Google sold Android phones with hidden insecure feature, companies find

[[correlate]]

Content source

https://www.washingtonpost.com/technology/2024/08/15/google-sold-android-phones-with-hidden-insecure-feature-companies-find/

Google’s master software for some Android phones includes a hidden feature that is insecure and could be activated to allow remote control or spying on users, according to a security company that found it inside phones at a U.S. intelligence contractor.

The feature appears intended to give employees at stores selling Pixel phones and other models deep access to the devices so they can demonstrate how they work, according to researchers at iVerify who shared their findings with The Washington Post.

https://www.washingtonpost.com/technology/2024/08/15/google-sold-android-phones-with-hidden-insecure-feature-companies-find/

 

[Sandbox Breaker - DFIR]

https://www.washingtonpost.com/technology/2024/08/15/google-sold-android-phones-with-hidden-insecure-feature-companies-find/

For sure left as a backdoor.

 

[oldschool]

For sure left as a backdoor.

Def not a good look, but I'm getting a Pixel anyway.

 

[n8chavez]

Def not a good look, but I'm getting a Pixel anyway.

Pixel's are awesome, for sure. But I tried the 6, and went back to Samsung because you cannot miracast with Pixel.

 

[Marko :)]

Def not a good look, but I'm getting a Pixel anyway.

I'd like to get a Pixel, but there's no way for me getting it here, let alone repair it if something goes wrong. This is why I hate Google. They sell their devices in just handful of countries.

 

[n8chavez]

I'd like to get a Pixel, but there's no way for me getting it here, let alone repair it if something goes wrong. This is why I hate Google. They sell their devices in just handful of countries.

Can't you buy it direct from google?

 

[Marko :)]

Can't you buy it direct from google?

That's the thing, I can't. Even though by EU law I have right to buy anything from anywhere in the EU, Google Store only ships to addresses where they operate. I can buy from Amazon DE/IT without any issues, but Google Store DE/IT only ships to their countries.

Not only that. If my phone breaks, I have to send it abroad because no one here fixes Pixels as they are unofficially available here. Some web shops sell imported Pixels here, for double the price which of course I ain't payin'. From what I understand, I can't even send phone from here to Google and let them handle the repair.

EDIT: I just saw that Google Store recently added Slovenia on their site, but they're not the ones selling the products. When you select the product they redirect you to the websites of their partners. One of them owns a electronic shop in Croatia.

I just don't get it; why can't Google open a Google Store in Slovenia and just serve the entire Ex-Yu area.

 

[cartaphilus]

Def not a good look, but I'm getting a Pixel anyway.

I Had Pixel 6 XL, 8 XL and now won't be getting 9 XL. I have decided that PIXEL SUCKS! The connectivity is something to be desired. It keeps dropping 5G and cell signal during a conversation even when at -50db cell tower signal strength. None of the AI Tensor Core crap is unique to the device since everything eventually gets ported down to every other device so the whole TENSOR is special Hardware is a bunch of marketing BS.
The battery is Abysmal, the only good thing is the camera but I don't buy a phone for a camera, I buy a phone to be a phone at which Pixel sucks!

 

[cartaphilus]

That's the thing, I can't. Even though by EU law I have right to buy anything from anywhere in the EU, Google Store only ships to addresses where they operate. I can buy from Amazon DE/IT without any issues, but Google Store DE/IT only ships to their countries.

Not only that. If my phone breaks, I have to send it abroad because no one here fixes Pixels as they are unofficially available here. Some web shops sell imported Pixels here, for double the price which of course I ain't payin'. From what I understand, I can't even send phone from here to Google and let them handle the repair.

EDIT: I just saw that Google Store recently added Slovenia on their site, but they're not the ones selling the products. When you select the product they redirect you to the websites of their partners. One of them owns a electronic shop in Croatia.

I just don't get it; why can't Google open a Google Store in Slovenia and just serve the entire Ex-Yu area.

You can only get the Yugo version of Pixel, it's powered by the Trabant Core

 

[Sandbox Breaker - DFIR]

Pixels are solid. We use them at my firm and obviously harden the heck out of them while using a strong MTD solution. Device integrity is huge because this is the way we can detect nation state attacks on these devices. Never mind malicious apks lol.

As researchers poke holes on Google's software and hardware it forces them to tighten things up. Google is known for security and I doubt that that would want to be looked at as not caring. Let's see how they respond.

 

[cartaphilus]

Pixels are solid. We use them at my firm and obviously harden the heck out of them while using a strong MTD solution. Device integrity is huge because this is the way we can detect nation state attacks on these devices. Never mind malicious apks lol.

As researchers poke holes on Google's software and hardware it forces them to tighten things up. Google is known for security and I doubt that that would want to be looked at as not caring. Let's see how they respond.

As a personal use factor I don't care that much about it being hardened since if lost it's lost, I care more about usability. Will it be able to connect and not drop signal? Will it work on WiFi 6ghz (it doesn't, it connects but the bandwith is abysmal and it's a known issue for over a year and it's not been fixed yet). Can I count on it to get in contact with someone during an emergency (nope, signal issues). Can I use it for WiFi Calling...yes...but with horrible breaks in comms that occur at random. So yeah no, it feels like a half baked product.

