The best case scenario is that an Android device would be jailbroken, but it is possible for an attacker to inject a legitimate application with malware that could enable the attacker to read sensitive data such as email, make phone calls, send SMS messages, or even retrieve passwords and account information.