Google this weekend confirmed that it removed a number of malicious applications from the Android Marketplace. It is also remotely removing the apps from devices to which the apps had been downloaded.
The malicious applications used vulnerabilities found in devices running versions lower and 2.2.2.
For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data
Google is sending out an email from android-market-support@google.com to all affected users. It is also pushing out the Android Market Security Tool March 2011 to prevent further information access. Uses will also receive a notification that an application has been removed if necessary.
Google is also promising “number of measures” to prevent future occurrences of such events.