An anonymous reader writes "The EZ2Use attack code has been released which exploits a vulnerability that exists in Android versions prior to 4.2. Vulnerable versions are installed on the majority of Android devices and most do not have a path to a patched version. The malicious code is a drive-by malware attack which gives the attacker remote shell access to the phone's filesystem and camera.
This vulnerability and Google's inability to patch many of the vulnerable systems in use is more justification for Google's move to include new functionality in its proprietary GMS application platform where they can simply push out a patched binary that will run atop any Android version. Deprecating functionality in AOSP and re-implementing it in GMS will at least give Google a simple path to patch vulnerabilities like this."
Link to Original Source