Google Promises to Update Pixel Phones to Remove Showcase App

Earlier today, security researchers shared a disturbing discovery made in the firmware of multiple Pixel smartphones. A software package identified as Showcase.apk appeared to leave devices vulnerable to a number of different attack vectors, with no apparent way to remove it. Since news of the issue first broke, Google has come out to clarify serious restrictions that help limit the potential impact of a Showcase exploit, while also committing to removing the software from affected Pixel phones.

Showcase, a Google spokesperson explained Android Authorityis an app developed by Smith Micro for use as an internal Verizon demo, allowing the carrier to easily highlight phone features for shoppers in its stores. But even though it's not actively enabled on the Pixel phone you buy and take home, the software is still there — and here's what researchers at iVerify discovered in their analysis. If it were enabled, there is a possibility that an attacker could abuse the insecurity in the app to gain control of your device — and because Showcase gets a lot of permissions, there is a possibility that it could do real damage.

Since the app isn’t enabled, an attacker would first need physical access to your phone and your password to use Showcase. If they have that, the game is pretty much over. Indeed, Google has found no evidence that anyone has attempted an attack this way.

Still, the company clearly understands how painful this must be for security-conscious Pixel users, and out of what it describes as “an abundance of precautions,” Google tells us it will “remove this security measure.” [Showcase] of all supported Pixel devices on the market with an upcoming Pixel software update.”

You can also rest assured knowing that the shiny new Pixel9 The phone you just pre-ordered will arrive without a hint of Showcase on it. Google plans to reach out to its Android OEM partners to ensure risky software like this doesn’t go unnoticed on any of their phones.