Google Pixel Phones Found to Contain Potential Surveillance Software
A significant security vulnerability has been discovered in most Google Pixel phones sold since September 2017, potentially allowing for surveillance or remote control of users’ devices. The flaw was uncovered by iVerify’s endpoint detection and response (EDR) scanner at Palantir Technologies, leading to a joint investigation with Trail of Bits.
The investigation revealed a hidden Android software package called Showcase.apk, developed by Smith Micro Software for Verizon in-store demos. While inactive by default, the app, when enabled, could make the operating system vulnerable to various attacks and accessible to hackers.
In response to the discovery, Palantir has banned Android devices internally. Dane Stuckey, Palantir’s chief information security officer, expressed serious concerns about trust and security. iVerify’s report highlighted the potential for significant data loss breaches, potentially totaling billions of dollars.
Google spokesperson Ed Fernandez stated that the software is no longer in use and there is no evidence of active exploitation. However, despite being informed about the report in early May, Google had not publicly disclosed the vulnerability or released a software update to remove it. Android plans to remove the app from all Pixel devices in the coming weeks.
The presence of this software on Pixel phones, which are often considered clean and secure, has raised particular concerns due to their use in defense applications. As the situation continues to develop, security experts and users alike are closely watching for further updates and actions from Google to address this vulnerability.