The research team, from the University of California, Berkeley, showed how a malicious application could be installed on a phone that would allow an attacker to track the phone's location, record conversations, and even take pictures.
The application could be installed without the user's knowledge or consent, and would not be detected by most antivirus software.
The researchers say that their findings have serious implications for privacy and security, and that mobile phone users should be aware of the risks.
They recommend that users only install applications from trusted sources, and that they keep their phones up to date with the latest security patches.
The research team also developed a tool that can detect and remove the malicious application.
