---
title: "Google Pixel phones are no longer safe because of this malicious APK! | Phish Protection"
description: "Google Pixel phones are no longer safe because of this malicious APK!: Do you own a sleek, stylish Google Pixel phone? Then you have to see this! Google."
image: "https://phishprotection.com/og/blog/google-pixel-phones-are-no-longer-safe-because-of-this-malicious-apk.png"
canonical: "https://phishprotection.com/blog/google-pixel-phones-are-no-longer-safe-because-of-this-malicious-apk/"
---

Quick Answer

Do you own a sleek, stylish Google Pixel phone? Then you have to see this! Google Pixel phones have a defunct app that serves as a malicious backdoor. Yes, you read that right!

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fgoogle-pixel-phones-are-no-longer-safe-because-of-this-malicious-apk%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Google%20Pixel%20phones%20are%20no%20longer%20safe%20because%20of%20this%20malicious%20APK!&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fgoogle-pixel-phones-are-no-longer-safe-because-of-this-malicious-apk%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fgoogle-pixel-phones-are-no-longer-safe-because-of-this-malicious-apk%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fgoogle-pixel-phones-are-no-longer-safe-because-of-this-malicious-apk%2F&title=Google%20Pixel%20phones%20are%20no%20longer%20safe%20because%20of%20this%20malicious%20APK! "Share on Reddit") [ ](mailto:?subject=Google%20Pixel%20phones%20are%20no%20longer%20safe%20because%20of%20this%20malicious%20APK!&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fgoogle-pixel-phones-are-no-longer-safe-because-of-this-malicious-apk%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2024/08/phishing-definition-4411.jpg) 

Do you own a sleek, stylish Google Pixel phone? Then you have to see this!

Google Pixel phones have a defunct app that serves as a **malicious backdoor**. Yes, you read that right! Your Google Pixel phone has a pre-installed, unremovable app that can make it easy for [threat actors](/phishing/threat-actor-entices-eu-diplomats-with-fake-wine-tasting-invitation) to pry into your device.

Pittsburgh-based Smith Micro had designed ‘Showcase.apk’ for all the Google Pixel phones meant to be on display at **Verizon stores**. \_However, the APK somehow got pre-installed on all the Google Pixel phones (especially the batches that have been shipped since 2017). These phones have been distributed across the globe. \_

The app comes with certain features that can help threat actors gain illegitimate access to your [personal data](/announcements/cybersecurity-updates-for-the-week-17-of-2023). The worst part is that users cannot uninstall the app. Only Google can eliminate the app from their **Pixel phones**.

![Phishing definition](https://media.mailhop.org/phishprotection/images/2024/08/phishing-definition-4411.jpg) 

Palantir Technologies is a [big data](https://cloud.google.com/learn/what-is-big-data) company that works closely with intelligence and government defense agencies. Soon, however, a **security vulnerability** was discovered on their Android devices. After detailed research, it was found that showcase.apk was the root cause of this security lapse.

The [data analytics](https://aws.amazon.com/what-is/data-analytics/) giant Palantir has said that they are going to avoid Android devices altogether in the future as they have not found **Google’s response** satisfactory regarding the showcase.apk issue. 

Dane Stuckey, the [chief information security officer](https://www.cisco.com/c/en/us/products/security/what-is-ciso.html) at Palantir, is highly disturbed by the fact that Google secretively embedded third-party software in **Android’s firmware** without informing the users or the vendors. Also, he informed that Palantir is dissatisfied with the discussion that it had with Google during the 90-day disclosure window.

Experts believe that there are a lot of things that are unclear about showcase.apk. _They are not sure why the APK was installed on all the **Google Pixel phones** even though it was developed for Verizon Store phones._ Also, experts believe that the APK should not come equipped with all those ‘malicious’ features.

These features allow the APK to run **commands** in a way that keeps the phone users unaware of what’s going on in the background. The showcase.apk is also capable of downloading arbitrary packages and does not require user permission .

Rocky Cole, a former Google employee, believes that the [malicious APK](https://blog.rblbank.com/how-to-protect-your-device-from-apk-fraud/) can be as dangerous as your imagination. Showcase.apk can control your Google Pixel phones and carry out activities without your knowledge. For example, the APK can send emails, turn the **phone camera** on or off, intercept your text messages, and so on.

Experts are trying to look at the brighter side of the blunder. First, the showcase.apk seems to be off as a **default setting**. Also, they assume that in order to toggle on the feature, the attacker is required to gain physical access to the [targeted device](https://www.sciencedirect.com/topics/computer-science/targeted-device). So, for now, you need to physically protect your device at all costs.

![Phish threat info](https://media.mailhop.org/phishprotection/images/2024/08/phish-threat-info-1.jpg) 

### What now?

As of now, there is yet no news of showcase.apk exploitation. _Google’s spokesperson has assured us that the upcoming Google Pixel 9 phones will not come **pre-installed** with showcase.apk_. For the existing Pixel phones, Google has already started[working on an update.](https://www.wired.com/story/google-android-pixel-showcase-vulnerability/)

The update will, hopefully, be released in the upcoming weeks. However, up until then, Google Pixel phone users will be required to protect their phones almost physically from the **prying eyes** of threat actors. 

A Verizon Store spokesperson said that they are aware of the **vulnerabilities** in the existing Google Pixel phones. Also, they have assured that [Android OEMs](https://rplg.io/oem-android/) will simply remove the in-store demo capability to ensure maximized security for the users.

_Experts are wary of the APK and are even more concerned because the showcase.apk comes pre-installed on Google Pixel phones_. Users have only two options: they can either continue using their phones with this **APK installed** and potentially compromise their data safety, including their [phishing protection](/), or they can avoid using Pixel altogether.

Therefore, experts find it too risky to allow **third-party apps** and software to have deep access to the operating system.

### What can you do to keep your data safe as a Google Pixel user?

Google is still working on a fix. Until then, Pixel users must take a few **precautionary steps** to [safeguard their private data](https://cloudian.com/guides/data-protection/data-protection-and-privacy-7-ways-to-protect-user-data/).

Here’s what you can do as a Google Pixel user to **protect your data** and sanity:

Stay updated with the showcase.apk security blunder .

Keep looking for a [security update](https://www.howtogeek.com/711886/what-are-android-security-updates-and-why-are-they-important/) from Google.

Look out for any **suspicious activities** on Pixel phones.

Avoid handing over your Pixel phone to someone you cannot trust completely.

_The entire issue has raised questions about the **credibility** of Google Pixel devices_. Besides, Google’s inability to tackle the matter as soon as possible is convincing users to transition from [Android devices](/phishing-awareness/schoolyard-bully-trojan-targeting-global-android-devices-steals-facebook-logins) to other ecosystems for [data safety and privacy](https://www.integrate.io/blog/what-is-data-privacy-why-is-it-important/).

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Google Pixel phones are no longer safe because of this malicious APK!","description":"Google Pixel phones are no longer safe because of this malicious APK!: Do you own a sleek, stylish Google Pixel phone? Then you have to see this! Google.","url":"https://phishprotection.com/blog/google-pixel-phones-are-no-longer-safe-because-of-this-malicious-apk/","datePublished":"2024-08-21T07:56:21.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2024-08-21T07:56:21.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/google-pixel-phones-are-no-longer-safe-because-of-this-malicious-apk/"},"articleSection":"foundational","keywords":"Phishing","wordCount":829,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2024/08/phishing-definition-4411.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Google Pixel phones are no longer safe because of this malicious APK!","item":"https://phishprotection.com/blog/google-pixel-phones-are-no-longer-safe-because-of-this-malicious-apk/"}]}
```