Google’s latest flagship phone the Pixel 9 Pro XL has sparked new concerns about user privacy. A recent research reveals troubling issues related to constant data sharing and remote control capabilities. Here’s what we know so far.
According to Cybernews researchers, the Google Pixel 9 Pro XL “frequently transmits private user data to the tech giant before any app is installed.”
This suggests that Pixel 9 Pro XL users may not have full control over their own devices. Not only privacy, if the reports coming out of the research hold any truth, It also raises questions on ownership.
Researchers used a “man-in-the-middle” approach to intercept the traffic between a new Pixel 9 Pro XL and Google’s servers.
Here are some key findings highlighted in the report.
The research uncovered that the Pixel 9 Pro XL transmits private user data to Google every 15 minutes. This was recorded even before any apps were installed.
“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews.
The private data at risk includes sensitive details like the user’s location, email address, and phone number. The phone uses nearby Wi-Fi networks to estimate the user’s location even when the GPS is turned off.
“The Pixel 9 Pro XL repeatedly uses PII for authentication, configuration, and logging. This practice doesn’t align with the industry’s best anonymization practices and appears excessive. The smartphone transmits the user’s email address, location, and phone number, even when utilizing a variety of other identifiers for the user and the device,” Nazarovas said.
As per the researchers, some of this data is sent to endpoints responsible for device management, policy enforcement, and biometric processing. However, all this happens without explicit user consent.
Another alarming claim of the report is that the Pixel 9 Pro XL has the ability to connect to Google servers to request updates and even download and run new code without user knowledge.
If true, this directly suggests that Google can remotely control certain aspects of the phone. This opens potential several security risks. However, the report highlights that no harmful actions were observed during the study.
Researchers also found a privacy issue with the calculator app. As per reports, it can be accessed from the notifications even when the phone is locked.
This leaves the data such as calculation history exposed. It can have highly sensitive information and raises concerns about unauthorized access to personal information.
“We were unable to access any user data without first unlocking the device and the calculator was a single exception. It is important to note the widget in the notifications tray is not enabled by default – the user would have to manually add it to the list of shortcuts,” Nazarovas said.
These findings raise serious questions about user control and privacy.
It is important to note that the report highlights that no data was sent to third parties and no malicious activities were detected during the study. However, the sheer volume of information being shared regularly with Google has sparked concerns.
One of the main questions we have now is whether users truly “own” their devices or if control lies with the tech giant.
In other news, Google is working to combat fraud and scams in India by expanding its Play Protect service. This initiative was first introduced in Singapore earlier this year.
The company will launch a pilot program next month. The program will aim at blocking the sideloading of certain risky Android apps.
It will target apps that seek sensitive permissions, such as accessing incoming one-time passwords (OTPs) or monitoring user activity on the device.
Google explains the feature, “This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive permissions frequently abused for financial fraud. It will inspect the permissions the app declared in real-time and specifically look for permission requests that are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content (they are RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility).”
The initiative is part of Google’s broader efforts to curb fraudulent app installations globally.
The feature is already operational in countries like Singapore, Brazil, and Thailand.
In Singapore, Google claims it has blocked nearly 900,000 high-risk app installations. The expansion to India aims to build on this success and further protect Android users from potential scams.
Answer. The Pixel 9 Pro XL transmits private user data to Google every 15 minutes, even before any apps are installed, raising concerns about constant data sharing and remote control capabilities.
Answer. Google is expanding its Play Protect service to block sideloading of risky Android apps that seek sensitive permissions, with a pilot program rolling out in India next month.
Answer. The Play Protect expansion aims to prevent the installation of high-risk apps by blocking those sourced from risky internet-sideloading sources, following successful implementations in Singapore, Brazil, and Thailand
Read More: Google Pixel 9 Pro XL May Launch With Four Colors – Here’s What They Look Like
Read More: Google Pixel 9 Pro XL Leak Reveals Major Upgrades to Use Samsung Modem
Highlights Samsung Wallet now supports Digital Home Key for unlocking smart door locks with Galaxy…
Highlights Rangwali Holi or Dhulandi on Wednesday, March 4, 2026 Here are creative Holi greetings…
Highlights Ai+ Pulse 2 debuts in India at ₹5,999 for the base 4GB + 64GB…
Highlights Nothing will host a special drop event on March 7 at 6 pm IST…
Highlights A rare total lunar eclipse will occur on March 3, 2026. It will begin…
Highlights Tecno unveiled Camon 50 Series phones with Helio G200 Ultimate chipset, up to 16GB…
This website uses cookies.