well calling out the memory is the real question you have there, although thanks to stupid people its easier then ever. I wouldn't tag the installer directly with a command as its mostly bulletproof that way, but you could trigger the install via a memory hash posted into the memory. really I would start with making the .apk with the exploit in mind, and then have it load the .apk you have in mind after the exploit. The user is going to get a shit ton of warnings about installing this shit so its best to test this out in trial and error, but its really easy if you think about it.
Rather then getting technical and looking for a way to trick the installer so there is no warning, I would just post a comment about "there will be a warning you must press continue anyways to get it to install, I am working on a fix". Let social engineering take you that extra step because lets face it, people are *****ing dumb and most of them if told shit will happen ahead of time are ok with it like a sheep.
idk sounds easy shit really. the thing is if you get too many this way someone will issue a patch and you get *****ed up, so best to think about that ahead of time if you want to be something more then a script kid.
Set the malware to look for an update although where your going to target that payload and keep it from prying eyes... now your in the fun area. Also do keep in mind you can try out anything on a mobile phone under development mode, but getting it to fly long term is the challenge, best to have this malware install more malware to keep ahead of the curve.
enjoy
