Then, the malicious script can just pop up an official looking dialog box with a message saying that they are 'testing' the confirmation system, and please accept/agree to the next sms/alert from the app.
Having direct control of the user interface is very powerful.
Having direct control of the user interface is very powerful.