This isn't accurate and is just an AI hallucination.

So it sounds like if you don't sideload apps you would not be at risk, correct?

Look here: https://vulert.com/vuln-db/CVE-2025-48633

It has to do with setting the device owner, and gaining those powers; enabling / disabling apps, remote wipe, etc.. It's a local privilege escalation attack and doesn't require user interaction.

What did you use to make that chart? It looks really nice. Its the first time I've see these ASCII boxes on HN without gaps in the border.

Conveniently Google can use this to justify banning installs from unofficial stores.

> The Forbes link unfortunately doesn't say much about how it works.

True, it says almost nothing of value about the exploit, but it does teach us that 30% is almost one in three.

Is this guy going to make a slop repo for every new CVE in a high-profile product advisory so he can rack up some stars and put this shit on his resume? Jesus fuck.

This is just polluting the namespace and making it harder for blue teamers and incident responders to share IOCs.

His repos either lack a PoC and just contain a README with more emojis than facts; try to pass a public version checker off as a PoC; or invent a non-working PoC in the absence of technical details.

Bullshit asymmetry.