Google Pixel smartphone busted sending private user data back to Google every 15 minutes

UPDATE - "User security and privacy are top priorities for Pixel. You can manage data sharing, app permissions and more during device setup and in your settings. This report lacks crucial context, misinterprets technical details and doesn't fully explain that data transmissions are needed for legitimate services on all mobile devices regardless of the manufacturer, model or OS, such as software updates, on-demand features and personalized experiences," emailed a Google spokesperson

• Read more: Google responds to claims Pixel smartphones send private user data to Google every 15 minutes

A new report from Cybernews has focussed on the web traffic between Google and its latest flagship smartphone, the Google Pixel 9 Pro XL.

2

The report states that cybersecurity researchers at Cybernews analyzed the Pixel 9 Pro XL's web traffic and determined that even before any app is installed, the smartphone sends private user data back to Google servers. More specifically, the analysis found "Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google" and within this packet of data is private information such as a users email address, phone number, location, network status, and other telemetry data.

Additionally, security researcher Aras Nazarovas said the Google Pixel 9 Pro XL periodically attempts to download and run new code, "potentially opening up security risks." The key takeaways from the analysis were private user information being sent back to Google in the background every 15 minutes, the device automatically connecting to device management and policy enforcement endpoints, which suggests Google has remote control capabilities.

"The Pixel 9 Pro XL repeatedly uses PII for authentication, configuration, and logging. This practice doesn't align with the industry's best anonymization practices and appears excessive. The smartphone transmits the user's email address, location, and phone number, even when utilizing a variety of other identifiers for the user and the device," Nazarovas said

Furthermore, the analysis uncovered the Pixel device connected to services such as Face Grouping endpoints without consent from the user, and in some instances the calculator app leaked calculations history.

"The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations," Nazarovas said