fedilink
    English
    26 days ago

    The legacy SafetyNet check bypass may not be around much longer especially because hardware based attestation will be gradually replacing it.

    https://grapheneos.social/@GrapheneOS/111504057847795464

    Below is a guide for app developers who want to support third party OSs in a way that does not rely on Google. Most apps work on GrapheneOS just fine already but there are some banking apps and NFC payment systems that do not.

    https://grapheneos.org/articles/attestation-compatibility-guide

    • @RubberElectrons
      link
      1
      edit-2
      6 days ago

      Sigh. It just doesn’t stop. But it’s ok, Pokemon go required attestation and so I simply stopped playing. Thanks for your links.

      I’ve wanted to run graphene but absolutely do not want google code running on my system if I can avoid it. If only there were some way to run microG on graphene.