this post was submitted on 03 Oct 2024
195 points (97.6% liked)

DeGoogle Yourself

8984 readers
5 users here now

A community for those that would like to get away from Google.

Here you may post anything related to DeGoogling, why we should do it or good software alternatives!

Rules

  1. Be respectful even in disagreement

  2. No advertising unless it is very relevent and justified. Do not do this excessively.

  3. No low value posts / memes. We or you need to learn, or discuss something.

Related communities

!privacyguides@lemmy.one !privacy@lemmy.ml !privatelife@lemmy.ml !linuxphones@lemmy.ml !fossdroid@social.fossware.space !fdroid@lemmy.ml

founded 4 years ago
MODERATORS
 

Google's latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.

Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.

“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews...

... “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said...

you are viewing a single comment's thread
view the rest of the comments
[–] Buddahriffic@lemmy.world 1 points 2 months ago (9 children)

You're right that it's pure speculation just based on technical possibilities and I hope you're right to think it should be dismissed.

But with the way microchip design (it wouldn't be at the PCB level, it would be hidden inside the SoC) and manufacturing work, I think it's possible for a small number of people to make this happen, maybe even a single technical actor on the right team. Chips are typically designed with a lot of diagnostic circuitry that could be used to access arbitrary data on the chip, where the only secret part is, say, a bridge from the cell signal to that diagnostic bus. The rest would be designed and validated by teams thinking it's perfectly normal (and it is, other than leaving an open pathway to it).

Then if you have access to arbitrary registers or memory on the chip, you can use that to write arbitrary firmware for one of the many microprocessors on the SoC (which isn't just the main CPU cores someone might notice has woken up and is running code that came from nowhere), and then write to its program counter to make it run that code, which can then do whatever that MP is capable of.

I don't think it would be feasible for mass surveillance, because that would take infrastructure that would require a team that understands what's going on to build, run, and maintain.

But it could be used for smaller scale surveillance, like targeted at specific individuals.

But yeah, this is just speculation based on what's technically possible and the only reason I'm giving it serious thought is because I once thought that it was technically possible for apps to listen in on your mic, feed it into a text to speech algorithm, and send it back home, hidden among other normal packets, but they probably aren't doing it. But then I'd hear so many stories about uncanny ads that pop up about a discussion in the presence of the phone and more recently it came out that FB was doing that. So I wouldn't put it past them to actually do something like this.

[–] Andromxda@lemmy.dbzer0.com 5 points 2 months ago (8 children)

But it could be used for smaller scale surveillance, like targeted at specific individuals

Why would this only be present in Pixels then? Google isn't interested in specific people. Intelligence agencies are. This would mean, that every phone in the world needs to be compromised using this sophisticated, stealthy technology, which is even more unlikely.

[–] Buddahriffic@lemmy.world 1 points 2 months ago (7 children)

If it is present there, it doesn't imply it's only present there.

And we really have no idea how close of a relationship Google, or any other corp for that matter, has with various intelligence agencies. Same thing with infiltrations by intelligence agencies.

And no, it doesn't mean that every phone in the world is compromised with this, which wouldn't be that sophisticated, just stealthy. The sophisticated part would be part of the normal design process, it's called DFT or design for test if you want to read about it, used legitimately to determine what parts of the chip have manufacturing flaws for chip binning.

Most phones don't have an unlocked bootloader, and this post is about the data Google is pulling on factory pixels.

Why would they do all the work on the software side and then themselves offer a device that allows you to remove their software entirely? And if it's worth it just from the "make more money from people who only want unlocked phones", why isn't it more common?

Mind you, my next phone might still be a pixel. Even if this stuff is actually there, I wouldn't expect to be targeted. I can't help but wonder about it, though, like just how deep does the surveillance or surveillance potential go?

[–] sleepyplacebo@rblind.com 2 points 1 day ago* (last edited 1 day ago)

The Pixel is a good phone to test the latest android features for development purposes. I would imagine to some degree they are trying to target developers interested in testing software by offering the ability to unlock and relock the bootloader. This fosters a vibrant developer community and encourages innovation. Certain things can be tested in an android emulator but it helps to have a real device to test as well.

Pixels often ship with hardware features that other phones later include. For example Pixel 8 was the first phone with hardware memory tagging extensions and if developers wanted to test that feature they would buy a Pixel first and then use that experience with the devices their company is manufacturing. Pixels are often released with new android versions that implement android features and APIs the way they were intended to work. There have been cases of OEMs releasing devices with broken implementations of standard android features.

Pixel was the first phone with Strongbox as well. Additionally, It was the first android phone with satellite connectivity.

It also attracts the segment of the market that just enjoys modifying their phones as well. So basically they are targeting the power user community and developers. Despite the Pixel having the ability to install custom verified boot keys and custom OSs, Google knows that very few users use those features so it does not cut into their Play Store and Play Services market share very much.

load more comments (6 replies)
load more comments (6 replies)
load more comments (6 replies)