Android device manager app vuln leaves millions at risk of pwnage

So... presumably the kind of people who use this app will be the more security-conscious users? Your average user wouldn't install this sort of thing.

And these people will have had to ignore an update of the app sitting there, for 3 weeks?

Bug found in app...

.... Quickly fixed?

I'm confused, why is this leaving millions at risk? Almost clickbait level headline there. Most people will have had auto updates on, its not a core android bug that'll be in the ecosystem for years on unpatched devices... It's just an app bug and took professional bug hunters how long to figure it out and report it, and was quickly fixed and rolled out by the developers. Seems like a good thing to me, bugs happen, the fact they fixed it quickly means I'd be likely to use them if I ever wanted this functionality in the future.

Saying "android device manager" in the headline is absolutely clickbait- intended I think for folk to assume the flaw was in Google's Android Device Manager, rather than a 3rd party app

How can an app open up a vulnerability like that?

So the app is running and somehow is intercepting SMS messages but one of the ones it intercepts could exploit a bug in the app that p0wns the phone?

So essentially this app is allowed to run as root and grub through your SMS messages? What in the heck does it do that it needs that level of privilege and why would anyone be dumb enough to grant an app that level of privilege?