You do not need to be targeted to stumble into an Android vulnerability. Like I mentioned there are hundreds published each month, and that number will accumulate throughout the Kompakt’s lifespan.
Here are some examples:
WebView - Accidentally opening on a link in the unpatched built-in webview browser can hand over control of your device to a compromised website.
Sideloading - Sources like F-Droid or APK mirror hosts have negligent security checks, making it easier for malicious apps to slip through. F-Droid has critical security issues.
Public WiFi - Connecting to public wifi networks with an unpatched device allows attackers to push malware directly to your device via vectors like wifi chip vulnerabilities.
Bluetooth - Walking into public areas with Bluetooth enabled allows attackers to take over your device without any interaction.
Malicious files - Opening media or documents with hidden code designed to exploit outdated file handling systems.
SMS/MMS - Message payload attachments can be delivered that install malware.