Google, your design of Android has been so phenomenally bad that you issued 115 patches for Stagefright/Mediaserver CVEs in 2015. Let's just review exactly how terrible the design of Android's media system really is:
Don't start me on Stagefright and Mediaserver, I could rant for 2 or 3 hours non-stop! Seriously, the code over there is crap, and has insane concepts, like aborting the whole mediaserver (and all related media decoding of all other applications running at the same time), when it parses a file with attributes it does not know, instead of skipping the file. We discovered some issues in Stagefright (busy loops, device reboots, mediaserver crashes) quite early, but we never thought about submitting them.
--Jean-Baptiste Kempf, Lead Developer of VLC
Anything that you are doing with attachments in a new messaging app should fork any outside processes in separate chroot() jails as individually-distinct, non-root users.
If you can't figure out how to write secure code, then just stop writing code.