album-art
00:00

 

Do you own a sleek, stylish Google Pixel phone? Then you have to see this!

Google Pixel phones have a defunct app that serves as a malicious backdoor. Yes, you read that right! Your Google Pixel phone has a pre-installed, unremovable app that can make it easy for threat actors to pry into your device.

Pittsburgh-based Smith Micro had designed ‘Showcase.apk’ for all the Google Pixel phones meant to be on display at Verizon stores. However, the APK somehow got pre-installed on all the Google Pixel phones (especially the batches that have been shipped since 2017). These phones have been distributed across the globe. 

The app comes with certain features that can help threat actors gain illegitimate access to your personal data. The worst part is that users cannot uninstall the app. Only Google can eliminate the app from their Pixel phones.

 

malicious threat

 

Palantir Technologies is a big data company that works closely with intelligence and government defense agencies. Soon, however, a security vulnerability was discovered on their Android devices. After detailed research, it was found that showcase.apk was the root cause of this security lapse.

The data analytics giant Palantir has said that they are going to avoid Android devices altogether in the future as they have not found Google’s response satisfactory regarding the showcase.apk issue. 

Dane Stuckey, the chief information security officer at Palantir, is highly disturbed by the fact that Google secretively embedded third-party software in Android’s firmware without informing the users or the vendors. Also, he informed that Palantir is dissatisfied with the discussion that it had with Google during the 90-day disclosure window.

Experts believe that there are a lot of things that are unclear about showcase.apk. They are not sure why the APK was installed on all the Google Pixel phones even though it was developed for Verizon Store phones. Also, experts believe that the APK should not come equipped with all those ‘malicious’ features.

These features allow the APK to run commands in a way that keeps the phone users unaware of what’s going on in the background. The showcase.apk is also capable of downloading arbitrary packages and does not require user permission.

Rocky Cole, a former Google employee, believes that the malicious APK can be as dangerous as your imagination. Showcase.apk can control your Google Pixel phones and carry out activities without your knowledge. For example, the APK can send emails, turn the phone camera on or off, intercept your text messages, and so on.

Experts are trying to look at the brighter side of the blunder. First, the showcase.apk seems to be off as a default setting. Also, they assume that in order to toggle on the feature, the attacker is required to gain physical access to the targeted device. So, for now, you need to physically protect your device at all costs.

 

android phone virus

 

What now?

As of now, there is yet no news of showcase.apk exploitation. Google’s spokesperson has assured us that the upcoming Google Pixel 9 phones will not come pre-installed with showcase.apk. For the existing Pixel phones, Google has already started working on an update.

The update will, hopefully, be released in the upcoming weeks. However, up until then, Google Pixel phone users will be required to protect their phones almost physically from the prying eyes of threat actors. 

A Verizon Store spokesperson said that they are aware of the vulnerabilities in the existing Google Pixel phones. Also, they have assured that Android OEMs will simply remove the in-store demo capability to ensure maximized security for the users.

Experts are wary of the APK and are even more concerned because the showcase.apk comes pre-installed on Google Pixel phones. Users have only two options: they can either continue using their phones with this APK installed and potentially compromise their data safety, including their phishing protection, or they can avoid using Pixel altogether.

Therefore, experts find it too risky to allow third-party apps and software to have deep access to the operating system.

 

What can you do to keep your data safe as a Google Pixel user?

 

data

 

Google is still working on a fix. Until then, Pixel users must take a few precautionary steps to safeguard their private data.

Here’s what you can do as a Google Pixel user to protect your data and sanity:

  • Stay updated with the showcase.apk security blunder.
  • Keep looking for a security update from Google.
  • Look out for any suspicious activities on Pixel phones.
  • Avoid handing over your Pixel phone to someone you cannot trust completely.

 

The entire issue has raised questions about the credibility of Google Pixel devices. Besides, Google’s inability to tackle the matter as soon as possible is convincing users to transition from Android devices to other ecosystems for data safety and privacy.