Back
Enforcement
05.10.2022

Euroconsumers calls on Google to act on security flaw in the new Google Pixel 6a fingerprint sensor

A Euroconsumers test identified a security flaw in the fingerprint sensor of the new Google Pixel 6a with an important impact on consumers’ privacy. Google must step up to fix it.

What security flaw?

In the course of a recent test within the international ICRT framework, Euroconsumers discovered a serious security flaw related to the fingerprint sensor of the new Google Pixel 6a. After registering a finger of one of the lab technicians, the same lab technician repeatedly managed to unlock the phone using the fingerprint of an unregistered finger (the same finger, but from the other hand, to be more precise). Additionally, a different lab technician, who had not registered any fingers at all, also managed to unlock the phone once.

Euroconsumers calls on Google to protect its consumers

Needless to say, the security flaw that was identified has a high potential impact on consumers’ data protection, especially when considering that this identification is also used for payment systems. That is exactly the reason why Euroconsumers reached out to Google in the course of August and September, questioning the tech company on how they intended to manage this security problem, whether they had a recall in place and/or a software update release ready.

Although Google referred to “the probability of an unverified fingerprint match being 1 in 50,000 attempts”, this does not correspond to the findings from the Euroconsumers/ICRT test results. Nor do they correspond to similar reports that were made. Moreover, Google seems to be well aware of this particular security flaw that appears to be linked to the Android 12 version, as they put forward an upgrade to Android 13 in order to avoid exposure to this security risk.

That’s why, in order to properly protect its consumers, safeguard their security and privacy, Eurocosumers urges Google to:

  1. Issue a proactive communication to all Google Pixel 6a owners explaining in full transparency the security risks linked to the fingerprint sensor of the Android 12 version and all implications this might entail for consumers’ data protection.
  2. Urge all consumers concerned to speedily upgrade their phone to the Android 13 version to avoid further exposure to data security breaches.
  3. To proactively inform Euroconsumers about any other security risks for consumers. Euroconsumers from its side will continue to perform regular tests to assess the true quality and security of smartphones and will continue monitoring, especially the issues raised above.