This means that anyone with access to the SDK can theoretically develop an app that automatically connects to a hidden server on the internet, allowing the server to run predetermined commands on the phone. These commands include adding new contacts, uploading files, making phone calls and installing other apps or malware. Trend Micro reported over the weekend that they'd already found malware -- ANDROIDOS_WORMHOLE.HRXA -- downloading to compromised devices. The problem is even more severe for rooted devices as they won't notify users when new apps are installed. Baidu has already issued a partial fix for the problem, however the HTTP server remains online and active.

[Image Credit: AFP/Getty Images]