Google Pixel account hacks prompt outcry over mail-in repair privacy

JC Torres - Dec 6, 2021, 8:37am CST
Google Pixel account hacks prompt outcry over mail-in repair privacy

The past two years have seen a surge in demand for mobile devices, but acquiring them hasn’t exactly been easy. Trying to get devices serviced may have been even worse, with many companies and service centers being forced to resort to mail-in methods. Those always come with some risks while the phone is in transit, but few owners probably expected that their privacy would be violated in the process. That’s the nightmare situation that at least two Google Pixel owners have found themselves in, one with rather sensitive information published for the world to see.

SlashGear

The first incident flew under the radar after it was posted on Reddit last week. The account and post were removed, but Android Police was able to take a snapshot of the complaint for evidence. In a nutshell, the OP (original poster) claimed that his wife sent her broken Pixel phone in for repairs using Google’s official mail-in service and discovered that nude photos from the phone were posted to the wife’s social media account.

In this case, the Pixel couldn’t be turned on in order to wipe the phone clean before handing it over for repairs, as Google advises. It wasn’t clear but probably implied that the phone didn’t have any security lock option set. It was, in other words, fair game for anyone who could repair the phone, which was what allegedly happened in this case.

The matter would have been written off as a fluke if it weren’t for a second incident, this time involving a more popular user, game designer and best-selling author Jane McGonigal. The scenario was slightly similar, except that the hijacker couldn’t find any incriminating images to use. The culprit in this case changed her email settings so that security warnings from Gmail and Dropbox would either be sent to spam or deleted.

Jane McGonigal/Twitter

Google is reportedly looking into the matter, but the case is still wide open. Of course, two incidents don’t make a pattern, but it is suspicious that both cases involved an authorized service provider in Texas. Even just one of these, however, is enough to land Google in court, just as how Apple had to settle a similar case earlier this year (via The Verge) to the tune of millions of dollars.

Google does give instructions on what to do before handing over a Pixel phone for repairs, including doing a factory reset and securing your phone. Of course, that’s not always possible, especially if the phone wouldn’t turn on or if the screen is completely blank. It’s always advised to put a screen lock on the phone, even something as simple as a passcode, but the lack of such a security measure is never an excuse for any authorized party to break into private property and steal things.


Must Read Bits & Bytes