Google confirms Android attacks; no fix for most Samsung users

So it sounds like if you don't sideload apps you would not be at risk, correct?

> The Forbes link unfortunately doesn't say much about how it works.

True, it says almost nothing of value about the exploit, but it does teach us that 30% is almost one in three.

Conveniently Google can use this to justify banning installs from unofficial stores.

Is this guy going to make a slop repo for every new CVE in a high-profile product advisory so he can rack up some stars and put this shit on his resume? Jesus fuck.

This is just polluting the namespace and making it harder for blue teamers and incident responders to share IOCs.

His repos either lack a PoC and just contain a README with more emojis than facts; try to pass a public version checker off as a PoC; or invent a non-working PoC in the absence of technical details.

Bullshit asymmetry.

This isn't accurate and is just an AI hallucination.

Look here: https://vulert.com/vuln-db/CVE-2025-48633

It has to do with setting the device owner, and gaining those powers; enabling / disabling apps, remote wipe, etc.. It's a local privilege escalation attack and doesn't require user interaction.

I suspect the average person who installs apps outside of the play store is still much more likely to be infected via malware that dodged the playstore's detection than the apps they install from other sources, because there's usually considerable trust involved with the other sources.

In particular they're usually f-droid and open source apps compiled by f-droid.

What did you use to make that chart? It looks really nice. Its the first time I've see these ASCII boxes on HN without gaps in the border.