Researcher Dr. Daniel Wagner summarized the core of the problem.
”Google has done a good job at mitigating many of the risks and we recommend users only install apps from Google’s Play Store since it performs additional safety checks on apps,” he said. “Unfortunately Google can only do so much, and recent Android security problems have shown that this is not enough to protect users. Phones require updates from manufacturers, and the majority of devices aren’t getting them.”
Fortunately, if you stick to Play Store apps and don't download any shady software from outside sources, you should be fine. But when it comes time to upgrade your phone, you may want to check back with the Cambridge team as part of your decision about which phone to buy.
Sign up for CIO Asia eNewsletters.