fbpx
  • Showcase is a potentially vulnerable app present in Pixel firmware, designed for Verizon in-store demos.
  • The app is not enabled by default, severely limiting the potential for it to be exploited.
  • Out of an abundance of caution, Google will still update Pixel phones to remove the software.

Earlier today, security researchers shared a concerning discovery made in the firmware of multiple Pixel smartphones. A software package identified as Showcase.apk appeared to leave handsets vulnerable to a number of different attack vectors, with no obvious way to remove it. Since news of this issue first surfaced, Google has been speaking out to clarify the serious limitations that help mitigate the potential impact of a Showcase exploit, while also committing to remove the software from affected Pixel phones.

Showcase, a Google spokesperson explained to Android Authority, is an app developed by Smith Micro for use as an internal Verizon demo, letting the carrier easily highlight phone features to shoppers in its stores. But while it’s not actively enabled on the Pixel phone you buy and take home, the software is still there — and this is what the researchers at iVerify discovered in their analysis. If it were to get switched on, there’s the possibility that an attacker could take advantage of insecurities in the app to gain control of your device — and because Showcase is granted a lot of permissions, there’s the potential for it to do real damage.