Next, an additional step is required: the victim must enable the installation of unknown apps from the device settings, allowing the malicious APK file to install on the device.
This actually is not that uncommon, as there has always has been a subset of tech savvy users who want to run APKs not approved in the android market. I forwarded this to a few of them based on your comment, so thank you..
There's one thing that matters a lot: on modern Android versions you have to give the permission to install APK files separately for each app, which makes this exploit even less likely to work.
5 comments
[ 3.1 ms ] story [ 24.0 ms ] threadLooks interesting although not particularly dangerous.
Ya it is not an "exploit". It is more a bug.