Mobile phone security firm iVerify has discovered a vulnerability in Google Pixel smartphones, attributed to a piece of third-party software called “Showcase.apk” which was pre-installed on a large number of Pixel devices since September 2017. This software, designed for Verizon to showcase Pixel devices in retail stores, could potentially allow malicious actors to execute remote code or install packages on the device due to its deep system access and unencrypted configuration file downloads. Despite not being enabled by default, iVerify warned that there are multiple ways to activate Showcase, which cannot be uninstalled by users. Google has been informed of the issue and assured that they will issue a software update to remove Showcase from all Pixel devices in the near future. The company also confirmed that Showcase is no longer in use by Verizon and won’t be included in the latest line of Google Pixel devices announced recently.
