Google's core software for some Android phones includes a hidden feature that is not secure and could be enabled to allow remote control or spying on users, according to a security firm that discovered it inside phones.
The feature appears to be intended to give employees at stores that sell Pixel phones and other models deep access to the devices so they can demonstrate how they work, according to iVerify researchers who shared the their findings with the Washington Post.
The discovery and Google's lack of explanation worried data analytics platform vendor Palantir Technologies, so much so that it stopped providing Android phones to its employees, the company told the Washington Post.
"Mobile security is a real concern for us given where we do business and who we serve," said Palantir Chief Information Security Officer Dane Stuckey.
“That was very damaging to trust, to have third-party software on it, unregulated. We have no idea how it got there, so we've made the decision to ban Android internally.”
The security firm said it contacted Google about its findings more than 90 days ago, and that the company has not said whether it will remove or fix the app.
On Wednesday night, Google told the Washington Post that it would issue an update to remove the app.
"We will be removing it from all supported Pixel devices on the market with an upcoming software update," said company spokesman Ed Fernandez.