A user installs a vulnerable app that contains a remote access backdoor onto their Android device. A remotely-controlled server takes control of this app by exploiting its insecure backdoor. The Stagefright exploit is definitely not a minor problem, and it potentially affects basically any device going back to the early years of Android.
Google issues second patch for Android flaw after first attempt fails. Google is rolling out the Stagefright patch to Nexus devices as promised, but the bigger news alongside that announcement is a new update policy for Nexus devices. Going forward Google will release security patches for Nexus phones and tablets about once per month.