Mobile security company Bluebox recently discovered a four year old bug in android operating systems that allows an attacker to modify APK code without breaking an application cryptographic signature, to turn any legitimate and digitally signed application into a malicious Trojan, completely unnoticed by your device, or even by you.

The bug has existed since Android 1.6 Donut, so it affected almost 900 million android devices globally. This flaw grands access to attacker to read your data(SMS messages, email, documents, Etc.), get your passwords, and control any function of your phone, including making phone calls, sending texts, or turning on the camera and record calls.