As per security; there is a reason why DoD is using Apple and not Android, and that's even after Apple told DoD acquisitions to pound sand when DoD approached them a decade ago regarding a custom hardware. (not sufficient # of devices to warrant alternate design)

 

[Sandbox Breaker - DFIR]

As a personal use factor I don't care that much about it being hardened since if lost it's lost, I care more about usability. Will it be able to connect and not drop signal? Will it work on WiFi 6ghz (it doesn't, it connects but the bandwith is abysmal and it's a known issue for over a year and it's not been fixed yet). Can I count on it to get in contact with someone during an emergency (nope, signal issues). Can I use it for WiFi Calling...yes...but with horrible breaks in comms that occur at random. So yeah no, it feels like a half baked product.

As per security; there is a reason why DoD is using Apple and not Android, and that's even after Apple told DoD acquisitions to pound sand when DoD approached them a decade ago regarding a custom hardware. (not sufficient # of devices to warrant alternate design)

Custom Hardened ROMS are used by alot of Intelligence agencies. I agree with you on usability. The lack of visibility into iOS thou make it a juicy target and harder to determine compromise. Which increase dwell time. Kaspersky did a great write up on operation triangulation. Also Russia bans iPhones for govt use. iOS also get popped more at pwn2own. Samsung is a joke. Never see a pixel though

 

[n8chavez]

I Had Pixel 6 XL, 8 XL and now won't be getting 9 XL. I have decided that PIXEL SUCKS! The connectivity is something to be desired. It keeps dropping 5G and cell signal during a conversation even when at -50db cell tower signal strength. None of the AI Tensor Core crap is unique to the device since everything eventually gets ported down to every other device so the whole TENSOR is special Hardware is a bunch of marketing BS.
The battery is Abysmal, the only good thing is the camera but I don't buy a phone for a camera, I buy a phone to be a phone at which Pixel sucks!

Not that it matters, but the 9 series is getting a new modem...finally!

 

[Trident]

Not that it matters, but the 9 series is getting a new modem...finally!

What is the modem they use now and which one they will get?

 

[n8chavez]

What is the modem they use now and which one they will get?

I believe the 7 and 8 had the really bad Exynos Modem 5123, but the 9 is getting Exynos Modem 5400. From what I can tell, that's a pretty significant upgrade.

See here.

 

[Trident]

I believe the 7 and 8 had the really bad Exynos Modem 5123, but the 9 is getting Exynos Modem 5400. From what I can tell, that's a pretty significant upgrade.

See here.

The Exynos modems range from nightmare to simply not as good, specially compared to Qualcomm but nice upgrade. At least something.

I ditched Samsung (after 1 attempt to use Galaxy) mainly because of the modem. Although it has now been rectified by eliminating the Exynos version in EU, can’t switch back.

On the other side, the wi-fi modules are top notch.

 

[n8chavez]

The Exynos modems range from nightmare to simply not as good, specially compared to Qualcomm but nice upgrade. At least something.

I ditched Samsung (after 1 attempt to use Galaxy) mainly because of the modem. Although it has now been rectified by eliminating the Exynos version in EU, can’t switch back.

On the other side, the wi-fi modules are top notch.

I agree with Exynos, although I'm biased because I was on that Qualcomm team that designed the chip.

 

[Marko :)]

The Exynos modems range from nightmare to simply not as good, specially compared to Qualcomm but nice upgrade. At least something.

I ditched Samsung (after 1 attempt to use Galaxy) mainly because of the modem. Although it has now been rectified by eliminating the Exynos version in EU, can’t switch back.

On the other side, the wi-fi modules are top notch.

Exynos is terrible and is one of the reasons why I'll never own a Samsung phone. I tend to buy only Qualcomm phones because in almost all cases they are fast and battery lasts longer. Generally, I never had issues with Qualcomm phones, but Exynos, dear God. Samsung should stop embarrassing themselves and just use Exynos in home appliances because that's the category they are only good for.

My next phone will definitely be either Xiaomi or Motorola. I fell in love with my Poco X5 Pro the moment I opened the box. Yes, it came with A LOT of bloatware and ads, but really nothing you can't get rid of. I just connected my phone to a PC via ADB and some software, I managed to remove pretty much anything I don't need in less than 5 minutes.
I removed all Xiaomi apps (except Security which can't be removed as the HyperOS will boot loop) and replaced them with Google ones which come with Pixel devices, even the basic ones like Calculator. Modem inside this phone is a beast! I never had any issues with Wi-Fi or mobile signal reception at all. I just love it.

Motorola phones would be my second choice, they are made by Lenovo from which I have Legion laptop and I'm really satisfied. Beside, my father owns Motorola phone and after buying the first one, he only wants Motorola now, nothing else. I like the fact they have clean Android with just a few bloatware apps, nothing else. Pretty much Pixel experience for half the price.

 

[Bumblebee Uncle]

I have had zero issues with any of my Pixel devices with these supposed call drops! Been using them for years now.

 

[cartaphilus]

I have had zero issues with any of my Pixel devices with these supposed call drops! Been using them for years now.

Yeah it's a random hardware issue. Both the wifi 6Ghz speed bug (max download at 44mbit) and random drops along with horrid wifi calling.