Researchers have found a security hole in Android 4.3 Jelly Bean that can allow a rogue application to bypass the targeted devices security, turning off the various security locks. The vulnerability in the Jelly Bean version of the Android operating system allows the malicious app, without any special permissions, to disable the normal security mechanism. Google has included a fix for the security vulnerability in 4.4 Kit Kat, but most Android users are stuck on Jelly Bean. The Android platform is nothing like as well policed by Google as Apple does to protect its iOS users.”]
Source: https://grahamcluley.com/rogue-app-device-locks-android/