Google Pixel phones sold with security vulnerability, report finds
A report by iVerify revealed a hidden vulnerability in Google Pixel phones since 2017, allowing potential surveillance. Google confirmed a fix will be released to remove the software.
Read original article
A recent report by cybersecurity firm iVerify revealed that most Google Pixel phones sold since September 2017 contained a hidden software vulnerability that could allow for surveillance or remote control of the devices. This issue was identified when iVerify's endpoint detection system flagged an insecure Android device at Palantir Technologies, prompting a joint investigation. The investigation uncovered a hidden Android package named Showcase.apk, which was initially developed by Smith Micro Software for Verizon's in-store demonstrations. Although the app was inactive by default, it could be manually enabled, exposing the operating system to potential hacking, man-in-the-middle attacks, and spyware. Palantir's chief information security officer expressed concerns over the presence of unvetted software on devices intended for secure operations, leading the company to ban Android devices internally. Google acknowledged the issue, stating that the software was no longer in use and that there was no evidence of active exploitation. They confirmed that a fix would be rolled out to remove the app from affected devices in the coming weeks.
- Most Google Pixel phones since 2017 have a hidden software vulnerability.
- The vulnerability allows for potential surveillance and remote control of devices.
- The software, Showcase.apk, was developed for Verizon and was inactive by default.
- Palantir Technologies banned Android devices internally due to security concerns.
- Google is set to release a fix to remove the vulnerable software from affected devices.
Related
Google Restricts RCS Messaging on Some Android Devices
Google restricts RCS messaging on certain Android devices like rooted ones. Users criticize the move, citing communication limitations. Google defends the action for spam prevention and security. Despite workarounds, affected users face challenges. This reflects Google's tighter control trend, akin to Apple. The competition between Android and iPhone, focusing on AI, may impact user preferences.
Smartphone flaw allows hackers and governments to map your home
A newly discovered smartphone vulnerability allows unauthorized tracking and surveillance through GPS data, raising significant privacy concerns as it does not require access to cameras or microphones.
Google patches Quick Share for Windows to shut malware hole
Google patched multiple vulnerabilities in its Quick Share application for Windows, discovered by SafeBreach, which could allow remote code execution. Ten flaws were identified, including denial of service and authorization bypass.
Integration and Android
Google's Pixel smartphones hold a low market share, facing competition from Apple and Samsung. The new Gemini AI assistant aims to improve user experience, but Google must enhance marketing and production efforts.
Google Pixel Phones Have Unpatched Flaw in Hidden Android App
A serious vulnerability in nearly all Google Pixel phones, linked to the "Showcase.apk" app, allows remote code execution. Google plans to remove it, but Palantir has stopped using Android devices.
9 comments"By Gaby Del Valle, a policy reporter. Her past work has focused on immigration politics, border surveillance technologies, and the rise of the New Right."
Sorry Gaby, you're out of your depth. Somehow Lily Hay Newman (WIRED), who should know better, was also taken in by this.
Don't install iVerify, it's practically malware.
That is pretty funny
So I don't really see it as a big deal - I probably have lots of software that's not running but exists on my PC that would be a security risk if "manually enabled".
Though it's good to remove it if it's not necessary, I hardly see it as an emergency thing or really warrant this sort of breathless media drama.
Google Pixel Phones Have Unpatched Flaw in Hidden Android App
https://www.wired.com/story/google-android-pixel-showcase-vu...
(https://news.ycombinator.com/item?id=41256122)
Google sold Android phones with hidden insecure feature, companies find
https://www.washingtonpost.com/technology/2024/08/15/google-...
(https://news.ycombinator.com/item?id=41255631)
iVerify Discovers Android Vulnerability Impacting Millions of Devices
https://iverify.io/press-releases/iverify-discovers-severe-a...
"Fernandez said the software was made “for Verizon in-store demo devices and is no longer being used,” adding that Google has “seen no evidence of any active exploitation.”
How would they know?
one can find crap like "VzwOmaTrigger.apk" built into the OS even on the original pixel
Related
Google Restricts RCS Messaging on Some Android Devices
Google restricts RCS messaging on certain Android devices like rooted ones. Users criticize the move, citing communication limitations. Google defends the action for spam prevention and security. Despite workarounds, affected users face challenges. This reflects Google's tighter control trend, akin to Apple. The competition between Android and iPhone, focusing on AI, may impact user preferences.
Smartphone flaw allows hackers and governments to map your home
A newly discovered smartphone vulnerability allows unauthorized tracking and surveillance through GPS data, raising significant privacy concerns as it does not require access to cameras or microphones.
Google patches Quick Share for Windows to shut malware hole
Google patched multiple vulnerabilities in its Quick Share application for Windows, discovered by SafeBreach, which could allow remote code execution. Ten flaws were identified, including denial of service and authorization bypass.
Integration and Android
Google's Pixel smartphones hold a low market share, facing competition from Apple and Samsung. The new Gemini AI assistant aims to improve user experience, but Google must enhance marketing and production efforts.
Google Pixel Phones Have Unpatched Flaw in Hidden Android App
A serious vulnerability in nearly all Google Pixel phones, linked to the "Showcase.apk" app, allows remote code execution. Google plans to remove it, but Palantir has stopped using Android devices.