The story isn’t nearly as dramatic as it seems. Maybe this thread can offer some nuance: https://grapheneos.social/@GrapheneOS/112967309987371034
Kind of a nothing burger
All these updates and they let this get by. That’s pretty ridiculous.
Don’t let this misleading Wired article fearmonger you. I recommend this thread, which provides some nuance to this drama: https://grapheneos.social/@GrapheneOS/112967805820394815
I have doubts that this apk is enabled and running on all pixels, it’s especially not on custom roms such as Graphene (I just checked my own).
The GrapheneOS guys also explained why this isn’t nearly as bad as it sounds, and how Wired is simply fearmongering: https://grapheneos.social/@GrapheneOS/112967309987371034
Yeah, doesn’t look like it affects GrapheneOS. More validation of my choice to run Graphene I guess.
I’m too stupid to install it. Would’ve liked to plonk it on my old tablet instead of throwing it into the trash.
It’s only compatible with modern Pixel devices, so unless you’re old tablet is a Google Pixel Tablet, you can’t install it anyway. But the installer is super easy to use (if you have a compatible device). It’s literally all in your web browser.
iVerify vice president of research Matthias Frielingsdorf points out that while Showcase represents a concerning exposure for Pixel devices, it is turned off by default. This means that an attacker would first need to turn the application on in a target’s device before being able to exploit it. The most straightforward way to do this would involve having physical access to a victim’s phone as well as their system password or another exploitable vulnerability that would allow them to make changes to settings.
Just a bit of alarmism then, with something that can be easily removed in an update.