Home Millions of Google Pixel owners could be at risk of cyberattack

Millions of Google Pixel owners could be at risk of cyberattack

TLDR

  • A vulnerability in the Showcase.apk app could expose Pixel devices to MITM attacks globally.
  • The app, used by Verizon, is deeply integrated into Pixel phones and can't be uninstalled by users.
  • Google plans to remove the app in a future update, but no current exploitation evidence exists.

Cybersecurity firm iVerify has discovered a security vulnerability that could affect Pixel owners globally due to a third-party app that has deep system-level access to the devices. They have described it as “a serious security vulnerability that impacts Pixel devices globally… leaving millions of devices susceptible to man-in-the-middle (MITM) attacks, giving cybercriminals the ability to inject malicious code and dangerous spyware.”

The app in question is called Showcase.apk and was used by Verizon stores to demonstrate features on devices. It was developed by Smith Micro Software and has been part of the Google software ecosystem since 2017. Because it is integrated so deeply within Google’s ecosystem, it cannot be uninstalled by users. According to iVerify, “only Google can fix this.”

In their report, iVerify outlines why this is a problem. “The application runs at the system level and can fundamentally change the phone’s operating system. Since the application package is installed over unsecured HTTP protocols, this opens a backdoor, making it easy for cybercriminals to compromise the device.”

The severity of this security risk is such that iVerify co-founder and COO Rocky Cole has stated that it “has serious implications for corporate environments, with millions of Android phones entering the workplace every day. Google is essentially giving CISOs the impossible choice of accepting insecure bloatware or banning Android entirely.”

Are Pixel users at risk of cyberattacks?

However, there is no evidence at present that this vulnerability has been or is being exploited, and the hope is that after iVerify’s report, Google will resolve the issue.

Google has confirmed to Forbes that although there is “no evidence of any active exploitation,” they will be taking action, stating “out of an abundance of precaution, we will be removing this from all supported in-market Pixel devices with an upcoming Pixel software update.” They have also confirmed that Google Pixel 9 devices will not have the app installed.

Despite iVerify saying that only Google can resolve this issue, Google was quick to deflect blame, reflecting it back to Smith Micro, the originators of the software:

“This is not an Android platform nor Pixel vulnerability, this is an apk [android package kit] developed by Smith Micro for Verizon in-store demo devices and is no longer being used. Exploitation of this app on a user phone requires both physical access to the device and the user’s password.”

At present, there is nothing that Pixel users can do to specifically protect from this vulnerability and risk of cyberattack. Just be sure to update your phone whenever it prompts you, to ensure you don’t miss the update that removes the apk.

Featured image credit: Google

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Ali Rees
Tech journalist

Ali Rees is a freelance writer based in the UK. They have worked as a data and analytics consultant, a software tester, and a digital marketing and SEO specialist. They have been a keen gamer and tech enthusiast since their childhood in are currently the Gaming and Tech editor at Brig Newspaper. They also have a Substack where they review short video games. During the pandemic, Ali turned their hand to live streaming and is a fan of Twitch. When not writing, Ali enjoys playing video and board games, live music, and reading. They have two cats and both of…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.