FILE PHOTO: Most Google Pixel phones sold in recent years have software that could allow them to be hacked, a report says. | Image credit: Reuters

Most Google Pixel phones sold in recent years have software that could allow them to be hacked, a report says. Cybersecurity firm iVerify has revealed that a “Showcase” app left a security flaw open that could be exploited to remotely control the phone and browse it.

The hidden software package Showcase.apk has been pre-installed in every Android version for Pixel since 2017. The app, developed by Smith Micro for Verizon, was used to introduce a retail model on the phones.

The app is designed to install software or write code remotely. It can download a configuration file over an unencrypted HTTP connection, making it insecure.

The investigation, conducted jointly by iVerify, data analytics firm Palantir and Trail of Bits, also found that the risk appears to be limited because the app is disabled by default and requires a passcode to access.

(Subscribe to our tech newsletter, Today’s Cache, to get the day’s top technology news.)

Google responded to the study by acknowledging the vulnerability and stating that it will remove Showcase from Pixel devices in the “coming weeks.” The app was also not included in the newly released Pixel 9 series. Google also said that they were not aware of any incident where the vulnerability was exploited.

In response, Palantir decided to ban Android devices in the company, arguing that the tech giant was too slow to respond to the report.

Google has reportedly also informed other Android OEMs about Showcase.