Google has responded to the recent report that its Pixel smartphone was relaying private user information back to Google servers every 15 minutes, with the company's response refuting the claims from the report and providing additional background on the overall process.
The report came from Cybernews, which looked at the web traffic between Google and its latest flagship smartphone, the Google Pixel 9 Pro XL. The report stated that even before any app is installed, the device is sending private user data back to Google servers, with the researcher stating that every 15 minutes, a packet of data is sent back to Google servers, and within that packet is information such as an email address, phone number, location, network status, and other telemetry data.
Google has since responded to this report with a statement it has provided me, saying the report "lacks crucial context, misinterprets technical details, and doesn't fully explain that data transmissions are needed for legitimate services on all mobile devices regardless of the manufacturer, model or OS, such as software updates, on-demand features and personalized experiences."
"User security and privacy are top priorities for Pixel. You can manage data sharing, app permissions and more during device setup and in your settings. This report lacks crucial context, misinterprets technical details and doesn't fully explain that data transmissions are needed for legitimate services on all mobile devices regardless of the manufacturer, model or OS, such as software updates, on-demand features and personalized experiences," wrote a Google spokesperson in an emailed statement
Moreover, Google stated "user security and privacy are top priorities for Pixel" and that users are able to manage how their data is shared, the specific permissions applications have, and additional privacy settings during device setup and within the settings application.
As for Google's comments on the report itself, the search engine giant stated the researchers in the report "appear to have modified the device (rooting and installing man-in-the-middle certs) - so it is difficult to recreate these scenarios. These conditions could trigger unintended data checks."
Additionally, Google pointed to the report's lack of explanation within its methodology section, stating it "doesn't provide many details (did the researchers click 'yes' to 'Share Pixel usage & diagnostics information with Google' at setup, etc.)."
Google also pointed out there are "legitimate services" that require data transmission, and this is regardless of the device, manufacturer, and operating system.
Google's Arguments Against the Cybernews Report
- The researchers appear to have modified the device (rooting and installing man-in-the-middle certs) - so it is difficult to recreate these scenarios. These conditions could trigger unintended data checks.
- The report's methodology section doesn't provide many details (did the researchers click 'yes' to 'Share Pixel usage & diagnostics information with Google' at setup, etc.).
- In general, data transmissions are needed for legitimate services - regardless of what device / manufacturer / OS.
- For example you can see why Google Play services collects data here:
- The report ends with 'Cybernews researchers believe that the potential benefits outweigh the potential risks.' so it seems the authors understand this but oddly don't mention it in the report.
- The report notes "Google appears to have reserved some remote management and control capabilities for Pixel devices." in the context of CloudDPC. This is inaccurate. The only mechanisms for a company to control settings and take action on a device is through the forms of management made available via Android Enterprise (fully managed or corporate owned devices).
- You can learn more about data practices in our privacy policy.