Google has fixed a cross site scripting security hole in web-based Android store. The security hole allowed attackers to install apps on Android devices without the user’s consent – and without requiring physical access to the device.
The exploit was fixed after Android security specialist Jon Oberheide reported this to Google. According to him, it was possible to remotely install arbitrary applications with arbitrary permissions onto a victim’s phone simply by tricking them into clicking a malicious link (either on their desktop OR phone). The exploit works universally across all Android devices, versions, and architectures.
Well the security hole is fixed now, so no need to worry.