In Google's May Android security update, they patched up a vulnerability indexed as CVE-2016-2060. This exploit allows a "seemingly benign application" to access data like SMS messages, call data and even change system settings without permission from the user. This vulnerability has been present in Android devices for 5 years. The vulnerability is said to be most dangers in Android versions 4.3 and earlier. This month's distribution numbers show 24.4% of the active Android devices have never even updated to Android 4.4 KitKat.