That was in response to your statement that “in all those years this year not been a problem on the dominant platform”. It has. The exploit in the news article is only possible because of the way Android lets websites initiate a PWA install, with a prompt that looks like a normal app install, lacking any warning about unsecure sources.

Android was also infamous for causing users to develop permission-blindness and just accept everything, later replaced by every app havinf an extensive permission list that everyone just shrugs and accepts as normal.