Somewhat surprised that Google's own apps are to blame here. They are usually better than that. I am trying to figure out why the malicious code execution in the ctx of the Hangouts app is at root level unless Hangouts needs root. Which would be unusually stupendously stupid.