A recent investigation carried out by Cybernews revealed a reality that was not expected. The Google Pixel 9 Pro XL will be sharing sensitive user data with Google without authorization. This situation should also affect the remaining models in the Pixel 9 family, something that was not expected.
Pixel 9 Pro XL shares sensitive data
It is study reveals that the device transmits sensitive data to Google at a high frequency, even before users install apps. The analysis carried out by experts revealed practices that could compromise users' privacy.
It turned out that the Pixel 9 Pro XL sends information such as location, email address and phone number to Google servers every 15 minutes. Additionally, the device periodically requests new “experiences and settings” and connects to device management services. This raises questions about the extent of control that Google can exercise remotely over the smartphone.
A particularly worrying aspect of the findings is the Pixel 9 Pro XL's connection to services that were not used or explicitly authorized by users. Among these services are some related to facial recognition, raising questions about the privacy and ownership of biometric data stored on the smartphone.
Google receives information from users
Additionally, the device's voice search function sends detailed information such as the number of starts and a complete list of installed apps. This includes which ones were installed by running their APK file, without using the Play Store.
The study also revealed that the device attempts to download and execute new codes autonomously, which can pose significant security risks. This capability, with connecting to a test environment and requesting file downloads, suggests that Google can remotely install new software packages on the device without the user's knowledge or consent.
To carry out this study, researchers used an approach called MITM (Man in the Middle) to intercept and analyze traffic between the Pixel 9 Pro XL and Google servers. They used a new smartphone with a newly created Google account and default settings, and the Magisk app to gain root access so they could examine the operating system in detail.
It happens even without any authorization
Subsequently, a proxy was used to analyze incoming and outgoing traffic, and a custom security certificate was used to open and examine communications. Thus, experts were able to obtain a more detailed picture of the interactions between the smartphone and Google servers, revealing the origin and frequency with which these data transmissions are made.
The results of this investigation raise serious concerns about the privacy and security of the Google Pixel 9 Pro XL. Google's frequent transmission of personal data and apparent remote control capabilities without users' consent are issues that would require Google's immediate attention and response. So far, the company has not commented on the investigations and their results.
Source: pplware.sapo.pt
