It’s only compatible with modern Pixel devices, so unless you’re old tablet is a Google Pixel Tablet, you can’t install it anyway. But the installer is super easy to use (if you have a compatible device). It’s literally all in your web browser.
It's an old Xperia Z4 and there's a few custom images on the forums. But the "how to" suggest using a tool that does not even exist in that version and is otherwise so sparse on information that I gave up after that.
I don’t recommend installing random builds from forums like XDA. GrapheneOS definitely doesn’t have an official version for anything other than Pixels, you might want to try LineageOS if you want to throw the tablet out anyway
Well, yes - what else am I going to install a custom rom on other than a device that is no longer receiving actual system updates but still works fine?
And as I said, there are a couple roms on the forums, just with very lacking installation instructions.
iVerify vice president of research Matthias Frielingsdorf points out that while Showcase represents a concerning exposure for Pixel devices, it is turned off by default. This means that an attacker would first need to turn the application on in a target’s device before being able to exploit it. The most straightforward way to do this would involve having physical access to a victim’s phone as well as their system password or another exploitable vulnerability that would allow them to make changes to settings.
Just a bit of alarmism then, with something that can be easily removed in an update.
The issue relates to a software package called “Showcase.apk” that runs at the system level and lurks invisible to users. The application was developed by the enterprise software company Smith Micro for Verizon as a mechanism for putting phones into a retail store demo mode—it is not Google software. Yet for years, it has been in each Android release for Pixel and has deep system privileges, including remote code execution and remote software installation. Even riskier, the application is designed to download a configuration file over an unencrypted HTTP web connection that iVerify researchers say could be hijacked by an attacker to take control of the application and then the entire victim device.
I couldn’t find the APK on my pixel 5 running lineage so I think only stock-based roms should be affected. I checked using an APK extractor app that lists all system apps including things like 3 button navigation bar.