Using Gmail as a soft, 'legal' and kinda efficient spyware.

with this method you can record activity on device,
EVEN if the main account is set to not record.***


inb4 , english is not my main language so if I wrote something wrong, I couldn't care less. I'm sorry

TLDR: what are those flaws?
1- secondary accounts on mobile can track you even not being used.
2 - that provides access to your activity and location timeline.
3- you real time location can be found on security tab by this secondary account!
4-the IMEI of the mobile, and also the options to LOCK and CLEAN the whole device are also available!

"so what" ?
well someone with that knowledge could easily set up another google account on your phone and you won't even notice that, so keep an eye on that tab just to be sure!

lets jump into this sht already!

here is what you 'll get from it:

1-access to all activity logs on the target phone, and yes, that includes even system applications, such as incallui, etc! all time stamped btw.


2 access to the maps timeline, EVEN if the main account is not set to record that
(target must have gps on)
ie:



I tried to force interactions with other google applications such as Keep, contacts, etc, but none worked, but these 2 for sure do work, and kinda stealth since no account selection is needed for non new apps on device.

here is what you'll need to set this up!


1 - A gmail account of yours, properly set up to record activity and location, and YT, etc,
(you go create one, set-up no phone, remove any 'security' alerts, etc, and get that ALREADY logged into your machine, pc, w/e, the point is to have this set up, and already logged in)

 

2- you need physical access to the target phone, for like 30 secs,
you will get the phone > you will open the configs > accounts > add new google acc
and log into your gmail,
done.


As said above, the GAcc gotta be logged into your machine before, be it on a browser that you don't useit must be like that otherwise it will also record activity that YOU done on that browser/or whatever, and we don't want that, so get into that only when you not doing anything else, or you have to clcik every activity to see the device it was recorded on.


cherry on the top, is that you can actually locate the device in real time,
battery levels, SSID of the wi-fi network connected, if there is one, and strength signal.
***this can be done ONCE, after found, the device will pop a notice that 'found my device' has been used..so use it wisely!
and MORE than that google denied me this tip saying this is not a flaw of any kind, but you can actually CLEAN THE WHOLE DEVICE!
also get the IMEI on the arrow(pic)


ALSO, this is a goldmine for any kind of social engineering, if you know, you know!

but don't worry, Google themselves told me this is not a flaw of any kind so, enjoy!

"Hi! Thank you for contacting us. We've determined that what you're reporting is not a technical security vulnerability. As we won't be able to act on your report, we have closed the case – from now on, we won't be able to see any of your responses.

they are really not taking this as a flaw, so, I'm just spreading the word!






If you found this helpful or informative in anyway please consider helping me out.
0x0758041e2682f257215D0Bb8aA7152D700441626 
0x0758041e2682f257215D0Bb8aA7152D700441626
0x0758041e2682f257215D0Bb8aA7152D7004416260x0758041e2682f257215D0Bb8aA7152D700441626