TL;DR: They are smart and if your Android phone isn't getting the latest patches then you are vulnerable to total pwn4g3 from anything in the Google Play Store until Google figures out how to scan for apps that will perform this attack.
I thought I'd add a potentially interesting anecdote to this. The app is not available on the US Google Play Store, as the github readme said may be the case. I downloaded the app directly to my Motorola Droid 2 Turbo (last OS update July 1st, 2016) and installed it. I was surprised to see a warning message pop up "Installation blocked. This app contains code that attempts to bypass Android's security protections." Something in my phone is detecting the potentially malicious code, and I don't think it is the Play Store, since I didn't use the Play Store, and installed the app directly from my download directory.
Once installed, it looked like it tried to download 100 files (progress meter showed 0 out of 100). This hung, since I have the NetGuard firewall installed, set to block all wifi / mobile data access by default.
I canceled out of the download and tried to run the hammertime attack, but got an extremely long error message that took up the whole screen.
So, for at least this proof of concept attack app, it failed on several levels:
1) Something on my phone detected it as potentially malicious and asked me if I really wanted to install it (I have not installed any virus/malware scanners that I am aware of, so I don't know what this was).
2) It failed to download some files, potentially necessary for the attack, due to my firewall
3) It failed to work, maybe due to missing the files it couldn't download.
I'm sure that a more robust attack app could be developed, but, at least as far as the proof of concept app is concerned, I'm not overly worried -- for the moment.