Google News Follow
Watchlist

    Google Pixel phones shipped with secret backdoor, security experts warn

    This app is equipped with extensive system privileges, enabling it to remotely execute code and install software without user consent.

    Written by Priya Pathak
    Indonesia has imposed a ban on the sale of Google Pixel phones
    Indonesia has imposed a ban on the sale of Google Pixel phones (credit: PR handout)
    google-preferred-btn

    Google’s Pixel phones have been found to have a secret backdoor that could have given hackers free control over user devices. According to a joint analysis by mobile security firm iVerify, Palantir Technologies, and Trail of Bits, a significant number of Pixel devices shipped worldwide since September 2017 contained a dormant app named “Showcase.apk”. This app is equipped with extensive system privileges, enabling it to remotely execute code and install software without user consent.

    The report highlights a significant security vulnerability in the Android package “Showcase.apk,” which has been preinstalled on a large number of Pixel devices globally since September 2017. This application possesses excessive system privileges, such as remote code execution and package installation capabilities. It downloads its configuration file over an unsecured HTTP connection from a US-based AWS-hosted domain, exposing it to man-in-the-middle (MITM) attacks and making devices prone to malicious code injection and spyware.

    The app’s vulnerabilities could allow cybercriminals to execute system-level commands and potentially take over devices. What’s worse, Showcase.apk cannot be removed through standard uninstallation processes. Although the app is not enabled by default, there are certain methods to activate it one of which requires physical access to the device.

    According to this report, the Showcase.apk package is developed by Smith Micro, a company known for remote access, parental control, and data-clearing software. It appears to have been designed to boost sales of Pixel and Android phones in Verizon stores. Since the app is included in the firmware, the researches expect it to be running on millions of Android Pixel phones globally at the system level.

    While Google has asserted that there’s no evidence of actual attacks and has subsequently removed the app from newer Pixel models, the discovery has raised serious concerns about the security implications for millions of users.

    Pixel owners are advised to update their devices to the latest software versions and exercise caution when downloading apps from unknown sources.

    Also Read

    TOPICS
    cyber attack
    Google
    Technology news

    Get live Share Market updates, Stock Market Quotes, and the latest India News and business news on Financial Express. Download the Financial Express App for the latest finance news.

    This article was first uploaded on August sixteen, twenty twenty-four, at ten minutes past six in the evening.

    Related News

    shorts
    A raft to measures to promote rupee globalisation
    A raft to measures to promote rupee globalisation
    Commodities4 min ago

    RBI takes steps to promote internationalisation of rupee, plans to introduce reference rates for major trading partner currencies. Deepening forex market with new rates, rupee rises 10 paise. Governor Malhotra monitoring rupee movements, will take appropriate steps. Considering Indonesian rupiah and UAE dirham, more to follow.

    View all shorts

    Photo Gallery

    Trending Topics

    income tax calculator
    defence stocks
    Gold rate today
    IPO
    sTOCK MARKET QUOTES
    sector stocks
    Stock screener
    group stocks
    ITR Guide

    Market Data
    Market Data