TL;DR: They are smart and if your Android phone isn't getting the latest patches then you are vulnerable to total pwn4g3 from anything in the Google Play Store until Google figures out how to scan for apps that will perform this attack.
I thought I'd add a potentially interesting anecdote to this. The app is not available on the US Google Play Store, as the github readme said may be the case. I downloaded the app directly to my Motorola Droid 2 Turbo (last OS update July 1st, 2016) and installed it. I was surprised to see a warning message pop up "Installation blocked. This app contains code that attempts to bypass Android's security protections." Something in my phone is detecting the potentially malicious code, and I don't think it is the Play Store, since I didn't use the Play Store, and installed the app directly from my download directory.
Once installed, it looked like it tried to download 100 files (progress meter showed 0 out of 100). This hung, since I have the NetGuard firewall installed, set to block all wifi / mobile data access by default.
I canceled out of the download and tried to run the hammertime attack, but got an extremely long error message that took up the whole screen.
So, for at least this proof of concept attack app, it failed on several levels:
1) Something on my phone detected it as potentially malicious and asked me if I really wanted to install it (I have not installed any virus/malware scanners that I am aware of, so I don't know what this was).
2) It failed to download some files, potentially necessary for the attack, due to my firewall
3) It failed to work, maybe due to missing the files it couldn't download.
I'm sure that a more robust attack app could be developed, but, at least as far as the proof of concept app is concerned, I'm not overly worried -- for the moment.
You won't see robots outlawed until robots start replacing lawyers. Lawyers tend to control the law in their favor, so, once you have technology replacing lawyers, that's when the revolution really comes.
BakerHostetler Hires Artificial Intelligent Attorney 'Ross' Progress is being made on that front
Static linking might be semi-adequate for stuff that you compile at home, but for any code that's distributed using static is a sabotage.
I think you've got that backwards. Dynamic linking is fine for stuff you compile at home, but for any code that's distributed, using dynamic linking will often cause your binary to *just not work* on another system.
Missing a shared library? Which package does it come in? Oh crap, that package requires dependencies I don't have, or are the wrong version, etc.. Or you have the shared library, but it is a different version, and the size of a structure or something changed, or a variable doesn't exist anymore, and your binary crashes, won't run with it, or produces corrupt output. Or you go through all of your dependency Hell and update all the libraries you need to install the package with the missing shared library, only to find that the libraries you updated caused other programs to break for similar reasons to why yours wasn't working with your current library version. Newer versions of libraries do not always maintain binary compatibility with older versions.
Some programs should just be statically linked, so that they will always work on any version of any distribution. Otherwise, there may be no avoiding a recompile and its associated dependency Hell. Static linking is a compatibility God-send.
Consider the postage stamp: its usefulness consists in the ability to stick to one thing till it gets there. -- Josh Billings