Your browser is literally designed to download random code from the internet and run it on your phone. Any webpage you open is like a mini-app.
Your phone accepts incoming calls and texts via network, and there might be (rare) bugs there.
Your phone talks over WIFI and Bluetooth with other devices. Sometimes there are bugs there.
Many security threats come from previously undiscovered exploits.
Maybe “holes” on web browser security that leads to remote control, or opening a PDF that triggers somehow the system to install a malicious package.
Many security patches are made not for newer apps, but rather for threats that appear when you are using your phone normally. An app can be malicious but as you say, you can be wary of new ones, while getting infected while browsing the web is not really noticeable by you right away.
And of course, most OS’ right now try their best to tighten how much an app can access a phone by itself.
It is mostly a tug of war between a “hacker” looking for holes while the developers try to fill them as soon as discovered.
All software has bugs. Some of those bugs are just annoyances, like apps that don’t work perfectly. But some of them can allow other software or communication protocols to do things to the phone that they shouldn’t be able to do. When a version of the software is first released, nobody knows what the bugs are. But then they’re discovered and can be exploited. From that point on, it’s risky to continue using that version of the software.
Latest Answers