Wind Vision is a streaming service offered by one of the top telecommunication vendors in Greece. With over 40.000 active subscribers, the user can download the Android application and watch TV from anywhere. …And so could a malicious third party, by exploiting a series of vulnerabilities to go from one wrong click by the user, to complete takeover of their account. This talk presents the findings of independent research conducted during lockdown which led to the discovery of several low-impact bugs that, when chained together, result in a much greater attack. We dive deep into the analysis of the vulnerabilities, discussing the common mobile development pitfalls and the psychology behind confusing prompts. Wind Vision subscribers will also have the chance to install the demo Proof of Concept malware application that was developed (it’s safe - promise), to see for themselves how the full chain works. Mobile developers will gain insight into how to prevent such attacks, allowing them to create apps that are fun, but also keep their users’ watchlists safe. Finally, we close up with a review of the disclosure process, the aftermath of resolution, and other lessons learned that will hopefully set you on the right path for researching and finding vulnerabilities in everyday products.