I would argue that the new piece is that phishers are taking advantage Android’s ability to throw an install button in the browser.

Enough phones support that now, and they’re able to catch more people in their nets now that folks aren’t installing web apps from a nested menu item.