SBN

Google Pixel Security: Android App Makes Phones Vulnerable

In jointly published analysis by Palantir Technologies and Trail of Bits pertaining to Google Pixel security, it has been revealed that Pixel phones shipped worldwide since 2017 host a dormant app. The app, if exploited, can become a staging ground for attacks and can be used for delivering various kinds of malware. In this article, we’ll cover details about the app, the official take on Google Pixel security, and any recent updates. Let’s begin!

Google Pixel Security Threatened By Showcase.apk

Malicious Android app issues have previously prevailed in the cyber threat landscape and the most recent addition to such issues is the Showcase.apk app. The mobile app, according to iVerify, comes with excessive system privileges that include having the ability of remote code execution and arbitrary package installation.

The analysis published by Palantir Technologies and Trail of Bits states that:

“The application downloads a configuration file over an unsecure connection and can be manipulated to execute code at the system level.”

Further details from the report have revealed that the application threatening Google Pixel security, uses a single United States (US) based Amazon Web Services (AWS) domain accessed over unsecured HTTP. This is what makes the configuration and the device vulnerable to the attack.

Claroty

HTTP vs. HTTPS: Verizon Retail Demo Mode App

As per recent media reports, the app in question is called the Verizon Retail Demo Mode app. This app requires around three dozen permissions, some of which include location and external storage. Information available on online forums shows that the package has been in existence since August 2016.

Given that the configuration file is downloaded over an unencrypted HTTP web connection as opposed to an HTTPS one, it makes the file vulnerable to exploits while it’s downloaded. As of now no active exploits have been witnessed. It’s worth mentioning here that the app is made by Smith Micro, not Google, and is used to put the device in demo mode.

The prevalence of such an app on Android Pixel leaves them vulnerable to adversary-in-the-middle (AitM) attacks. This essentially allows threat actors to have the power of injecting malicious code and spyware on the compromised devices.

Staying Safe Against The Showcase.apk Vulnerabilities

Given the adverse impact of the vulnerability, if exploited, ensuring protective measures is essential. Those keen on ensuring protection must know that this threat to Google Pixel security is automatically mitigated to a certain extent. Such mitigation stems from the fact that the app itself is not enabled by default.

However, it is possible for the app to be enabled if a threat actor has physical access to the device and developer mode is activated on it. This app may be overlooked by security solutions given that it’s not inherently malicious. In addition, since it’s installed at the system level and part of the firmware image, it can’t be uninstalled at the user level.

As far as Google Pixel security is concerned, reports have cited a Google spokesperson stating that the app will be removed from all supported in-market Pixel devices via a software update and that it’s not present on Pixel 9 series devices. In an update, maintainers of the GrapheneOS, an Android-based security-focused mobile operating system, have stated that:

“In order to enable and set up this app, you already need to have more control over the device than this app is able to provide by exploiting the insecure way it fetches a configuration file”

Conclusion

The Showcase.apk poses a theoretical risk to Google Pixel security; its default disabled state and the need for specific conditions to exploit it significantly reduce immediate threats. Google’s upcoming software update and the app’s current limitations provide essential safeguards against potential vulnerabilities. But, given the nature of such threats, using proactive cybersecurity measures is not essential for safeguarding devices against threat actors.

The sources for this piece include articles in The Hacker News and The Record.

The post Google Pixel Security: Android App Makes Phones Vulnerable appeared first on TuxCare.

*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Read the original post at: https://tuxcare.com/blog/google-pixel-security-android-app-makes-phones-vulnerable/

Application Security Check Up