Happy New Year from an ancient lurker! Let me start with the TL;DR version (and apologize in advance for being an idiot):
I received an “Ebay refurbished” Pixel 8 as a gift for the purposes of installing GrapheneOS. I went through the setup process offline (no wifi/SIM), triggered a factory reset, repeated the setup process offline, held the power button down expecting to bring up the power menu, and instead got Google Assistant which briefly recommended “f***ing kill me” as I tried to close it (I’m not sure offhand how this forum handles profanity, so I’m just trying to keep my post from getting held up here).
I’m baffled, concerned, and would rather not connect this thing to my PC without some reassurance. I’m hoping one of you guys and gals has some insight on what is happening, how it’s happening, and whether or not it makes any practical sense to worry about the device itself being compromised.
For a bit more unnecessary detail about myself and the issue:
I’ve been lurking around this community since the PrivacyTools sub-reddit days but have never gotten around to posting, so this has really been a long time coming. I do wish I could choose something between “beginner” and “intermediate”, as I’m not necessarily confident enough in the latter (as this post would exemplify) but have been following the topic way too long to be the former. I also wish my first post had been contributing useful information rather than asking for it, but this event put me in an awkward position. I’ve learned a ton from this community over the years and put a lot of stake in its collective knowledge, so I hope to give back to the extent I can in the future.
As for the device, it’s a vanilla Pixel 8 which, as I mentioned, was part of Ebay’s official refurbished program, which I’m assuming means slightly more than nothing. When I turned it on for the first time, it started the setup wizard, as expected, but since another factory reset would be easy to do and give me just a smidge more peace of mind, I did just that. I did the bare-minimum setup offline without a SIM, turned on airplane mode as soon as I could, then did the factory reset (which went oddly fast; I’m not sure it even rebooted) and repeated the process.
Since the whole point was to install GrapheneOS and not to use the device as-is, I went to turn it off, not realizing that holding the power button now triggers Google Assistant, which I have no experience with whatsoever (I’ve spent years going out of my way to avoid Google services). Trying to get rid of the useless pop-up seemed to trigger the aforementioned “suggestion” for a split-second before it closed. It was still offline (or about as offline as I could reasonably expect) at that point, so seeing something like that immediately after a factory reset completely threw me.
At this point I’ve rebooted the device, put it in OEM-unlocked mode (which required briefly connecting to my Wifi network) and turned it off. Pulling up Google Assistant in the same fashion hasn’t produced similar results since then (I was recommended to set an alarm, for example). I was going to go ahead and start setting up GOS anyway, but thought I was better of asking here before doing something I might regret (connecting the “f****ing kill me” device to my self-built Fedora PC doesn’t sound great on face value).
I’m really hoping someone here can offer some insight on this. Duckduckgo was about as unhelpful as it usually is for me these days, but its AI summarizer managed to pull [something] from [some source] that the assistant may show “strange” residual data after a factory reset. IF this is true, how? If the device’s encryption key gets tossed out after a factory reset (which would presumably reboot the device, but maybe this is not guaranteed), where was this hiding? I could see a bored IT guy typing that in while “testing” the device, but how did I see it after having to go through the setup wizard twice?
Thanks for reading, and again, my apologies for the idiocy.