Most Google Pixel phones sold over the last few years have a software that could be used to hack into them, a report has shared. Cybersecurity company iVerify has revealed that a ‘Showcase’ app left open a security vulnerability that could be exploited to remotely control the phone and look through it.
The hidden software package Showcase.apk was pre-loaded into every Android release for Pixel since 2017. Developed by Smith Micro for Verizon, the app was used to launch a retail model on the phones.
The app was designed in a way so software could be installed using it or code could be written through it remotely. It can download a configuration file over an unencrypted HTTP connection making it unsecure.
The investigation done together by iVerify, data analytics firm Palantir and Trail of Bits also found that the risk appeared to be limited given that the app is disabled by default and needs a passcode to access it.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Google has responded to the study by acknowledging the vulnerability and saying it will remove Showcase from Pixel devices within the “coming weeks.” The app also wasn’t included in the newly released Pixel 9 series. Google also said that they hadn’t seen any incident that had exploited the vulnerability.
Palantir decided to ban Android devices within the company as a response, saying that the tech giant had reacted too slow to the report.
Google has reportedly also notified other Android OEMs about Showcase.
