According to the article, the culprit is showcase.apk, an in-store demo app. I couldn’t find it on my P5 running lineage so hopefully that means AOSP / custom roms not based on stock roms are not affected.
The app is also not enabled even on a stock ROM, so the attacker would need to have physical access to your phone, and your password to enable the app before this man-in-the-middle attack could even be performed.
So it’s a manual manned man in the middle attack?
Super misleading title. It’s not even enabled on most pixels. So nothing was “exposed”
The article is VERY misleading and probably shouldn’t have been published by Wired in the first place. GrapheneOS clarified the entire situation in this Mastodon thread: https://grapheneos.social/@GrapheneOS/112967309987371034