Security News > 2024 > August > Google to Remove App that Made Google Pixel Devices Vulnerable to Attacks

A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware.

It's currently not clear why third-party software is directly embedded into Android firmware on background, a Google representative said the application is owned and required by Verizon on all Android devices.

"Since this app is not inherently malicious, most security technology may overlook it and not flag it as malicious, and since the app is installed at the system level and part of the firmware image, it can not be uninstalled at the user level," iVerify said.

In a statement shared with The Hacker News, Google said it's neither an Android platform nor Pixel vulnerability, and that it's related to a package file developed for Verizon in-store demo devices.

"Exploitation of this app on a user phone requires both physical access to the device and the user's password," a Google spokesperson said.

"We have seen no evidence of any active exploitation. Out of an abundance of precaution, we will be removing this from all supported in-market Pixel devices with an upcoming Pixel software update. The app is not present on Pixel 9 series devices. We are also notifying other Android OEMs.".

News URL

https://thehackernews.com/2024/08/google-pixel-devices-shipped-with.html