One of the main reasons to go with first-party repair services is accountability. It is generally assumed that first-party services would have to adhere to the guidelines set out by the company, like Apple or Google, so there is some semblance of reassurance of professional behavior.
However, according to recent reports, that doesn’t seem to be the case with Google’s Pixel mail-in service. According to developer and author Jane McGonigal, she had sent her Pixel in to Google repair, but despite the FedEx tracker showing it arrived at the repair facility, Google told her they did not receive her device.
Yeah, don't send your Google phone in for warranty repair/replacement. As has happened with others, last night someone used it to log into my gmail, Drive, photos backup email account, dropbox, and I can see from activity logs they opened a bunch of selfies hoping to find nudes
— Jane McGonigal (@avantgame) December 4, 2021
She also later got several security alerts that revealed that someone had used her phone to access her accounts such as Dropbox, Gmail, and Google Drive. That person even logged into her emails and sent those security alerts to her spam folder in an attempt to hide them. According to McGonigal, “The photos they opened were of me in bathing suits, sports bras, form-fitting dresses, and of stitches after surgery. They deleted Google security notifications in my backup email accounts.”
Google has since told The Verge that they are investigating this claim, but what’s worrying is that this isn’t a one-off issue as there has apparently been another similar report in the past few weeks. Google has advised users to backup and wipe their phones before sending it in for a repair, but as McGonigal points out, that might not always be possible.
For example if your phone’s display or touch sensor is spoiled, it would be pretty difficult if not impossible to wipe your phone. In any case, hopefully Google gets to the bottom of this and puts in more measures to ensure this never happens again.