Not every email client for Android out there supports encryption; and when it does, it does not work like Enigmail: you must first install the email client, set it up; then install an app that enables the use of GPG (APG or GnuPG for Android); then you have supposedly and through a reasonably secure process sent your full GPG keys to your phone (SD card or the internal memory).
This code simply isn't in any Linux repository.
That means one must intentionally deviate and go outside of the keyring-protected repo of applications 'into the wild' to obtain this rogue software.
By definition, a trojan, requires one to install the application and then explicitly run it to have its 'payload' execute.
Choice has long been a defining feature of the world of free and open source software, and the constellation of options only gets bigger every year. Often it's brand-new projects causing the increase, but sometimes the growth happens in another way, when tools that were developed for a company's internal use get opened up for all the world to see, use and improve.
That, in fact, is just what has been happening lately on a grand scale in the security arena, where numerous major companies have been opting to open the doors to their own, in-house tools. Google, Facebook and Netflix are all among the companies taking this approach lately, and it's changing the security landscape significantly.
We open with the recent unpleasantness at the Drupal project. The SQL injection vulnerability, while serious, isn’t unusual. It’s actually the most common vulnerability in the world. What made the exploit newsworthy was the very short amount of time between disclosure and widespread exploitation: "if timely patches weren’t applied, then the Drupal security team outlined a lengthy process required to restore a website to health." Basically, you had seven hours to fix it before evil robots descended on your servers.
This isn’t an open source problem, it’s a software management problem.