Researchers claim most Google Pixel phones shipped with exploitable bloatware since 2017

Mobile phone security firm iVerify has discovered a vulnerability in Google Pixel smartphones. According to iVerify’s , a piece of third-party software with deep system access is to blame, and troublingly it shipped with “a very large percentage of Pixel devices […] since September 2017.”
The issue relates to “Showcase.apk,” a bit of software made for Verizon and used to put Pixel devices in demo mode while displayed in retail stores. The software downloads a configuration file over an unencrypted web connection, which — because of Showcase’s deep access — might allow bad actors to perform remote code execution or remote package installation on the device.
The especially troubling part of this discovery is that Showcase can’t be uninstalled at the user level. And while it is not enabled by default, iVerify said there could be multiple ways to activate the software. iVerify alerted Google to the vulnerability in May; thus far there’s no confirmed evidence it’s been exploited in the wild.
A Google spokesperson told that Showcase “is no longer being used” by Verizon and that Google would have a software update to remove the software from all Pixel devices “in the coming weeks.” Additionally, the rep said Showcase is not present in the line of devices announced during the Made by Google event this week.
You Might Also Like
TikTok removes Russian state-owned media accounts for ‘covert influence’
TikTok has announced in its US Elections Integrity Hub that it has removed accounts associated with Rossiya Segodnya and TV-Novosti,...
Apple’s AirPods 4 are already on sale in this early Prime Day deal
It has been less than a week since Apple released the AirPods 4, and there's already a small sale available...
Spotify’s AI Playlists are now available for Premium users in the US
Spotify’s beta AI Playlist feature is now available for Premium users in the US, Canada, Ireland and New Zealand. It...
OpenAI’s X account was hacked to promote a crypto scam
OpenAI opened a newsroom Twitter account earlier this month and it's already been hacked. The new handle was taken over...