Google Pixel 9 Pro XL Sends Privacy Data to Google Every 15 Minutes, Raising Security Concerns

Google Pixel 9 Pro XL Sends Privacy Data to Google Every 15 Minutes, Raising Security ConcernsCybernews, a technology media outlet, published a blog post yesterday (October 4th) revealing that its security team discovered the Google Pixel 9 Pro XL sending privacy data to Google every 15 minutes through packet sniffing of the smartphone's network traffic. Security researcher Aras Nazarovas intercepted communications between the new Pixel 9 Pro XL and Google servers using a "man-in-the-middle" approach

Google Pixel 9 Pro XL Sends Privacy Data to Google Every 15 Minutes, Raising Security Concerns

Cybernews, a technology media outlet, published a blog post yesterday (October 4th) revealing that its security team discovered the Google Pixel 9 Pro XL sending privacy data to Google every 15 minutes through packet sniffing of the smartphone's network traffic. Security researcher Aras Nazarovas intercepted communications between the new Pixel 9 Pro XL and Google servers using a "man-in-the-middle" approach.

On a brand new phone, using a fresh Google account and default settings, they installed the Magisk app to gain deep (root) access to the phone system. Cybernews' blog post shows that the Google Pixel 9 Pro XL sends a data packet to Google every 15 minutes, encompassing phone location, email address, phone number, network status, and other telemetry data.

More concerning is the phone's regular attempts to download and run new code, potentially introducing security risks. Network traffic analysis reveals Pixel devices continuously sending personally identifiable information (PII) to multiple Google endpoints, including user email addresses, phone numbers, and location data, for purposes like device management, policy enforcement, and face grouping.

Every 15 minutes, the device sends a routine authentication request to an endpoint called "auth." The phone also requests a "check-in" endpoint every 40 minutes, listing the phone's enabled low-level functions, including firmware version, whether it's connected to Wi-Fi or using mobile data, the SIM card carrier, and the user's email address.

Nazarovas exclaimed, "The amount of data transmitted and the potential for remote management make one wonder who actually owns this phone. Users buy these phones, but Google's deep integration of monitoring systems within its ecosystem could be infringing on user privacy."

Cybernews' findings have raised concerns about Google's data collection practices and privacy issues. Some question whether Google is overstepping in its data collection and worry about potential misuse of this data.

While Google hasn't issued an official statement, some experts point out that Google might use this data to enhance its services, such as personalized advertising and providing more accurate search results. However, these experts also emphasize the need for users to understand how their data is being collected and to have the right to choose.

In an era where privacy is increasingly important, the Google Pixel 9 Pro XL's behavior of sending privacy data to Google every 15 minutes undoubtedly sparks user concerns. This goes beyond the security of personal information; it touches upon users' control over their own devices.

Moving forward, finding a balance between data collection and user privacy will be a crucial issue for tech giants to address. Users also need to be more attentive to their data security and privacy, taking appropriate measures to protect themselves.

Excerpts from the Cybernews blog post:

• The Google Pixel 9 Pro XL sends a data packet to Google every 15 minutes, encompassing phone location, email address, phone number, network status, and other telemetry data.

• The phone regularly attempts to download and run new code, potentially introducing security risks.

• Pixel devices continuously send personally identifiable information (PII) to multiple Google endpoints, including user email addresses, phone numbers, and location data, for purposes like device management, policy enforcement, and face grouping.

• Every 15 minutes, the device sends a routine authentication request to an endpoint called "auth."

• The phone also requests a "check-in" endpoint every 40 minutes, listing the phone's enabled low-level functions, including firmware version, whether it's connected to Wi-Fi or using mobile data, the SIM card carrier, and the user's email address.

Explanation of the Cybernews blog post:

• Data Collection: The Google Pixel 9 Pro XL sends data packets to Google every 15 minutes, including phone location, email address, phone number, network status, and other telemetry data. This indicates that Google is actively collecting users' personal information.

• Remote Management: The phone regularly attempts to download and run new code, which suggests that Google could remotely control users' phones and update or modify their system.

• Data Privacy: Pixel devices continuously send personally identifiable information (PII) to multiple Google endpoints, raising concerns about data privacy.

• Authentication Requests: Every 15 minutes, the device sends a routine authentication request to an endpoint called "auth," suggesting that Google is verifying users' identities, potentially for monitoring user activity.

• Device Status Information: Every 40 minutes, the phone requests a "check-in" endpoint, listing the phone's enabled low-level functions, including firmware version, whether it's connected to Wi-Fi or using mobile data, the SIM card carrier, and the user's email address. This indicates that Google is collecting users' device information, potentially for analyzing user behavior and usage patterns.

Overall, Cybernews' findings raise concerns about Google's data collection practices and privacy issues. Users should be aware of how their data is being collected and have the right to make informed choices.