Ryan Haines / Android Authority
TL;DR
- Google has apparently removed a potentially vulnerable third-party app that shipped on Pixel devices sold via Verizon.
- This comes after a so-called Showcase.apk app on Verizon Pixels was discovered to be a security risk.
Security researchers recently discovered a potentially vulnerable third-party app on Pixel devices sold via Verizon. Google confirmed that it would be removing this app from supported devices via a Pixel software update. Now, it looks like an update has indeed removed this APK.
Google revealed that it’s pushing out a September update to Pixel devices. The update’s changelog confirms that a third-party app has been removed.
“Fix to remove third-party APK to address security vulnerability,” reads an excerpt of the changelog. Google’s September update also offers a fix for Wi-Fi stability and performance, applying to the Pixel 9 series, including the Pixel 9 Pro Fold.
Say goodbye to Showcase on your Pixel
Google notes that the app removal applies to the Pixel 6 series, Pixel 7 range, Pixel 8 series, the Pixel Tablet, and the Pixel Fold. It doesn’t specifically mention the offending Showcase.apk app, but we’re not aware of any other pre-installed third-party APKs on Pixels with a reported vulnerability.
Mobile security firm iVerify discovered the vulnerability in the Showcase app a few weeks ago. The app, which is used to demo features on devices in Verizon stores, could leave users open to man-in-the-middle attacks, spyware installations, and more.
The good news is that the offending APK isn’t enabled by default. Google also claimed at the time that bad actors needed physical access to your device and your password to take advantage of this flaw. Nevertheless, this was still an app vulnerability that needed to be addressed, so we’re glad Google has seemingly taken action here.