Luckily, not many US Android phones. Just a matter of time before manufacturers install rootkits as a matter of course.
Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers.
According to a new report from security rating firm BitSight, the issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices, including BLU Studio G from US-based Best Buy.
Source: Dangerous Rootkit found Pre-Installed on nearly 3 Million Android Phones