This is just a theory, I'm no dev. So my question is to the devs.
Would it be possible to modify a system APK, adding an exploitable vulnerability, and replace it.
Replacing the existing market with the new one was simple, and I know some system APKs can be modified in an archive program without screwing up the signature. In theory shouldn't it be possible to introduce a vulnerability this way?
Let me know what you think.