When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
It was originally developed by third-party company Smith Micro Software fordemo devices inside Verizon stores.
Normally, Showcase is dormant; it doesnt do anything.
However, it is possible for a skilled-enough hacker to activate it via a backdoor.
The APK (Android Package Kit) receives its configuration file from an insecure domain onAmazonWeb Services.
Plus, since Showcase has excessive system privileges, its easy for cybercriminals tocompromise a target.
Whats particularly scary is Showcase has been a part of theGooglePixel ecosystem since September 2017. iVerify states only Google can fix this.
Fix underway
As bad as things may be, there is good news.
First, it appears no one, not even the bad actors, knew about the exploit.
A Google spokesperson toldThe Washington Postthat they havent seen any attacks that could be attributed to Showcase.
Google is well aware of the problem.
Dont worry about thePixel 9series as none of the four models have Showcase.apk.
Verizon has also been made aware of the report.
However, like Google, Verizon is removing the function from supporting phones out of an abundance of precaution.
Instead, the tech giant is pointing the finger at Smith Micro.
No word on when third-party Androids will receive their own fix.
Presumably, it all be at the behest of the other brands.
