Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk
Briefly

A large percentage of Google's own Pixel devices shipped since 2017 contained dormant software, known as Showcase.apk, which could facilitate nefarious attacks and malware delivery.
This pre-installed app requires extensive permissions, including executing code at the system level, posing significant security risks to users of affected devices.
The app downloads configuration files over an unsecured HTTP connection, making the devices vulnerable to code alteration during transmission.
The app, developed by Smith Micro and required by Verizon, raises questions about the practice of embedding third-party software into Android firmware.
Read at The Hacker News
[
|
]