Google to Remove Potentially Risky App from Pixel Devices Following Security Concerns
3 Sources
3 Sources
[1]
Google sold Android phones with a big security risk
Google's Pixel smartphones ship with a risky application that leaves them vulnerable to hackers, mobile security firm iVerify has found. The third-party app has reportedly been embedded in Pixel phones for years. According to iVerify, the app has a vulnerability that "leaves millions of Android Pixel devices susceptible" to hackers, "giving cybercriminals the ability to inject malicious code and dangerous spyware." A Google spokesperson told WIRED that the company will work to remove the software in the coming weeks. The spokesperson told The Washington Post that "[e]xploitation of this application on a user phone requires both physical access to the device and the user's password." The security issue with Google's Pixel phones has prompted AI giant Palantir to stop issuing them to its employees, the Post reports. "Mobile security is a very real concern for us, given where we're operating and who we're serving," Palantir's Chief Information Security Officer, Dane Stuckey, told The Post. "This was very deleterious of trust, to have third-party, unvetted insecure software on it. We have no idea how it got there, so we made the decision to effectively ban Androids internally." iVerify said that the issue "highlight[s] the need for more transparency and discussion around having third-party apps running as part of the operating system" in tech firms' products. "It also demonstrates the need for quality assurance and penetration testing to ensure the safety of third-party apps installed on millions of devices."
[2]
Google to remove app with security flaw that almost all Android phones had
Most Google Pixel phones sold over the last few years have a software that could be used to hack into them, a report has shared. Cybersecurity company iVerify has revealed that a 'Showcase' app left open a security vulnerability that could be exploited to remotely control the phone and look through it. The hidden software package Showcase.apk was pre-loaded into every Android release for Pixel since 2017. Developed by Smith Micro for Verizon, the app was used to launch a retail model on the phones. The app was designed in a way so software could be installed using it or code could be written through it remotely. It can download a configuration file over an unencrypted HTTP connection making it unsecure. The investigation done together by iVerify, data analytics firm Palantir and Trail of Bits also found that the risk appeared to be limited given that the app is disabled by default and needs a passcode to access it. (For top technology news of the day, subscribe to our tech newsletter Today's Cache) Google's new AI Pixel Screenshots feature is similar to Microsoft's Recall, but safer Google has responded to the study by acknowledging the vulnerability and saying it will remove Showcase from Pixel devices within the "coming weeks." The app also wasn't included in the newly released Pixel 9 series. Google also said that they hadn't seen any incident that had exploited the vulnerability. Palantir decided to ban Android devices within the company as a response, saying that the tech giant had reacted too slow to the report. Google has reportedly also notified other Android OEMs about Showcase. Read Comments
[3]
Google to remove potentially risky app from Pixel devices following security report - SiliconANGLE
Google to remove potentially risky app from Pixel devices following security report Google LLC has committed to removing a dubious application found on some or all Pixel phones following a report about it representing a serious security vulnerability, be it that the severity of the vulnerability is in dispute. A report released today by mobile device security company iVerify LLC in conjunction with the security team at Palantir Technologics Inc., detailed the discovery of a serious Android security vulnerability that the report says impacts millions of Pixel devices globally. The vulnerability is claimed to make Android accessible to cybercriminals to perpetrate man-in-the-middle attacks, malware injections, and spyware installations. The vulnerability relates to an Android app package called Showcase.apk. Per the iVerify report, the application runs at the system level and can fundamentally change the phone's operating system. The application package is installed over unsecured HTTP protocols, opening a backdoor that makes it easy for cybercriminals to compromise the device. The report notes that users cannot remove the app as it is part of the firmware image and Google does not allow end-users to alter the firmware image for security reasons. "While we don't have evidence this vulnerability is being actively exploited, it nonetheless has serious implications for corporate environments, with millions of Android phones entering the workplace every day," Rocky Cole, co-founder and chief operations officer of iVerify, said in a statement sent to SiliconANGLE. "Google is essentially giving CISOs the impossible choice of accepting insecure bloatware or banning Android entirely." The report also claimed that Google was also made aware of the vulnerability, with iVerifty submitting a detailed report on what the issue is. "It's unclear if Google will issue a patch or remove the software from the phones to mitigate the potential risks," the report states. While Google has admitted that the file may cause security issues, the search giant varies in its belief of how wide the exposure and potential security risk actually is. A spokesperson from Google who spoke with CNET claims that the app was developed by Smith Micro Software Inc. for Verizon Communications Inc. and is not an Android or Pixel vulnerability. It is also claimed that the app was only used for in-store devices and that the app is no longer being used. Further, Google disputes the risk presented by it. "Exploitation of this app on a user phone requires both physical access to the device and the user's password... we have seen no evidence of any active exploitation," the spokesperson added. "Out of an abundance of precaution, we will be removing this from all supported in-market Pixel devices with an upcoming Pixel software update." The claims come after Google announced its latest Pixel lineup at an event on Aug. 13. Google announced a new family of Pixel 9 smartphones, along with the Pixel 9 Pro Fold, that feature the company's artificial intelligence Gemini family of models.
Share
Share
Copy Link
Google plans to remove a pre-installed app from Pixel devices due to a security vulnerability that could potentially affect millions of Android users. The move comes after researchers discovered a flaw that could allow hackers to access sensitive information.
Security Vulnerability Discovered in Google Pixel Devices
Researchers have uncovered a significant security flaw in Google Pixel devices, potentially exposing millions of Android users to hacking risks. The vulnerability, found in a pre-installed app, has prompted Google to take swift action to protect its users
1
.The Nature of the Security Risk
The security issue stems from a pre-installed app on Pixel devices that could allow hackers to gain unauthorized access to sensitive user information. This app, which comes by default on Pixel phones, has been identified as a potential entry point for malicious actors to exploit
2
.Google's Response and Mitigation Efforts
In response to the discovery, Google has announced plans to remove the problematic app from Pixel devices. This proactive measure aims to eliminate the security risk and safeguard users' personal data. The tech giant is expected to roll out an update that will automatically remove the app from affected devices
3
.Widespread Impact on Android Ecosystem
While the immediate focus is on Pixel devices, the implications of this security flaw extend beyond Google's own hardware. Reports suggest that the vulnerability could potentially affect a vast majority of Android phones, raising concerns about the broader Android ecosystem's security
2
.Related Stories
Timeline and User Recommendations
Google has not provided a specific timeline for the app's removal, but it is expected to act swiftly given the severity of the issue. In the meantime, security experts advise Pixel users to remain vigilant and ensure their devices are set to receive automatic updates. Users should also be cautious about granting permissions to apps and avoid clicking on suspicious links or downloading unverified applications
1
.Industry Implications and Future Security Measures
This incident highlights the ongoing challenges in mobile device security and the importance of regular security audits. It also underscores the responsibility of manufacturers and software developers to prioritize user privacy and data protection. As the digital landscape evolves, companies like Google will need to remain proactive in identifying and addressing potential security vulnerabilities to maintain user trust and protect against emerging threats
3
.References
Summarized by
Navi
Related Stories
Weekly Highlights
1
Oracle's AI-Driven Cloud Surge Propels Larry Ellison to World's Richest Status
Business and Economy
2
Tesla Proposes $1 Trillion Pay Package for Elon Musk Tied to Ambitious AI and Robotics Goals
Business and Economy
3
Anthropic's $1.5B AI Copyright Settlement: A Landmark Deal Under Scrutiny
Policy and Regulation
Weekly Highlights
Explore today's top stories
Your Daily Dose of Curated AI News
Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.
