Many security threats come from previously undiscovered exploits.
Maybe “holes” on web browser security that leads to remote control, or opening a PDF that triggers somehow the system to install a malicious package.
Many security patches are made not for newer apps, but rather for threats that appear when you are using your phone normally. An app can be malicious but as you say, you can be wary of new ones, while getting infected while browsing the web is not really noticeable by you right away.
And of course, most OS’ right now try their best to tighten how much an app can access a phone by itself.
It is mostly a tug of war between a “hacker” looking for holes while the developers try to fill them as soon as discovered.
Latest Answers