Mobile phone security firm iVerify has discovered a vulnerability in Google Pixel smartphones. According to iVerify’s investigation, a piece of third-party software with deep system access is to blame, and troublingly it shipped with “a very large percentage of Pixel devices […] since September 2017.”
The issue relates to “Showcase.apk,” a bit of software made for Verizon and used to put Pixel devices in demo mode while displayed in retail stores. The software downloads a configuration file over an unencrypted web connection, which — because of Showcase’s deep access — might allow bad actors to perform remote code execution or remote package
→ Continue reading at Engadget
