Here is another big threat to android devices. ComputerWorld has reported that, a newly discovered  flaw in Google’s Android security model enables rogue apps to gain full access and enables attackers modify apps without breaking signatures, which affects 99% of Google’s Android devices

A newly discovered flaw in Google’s Android security model enables rogue apps to gain full access to the Android system and all installed apps, read all data on the device, harvest passwords and create a botnet of “always-on, always-connected and always-moving” spy devices tracking users’ location while secretly recording.

 The implications are huge ,A device affected by this exploit could …become a part of a botnet, eavesdrop with the microphone, export your data to a third-party, encrypt your data and hold it hostage, use your device as a stepping stone to another network, attack your connected PC, send premium SMS messages, perform a DDoS attack against a target, or wipe your device a representative of the company wrote AppleInsider.

The flaw has been in place since the release of Android 1.6 “Donut,” meaning it affects virtually all Android devices sold in over the last four years, essentially all of the installed base of Android devices: Eclair, Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich and Jelly Bean.

So far, Android licensees have been extremely slow to roll out any updates for their users, often refusing to bother with distributing even significant security patches.

Android’s unaddressed security lapses have helped make it the world’s leading mobile platform for malware, a problem many of its supporters simply refused to acknowledge. However, this new vulnerability means puts Android users at even more risk, because now they can’t even trust apps signed by a legitimate developer.

 

Lets know what do you think..