Most Google Pixel phones sold since September 2017 included software that could be used to surveil or remotely control users’ phones, according to a new report from the cybersecurity company iVerify.
The vulnerability was discovered after iVerify’s endpoint detection and response (EDR) scanner flagged an insecure Android device at Palantir Technologies, an iVerify client. After launching a joint investigation, iVerify, Palantir, and Trail of Bits discovered a hidden Android software package — Showcase.apk — across Google Pixel devices. The data-mining firm Palantir, which sells its surveillance products to governments and private companies, banned Android devices across the company in response.
“This was very deleterious of trust, to...