Tech & Gadgets

Google removes app that lets hackers spy on your Pixel phone

Google Pixel phones came with an application that could potentially be abused by hackers to spy on users’ smartphones, according to an investigation by three security firms. A hidden Android package on the company’s handsets that was used to demonstrate features in the stores of a US telecommunications company contains a security vulnerability, security firm iVerify has said. Google has reportedly confirmed that the affected application, which is inactive by default, will be removed from Pixel phones in the future.

Google Pixel phones shipped with vulnerable ‘Showcase’ application

According to a report An unsecure smartphone was detected by cybersecurity firm iVerify on one of its customers, Palantir Technologies. When the handset in question was inspected, the security firm found an application called Showcase that came pre-installed on all Pixel phones.

The Showcase application was created by a company to enable demos of Google Pixel phones in Verizon stores in the US, the company said. While the vulnerable application comes pre-installed on all Google smartphones sold since 2017, it is not enabled by default. Meanwhile, Gadgets 360 could not find the Showcase app on the Pixel 8 review unit sent to it by the company.

The Showcase app runs at the system level, giving it a greater degree of access to a user’s phone than apps installed through the Play Store. It’s unclear why Google chose to ship an app on all Pixel phones, rather than including it on models required for in-store demos in the US.

While Pixel smartphones are widely considered among the most secure Android phones, the vulnerability — if enabled — could allow attackers to conduct a man-in-the-middle (MITM) attack, inject and execute malicious code, or even run spyware on a user’s phone, according to iVerify. The security firm says that Palantir now plans to phase out Android smartphones and transition to iPhone models over the coming years.

The security firm said it provided Google with a vulnerability report as part of its 90-day disclosure process, but has not received a response from the company. In a statement to the Verge, a Google spokesperson said the company has seen “no evidence of active exploitation” of the Showcase app and that it would be removed from all Pixel smartphones “in the coming weeks.”

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button