Google has fixed 107 vulnerabilities during its monthly patch cycle for Android. In the worst case an attacker could exploit one of the vulnerabilities to take full control over an Android device. To do so the user had to open a malicious email, visit a malcious website or receive a malcious MMS.
If you open unknow email and attachment and click on MMS that you have no idea whom sent it or don't know why they sent it you deserve to get infected. That will teach you a long life term lesson.