The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.