It looks like there’s a new security vulnerability found in Android, and Google is warning people about it. It’s a serious one, too, as an app can get root access to your phone simply by being installed. Root access means this app has access to a bunch of functions that are normally restricted, like modifying software.
Thankfully, Google is already on it. Apps that take advantage of this vulnerability are blocked by Verify Apps, so if you try to install an app that uses this vulnerability — whether from Google Play or outside of it — the install will be blocked. You have to make sure Verify Apps is enabled, though.
Google has also released a patch for this problem, and Nexus devices will receive it during the next monthly security update. Other devices may have to wait longer, and devices no longer supported by manufacturers are out of luck. Security updates are a big problem in the Android world, but at least Google has our backs with Verify Apps and other such features.