If you’re using a Google Pixel phone, there’s a good chance that a recently discovered bug in the operating system applies to you. This bug can give a hacker a frightening amount of control over your device, and there’s no fix for it yet. While the bug seems to be so serious, Google doesn’t seem to be taking it as seriously as some would like.

Related

Android Developer Options Explained: Everything You Can Do With These Settings

Android ships with a whole host of developer options that can unlock experimental and debugging features. Here’s what these options do.

A critical security vulnerability has been discovered in Google Pixel devices

As Wired reports, the flaw was discovered by security firm iVerify. In iVerify’s report on the matter, the company found a file called “Showcase.apk” on the device that runs with “excessive” system permissions.

Showcase.apk was originally developed by Smith Micro for Verizon to create a showcase demo video, but somehow the APK file has managed to end up on most Pixel devices. iVerify states that “a very large percentage of Pixel devices shipped worldwide since September 2017” have the bug.

iVerify claims that the file’s excessive system permissions allow a hacker to execute remote code on the device. Showcase.apk is also designed to accept files over an unencrypted HTTP connection, which iVerify says could be used to either spy on user data or even take control of the target Android device.

Worst of all, standard users don’t have the necessary permissions to delete the APK file, so they’ll have to rely on Google to fix the problem. iVerify believes the bug “could result in billions of dollars in data loss.”

…but iVerify claims that Google is delaying the release of a fix

When a security company discovers a bug, they usually report it to the manufacturer and developer, who then quickly provide a fix. However, the company claims to have reported the Showcase.apk bug back in early May, but has yet to receive a response on when a fix will come. In fact, one of iVerify’s partners is deeply concerned about how Google is handling the situation:

Additionally, it’s unclear why Google installs a third-party application on every Pixel device when only a very small number of devices require the Showcase.apk. The concerns are so serious that Palantir Technologies, which helped identify the security issue, has decided to remove Android devices from its mobile fleet and switch entirely to Apple devices over the next few years.

Google has contacted Wiredclaiming that “Google has seen no evidence of active exploitation” and that the new Pixels 9 Devices do not have the problem. While there are plans to release an update to fix the problem “in the coming weeks,” users will have to tread water until then.