Re: Runnng 4.4.4 no worries
all software has bugs, regardless of who makes it
True. That said, I took a look at the second bug (since I'm running a phone with Android 2.mumble, though I install almost no apps on it, and certainly not without considerable scrutiny), and it's 1) a dumb mistake on the part of the developer, 2) pretty obvious when you have the source code, 3) part of a general class which is likely to contain other bugs of the same sort, and 4) indicative of a systemic software-security failure on Google's part.
The last is the failure to recognize that security is a cross-cutting aspect, and mechanisms such as Android's "activities" either need security implemented at a lower level (say, using a capability architecture of some sort), or need it automatically injected via some aspect mechanism. Requiring the developer to either review which activities are exported, or to manually implement safeguards against misuse, will inevitably produce privilege-escalation bugs.
Explicitly wrapping security around functionality is good - it reduces the attack surface and increases the depth of defenses - but in itself is not sufficient against reasonable threat models for consumer software that controls anything of value.