A third-party advertising library called InMobi, used by many Android applications, opens a potential backdoor into mobile devices. Attackers who are in a position to intercept traffic coming from an app that uses InMobi can inject JavaScript commands into that traffic and force the app to make phone calls, send text messages to premium-rate numbers, create calendar events, access the photo gallery and post on social networks on the user's behalf, according to researchers from security firm FireEye.