Researchers said they've uncovered a security vulnerability that could allow attackers to take full control of smartphones running Google's Android mobile operating system.

This is not even the worst part.

The flaw has existed since at least the release of Android 1.6 almost four years ago.

Reading that makes this next quote even more confusing.

"I imagine that Google would move quickly to add some logic to look for such attacks," Dan Wallach, a professor specializing in Android security in the computer science department of Rice University

I'll grant that no carrier or phone manufacturer issues security fixes for phones that old (not even Apple). The interesting thing about this isn't so much the 4 year old phones, but the 8-18 month old phones. Android phone release cycles are realatively short. From what I've heard, carriers aren't too keen on updating phones outside about 3-6 months of release. The Android model really seems to compound security issues of this sort.