Hackers have exploited a vulnerability in the Android system's security model, which has enabled them to modify the APK code without breaking the application's cryptographic signature.
The issue was discovered by the Bluebox Security research team, which noted that any legitimate application could be turned into a malicious Trojan.
When installing a Trojan application from the device manufacturer, it can then be given full access to the Android system and all its applications that are currently installed.
Arbitrary application data such as email and SMS can therefore be read.
This could go unnoticed by the phone, app store or even the user, making this a potentially dangerous threat to mobile application security.
It is estimated that the Trojan could affect any Android handset released since 2009, which is believed to equate to as many as 900 million devices.
In light of this discovery, Android phone users are advised to make sure they exercise extra caution when identifying the publisher of the app they want to download.
Not only this, companies that operate bring your own device systems should encourage all users to update their devices, as well as emphasise how important it is to do this in the future.