My Google Pixel 9 eavesdropped on my life 24/7. Here’s how I made it stop

Google Pixel phones have one extremely convenient feature – so convenient, in fact, that privacy goes straight out of the window.

Having a Nokia 3310 back in the day sure was exciting. Compared to smartphones today, it did nothing, but I loved simply going through the settings and playing with different features.

These days, however, smartphones are so packed with features that I probably won’t even find them all before my device reaches it end of support.

I guess you can have too much of a good thing. Constantly enabling, disabling, and making use of new features, especially AI ones, doesn’t really seem that intuitive anymore, does it?

I, an iPhone user for over ten years, recently picked up a Google Pixel 9 for testing. While my colleague checked out the Google Pixel 9 Pro XL to give his verdict on its AI features, pricing, and overall experience, I was just curious to know how it would feel to ditch my iPhone for a week.

I’ve only used Apple devices for the last decade, including phones, smartwatches, laptops, and tablets. Therefore, going back to Android OS was quite a hassle for me. Navigation is different, and I immediately missed my Siri. No matter how dumb she might be right now, I’m somewhat attached to her soothing voice.

But while I lost Siri, I did get another personal spy. In this case, it was the Now Playing app, a feature that was enabled by default for me. This app recognizes songs that are playing in the background. So, let’s say you’re watching Friends, and Now Playing lists “I’ll Be There For You” by the Rembrandts as the song you were listening to.

It keeps making this list without you asking, meaning it’s always listening to your background and taking notes.

To address privacy concerns, Google emphasizes that background music is compared to a preloaded dataset and could be performed even in airplane mode.

Similar apps like Shazam usually perform recognition tasks on the cloud and need to be online. However, Shazam seems much better at performing tasks at hand, recognizing even niche music in foreign languages. Now Playing failed to recognize most non-English songs I played during the one-week testing period.

The biggest privacy concern here is that Pixel recognizes songs without any input from me. This means it’s constantly listening to my surroundings, as opposed to similar music recognition apps.

Why does it matter? Well, if Pixel was made by Apple, a more reputable company when it comes to privacy and data security, I wouldn’t be so worried. The iPhone has a lot of great voice features (never enabled by default), from reading your Slack messages out loud to accepting voice commands. However, Apple isn’t really in the data trading business.

A few years back, one of my shoes tore at work, leaving me to contemplate how I was supposed to walk home. Naturally, I picked up my phone to check where the nearest shoe shop was, and there it was – an ad on Instagram for a little boutique shoe shop nearby. But I hadn't even searched for it yet. So how on Earth did it know I was in need of shoes?

I was talking about it out loud in the office. I also messaged my friend that I will be late for our meeting because of this emergency. Did my phone just spy on me, I wondered?

Even with an iPhone, I wasn’t safe from it spying on me because I’d infested it with Meta and Google apps. Seeing me as a potential customer, they’re hungry for my data, so they or some other third parties could tailor me better ads. How many times did you hear that someone impulsively bought something after seeing an ad on Instagram? A lot. The question is – was it an accident you saw that particular ad, or was it tailored to match your interests?

By tapping into microphones, data companies get the missing piece of the puzzle.

Convenience vs privacy

If you leave your doors unlocked, a thief might visit. They might also not, but why risk it? The same goes for using the Now Playing feature, where your microphone is always on. Is it really worth it?

“It can lead to unintended eavesdropping, where sensitive information may be recorded and misused by apps, hackers, or malicious software,” Marijus Briedis, CTO at NordVPN, told Cybernews.

So, it’s not all theoretical.

“We've all experienced this. We have a discussion with a friend or family member about a product or services and we start getting served with ads about that product,” Steve Tcherchian, CISO at XYPRO, told Cybernews.

Briedis added that in addition to serving ads or turning your device into a surveillance tool, it might also simply consume more data and drain your device’s battery.

Also, while Google insists the feature works in a privacy-preserving manner, do you really trust Google with your data?

Wolf in sheep’s clothing

“Google has made efforts to enhance transparency and privacy in recent years, giving more control to users. However, considering the business model, which heavily relies on data collection, there is an inherent conflict of interest and concerns whether privacy is truly prioritized,” Briedis emphasized.

People often prioritize convenience over privacy, and data companies are loving it.

“Since we are not able to audit these companies, we trust them to use our data responsibly. The more data they collect, the more they can train their models. [...] Companies can use data as they wish, as long as they provide notice and, under some state laws, the ability to opt out or delete the data (if it’s considered personal information and tied to you). Ultimately, it’s a personal choice people have to make,” privacy expert Jodi Daniels told Cybernews.

How to protect yourself

We’re talking about one particular permission (microphone) here, but it’s only a drop in the ocean. Our in-house research has repeatedly revealed that popular apps, both on Android and iOS, are after your data, even though they don’t necessarily need it for apps to function.

For example, our researchers recently investigated the most popular Android travel apps and learned that they’re ravenous for data. They want you to share your location with them and access your cameras. Some can even read your SMS messages, read your files, and even make calls on your behalf.

The solution? Revoke the permissions unless they’re absolutely necessary for the app to function properly. Also, if an app developer claims it absolutely needs to send you push notifications for the app to function properly, just delete the app. So many of the permissions they ask for are intrusive and simply don't make any sense.

Unfortunately, during another in-house experiment, we learned that it’s sometimes impossible to revoke all permissions on an Android device.

Google’s response

Google responded to this Cybernews article with a lengthy explanation of how privacy and permissions function on Android devices. Firstly, it insisted that spying phones is a myth and backed this up with a BBC article from 2019. The debunking of the myth heavily relies on online experiments by security company Wandera experts.

While we are not in a position to verify the experiment, nor want to dispute the article from 2019, ample recent evidence suggests that phones can, in fact, listen to your surroundings. If you are interested in the phenomenon behind cross-device tracking - ultrasonic beacons - check out this comprehensive article on the matter.

Many cybersecurity experts also insist that phones can listen to our conversations for data tracking purposes. Indeed, they do that legally and with user consent. However, as mentioned before, attackers can abuse the permissions turned on the phones.

“Google does not use ambient sound from any device to target ads,” Google said in an email to Cybernews, also explaining the reasons why people may see an ad for a product after discussing it.

“For example an advertiser selling water bottles may ask that their ad shows for any videos or sites about hiking or camping. It could also depend on demographics - an advertiser can ask that an ad be shown to everyone of a certain age. Even the time of day could determine which ad a person sees,” Google added.

This doesn’t explain much about why we see ads for certain things we’ve just discussed.

In an email, Google also said that the Now Playing feature couldn’t have been enabled by default. We double-checked by setting up another Pixel phone, and, as it turns out, if you say you want the feature during initial setup, you give Google various permissions without knowing.

Interestingly enough, permissions given to Now Playing can’t be disabled by going the usual route Settings->Apps->Permissions. Why? Because Now Playing is not an app and won’t appear on that list. Instead, it turns out to be a part of Android System Intelligence that has access not only to my microphone, camera, location, call logs, and contacts, among other sensitive permissions.

The last microphone access was recorded just a few minutes before updating this article. So much for Google not listening.

Having said that, I also highly recommend learning more about what Google has to say on privacy here.

Updated on September 3rd [03:24 p.m. GMT] with a statement from Google.