It doesn't get much scarier than this. Bluebox Security claimed to have discovered a vulnerability in Android's security model that could allow attackers to convert 99 percent of all applications into Trojan malware. Google has told ZDNet that the hole has been patched and that it has been released to original equipment manufacturers (OEM)s.Google Releases To OEMs a Fix The "Master Key" Security Hole In Android [zdnet.com]
Gina Scigliano, Google's Android Communications Manager, said that while Google didn't have a statement, she could "confirm that a patch has been provided to our partners - some OEMs, like Samsung, are already shipping the fix to the Android devices."
Thus, Android users will, as they always have, need to reply upon their hardware vendors for this update.