Samsung recently announced that more than 600 million Samsung mobile devices contained a factory installed third party software produced by SwiftKey that predicts the words you will type on your keyboards. The issue with the SwiftKey software is its contains a flaw that permits hackers to access the device when the Keychain software is applying a software update. While the flaw provides just a narrow window to access the device, if the hacker is successful, they will have access to the device’s GPS, camera and microphone, to secretly install malicious apps, to eavesdrop on inbound and outbound messages or voice calls, or access pictures and text messages. Because of the way SwiftKey is installed, the software comes with the device and cannot be deactivated or uninstalled.
This flaw was discovered by NowSecure in November. NowSecure told Samsung, and only now is the news becoming public. See https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/. Samsung is working on a solution.