In his demo video, he shows a metasploit interpreter downloading the address book. He mentioned it was a different payload, but I don't recall if he said it was a different application.
If it was the same app, then does that imply the sandbox for a stockmarket app allows access to the address book?
If it was the same app, then does that imply the sandbox for a stockmarket app allows access to the address book?