spicy-spicoli Wired recently posted an article raising issues about a potential vulnerability in Google Pixel's "Showcase.apk" file. It's not exactly clear to me if GrapheneOS has already addressed this vulnerability, or if this is something that GrapheneOS could potentially be exposed to? Article -> https://www.wired.com/story/google-android-pixel-showcase-vulnerability/
other8026 spicy-spicoli The affected app wouldn't be a part of AOSP. This must only affect the stock OS.
tomz spicy-spicoli I don't see it listed in the system or user apps list. Curious, have you seen it listed anywhere in GOS?
Pocketstar Good question, I'd like to know this as well. I did not see it under apps that were disabled, but this concerns a system-level app that is supposed to be invisible to the user.
anselmschueler GrapheneOS have addressed this on social media. Here is their thread on Mastodon: https://grapheneos.social/@GrapheneOS/112967309987371034 The most direct statement about this vulnerability is here in the thread: https://grapheneos.social/@GrapheneOS/112967311338859389
spicy-spicoli anselmschueler Thanks for sharing these. They are clearly addressing the Wired article, and describing how GrapheneOS is not succeptible to this + is actually fixing real issues. This post links to a 2021 commit in the codebase where "Showcase.apk" was removed. https://grapheneos.social/@GrapheneOS/112967643396857102
other8026 https://discuss.grapheneos.org/d/14993-debunking-fake-stock-pixel-os-vulnerability-from-an-edr-company