One of the problems phone companies are facing in the modern-day world is after-sales service. Though companies are now working to let users repair their own device, most of us still go to a service center or mail-in the phone to the service center when a repair is needed. However, it seems that even sending in your phone for repair isn’t safe. A report has come out that claims a Pixel 5a sent in for repair at a Google service center has reportedly been compromised.
According to a report from The Verge, personal information including internet accounts, data, photos, and email of designer and author Jane McGonigal's Google Pixel 5a got compromised when she sent her phone for repair via Google's mail-in repair service. The report says that this is "at least" the second report that has come in the past few weeks of a person claiming that their phone got hacked when they sent their phone for repair in Google's mail-in service.
https://twitter.com/avantgame/status/1467192779973398531
The victim, Jane McGonigal, posted in detail about the happenings of the event. According to her, she sent her broken phone to one of Google's mail-in repair service centers in Texas in October 2021. She says that she was charged for the repair even though she never received the device during the phone's repair service period. The phone had, however, seemingly vanished from Google's facility.
Google says it's currently investigating the claim
It was only when someone tried to break into her phone to remove two-factor authentication checks, she got several email security alerts. According to McGonigal, she tried to wipe the phone and lock it using Google's Find My Device system, however, she failed. According to her, the intruder opened photos of her in "bathing suits, sports bras, form-fitting dresses, and of stitches after surgery." "They deleted Google security notifications in my backup email accounts," she said.
Google has confirmed that it is investigating McGonigal's claims. While it is hard to know when the phone was actually tapped — whether it was in transit when it was taken, intercepted within Google's repair facility, or someone took it from the service center — the company says that its official "recommendations" were not followed. Google's recommendations for the mail-in repair say that the person should backup and wipe their device before sending it in for repair. However, McGonigal did not do that.
But, it's just a recommendation and not a requirement as per Google. The whole situation has reminded all of us how messy repairs can be. Even though companies are now resorting to more options, for example, letting users repair their own devices, it's not the option a layman would opt for. Most of us would still resort to service centers when looking for repairs. Even that is not safe — "Apple paid millions to a woman after repair technicians posted her nude photos to Facebook", notes The Verge, which just shows how messy the whole repair sector is.