Various researchers have report security-bugs, but they remain open for years, see:
http://www.computerworld.com/s/article/9250110/Android_vulnerability_still_a_threat_after_nearly_two_years?source=CTWNLE_nlt_security_2014-08-04
I have written and reported on mobile security issues and testing. However it feels like until somebody actually exploits a fault and the exploitation makes the news, many vendors and app providers do nothing.
I do not put any information on my phone that I don’t want public. I am even unsure about using many mobile web apps with register logins. If the mobile app world wants to become trusted, I feel they must do a better job, but just like the web world during the “.com” bubble of years back, I suspect it will take time until companies come to understand the importance of quality and security of the mobile world.
It is sad.
breakingembeddedsoftware 