Google claims hijacked Pixel phones weren't their fault

By Ewdison Then/Dec. 9, 2021 9:14 am EST

Nothing is probably more frightening than discovering how the personal and sensitive photos you have protected on your phone have been put up on the Internet for everyone to see. It's even more disheartening when that incident may have been part of what should be a trusted system between a customer and a renowned company. That was the nightmare that at least two Pixel phone owners were living in for the past few days, but Google is officially saying that it was not caused by Google employees or authorized repair technicians.

There is always a risk involved when handing your phone over to someone else for repairs, which is why most companies insist you only use services that they have vetted and authorized. Having to send in the device via mail adds another layer of risk, where anything can happen between point A and point B. Most people worry about phones getting delayed, damaged, or even lost, but few probably expect that the phones will be hacked into.

That was the unfortunate case for two Pixel phone owners, including game designer and author Jane McGonigal whose tweets helped bring much-needed attention to the incidents. There was a lot of guesswork involved as to the true cause of these cases, but the common elements included sending broken and unprotected Pixel phones via mail for repairs and then having the supposedly fixed phones broken into. The worst case was the anonymous Pixel owner whose wife's compromising photos were posted on social media.

Fingers were naturally pointed at the authorized repair facilities involved, both of which were allegedly located in Texas. Google, however, has now come out with an official statement to The Verge, refuting those suspicions. It said "with confidence" that it was not related to its Return Merchandise Authorization or RMA, the process used for sending a broken phone for repairs. Unfortunately, it doesn't go into more detail about it.

That still leaves the question of where the hijacking actually took place. According to McGonigal, Google will be providing special instructions for users who can't erase their phones before sending them away. In both incidents, the Pixel phones didn't function normally, so that the owners weren't able to do the recommended factory reset. Neither was protected by PINs or passcodes as well.

These upcoming instructions could go a long way in helping secure broken phones before they are mailed for repairs, but that presumes that owners will actually perform them or will be aware of them in the first place. It also falls on Google to actually ensure that every step of its RMA process is secure even if the phone hasn't been secured, especially during these times when mail-in services might be safer for people.