So am not the first to bring this to others attention. I've seen several articles on it over the last week on the Android "Master Key" vulnerability.
Basically, researchers at Bluebox Security have found this security hole that has been present in all version of Android since v1.6. The firm informed Google about this in February. The Samsung Galaxy S4 supposedly has been patched for it. No word on any other Android device.
More information on it will be forthcoming at the Black Hat Security Conference. But for right now, you can check out their blog posting HERE on it.
Now, a basic thing about this issue is that it is exploited by malicious apps. And malicious apps, despite tools like Bouncer in the Google Play Store, can still be put up there. Patching Android is always a tough thing, because the process has to include both the manufactors and the carriers. According to a recent item on CIO, Google has already updated Play Store to block apps that take advantage of the issue. But I hope people see that as only a stop gap to getting the Android OS itself patch.
For those interested, here are the articles I've see so far on this: