pwshub.com

Google to remove potentially risky app from Pixel devices following security report

Google LLC has committed to removing a dubious application found on some or all Pixel phones following a report about it representing a serious security vulnerability, be it that the severity of the vulnerability is in dispute.

A report released today by mobile device security company iVerify LLC, in conjunction with the security team at Palantir Technologies Inc., detailed the discovery of a serious Android security vulnerability that the report says affects millions of Pixel devices globally. The vulnerability makes Android accessible to cybercriminals to perpetrate man-in-the-middle attacks, malware injections and spyware installations.

The vulnerability relates to an Android app package called Showcase.apk. Per the iVerify report, the application runs at the system level and can fundamentally change the phone’s operating system. The application package is installed over unsecured HTTP protocols, opening a backdoor that makes it easy for cybercriminals to compromise the device.

The report notes that users cannot remove the app since it’s part of the firmware image and Google does not allow end-users to alter the firmware image for security reasons.

“While we don’t have evidence this vulnerability is being actively exploited, it nonetheless has serious implications for corporate environments, with millions of Android phones entering the workplace every day,” Rocky Cole, co-founder and chief operations officer of iVerify, said in a statement sent to SiliconANGLE. “Google is essentially giving CISOs the impossible choice of accepting insecure bloatware or banning Android entirely.”

The report also claimed that Google was also made aware of the vulnerability, with iVerify submitting a detailed report on what the issue is. “It’s unclear if Google will issue a patch or remove the software from the phones to mitigate the potential risks,” the report states.

Though Google has admitted that the file may cause security issues, the search giant indicated the exposure and potential security risk isn’t as widespread as it may appear.

A spokesperson from Google who spoke with CNET claims that the app was developed by Smith Micro Software Inc. for Verizon Communications Inc. and is not an Android or Pixel vulnerability. It’s also claimed that the app was only used for in-store devices and that the app is no longer being used.

Further, Google disputes the risk presented by it. “Exploitation of this app on a user phone requires both physical access to the device and the user’s password… we have seen no evidence of any active exploitation,” the spokesperson added. “Out of an abundance of precaution, we will be removing this from all supported in-market Pixel devices with an upcoming Pixel software update.”

The claims come after Google announced its latest Pixel lineup at an event on Aug. 13. Google announced a new family of Pixel 9 smartphones, along with the Pixel 9 Pro Fold, that feature the company’s artificial intelligence Gemini family of models.

Source: siliconangle.com

Related stories
1 month ago - Regulators are circling ever closer to big tech companies — the latest being Google, which the Federal Trade Commission more than hinted this week should be broken up. It’s not at all certain that will happen, since it’s up to the judge...
1 month ago - US stocks were poised for a rebound from a two-day rout that wiped out a healthy chunk of 2024's market gains
1 month ago - The Irish Data Protection Commission, the regulator that oversees X Corp.’s business practices in the European Union, has sent the company questions over a newly added privacy setting. Users of the Elon Musk-owned social network noticed...
3 weeks ago - In the world of professional football, few coaching relationships are as legendary as that of Bill Parcells and his protégé, Bill Belichick. Parcells built formidable defenses, but it was Belichick who took the New England Patriots to...
1 month ago - The tech sector sold off chaotically on Wednesday, the day after Alphabet (GOOGL) and Tesla (TSLA) reported quarters that, while not abysmal, were far from perfect. The brutal day of selling seemed more like an overreaction than a sign...
Other stories
38 minutes ago - Boeing's share price hovers near 52-week lows as the plane maker tries to strike a deal with its machinist union.
38 minutes ago - Shares of Donald Trump's media company fell for a second session on Tuesday ahead of the end of restrictions on share sales by the former U.S. president and other insiders. Trump Media & Technology Group, which is 57% owned by the...
38 minutes ago - Find the latest Abercrombie & Fitch Company (ANF) stock forecast based on top analyst's estimates, plus more investing and trading data from Yahoo Finance
38 minutes ago - Can 1995 happen again for the big banks? It might be a moonshot scenario for 2025 as the Fed contemplates rate cuts.
38 minutes ago - Chipmaker Broadcom Corp.'s (NASDAQ:AVGO) shares, which began to rally at the start of 2023, have been going through a consolidation phase since topping out in late June. The stock has found itself a fan in CNBC Mad Money host Jim Cramer....