[Fischgericht]

Ok, but then we are talking about social engineering, and not a technical matter. Social engineering works no matter what the platform is. The caller could have convinced him to give him banking TAN numbers, or send them money etc.

And when it comes to malware it's easier for those attackers to have the malware App on the Google Play store, as this way it's much easier to convince the user to install it...

A friend of mine recently suddenly had someone drawing money from her account using an ATM that was 200 km away while she was shopping with her card. I had a look at her Android phone - nothing Sideloaded on it, they simply appear to have used a fake banking website to make her create a new card without her seeing it.

Long story short: I believe that people need to be taught on how to detect social engineering attempts. And kids should be trained on this in school already.