Spider Labs has released a root kit that could potentially allow hackers to access emails and text messages on Android-based smartphones.
"It wasn't difficult to build," said Spider Labs chief Nicholas Percoco, who told Reuters the kit had been coded in just two weeks.
"[Of course,] there are people who are much more motivated to do these things than we are.
"[But] we could be doing what we want to do and there is no clue that we are there."
Percoco also claimed the root kit - which was tested on HTC's Legend and Desire smartphones - was coded in a noble effort to "persuade" Google that it should fix the critical vulnerability ASAP.
However, Phandroid's Quentyn Kennemer believes Google may already be hard at work developing a patch for the security hole.
"At first, you may not think releasing the scary tool is in yours or anyone's best interests, but it forces Google's hand in making sure things are set straight before too long.
"[Remember], this isn't unlike the story [from a] year ago where a known SMS flaw plagued millions of [cross-platform] handsets, allowing the sender of an SMS to [issue] something similar to a denial-of-service attack which [blocked incoming and outbound] calls, text messages [and] data."
Kennemer added that both Google and Apple had pushed out updates "within days" of the startling disclosure.
"[So], if this [vulnerability] is anything like that, then I'm sure Google's already hard at work to take care of [it]."