The new Google Pixel series landed on the market at the end of August, filling aficionados with excitement. Google Pixel 9 comes with a sleek new design, advanced cameras, and overall improved performance, all while bringing the best of Google AI to your fingertips. However, experts warn it may come at the cost of your privacy – and not even the best VPN apps can help.
According to a Cybernews report published on October 9, the shiny new phone allegedly sends a huge amount of your private data (like location, network status, phone number, and app list) every 15 minutes to the Big Tech giant's servers. Researchers even claim it potentially has remote management capabilities without user awareness or approval.
Google has denied all the allegations, saying that some data transmission is essential to offer its services. The company has also accused Cybernews' report of lacking "crucial context" while misinterpreting technical details.
Keep reading as I try to shed some light on the matter while walking you through my top security tips to boost your mobile privacy.
Data privacy and security claims
The Cybernews report makes a lot of claims about the extent of Google's surveillance within its latest flagship smartphone series.
As mentioned earlier, the manufacturer allegedly sends the user's personally identifiable information in the background every 15 minutes to various Google endpoints, including Device Management, Policy Enforcement, and Face Grouping. This data includes their email address, phone number, location, app list, and other telemetry and statistics.
Google Pixel 9 supposedly requests a 'check-in’ endpoint around every 40 minutes, too, listing low-level features enabled on the phone. These include data such as whether the device is connected to Wi-Fi or using mobile data, the SIM card carrier, and so on.
▪️@CyberNews research▪️ Google's latest flagship smartphone raises concerns about user privacy and security. #GooglePixel9 #GooglePixel #privacy #smartphone #Google #BigTech https://t.co/zUoZ20WAXHOctober 3, 2024
Researchers also claim the Google Pixel 9 initiates communication with services the user didn’t explicitly consent to, including its Photos app and Voice Search feature.
At the same time, the device supposedly shows signs of some remote management and control capabilities. During the research, it periodically calls out to a Staging environment service (‘enterprise-staging.sandbox’) and attempts to download assets that do not yet exist. According to Cybernews experts, this might suggest the capability of remotely installing new software packages.
All the tests were carried out on a new Google Pixel 9 Pro XL after installing Magisk, a free and open-source software used to root Android devices. This methodology disabled AI features, however, and researchers explain that this mean that it didn't allow for the capture of complete traffic.
Nonetheless, "The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device," said Aras Nazarovas, a security researcher at Cybernews. "Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations."
Google dismissed the allegations
Google firmly rejects Cybernews' allegations. The company explains that these types of data transmission are necessary for all mobile devices.
"This report lacks crucial context, misinterprets technical details, and doesn't fully explain that data transmissions are needed for legitimate services on all mobile devices regardless of the manufacturer, model, or OS, such as software updates, on-demand features, and personalized experiences," a Google spokesperson told Cybernews.
Google also expressed some perplexities around the methodology researchers used, noting the difficulty in recreating exact scenarios when the device is modified (rooted).
"User security and privacy are top priorities for Pixel. You can manage data sharing, app permissions, and more during device setup and in your settings," said a Google spokesperson, while adding that Pixel users need to explicitly consent to sensitive permissions such as location, background apps, and usage data.
On the other hand, Cybernews stands by its findings and maintains that certain data collection and usage aspects raise valid concerns regarding privacy and transparency.
Despite some of the observed data transmissions being necessary to provide built-in services, Nazarovas told me the research points out that these data transmissions are enabled by default or strongly suggests that the user enables them through "dark patterns" practices. "Additionally, we believe the same functionality can be provided by transmitting less sensitive and private data and using anonymized identifiers," he added.
Yet, at the same time, Cybernews researchers believe the potential benefits of using a Google Pixel 9 phone outweigh the potential risks. "However, as the technology evolves, it is imperative that companies ensure transparency, safeguarding, and user controls," Nazarovas told me.
I recommend checking for yourself what data is collected by Google's services to know exactly what information you might be sharing with the provider.
Bottom line
At this point, you might be wondering if there are more secure smartphone alternatives to a Google Pixel 9 when it comes to privacy protection. For instance, iPhone devices are often considered more secure than Android phones thanks to, among other things, Apple's focus on privacy and security features.
If you already got yourself a Pixel 9, don't worry – Nazarovas nonetheless believes that Google Pixel phones are the most private and secure Android on the market right now. Competitors typically send similar amounts and types of data to Google as well, he told me, while collecting some user data themselves. "The general community consensus is that iPhones also collect the same types of data as Google Pixel phones," he added.
The good news is that you can take more agency over your data when using your shiny new Google Pixel 9 device. Nazarovas recommends revising Google's default settings to manually opt out of some services that send data in the background.
"That being said, we believe it was the correct decision to test the phone using the default and suggested settings, as historically, most people use their devices and software in such default configurations," he added.
Another thing to keep in mind is that any smartphone can be vulnerable to hackers, viruses, or malware infections.
I also suggest taking a proactive approach to phone hacking prevention, including keeping your device always up-to-date, managing all your app's permission, and using reliable security software like virtual private networks and antivirus services.