The biggest different is that (to some extent) this vulnerability requires no user intervention (at least not in an active capacity), whereas the app permissions issue is one where the user has actively chosen to accept something.