In Cybernews

Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.

“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews.

[…]

Key takeaways

• Private information was repeatedly sent in the background, including the user’s email address, phone number, location, app list, and other telemetry and statistics.
• The phone constantly requests new “experiments and configurations,” tries accessing the staging environment, and connects to device management and policy enforcement endpoints, suggesting Google’s remote control capabilities.
• The Pixel device connected to services that were not used, nor explicit consent was given, such as Face Grouping endpoints, causing privacy and ownership concerns.
• The calculator app, in some conditions, leaks calculations history to unauthenticated users with physical access.