161
Who owns your shiny new Pixel 9 phone? You can’t say no to Google’s surveillance (cybernews.com)
submitted 1 day ago by gytrash@feddit.uk to c/degoogle@lemmy.ml
68 comments fedilink hide all child comments

Google's latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.

Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.

“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews...

... “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said...

top 50 comments
sorted by: hot top controversial new old
[-] Andromxda@lemmy.dbzer0.com 21 points 7 hours ago

You can’t say no to Google’s surveillance

Yes you can: https://grapheneos.org/

[-] Buddahriffic@lemmy.world 1 points 57 minutes ago

I was just wondering earlier today if Google kept the bootloader open to allow custom OS installation only because they had other hardware on the phone that would send them their information anyways, possibly through covert side channels.

Like they could add listeners for cell signals that pick up data encoded in the lower bits of timestamps attached to packets, which would be very difficult to detect (like I'm having trouble thinking of a way to determine if that's happening even if you knew to look for it).

Or maybe there's a sleeper code that can be sent to "wake up" the phone's secret circuitry and send bulk data when Google decides they want something specific (since encoding in timestamps would be pretty low bandwidth), which would make detection by traffic analysis more difficult, since most of the time it isn't sending anything at all.

This is just speculation, but I've picked up on a pattern of speculating that something is technically possible, assuming there's no way they'd actually be doing that, and later finding out that it was actually underestimating what they were doing.

[-] DoubleChad@lemmy.ml 11 points 17 hours ago

So what phones do you all have?

[-] Rai@lemmy.dbzer0.com 1 points 1 hour ago

iPhone 16 Pro Max, but Graphene does look dope.

[-] MidsizedSedan@lemmy.world 1 points 1 hour ago

Pixel 7 pro with GrapheneOS.

[-] Lennny@lemmy.world 6 points 3 hours ago

Pencil with graphite

[-] DoucheBagMcSwag@lemmy.dbzer0.com 4 points 2 hours ago

stone and chisel

Oooga booga

[-] JameUwU@lemmy.ml 1 points 2 hours ago

the one guy on lemmy with calyxos

[-] jetsetdorito@lemm.ee 7 points 5 hours ago

not a phone just a literal block of graphene

[-] Moah@lemmy.blahaj.zone 1 points 3 hours ago

Fairphone 5

[-] Andromxda@lemmy.dbzer0.com 9 points 7 hours ago

Pixel 7 Pro with GrapheneOS

[-] red@lemmy.zip 7 points 11 hours ago

pixel 6a with graphene os

[-] pineapplelover@lemm.ee 6 points 14 hours ago

Pixel 8a with graphene

[-] shoki@lemmy.world 1 points 11 hours ago

pixel 7a with crdroid

[-] skuzz@discuss.tchncs.de 44 points 23 hours ago

I know this isn't the topic here, but I really wish these researchers would unroll what all Apple harvests from Apple devices. It's quite a lot as well. Could help pop that "we're so private" myth.

[-] Tazerface@sh.itjust.works 63 points 1 day ago

Installing GrapheneOS removes all the Google crap.

[-] multi_regime_enjoyer@lemmy.ml 9 points 18 hours ago

What is the advantage over Calyx/Lineage/iode OS on compatible devices? I just don't want Google to have any of my money at all. Buying a privacy solution from them recoups their loss.

[-] JameUwU@lemmy.ml 2 points 2 hours ago

Can't speak to what others are saying about Graphene but Calyx is amazing if you prefer a FOSS-centric option but still want GMS/GSF compatibility. Bootloader relocking is a requirement for their devices.

[-] Tazerface@sh.itjust.works 7 points 7 hours ago

I don't know about Calyx or Iode but Lineage doesn't allow for a locked bootloader. This is a massive security hole and without security, sooner or later, your privacy will be violated.

Currently, GrapheneOS on a newer Pixel are the only phones that Celebrite can't breach. Celebrite machines are cheap enough that the border guards and your local cops probably have one. In my country, it's the law that a cop is allowed to examine a phone during a traffic stop.

[-] VARXBLE@lemmy.dbzer0.com 7 points 9 hours ago

Mainly the locked bootloader that GrapheneOS offers. It's more secure, and GrapheneOS emphasizes security over all else, but privacy features are part of that security.

[-] N4CHEM@lemmy.ml 1 points 3 hours ago

Other OSs let you lock the bootloader too. I know that iodéOS and CalyxOS do, for example.

[-] yonder@sh.itjust.works 15 points 17 hours ago

It's my understanding that Graphene has security as its main goal, not privacy, though it's also quite private.

[-] RubberElectrons@lemmy.world 8 points 16 hours ago

I like calyx, might try graphene some day. But I absolutely won't run Google's play services ala graphene. It's sandboxed, supposedly, but why run it at all?

Calyx uses microG, a much smaller, fully open source emulator of Google's services.

[-] tht@mstdn.social 3 points 14 hours ago

@RubberElectrons @multi_regime_enjoyer its not actually fully open source, it uses a lot of closed-source libraries, and its not as battle-tested as google's official one so there really isn't a reason to use it

[-] RubberElectrons@lemmy.world 2 points 7 hours ago* (last edited 7 hours ago)

Just about all of your identifying data is stripped out by the framework before interacting with Google at all: https://github.com/microg/GmsCore/wiki/Google-Network-Connections

That alone makes it an important tool. I'm not too worried about memory exploits as I don't really install apps, but it's an important feature in graphene's toolkit.

For most people who want an Android alternative that's open source but don't have time to fiddle with it, calyxOS seems like a good solution. It just works out of the box.

[-] shortwavesurfer@lemmy.zip 83 points 1 day ago

GrapheneOS

load more comments (8 replies)
load more comments
view more: next ›
this post was submitted on 03 Oct 2024
161 points (98.8% liked)

DeGoogle Yourself

7743 readers
385 users here now

A community for those that would like to get away from Google.

Here you may post anything related to DeGoogling, why we should do it or good software alternatives!

Rules

  1. Be respectful even in disagreement

  2. No advertising unless it is very relevent and justified. Do not do this excessively.

  3. No low value posts / memes. We or you need to learn, or discuss something.

Related communities

!privacyguides@lemmy.one !privacy@lemmy.ml !privatelife@lemmy.ml !linuxphones@lemmy.ml !fossdroid@social.fossware.space !fdroid@lemmy.ml

founded 4 years ago
MODERATORS
CrypticCoffee@lemmy.ml
CrypticCoffee@lemm.ee
Byereddithellolemmy@lemmy.world
chevy9294@monero.town