Not long ago, the viaForensics blog demonstrated and Android app
which requires no permissions and yet is able to give an attacker a remote shell and allow them to execute commands on the device remotely from anywhere in the world.
Wait, aren’t Android-based handheld devices starting to be used throughout the Federal government? While I think that it's great there are so many apps now on Android, many of us in Silicon Valley and other tech centers who deal with the information assurance aspect of mobile devices have to wonder about some of these “little deficiencies” that are around  Android and continue to be so.