German security researchers from Security Research Lab created a suite of apps for Google and Amazon smart speakers that did trivial things for their users, appeared to finish and go dormant, but which actually stayed in listening mode, then phished the user for passwords spoken aloud to exfiltrate to a malicious actor; all their apps were successfully smuggled past the companies app store security checks. The basic workflow is this: the app is invoked by a voice command ("Give me my horoscope"), then appears to terminate, by playing a null character (U+D801), which is played as silence.