CPRID-1026
Information
LG Application Manager (com.lge.appbox.client) built-in app is responsible for installation and updating of LG device specific apps from LG store. The app downloads APK files to the public accessible storage and does not verify signature of these files before installation. An attacker can gain privilege to install an arbitrary app through overwriting of an APK right after downloading it by the manager.
LG Vulnerability ID: LVE-SMP-170027
References:
https://research.checkpoint.com/androids-man-in-the-disk/