The recent Android vulnerability “Stagefright” look really scary. I would say that until a patch is released, Android users are pretty much defensless against it. All they need is your phone number. A specially crafted media file delivered by MMS, and it´s over.
And the worst part is that if the attack is successful, you wont see a trace of it! These kind of vulnerabilities makes you think if a patch really makes a difference, since your phone might already be trojanized. Any malicious code would probably try to get immune to the patch, or at least stay unaffected.
Patched or compromised, or both? You will only know about the first one..