Google Pixel Mail In Repairs Hit Privacy Breach. So the news going on right now is that there’s a leak in privacy in Google pixel mail-in repairs. It was said that after game designer and author Jane McGonigal sent her Pixel 5a to Google for repair, someone allegedly hacked her device. It’s so sad.
This is also said to be the second report in as many weeks from someone claiming that they sent a Google phone in for repair, only to have it used to leak their private data and even photographs.
Google Pixel Mail In Repairs Hit Privacy Breach
The tweet is below;
Yeah, don’t send your Google phone in for warranty repair/replacement. As has happened with others, last night someone used it to log in to my Gmail, Drive, photos backup email account, dropbox, and I can see from activity logs they opened a bunch of selfies hoping to find nudes
— Jane McGonigal (@avantgame) December 4, 2021
In October, McGonigal sent her broken phone to an official Pixel repair center in Texas. She tweeted later that Google said it never received the phone, and during the ensuing weeks, she was charged for a replacement device.
The Activity Triggered Several Email Security Alerts
But according to McGonigal, FedEx tracking information shows the device arrived at the facility weeks ago.
Late Friday night a few hours after she says she finally received a refund for the device someone seems to have used the “missing” phone to clear two-factor authentication checks and log in to several of her accounts, including her Dropbox, Gmail, and Google Drive.
The activity triggered several email security alerts to McGonigal’s backup accounts. However, she speculates that whoever has the phone may have used it to access her backup email addresses and then dumped any security alerts into her spam folder.
“The photos they opened were of me in bathing suits, sports bras, form-fitting dresses, and of stitches after surgery,” McGonigal writes. “They deleted Google security notifications in my backup email accounts.”
In a statement emailed to The Verge, Google spokesperson Alex Moriconi says, “We are investigating this claim.” It’s still unclear whether the device might have been intercepted within the repair facility or while it was in transit, or who has it now.
Google’s official repair instructions recommend backing up and then erasing a device before sending it in. Still, as Jane McGonigal points out, that’s either hard or impossible, depending on the damage.
This Whole Situation Reminds Us of Security Concern
The whole situation reminds us of the security concerns whenever we hand over our devices for repair, and unfortunately, such activity has precedent. In June, Apple paid millions to a woman after repair technicians posted her nude photos to Facebook.
Apple recently said it would start selling DIY repair kits, giving users the chance to fix their own phones, or at least has the task done by someone that a user trusts, as opposed to sending it in or dropping it off at an Apple Store.
For Pixel phones, your options for official service are either via mail-in or, in some countries, local service through an authorized provider.
In the US, Google partners with uBreakiFix franchises. Whatever phone you have, the options for repairs are still somewhat limited, and you end up having to trust that no one with bad intentions will get their hands on your phone while it’s out of your possession.