Security researchers of the security group at the Free University of Amsterdam found a hole in Android. The scoop in Dutch - news is 10hrs old at time of writing, I didn't find an English source yet. Heck, the university hasn't even put out a press release, even though this is currently making a splash in the Dutch news.
In short, the researchers hacked the user's (desktop) browser and then installed (via this browser) a malicious app on the phone.This gave them basically full control over the phone: turning camera on/off, replacing installed apps with malicious versions, intercepting text messages, etc. In fact, they used this to reduce a common version of two-factor authentication (know password and have phone) to only one factor: they managed to intercept verification codes (text messages) sent by a bank.
The problem is not in a specific version of Android, but in the deep integration between Google's websites and Android. Google has been made aware of the problems late 2014, but has yet to publicly reply.
(Score: 3, Informative) by DarkMorph on Sunday June 28 2015, @08:51PM
Let's assume you didn't mean the entirety of the operating system, but rather the binary official builds of Android that Android-based mobiles have pre-installed.
This article [linux.com] will briefly introduce the F-Droid "shop" which is essentially an index of OSS available for Android. Their listings even flag applications that may contain undesirable features such as advertising or data-reporting functionality. As for actual operating system replacements, Cyanogenmod [cyanogenmod.org] and Replicant [replicant.us] are both mentioned in the article as well, both of which are open derivatives of AOSP [android.com]. Also, there's AOKP [aokp.co].
Lastly, it may be worth mentioning Firefox OS [mozilla.org]. It is a different platform not derived from AOSP. It's a newer platform, and with less developers focused on it, it may still seem like it feels a bit unfinished. From my understanding the platform is primarily targetting very low-end devices in certain regions in the world, so it may be some time before FirefoxOS catches up in any meaningful sense.