Post some screenshots of the app with screenshots of some random Paypal transfers and I don't think that you will have a problem getting people to find/download your app.
Downloading and running it once would set up the exploit but not complete it, IIRC. You need to go back to the target app and re-enter credentials then run the exploit app a second time. So a broken app that a user would run once and then delete is no good.
A standard Trojan game/utility would work fine even if only a small number of people run it.
Post some screenshots of the app with screenshots of some random Paypal transfers and I don't think that you will have a problem getting people to find/download your app.