In This Story
Google’s (GOOGL) Pixel smartphones ship with a risky application that leaves them vulnerable to hackers, mobile security firm iVerify has found.
The third-party app has reportedly been embedded in Pixel phones for years. According to iVerify, the app has a vulnerability that “leaves millions of Android Pixel devices susceptible” to hackers, “giving cybercriminals the ability to inject malicious code and dangerous spyware.” A Google (GOOGL) spokesperson told WIRED that the company will work to remove the software in the coming weeks.
The spokesperson told The Washington Post that “[e]xploitation of this application on a user phone requires both physical access to the device and the user’s password.”
The security issue with Google’s Pixel phones has prompted AI giant Palantir (PLTR) to stop issuing them to its employees, the Post reports.
“Mobile security is a very real concern for us, given where we’re operating and who we’re serving,” Palantir’s (PLTR) Chief Information Security Officer, Dane Stuckey, told The Post. “This was very deleterious of trust, to have third-party, unvetted insecure software on it. We have no idea how it got there, so we made the decision to effectively ban Androids internally.”
iVerify said that the issue “highlight[s] the need for more transparency and discussion around having third-party apps running as part of the operating system” in tech firms’ products. “It also demonstrates the need for quality assurance and penetration testing to ensure the safety of third-party apps installed on millions of devices.”