An Image Can Compromise Your Android Device
Although most Android-related security holes are limited to 3rd party app installs from outside the official store, once in a while there are vulnerabilities in the OS itself.
Three newly-found vulnerabilities (CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988) can affect handsets running anything between Android 7.0 Nougat and current Android 9.0 Pie.
One of the three vulnerabilities allows a compromised PNG file to execute arbitrary code on unpatched Android devices.
According to Google, “The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”
Google has already released a patch, but many Android vendors rarely patch their devices. If you are running Google devices, you surely have the patch; the same cannot be said for other Android phone vendors.