Comment by autoexec

The issue isn't that a trojan gives the attacker access to things they shouldn't have access to, the problem is that android gives the trojan access to things it shouldn't so that the data it collects can be passed back to the attacker.