A recent analysis by cybersecurity firm iVerify claims that software that may be used to spy on or take remote control of users’ phones has been included on the majority of Google Pixel phones sold since September 2017.
An unsafe Android smartphone at Palantir Technologies, an iVerify client, was identified by the company’s endpoint detection and response (EDR) scanner, leading to the discovery of the vulnerability. Following a coordinated probe, iVerify, Palantir, and Trail of Bits found that Showcase.apk, a secret Android software package, was present on all Google Pixel devices. In reaction, the data-mining corporation Palantir, which supplies governments and private businesses with its surveillance technology, outlawed Android handsets within the organization.
Palantir’s chief information security officer, Dane Stuckey, told The Washington Post that having third-party, unvetted, unsecure software on it was “very deleterious of trust.” “We have no idea how it got there, so we made the decision to effectively ban Androids internally.”
The program appears to have been made specifically for Verizon for in-store demos, and it was produced by Smith Micro program, according to iVerify’s research. According to the iVerify report, the app had to be manually enabled as it was inactive by default. The research states that “When enabled, Showcase.apk makes the operating system accessible to hackers and ripe for man-in-the-middle attacks, code injection, and spyware,” “The impact of this vulnerability is significant and could result in data loss breaches totaling billions of dollars.”
According to Wired, iVerify notified Google of its research as early as May 1. The software update that fixes the vulnerability has not been made available to the public by the corporation. According to a report by Wired, Fernandez stated that Android planned to delete the app from all Pixel devices “in the coming weeks.”
It’s actually pretty unsettling. The Post was informed by Palantir’s Stuckey that “It’s really quite troubling. Pixels are meant to be clean,” “There is a bunch of defense stuff built on Pixel phones.”