In their testing, Android did show a permission request when the legitimate wrapper file tried to install the malicious APK, but the researchers say that this can be prevented by using DexClassLoader.
Doing that isn't much of a stretch. Many popular apps already use DexClassLoader just to get around limits during packaging.
In their testing, Android did show a permission request when the legitimate wrapper file tried to install the malicious APK, but the researchers say that this can be prevented by using DexClassLoader.
Now that sounds plausible and like a real concern (that is being addressed).
HELP!!!! I'm being held prisoner in /usr/games/lib!