What can an attacker access using an exploit in an app (e.g: Whatsapp)?
I know that GOS has strong app sandboxing, but if an vulnerable app has a media permission, will an attacker see and upload all files (assuming Storage scoped are not used)? What about contacts, calendar, etc...?