Today, security researchers published a disturbing discovery in the firmware of several Pixel smartphones. A software package called Showcase.apk appeared to make handsets vulnerable to a number of different attack vectors, with no apparent way to remove it. Since this issue became known, Google has explained the severe limitations that help mitigate the potential impact of a Showcase exploit, while also committing to removing the software from affected Pixel phones.

Showcase, a Google spokesperson told Android Authorityis an app developed by Smith Micro for use as an internal Verizon demo, allowing the carrier to easily showcase the phone’s features to customers in its stores. Even if the app isn’t actively enabled on the Pixel phone you buy and take home, the software is still there – and that’s what iVerify researchers found in their analysis. If enabled, there’s a chance an attacker could exploit the app’s vulnerabilities to gain control of your device – and since Showcase has a lot of permissions, there’s the potential for it to do real damage.

Because the app isn’t enabled, an attacker would first need to have physical access to your phone and know your password to get Showcase up and running—and if they already have that, it’s pretty much game over. In fact, Google hasn’t found any evidence of anyone actually carrying out an attack this way.

Still, the company is well aware of how burdensome this must be for security-conscious Pixel users, and out of an “excessive precautionary measure,” Google tells us that it will “remove Showcase from all supported Pixel devices on the market with an upcoming Pixel software update.”

You can also rest easy knowing that shiny new Pixel 9 you just pre-ordered will arrive without a hint of showcase. Google plans to reach out to its Android OEM partners to make sure risky software like this doesn’t go unnoticed on any of their phones either.