Google Pixel repair technicians are illegally accessing customers’ phones
The first incident, reported on December 1st on Reddit, involves an RMA (return merchandise authorization) of a broken Pixel phone. The author of the report says the device, which belonged to his wife, broke about a month ago and they sent it to Google for an RMA. Since the phone wouldn’t power on, they couldn’t wipe it. They reportedly hadn’t set a password or PIN on the device either. A month after they sent the phone, someone hijacked the social media accounts of the author’s wife to post nude pictures of the couple. The hacker also accessed her Google account and tried to lock her out. Additionally, a sum of $5 was transferred out from a PayPal account. As the author points out, it was probably a test to steal a bigger amount later. The author tracked down the logins to Texas, which is where Google had asked him to send the broken Pixel for replacement. Using Google’s Find my mobile service, he could even trace the unauthorized access to the exact building he had sent the phone to. Quite clearly, the phone was fixed and since it wasn’t wiped, someone misused it. The victim understandably wants to sue Google for this, saying it’s an “egregious” violation of trust and privacy that it is. “Hundreds of people have now seen my penis including our friends’ kids”. He has already filed a police complaint and also contacted Google regarding the issue. Unfortunately, the account that posted this report on Reddit is now deleted, including all comments related to the post. Android Police reached out to the account holder but didn’t get a positive response.
The second report is from a well-known game designer and bestselling author
If you were suspicious regarding the accuracy of the first incident because the post on Reddit has been taken down, another similar report has surfaced recently. And this time around, the report is from game developer and New York Times bestselling author Jane McGonigal. She had sent her Pixel to the same RMA site in Texas for repair. The phone wasn’t wiped and it’s unclear whether she had configured a secure screen lock. The device was marked disappeared days after delivery. But recently, someone accessed her accounts, including Gmail, Drive, Photos, and Dropbox. They opened several photos of her in various stages of undressing. These include photos in “bathing suits, sports bras, and form-fitting dresses,” as well as photos of stitches after surgery. The hackers also changed her email settings to hide security messages. They deleted those messages or market them as spam so McGonigal couldn’t see them in the inbox. All this while, she was trying to remotely wipe her phone using the Find my mobile service but couldn’t do it. McGonigal says she hasn’t heard back from Google regarding this issue. However, the backchannels told her that the company is looking at it.
— Jane McGonigal (@avantgame) December 5, 2021 Both these incidents remind us of the 2016 iPhone incident for which Apple recently paid a multimillion-dollar sum to the victim. Repair technicians had posted her nude photos and a sexually explicit video from her phone to her Facebook account. Google could face similar consequences here. But it’s all very shocking, to say the least. It’s common and expected practice to send a broken phone to a company-authorized service center for repair. And when they do this, customers don’t have anyone else to trust. We are now having to hope that the device doesn’t fall into the hands of people with bad intentions.