A 4 year old security hole can make you android vulnerable to attack, that is of course if you install an app injected with this specific Malware.
The vulnerability apparently allows a hacker to turn a legitimate app into a malicious Trojan by modifying APK code without breaking the app’s cryptographic signature. Bluebox says the flaw exploits discrepancies in how Android apps are cryptographically verified and installed. Specifically it allows a hacker to change an app’s code, leaving its cryptographic signature unchanged — thereby tricking Android into believing the app itself is unchanged, and allowing the hacker to wreak their merry havoc. source techcrunch.com
Moral of the story is, don’t side load an application, make sure you download from the Google Play store and that the vendor is verified.