Here is some timely advice from TechRepublic about mobile device cyber security:
The big takeaway is sideloading of apps, that have not been approved by an approved app store or repository, is a big risk on your personal information. Android apps are particularly vulnerable when it comes to this risk as iOS software (usually) comes via Apple’s app store. (You can jailbreak an iOS device to sideload apps but that is a whole new security risk!)
Although both the Google Play and Apple Apps stores have had to remove malicious apps that have slipped through the screening process.
And here is the research where a known Linux exploit is pivoted to the mobile phone platform:
Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22 | Ars Technica
Clive Catton MSc (Cyber Security) – by-line and other articles