[alexw91]

Any idea if signing up for Google's Advanced Protection program would mitigate/prevent potential attacks from this security issue?

My understanding is that signing up for this program blocks the usual methods of installing sideloaded apps (you can't install an app's apk file from your phone's local storage), and instead requires you to physically connect your Android phone to an external computer and use the adb CLI tool to sideload apps that are not on the Google Play store.

https://landing.google.com/advancedprotection/

[MishaalRahman]

If you're speaking from the perspective of an enterprise making recommendations, yes that'd be an option. As a user, though, you could just avoid sideloading.

[alexw91]

Just trying to think if there are any other potential immediate recommendations for non-technical friends and family with Android phones from these vendors other than "don't sideload any apps" and "make sure to install any security updates as soon as they're available".

[ShredKazoo]

A possible way this occurred was through a hacker compromising a bunch of OEMs like Samsung and LG.

If that's your threat model, "don't sideload" seems insufficient as a response. A hacker who's able to steal the private keys of Samsung and LG (the "crown jewels") may also be able to replace the official apps they upload to the Play store with apps that contain malware.

Plus if I understand other comments correctly, a stolen key allows the thief to privilege escalate from "ability to issue an update for a fart app on your phone" to "ability to root your device".

So if you're serious about security, I would uninstall apps very aggressively, especially apps from the affected OEMs. You can fool around with fart apps on a separate device if you want.