Android has a massive security bug in 'Stagefright'. Receiving a malicious MMS message can result in compromise of your phone.
Depending on how the mobile device is constructed, exploiting Stagefright allows an attacker to run arbitrary code with the media or system permissions. The permissions would give the attacker complete access to the user's device.
To avoid compromise, you need to prevent your messaging app of choice from automatically downloading and launching MMS messages. This way, you won't be at risk unless you choose to download the MMS.
However, the MMS message issue patch won't completely protect you from every type of attack. An MP4 file embedded on a web page or in an app that wants to exploit your phone or tablet device could do the same.
Tom Lysemose Hanson, founder and CTO of Norwegian security specialists, Promon commented, “In almost all cases, vulnerabilities are developed to differ from their predecessor, so any attempt to patch them will be a reaction, rather than a proactive step to protect the device. While the patches may secure Android devices from Stagefright, future threats remain unaccounted for. Dealing with these threats in real time is all too often the crux of maintaining adequate security for your mobile device.”
Most Android devices do not get security updates, resulting in 95 percent of them being vulnerable to Stagefright. To check on whether a device is vulnerable to Stagefright, install the Stagefright Detector App from Google Play. Zimperium made the app.
Many Android devices that are version 4.3 and older have a vulnerable web browser component. This won't be patched unless the devices upgrade to a newer version. By running Chrome or Firefox, you can protect yourself against it but that browser will always be on the devices until they are replaced.
The current method of updating an Android device is leading to the devices building up holes over time—making iPhones more secure since Apple has committed to updating iPhones longer than Google, Samsung and LG.