The Intercept has released yet another new document leaked by Edward Snowden detailing even more methods that the NSA planned on using to hack the Android Market in order to deliver spyware using the official Market (now Google Play) to infect targets with spyware, in combination with other active programs. It is not mentioned in the article if the NSA actually used the methods uncovered in practice.
The NSA had planned to use XKEYSCORE, the program designed to watch international backbone traffic, to identify specific users, and other programs in combination to not only take control of app update servers to deliver malicious software, but also to harvest those systems for data about their users. The reasons for this are not specifically mentioned in the actual releases, but the Intercept analysis indicates that they were targeting North Africa, Cuba and Russia in order to react quicker and with more intelligence should another "Arab Spring" style event occur.
These programs were presented by the Network Tradecraft Advancement Team, an advanced unit comprised of analysts from all "Five Eyes" at a series of workshops taking place in Australia and Canada between November 2011 and February 2012. The agencies in question all delivered their standard response when asked for comment, with the CCSE (Canadian Communications Security Establishment) saying that they are "mandated to collect foreign signals intelligence to protect Canada and Canadians from a variety of threats to our national security, including terrorism ... does not direct its foreign signals intelligence activities at Canadians or anywhere in Canada".