Google Patches exploit Used to enable VoLTE on Unsupported Pixel Phones
MOUNTAIN VIEW, CA – November 15, 2025 – Google has closed a security loophole that allowed Pixel phone users to manually enable Voice over LTE (VoLTE) and Wi-Fi Calling (VoWiFi) in regions where those features weren’t officially supported. teh fix, implemented with the October 2025 Pixel update, breaks functionality within the “Pixel IMS” app, which leveraged Android’s debugging tools to override carrier configurations.
For over two and a half years, Pixel IMS utilized a permission granted to the “shell” user – the same user interface used for Android Debug Bridge (ADB) commands – to bypass carrier restrictions. The app relied on Shizuku, an open-source Android application, to grant other apps the ability to run processes as this elevated “shell” user.
Following the October update,users reported Pixel IMS crashing when attempting to activate VoLTE or VoWiFi,with crash logs indicating “overrideConfig cannot be invoked by shell.” Google has internally designated the patched loophole as CVE-2025-48617, classifying it as a high-severity privilege escalation vulnerability. while not immediately included in the October Android Security Bulletin due to Google’s new Risk-Based Update System (RBUS), it is expected to be detailed in the December quarterly security bulletin.
A workaround has emerged from another developer, though it is indeed currently limited to enabling VoLTE only and requires instructions in Chinese and an APK distributed via Telegram.
pixel users needing both VoLTE and VoWiFi in unsupported regions now face limited options: rooting their devices – a process that voids warranties, disables some features on newer “Gemini” powered Pixels, and complicates Google Wallet usage – or waiting for official VoLTE support from Google, which the company recently indicated it is expanding.
