Android Master Key vulnerability” that allow hackers to modify any legitimate and digitally signed applications in order to transform it into a Trojan program that can be used to steal data or take control of the device. The vulnerability was also responsibly disclosed to Google back in February by Bluebox and but the company did not fix the issue even with Android 4.3 Jelly Bean. Google has also modified its Play Store’s app entry process so that apps that have been modified using such exploit are blocked and can no longer be distributed via Play.
Source: https://thehackernews.com/2013/11/another-master-key-vulnerability.html