Also rocking a Pixel 2 (XL) 128GB here, even recently swapped the battery and its like new again. Replacing it with an equivalent or better phone would cost a good bit of money.
What security issues should I be concerned about? It's difficult to spend the time going through the CVE database to figure this out, I see a lot of privilege escalation issues but I don't install apps that I don't trust anyway. I still get browser updates. I care less about the bugs and more about the attack vectors.
What does trusted app mean? A priv esc means you're now worried that any other app has a vulnerability. You might trust your default weather app to not be malicious but do you trust it and hundred other standard apps to be secure?
I'd rather have a secure sandbox with untrusted apps then have insecure sandbox with a ton of attack surfaces in trusted apps.
Quote from the article: "The malware spread primarily through Google Play but also through third-party marketplaces, push notifications on compromised websites, sponsored links on Google, and messages delivered by WhatsApp or SMS. At the time, Brata targeted people with accounts from Brazil-based banks."
With browser updates, limited browsing, restricting app downloads, you might be in the clear. But looks like malware makers also use WhatsApp or SMS.
