Cybernews's research team has unraveled a silent tracking system on Google Pixel Devices that sends user data without their consent.
Most service providers require a certain amount of data tracking and collection to provide accurate services. However, transparently revealing the condition of data tracking and usage is critical for compliance purposes and to gain long-term user trust and loyalty. A recent research study by the Cybernews team reveals an opposite practice secretly taking place by Google.
According to the research findings, Google has a secretive stream of data that it continually sends to its servers, even without the user’s consent. The team took a brand-new Pixel 9 Pro XL device with default settings and a new Google account and then rooted it to add a man-in-the-middle interception layer.
The team proxied the inbound and outbound traffic and used a custom security certificate to decrypt and examine the communications. However, since the phone was rooted, the intercepted data was incomplete because some features were disabled.
The shocking revelation through decrypted data shows, "Every 15 minutes, the Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry to multiple endpoints at Google, including Device Management, Policy Enforcement, and Face Grouping.”
“You can’t say no to Google’s surveillance,” says the Cybernews team’s conclusion, adding, “The phone periodically attempts to download and run new code, potentially opening up security risks.” Even when the location and GPS were disabled, the device tracked the estimated location through Wifi networks. It may have been necessary to run certain new services like crash detection, but the keyword concerning the masses is transparency.
The research also found out that, since the device and the account were of Google only, the shared data was not intercepted mid-way or sent to any third party. As the device was running on default settings without even installing or allowing additional app permissions, the details being shared make it a highly sensitive concern for users.
If not vulnerable, the shared nonconsensual data easily falls under the category of privacy intrusion. For now, the data collected was limited to Pixel phones, but as the practice is thoroughly OS-level, it can encompass almost every Android device worldwide.
