(RTTNews) - According to mobile security firm iVerify, a software package, called "Showcase.apk", pre-installed on Google Pixel devices, poses a potential security risk.

The package, developed by Smith Micro for Verizon, is usually used to launch demo or retail modes on the device. It has been present in every Android release for Pixel devices since September 2017, having advanced system privileges.

The firm noted that the application is designed to download a configuration file over an unsecured HTTP connection, leaving the device vulnerable and open to cyberattacks.

"I've seen a lot of Android vulnerabilities, and this one is unique in a few ways and quite troubling," said Rocky Cole, chief operating officer of iVerify, Wired reports.

"When Showcase.apk runs, it has the ability to take over the phone. But the code is, frankly, shoddy. It raises questions about why third-party software that runs with such high privileges so deep in the operating system was not tested more deeply. It seems to me that Google has been pushing bloatware to Pixel devices around the world."

The Alphabet (GOOG)-owned company has been notified about the flaw and has confirmed that the package would be removed from the devices in the coming weeks.

The security firm discovered the flaw on behalf of data analytics company Palantir, which phased out all Android devices, including Pixel devices, following the report and Google's "slow" and "opaque" response. Palantir chief information security officer Dane Stuckey said to Wired, "Google embedding third-party software in Android's firmware and not disclosing this to vendors or users creates significant security vulnerability to anyone who relies on this ecosystem."

