So if you’ve installed a malicious app from Samsung store or you’ve sideloaded a malicious app, it has close to root access and can access data from any other app on the phone? The keys leaked in 2016 and these signing keys are still being used by Samsung now.<p>Is that right?<p>Is it normal to install apps outside of google play store and should Samsung users that have done this assume that they are compromised?<p>I just read this on Ars and came to look for the discussion here and I’m surprised nobody is talking about it. Is there another thread under a different title somewhere?