That doesn't mean that apps that deliver malware through ad networks can't make it into Google Play, as the BadNews incident has shown.
Google Play checks APKs for malware before approving them, so getting an infected APK uploaded there can be very hard, Botezatu said. However, a malicious ad server could lay dormant until after the application is approved and then start delivering malware, he said.
Botezatu believes that users are more likely to fall victim to "malvertising" -- malicious advertising -- attacks launched through mobile apps than Web browsers. That's because there have been many incidents of ad-based malware infections on computers and users are probably more careful about what they click on inside their browsers, he said.
Android users should make sure that their devices are not configured to allow the installation of apps from unknown sources and should run a mobile antivirus product, which might be able to detect malicious apps delivered through ad networks, he said.