Я так думаю, что гугл решил взяться за безопасность основательно и будет радовать каждый день:
Only on-board, pre-installed software was analyzed e.g. OEM or carrier software, but not third party apps. In short, they found they could install apps that had access to higher level functions not specifically granted by the user via what is called a «confused deputy attack» where «where one app is tricked by another into improperly exercising its privileges».
As can be seen in the video above, an app is installed with these higher level functions but no warning was issued during installation. The question is this: is this a real threat or potential? Looks to be potential only at this point, but then again who knows. The researchers concluded it does «constitute a tangible security weakness» for Android.
Идеально спроектированное ядро линукса неуязвимо к вирусам и атакам класса privilege escalation
Посмотрите видео и найдите лишнюю цитату. Замечу, что Windows Phone seems to be inoculated against such attacks.