Last Tuesday evening, Google's Android team was made aware of a number of malicious applications published to Android Market. Within minutes of becoming aware, Google identified and removed the malicious applications. The applications took advantage of known vulnerabilities which don’t affect Android versions 2.2.2 or higher.
For affected devices, Google believes that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).
However given the nature of the exploits, the attacker(s) could access other data, which is why Google has taken a number of steps to protect those who downloaded a malicious application:
