alt Hacker NewsThe point was surely more that apps being exploited via the Play Store can be mitigated there without client OS updates. The only hole here requiring the update needs a sideloaded attack.
The point was surely more that apps being exploited via the Play Store can be mitigated there without client OS updates. The only hole here requiring the update needs a sideloaded attack.
Except the Play Store is a hot mess, and Google does little to no review of apps. Trusted repositories work best when the repository maintainers build and read the code themselves, like on f-droid or Debian. What Google and Apple are doing with their respective stores is security theater. I would not be surprised if they don't even run the app.