Several Android phones are executing dailing USSD codes when they are embedded in QR barcodes or webpages.
Some phones like most Samsung can be reset to factory defaults: All data lost…
If your phone is vulnerable you can check on http://ct.de/ussd
When a message poping up with your IMEI you better install as workaround the NoTelUrl app from the playstore. This small app is also claiming to be responsible fot TEL URLs. Instead firrct executing the USSD code a selector is poping up.
Hopefully soon ipdates released….
More information about this bug you find at: