Fora's script allows users to inject malicious code during recompilation, and the final compiled binary program has the same encryption signature as the original legal application.
Google said that it provided patches to OEMs and operators as early as March this year. For example, Samsung has released updates to users, but due to the fragmentation of Android system, a large number of users have not updated.
Thanks!