I heard the radio bit and thought it sounded reasonable. The one explanation that was missing was how this exploit fits in with those apps' permissions. The article makes it sound as though the compromised apps get root, which shouldn't really be possible.