This seems a serious problem :-\
Indeed it is. Question is, does this affect the capabilities of CMS, I mean, will these infected APKs be detected or will they be trusted? Also how do the hackers replace the APK, before I download it or after I download it? If it’s after I download it, then what is the process, how do they have access to the APK in the first place?
This could be bad. I can see Google Nexus devices getting an Android update to fix this but what about all the other devices running older Android versions that don’t receive OS updates?
According to Sweclockers.com
[...]enligt uppgift har problemet rättats till i den officiella appbutiken Google Play. Den som laddar ned och installerar appar från andra källor befinner sig dock fortfarande i riskzonen.Which roughly translates to
Reportedly, the problem has been corrected in the official App Store Google Play. Whoever downloads and install apps from other sources are still at risk.However I can not find the source of that information so I do not know if it's correct.