requires a victim to first install a malicious app

Let me stop you right there… and leave.

Duh, they’re hackers /s

Dont install random shit and if possible have a phone just for 2fa

deleted by creator

It has to be tailored to the specific hardware so I don’t think it’s a major concern for most users. It doesn’t seem like something that can be fully mitigated either, so it’s probably not worth worrying about. Side channel attacks are really cool but also kind of useless in most practical scenarios.