Android devices are affected by a critical vulnerability which allows a malicious app to impersonate a trusted application inheriting its permissions. An attacker exploiting the vulnerability could insert malicious code into a legitimate app or gain complete remote control or the targeted device. The flaw is present in all versions of Android, the vulnerability is being investigated by Bluebox Security and Google to fix the flaw, a patch was released by Google to its partners in April, but the distribution of the updates to the end users is a carriers responsibility.”]
Source: https://securityaffairs.co/wordpress/27151/hacking/android-fake-id-flaw.html