This bit of news probably sounds more scary than it actually is. According to Bluebox Security CTO Jeff Foristal there is an APK code loophole which will allow malware to be loaded undetected under the guise of an authentic app. This issues apparently dates back to the Android 1.6 (Donut) firmware which according to Forristal could affect 900 million devices. This said exploit if abused by hackers could mine data from messages, emails, to stored passwords and other sorts of data to the point of hijacking devices to create a mobile botnet.
While this all sounds so scary, the fact that the exploit has been around for four years and nothing major has happened with Android devices so far may mean this exploit is being panned out to be a bigger issue than it actually is, or maybe not. Our Android devices could all be slaves in a great botnet that we are not aware of. Forristal will reveal more details publicly at the 2013 Black Hat security convention later this year. In the meantime, you will probably want to steer away from downloading all the apps you can find on Google Play (hooray for an open market, eh?). Actually, with or without the exploit, you should be careful with the apps you download.