If you own a Pixel phone purchased from Verizon, you may be vulnerable to man-in-the-middle attacks, malware and spyware thanks to a pre-installed app

According to a new blog post from mobile device security firm iVerify, a serious vulnerability in the app could be exploited by hackers to launch all kinds of attacks targeting Pixel users

To make matters worse, the app is part of the firmware image that ships with Pixel devices and cannot be uninstalled

Here is what you need to know about this hidden Pixel app and what steps Google is taking to remedy the situation, as well as some tips for keeping your Android smartphone safe from hackers

The app in question is an APK file called Showcase, which is preinstalled on Pixel phones sold through Verizon As you might guess from its name, it is intended to “showcase” Pixel-specific features when the device is in demo mode at a Verizon retail store

The app itself is not inherently malicious, but it does contain serious vulnerabilities that could be exploited by hackers However, iVerify has yet to see this flaw weaponized by hackers

Because the app installs using HTTP instead of the more secure HTTPS, it creates a backdoor that cybercriminals can use to compromise Pixel devices For example, hackers could use it to access system privileges and take over the device It can also be used to distribute malicious apps or remote code or to “compromise the app development chain and set up files to modify the app's functionality,” according to research by iVerify and Palantir Technologies

A Google spokesperson provided further insight into the matter in an email to Tom's Guide: [This is not a vulnerability in the Android platform or in Pixel, but an APK developed by Smith Micro for Verizon's in-store demo device and is no longer in use To exploit this app on a user's phone requires both physical access to the device and the user's password We have seen no evidence of active exploitation To be on the safe side, we plan to remove this app from all supported Pixel devices in a future Pixel software update

If you do not yet have a Pixel phone or are considering upgrading, Google notes that the Pixel 9, Pixel 9 Pro, and Pixel 9 Pro XL do not have this app pre-installed At the same time, the search giant is also informing other Android OEMs about the risks such an app poses to users

Even if you do not own a Pixel phone purchased through Verizon, you should be on the lookout for hackers who may try to take over your device and steal sensitive data stored on it

To keep your Pixel phone safe, you first want to make sure that Google Play Protect is enabled This is because this pre-installed security app can scan all existing and newly downloaded apps for malware From here, you may also want to consider using one of the best Android antivirus apps along with it, since it provides additional protection along with other useful extras like VPNs and password managers

The biggest thing that distinguishes Google's Pixel devices from other entries in our list of best Android phones is that they receive security patches and updates before other smartphones To benefit from this, however, you must install them when they become available Keeping your phone up to date and running the latest software is the easiest way to stay safe from hackers, who often take advantage of older vulnerabilities in their attacks

Google is in the process of having this hidden Pixel app removed, and it is unlikely that Verizon will require such an app to be pre-installed on phones it sells in the future