This week should be one of celebration for Google after debuting the Pixel 9 and Pixel Watch 3 at the Made by Google event, but now, a troubling report threatens to spoil the fun. According to the cybersecurity company iVerify, "a very large percentage" of Pixel devices that have shipped since 2017 have included software that could be manipulated to hack into the phones. As iVerify notes, its endpoint detection and response (EDR) technology uncovered an insecure Android device at Palantir Technologies earlier this year. iVerify opened a joint investigation with Palantir and Trail of Bits, and they soon discovered an Android package dubbed Showcase.apk developed by Smith Micro in the firmware. The code of the package is intended to turn the phones into demo devices, so a store like Best Buy or Verizon can set the phone up in a display. The problem is that the package also contains high-level, entirely unnecessary system privileges, such as remote code execution and remote package installation capabilities. "The app vulnerability leaves millions of Android Pixel devices susceptible to man-in-the-middle attacks, giving cybercriminals the ability to inject malicious code and dangerous spyware," said iVerify's researchers in a report on the blog. "Cybercriminals can use vulnerabilities in the app's infrastructure to execute code or shell commands with system privileges on Android devices to take over devices to perpetrate cybercrime and breaches." This is obviously an incredibly worrisome discovery, but the good news is that Google is already working on a fix for its Pixel phones. “Out of an abundance of precaution, we will be removing this from all supported in-market Pixel devices with an upcoming Pixel software update,” Google spokesperson Ed Fernandez told The Washington Post on Thursday evening. Better late than never, as iVerify reports that it "notified Google with a detailed vulnerability report following their 90-day disclosure process." Palantir Technologies was even concerned enough to "remove Android devices from its mobile fleet and transition entirely to Apple devices over the next few years." But at least a software update is coming. Don't Miss: 10 billion stolen passwords shared online in record-breaking leak The post Millions of Google Pixels have shipped with a major security flaw appeared first on BGR. Today's Top Deals Best deals: Tech, laptops, TVs, and more sales Today’s deals: $10 off school supplies, $189 Apple Watch SE, $140 FlexiSpot electric standing desk, more Back to school blowout: Blazing-fast GEEKOM A7 Mini PC is $179 off Today’s deals: $699 Apple Watch Ultra 2, self-bagging trash can, $349 Dyson V8 Plus vacuum, more