> Do you have to have the "Hangouts" app installed for this security vulnerability?

No. The flaw is present in the extraction of the image data from the MMS message. Anything that uses the system standard way of doing this, including but not limited to Hangouts, will be vulnerable.

Hangouts retrieves MMS messages by default. This can be disabled under Settings => SMS. Turning this off disables the automatic processing and thus the passive exploit, but opening an MMS message containing the exploit can still be done by hand.