A Crypto Key vulnerability that was affecting all Android 4.3 or lower devices (more then 86% of all Android devices) allowed hackers to acquire confidential information stored on your device. The vulnerability which was discovered by a security research team of IBM states that the vulnerability can be exploited using the android KeyStore (secured storage within the Android operating system for key-value pairs)
The vulnerability can simply be exploited by running a malicious app. Google has made it hard for hackers to make use of this vulnerability as it prevents the execution of address space layout (which prevents attackers from running the malicious code in the app)
The vulnerability doesn’t compromise any bank apps or any app that requires you to log in, but most apps that don’t are vulnerable.
“A malicious user exploiting this vulnerability would be able to do RSA key generation, signing, and verification on behalf of the smartphone owner,”
IBM informed Android of this issue back in September last year and has since then confirmed the issue has been resolved as of November.