In This Story
Google’s GOOGL+1.28% Pixel smartphones ship with a risky application that leaves them vulnerable to hackers, mobile security firm iVerify has found.
The third-party app has reportedly been embedded in Pixel phones for years. According to iVerify, the app has a vulnerability that “leaves millions of Android Pixel devices susceptible” to hackers, “giving cybercriminals the ability to inject malicious code and dangerous spyware.” A Google GOOGL+1.28% spokesperson told WIRED that the company will work to remove the software in the coming weeks.
The spokesperson told The Washington Post that “[e]xploitation of this application on a user phone requires both physical access to the device and the user’s password.”
The security issue with Google’s Pixel phones has prompted AI giant Palantir PLTR-0.45% to stop issuing them to its employees, the Post reports.
“Mobile security is a very real concern for us, given where we’re operating and who we’re serving,” Palantir’s PLTR-0.45% Chief Information Security Officer, Dane Stuckey, told The Post. “This was very deleterious of trust, to have third-party, unvetted insecure software on it. We have no idea how it got there, so we made the decision to effectively ban Androids internally.”
iVerify said that the issue “highlight[s] the need for more transparency and discussion around having third-party apps running as part of the operating system” in tech firms’ products. “It also demonstrates the need for quality assurance and penetration testing to ensure the safety of third-party apps installed on millions of devices.”