This article isn't that surprising. I'm actually surprised that its not more of an issue, meaning that we've not seen web browser history being sent back and even keyloggers being put into Android apps. With the proliferation of smartphones and people's shift to performing more and more financial transactions through their phones, this is the next ripe target for malware writers. It would seem that they've largely stuck to writing malware (viruses, keyloggers, etc) for the Windows population, but writing apps for Android apparently is quick and easy. AND there's little scrutiny to getting an application into the Google Marketplace.
Maybe Apple's model of tight control over their store is good, it just has to be tuned to look for security issues. It would be great to have a set of tools/apps that they could run an app through as a security assessment and evaluation to whether or not this application needs to gather phone numbers, voice mail numbers, etc. Control, document and push back if there's no logical reason why this information needs to be gathered. Doing this would protect the users and be doing a service to the #1 smartphone OS being sold at this time.