It is possible, however it is very hard to exploit an Android device without having some type of physical access at some point. Android has gotten very tight and impenetrable on its security over the past few years. You used to be able to send a malicious media file embedded with malicious code that was designed to exploit the stage fright media library. It took advantaged of the integer overflow vulnerability which involves the input of a value that is out of range which can lead to privilege escalation. This has been patched tightly. Exploitation is possible, but it requires extensive knowledge of the Android system and it’s inner workings and libraries. You can also take advantage of social engineering to convince someone to install a malicious app that will open a back door. You can use a tool called Metasploit to generate an Android app file (.apk) that will open up a back door for remote command execution. However, android displays several warnings for third party apps not from the Play store. It also scans apps for well known vulnerabilities and will warn the user if it is a malicious app. It is pretty much mandatory, at this point, to have physical access to the device to install a backdoor app. Also, it isn’t recommended to use this advice for nefarious intentions.Recovering the information you need is really not a big deal, but why do you really need such data? its illegal to search through peoples phones and devices; private life in general, but still we have to be sure of what we are getting ourselves into these days, in this life one thing i know is that Karma exists and it could clap back anything, can we not be cheats and be loyal and honest with each other, life is short and you only live once; #YOLO. The latter of the case should always be reckoned with, of which it would be known eventually what would be the data at hand afterwards. Definitely!!!