And on that same page it says the Android version didn’t even require an exploit. The sneakiest thing that was required on Android was to write the word “Samsung” on the app icon so that users would click it.
Near the end, they say:
> This campaign is a good reminder that attackers do not always use exploits to achieve the permissions they need.
Near the end, they say:
> This campaign is a good reminder that attackers do not always use exploits to achieve the permissions they need.