This is not exactly Google Android's fault exactly, but more towards the applications and the recent find was something that resembles Windows DLL Hijacking. The team found a few applications in the Google Android Marketplace that were vulnerable to this attack but don't worry too much; they have already notified the application developers accordingly.
Android provides APIs that allow an application to dynamically load code to be executed. For example, an application may support plug-ins that are downloaded and then loaded at a later time. Unfortunately, if these plug-ins are stored in an insecure location, this process can be hijacked, allowing access to private data and unexpected arbitrary code execution by malicious applications.
If you're a developer, do visit Symantec's blog for a more detailed explanation of how the attack is done so you can develop safer applications. Symantec has already contacted Google about these issues.
source: 2DayBlog.com
