XDA member unknowingly bought a Pixel phone with an FBI backdoor
The XDA Forums routinely get new users who have trouble with their phones, but one unlucky user ended up with a problem that nobody knew how to solve. As it turns out, this user had bought a used Pixel phone that wasn’t originally sold by Google or an official retailer but rather by the U.S. Federal Bureau of Investigations, or FBI. This phone came with a custom ROM called ArcaneOS and had messaging software called “ANOM” preinstalled that was secretly made by the FBI to catch criminals discussing their criminal activities.
An XDA Member posted on our Pixel 4a forums at the end of May seeking help from others to remove the ArcaneOS software and install Google’s official Android build. Another user on the German Android forums Android-Hilfe also had a similar problem with their Pixel phone back in March, but they had a Pixel 3a instead of the Pixel 4a that the XDA user had.
At the time both users posted online, the existence of ArcaneOS and ANOM hadn’t been publicized, so nobody knew what the two users’ phones was actually running. ArcaneOS lacked Google Mobile Services (and hence didn’t have the Play Store) and hid the ability to turn on Developer Options, hence making it difficult for the users to unlock the bootloader to flash the stock firmware. The phones’ bootloaders were locked despite the fact that they weren’t running stock firmware, and that’s possible because Pixel phones support running alternative operating systems on a locked bootloader so long as one adds their own signing key to the Android Verified Boot (AVB) process. This is how the bootloader on a Pixel phone can be locked after flashing a security-hardened custom ROM like CalyxOS or GrapheneOS, and it’s likely how the FBI also loaded ArcaneOS onto the Pixel phones they sold to criminals.
After it was made clear that the XDA user essentially had a paperweight on their hands, they got rid of it, of course. They didn’t say where it ended up, but it’s likely that this is the same phone that Vice recently got their hands on. The team at Vice discovered the truth behind the phone’s software: It’s a phone that the FBI sells to criminals so they can log their communications for evidence of criminal activity.
Unlocking the phone with a normal PIN code shows some normal apps like Tinder, Netflix, and Facebook, but none of the apps actually open when you tap their icon. However, unlocking the Pixel phone with a different PIN code reveals icons for a clock app, a calculator app, and the device’s settings. Tapping the calculator icon doesn’t actually open a calculator app, however. Instead, it opens a login screen for the ANOM service, an “encrypted” messaging service secretly run by the FBI. After the existence of ANOM was disclosed, criminals quickly sought to get rid of their devices, which is likely how the unlucky XDA user got their hands on a Pixel 4a at such a bargain.
For more details on the FBI’s honeypot operation and the ANOM service, I recommend reading Vice‘s excellent coverage on the topic.