Highlights
- New research report raising privacy concerns for Pixel 9 Pro XL.
- Research reveals that the Pixel 9 Pro XL transmits private user data to Google every 15 minutes.
- It reportedly has remote control capabilities.
- It issues frequent data sharing without explicit consent.
- Google is expanding its Play Protect service in India to block sideloading of risky Android apps.
- The pilot program will start next month.
Google’s latest flagship phone the Pixel 9 Pro XL has sparked new concerns about user privacy. A recent research reveals troubling issues related to constant data sharing and remote control capabilities. Here’s what we know so far.
According to Cybernews researchers, the Google Pixel 9 Pro XL “frequently transmits private user data to the tech giant before any app is installed.”
Cybernews researchers found that the Pixel 9 Pro XL sends private data to Google every 15 minutes.
This suggests that Pixel 9 Pro XL users may not have full control over their own devices. Not only privacy, if the reports coming out of the research hold any truth, It also raises questions on ownership.
Researchers used a “man-in-the-middle” approach to intercept the traffic between a new Pixel 9 Pro XL and Google’s servers.
Here are some key findings highlighted in the report.
Frequent Data Transmission Concerns
The research uncovered that the Pixel 9 Pro XL transmits private user data to Google every 15 minutes. This was recorded even before any apps were installed.
“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews.
The private data at risk includes sensitive details like the user’s location, email address, and phone number. The phone uses nearby Wi-Fi networks to estimate the user’s location even when the GPS is turned off.
“The Pixel 9 Pro XL repeatedly uses PII for authentication, configuration, and logging. This practice doesn’t align with the industry’s best anonymization practices and appears excessive. The smartphone transmits the user’s email address, location, and phone number, even when utilizing a variety of other identifiers for the user and the device,” Nazarovas said.
As per the researchers, some of this data is sent to endpoints responsible for device management, policy enforcement, and biometric processing. However, all this happens without explicit user consent.
Remote Control Features
Another alarming claim of the report is that the Pixel 9 Pro XL has the ability to connect to Google servers to request updates and even download and run new code without user knowledge.
If true, this directly suggests that Google can remotely control certain aspects of the phone. This opens potential several security risks. However, the report highlights that no harmful actions were observed during the study.
Privacy Vulnerabilities in Apps
Researchers also found a privacy issue with the calculator app. As per reports, it can be accessed from the notifications even when the phone is locked.
This leaves the data such as calculation history exposed. It can have highly sensitive information and raises concerns about unauthorized access to personal information.
“We were unable to access any user data without first unlocking the device and the calculator was a single exception. It is important to note the widget in the notifications tray is not enabled by default – the user would have to manually add it to the list of shortcuts,” Nazarovas said.
These findings raise serious questions about user control and privacy.
It is important to note that the report highlights that no data was sent to third parties and no malicious activities were detected during the study. However, the sheer volume of information being shared regularly with Google has sparked concerns.
One of the main questions we have now is whether users truly “own” their devices or if control lies with the tech giant.
Google Expands Enhanced Fraud Protection in India, Blocks Risky App Sideloading
In other news, Google is working to combat fraud and scams in India by expanding its Play Protect service. This initiative was first introduced in Singapore earlier this year.
The company will launch a pilot program next month. The program will aim at blocking the sideloading of certain risky Android apps.
It will target apps that seek sensitive permissions, such as accessing incoming one-time passwords (OTPs) or monitoring user activity on the device.
Google explains the feature, “This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive permissions frequently abused for financial fraud. It will inspect the permissions the app declared in real-time and specifically look for permission requests that are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content (they are RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility).”
The initiative is part of Google’s broader efforts to curb fraudulent app installations globally.
The feature is already operational in countries like Singapore, Brazil, and Thailand.
In Singapore, Google claims it has blocked nearly 900,000 high-risk app installations. The expansion to India aims to build on this success and further protect Android users from potential scams.
FAQs
Q1. What is the new privacy concern with Google’s Pixel 9 Pro XL?
Answer. The Pixel 9 Pro XL transmits private user data to Google every 15 minutes, even before any apps are installed, raising concerns about constant data sharing and remote control capabilities.
Q2. What measures is Google taking to combat fraud and scams in India?
Answer. Google is expanding its Play Protect service to block sideloading of risky Android apps that seek sensitive permissions, with a pilot program rolling out in India next month.
Q3. What is the impact of Google’s Play Protect expansion?
Answer. The Play Protect expansion aims to prevent the installation of high-risk apps by blocking those sourced from risky internet-sideloading sources, following successful implementations in Singapore, Brazil, and Thailand
Read More: Google Pixel 9 Pro XL May Launch With Four Colors – Here’s What They Look Like
Read More: Google Pixel 9 Pro XL Leak Reveals Major Upgrades to Use Samsung Modem
Join MyMobile WhatsApp Channel
