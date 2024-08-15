Key Takeaways Google Pixel users at risk due to a critical flaw in operating system granting hackers excessive control.

The flaw allows hackers to execute remote code, spy, or take control of devices, posing a severe threat.

Despite the severity, Google has been slow to respond, causing concerns among users.

If you're using a Google Pixel phone, there's a good chance that a recently discovered flaw in the operating system may apply to you. This flaw can give a hacker a scaringly large amount of control over your device, and there hasn't been a fix for it just yet. However, despite how severe the flaw seems to be, Google doesn't seem to be taking it as seriously as some may like.

A critical security flaw has been spotted in Google Pixel devices

As reported by Wired, the flaw was discovered by the security firm iVerify. In iVerify's report on the topic, the company located a file called "Showcase.apk" within the device that runs with "excessive" systems privileges.

Showcase.apk was originally designed by Smith Micro for Verizon to create a demo reel for storefronts, but somehow the APK file managed to find itself in the bulk of Pixel devices. iVerify states that "a very large percentage of Pixel devices shipped worldwide since September 2017" contains the flaw.

iVerify claims that the file's excessive system privileges allow for a hacker to execute remote code on the device. Showcase.apk is also designed to accept files over an unencrypted HTTP connection, which iVerify claims could be used to either spy on user data or even take control of the target Android device.

Worst of all, standard users do not have the proper permissions to delete the APK file, meaning they have to rely on Google to fix it. iVerify believes that the flaw "could result in data loss breaches totaling billions of dollars."

...but iVerify claims that Google is dragging its feet over publishing a fix

Usually, when a security firm discovers a flaw, it flags it with the manufacturer and developer which then delivers a speedy fix. However, the company claims that it reported the Showcase.apk flaw back in early May, but has not yet received any response on when a fix is coming. In fact, one of iVerify's partners is deeply concerned over how Google is handling the situation:

Further, why Google installs a third-party application on every Pixel device when only a very small number of devices would need the Showcase.apk is unknown. The concern is serious enough that Palantir Technologies, who helped identify the security issue, is opting to remove Android devices from its mobile fleet and transition entirely to Apple devices over the next few years.

Google did get in touch with Wired, claiming that "Google has not seen evidence of active exploitation" and that the new Pixel 9 devices don't have the issue. It does plan to have an update "in the coming weeks" to fix it, but until then, users have been left high and dry.