1.Android Deserialization Vulnerabilities: A Brief history
https://securitylab.github.com/research/android-deserialization-vulnerabilities
2.CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream
https://seclists.org/fulldisclosure/2014/Nov/51