Android Vulnerability Allows Hackers to Turn Legitimate Apps Into Malicious Troj

This seems a serious problem :-\

Indeed it is. Question is, does this affect the capabilities of CMS, I mean, will these infected APKs be detected or will they be trusted? Also how do the hackers replace the APK, before I download it or after I download it? If it’s after I download it, then what is the process, how do they have access to the APK in the first place?

This could be bad. I can see Google Nexus devices getting an Android update to fix this but what about all the other devices running older Android versions that don’t receive OS updates?

According to

[...]enligt uppgift har problemet rättats till i den officiella appbutiken Google Play. Den som laddar ned och installerar appar från andra källor befinner sig dock fortfarande i riskzonen.
Which roughly translates to
Reportedly, the problem has been corrected in the official App Store Google Play. Whoever downloads and install apps from other sources are still at risk.
However I can not find the source of that information so I do not know if it's correct.