Google Android applications on the T-Mobile G1 can spawn a telnetd
that gives remote root access to your phone:
This particular method needs user interaction, but a rogue Android app
could easily run telnetd automatically. Android apps are not normally
granted this sort of permission, and granting root is not supposed to
even be possible.