.webp)
As a precautionary measure, the company will remove Showcase from all affected Pixel devices within the coming weeks
Google has announced it will be removing a pre-installed app, Showcase.apk, from its Pixel devices following a security vulnerability report. The flaw, identified by cybersecurity firm iVerify in collaboration with data analytics company Palantir and Trail of Bits, posed a potential risk across Android phones, particularly affecting models since 2017.
The Showcase app, developed by Smith Micro for Verizon, was used primarily for retail purposes. It was embedded in Google Pixel phones to facilitate demonstrations of the device's capabilities. However, the app contained a significant security weakness: it allowed for the installation of additional software and the execution of code via an unencrypted HTTP connection, making it susceptible to remote exploitation. The investigation revealed that while the risk was real, it was mitigated by the fact that Showcase was disabled by default and required a passcode for access. Google has stated that it has not detected any incidents exploiting this vulnerability. As a precautionary measure, the company will remove Showcase from all affected Pixel devices within the coming weeks. The newly released Pixel 9 series is not affected, as it does not include the app.
In response to the report, Palantir has banned Android devices within its organization, criticizing Google's delayed reaction. Google has also informed other Android manufacturers about the issue to prevent similar vulnerabilities.
.webp)
