An Android flaw has been uncovered that lets malware insert malicious code into other apps, gain access to the user’s credit card data and take control of the device’s settings.
BlueBox Labs said it was particularly concerning as phone and tablet owners did not need to grant the malware special permissions for it to act.
The company added it had alerted Google to the problem in advance to allow it to mend its operating system.
Google confirmed it had created a fix.