nostr:nprofile1qqs9g69ua6m5ec6ukstnmnyewj7a4j0gjjn5hu75f7w23d64gczunmgpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qzxthwden5te0wfjkccte9eeks6t5vehhycm99ehkuegprpmhxue69uhkummnw3ezucm0d9hxvatwvshxzursz8gjrz nostr:nprofile1qqsvzkj6vkvxu745zdx7uw4c2f2d5hzafvzw0z60zmyzsdce9564rpgpr9mhxue69uhhyetvv9ujuumwdae8gtnnda3kjctv9uku09kp
A pre-installed app on #Google Pixel devices could expose users to potential cyberattacks due to insecure code execution.
With over 3 dozen permissions, the app has access to sensitive data & system-level functions, posing a significant risk.
https://thehackernews.com/2024/08/google-pixel-devices-shipped-with.html
#infosec
Discussion
This is an unused app previously used for demo phones for display at phone stores. Android 15 already removed it. GrapheneOS hasn't bundled apps like this since 2015. You need a physical access and the device's password, or an extremely sophisticated remote attack with filesystem access to enable it. By that point, you have way more access and control than this app ever did.
The disclosing party (iVerify) sell a dubious app marketed to protect you against sophisticated remote attacks like Pegasus but cannot do what it claims. They also collaborated with Palantir, a surveillance company trying to sell "predictive policing" tech. It is a scaremongering tactic meant to market their dubious products.