> This is one of multiple carrier apps in the stock Pixel OS which we don't include in GrapheneOS. We were aware of it already since we had to go through them and figure out why they exist... GrapheneOS has gone through each of the carrier apps included on Pixel generation to determine their purpose and consequences of including or excluding them. Here it is being excluded from the new adevtool project for ProtonAOSP and GrapheneOS in 2021.
We don't include these carrier apps in GrapheneOS. However, this particular claimed vulnerability isn't a real security issue. The other Verizon apps do add significant attack surface and give them control they shouldn't really have. They're only active on the stock OS when using a Verizon SIM though.
GrapheneOS does massively improve privacy and security, but these apps aren't a problem if you aren't using Verizon SIM and even then the retail demo app is not remote attack surface.
