Coder friends. I have a question. How could a malicious actor compromise a google play store app on someone's phone without them knowingly downloading another file or clicking another link, e.g., the app was compromised such that within the app a webbrowser overlay is injected essentially intercepting interaction with the device so they aren't really using the app but interacting with a webpage.