This seems less sensational than the headline, but from MakeUseOf
A new phishing technique utilizing SMS messages has just been in discovered in the Android Open Source Project. The vulnerability affects every version of Android going as far back as Donut (1.6), and all the way up to the former iteration of Jellybean (4.1) through Éclair (2.1), Froyo (2.2), Gingerbread (2.3) and Ice Cream Sandwich (4.0).
SMS phishing, also known as SMiShing, is a social engineering technique whereby a fake SMS sends you to a malicious website, or prompts you to download a malicious app onto your phone. The new vulnerability was discovered in the department of computer science in North Carolina State University, where a team of researchers were able to create an app that sends fake text messages. These can easily be made to look as if they were received by someone on your contact list.
More at the link