What makes android so popular is its openness and the fact that we have developers constantly cracking devices with exploits so we can root and rom. For many of us that is the joy of owning android and for myself the first thing I do when I take my phone out of the box is root it. Even if I do not rom for me my phone just do not feel right with out root. One of the things we need to be careful of is that not all developers are "good" developers. In every crowd you have the idiots who like to mess the party up for every one. Those that root know to be aware of these issues but even those who do not root but sideload apks from the web are just as vulnerable. Android Central Jerry Hildenbrand wrote an article about a vulnerability in android that has been an issue since android 1.6 and continues to possibly be a threat today. Making sense of the latest Android 'Master Key' security scare | Android Central Bottom line is this: do not install an app (apk), rom, or anything on your device from a source that you are not familiar with. One of the tips I give to those who rom is to not be the first. Unless you know what you are doing you do not need to be the first and beta test for roms or apps. When a rom hit I will sit and wait to see what the common issues and complaints are before installing. And if the developer do not have a following then I will more and likely pass on his/her rom. The same is true with apps on the market or any where. First 99% of my apps I will download from the play store and of those apps if the app do not have at least 300-500 downloads and a rating of 3.5 or higher I will pass. And even before installing I will read the comments and complaints. I try and give the dev the benefit of the doubt at time because we all know that some comments are just people trolling. As far as side loaded apps I will not side load an app unless it comes from here or another trusted forum/news site and I know what it is and who uploaded it. The reality of freedom is that it requires more responsibility so make sure you know what is on your device.