cybrpnk2 (579066) writes "In this Arxiv paper, three German students present a novel,
highly critical attack that allows unprompted installation of arbitrary
applications from the Android Market. Their attack is based on a single
malicious application, which, in contrast to previously known attacks,
does not require the user to grant it any permissions."
Link to Original Source