Google’s latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.
Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.
“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews…
… “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said…
Yes. On a Pixel 9 Pro Fold.
Ironically, Google Pixels are among the few (US available) brands that still let you fully unlock the BL
Not if you run the stock OS you don’t.
My comment was generic. The vast majority of Android users don’t unlock their bootloader and install a custom ROM. The people who do that are fringe users.
My point was that when the normal state of affairs is Google controlling YOUR property that YOU paid with YOUR hard-earned, and you have to be technically competent and willing to risk bricking your device to regain control, that’s full-blown dystopia right there.
out of interest, what use cases do you have in mind that require root access?
I used to use a root based solution to block ads system wide via hosts but now I just use ublock origin in Firefox.
Ownership.
Nah. The only thing root does is massively decrease security. To actually own your phone, you need to install a proper, FOSS, private and secure OS in the first place. Pixels are great, because they support GrapheneOS.
okay cool but what are you specifically using system or systemless root for now?
AdAway, AFWall+ (for restricting network access to apps), Root File Explorer (needed to get my watch working with GadgetBridge), Permission Manager X, Xposed Edge Pro (for hardware keys remapping), Pixels (for a hardware display fix)
Adaway was what I used prior to ublock origin on Firefox. The network access toggles can be found directly in ROMs like Calyx Grapene, Lineage, Divest, though I’m not sure if they’re widely seen elsewhere.
I know the process you’re referring you WRT gadgetbridge. I used to do the same thing until I switched to a pinetime.
I’m not familiar with permission manager X. Does that deviate from the android permissions framework in some way?
Can you tell me more about the hardware tweaks?
Permission Manager X gives the user fine grain control over pretty much every permission an app has, moreso than the built in Android permissions settings. I was trying to use it to keep certain apps from starting automatically at boot.
As far as the hardware tweaks, my Xperia has an “assistant button” on the side of the phone, but since I don’t use google assistant or anything, Xposed Edge Pro lets me remap it to do basically anything, even when the screen is off. I have it set to play/pause my music even when the screen is off, but only if headphones are connected.
I see. I admit I sorely missed the app startup at boot control permission (app ops) toggle when it was removed from the Android permissions framework, but the new power and background software management framework eliminates the need for it.
Also damn, you have a modern xperia? Hardware wise they are massively appealing to me. They have nearly all of the HW amenities I can think of (SD card slot, headphone jack, dedicated FP reader / button, notification LED, no camera cutout).
If they supported bootloader relocking with sself signed keys, they’d be the perfect phone for me.
I made the admittedly difficult discussion to move to a Pixel so I could use some of the most private and secure software possible on android with little effort or thought behind it.
I sorely miss my headphone jack but at least I feel like I can depend on this tiny computer to not fuck me over with unfettered personal data collection (and save a lot of power in doing so, I suppose).
That only blocks for the browser. What about your apps? I never see add banners or popups in apps as i use adaway. Further, I can customize with well maintained blocklists that include other categories like malware and harvesting sites.
I’m aware, I used to use adaway several years ago.
I had the same feelings as you, in that I needed to have system-wide ad blocking, but I revaluated that requirement a couple years ago and realised that I don’t use any apps featuring banner ads and such.
Several of my apps will just fall back to system webview and Firefox (+uBo) will power that too.