Well this just bummed us out. Researchers from the North Carolina State University have uncovered a threat to privacy---and it's sitting right in the palm of your hand. The culprit? In-app ads that can be used to get past Android security. We assume Bouncer is a bit powerless against it.
Sometimes these apps download and run codes from online sources without the owner knowing and ta-da, your contacts list and other important information have been stolen or worse, replicated and used. This was previously reported by the same NCSU team that deemed Android's Bouncer ineffective or at least, blind to the goings-on while apps are running.
Other discoveries suggest that nearly half of free apps had "libraries that track a user's GPS location and one in 23 [apps] allowed that data to be passed back to the advertiser." BOO! We've been hearing a lot of that word lately, and associated with Google, too. Just see what James Whittaker had to say about "commercials."
The NCSU team reiterates that the app itself is harmless and safe, but there's a possibility that the ads they run could download malware into your device and control it right under your nose because it has the same permissions that the app does.
Lesson learned: read before you click. Check out the download permissions before you update or download an app and if there's one thing we learned from the NCSU team---ad-running free apps might not be your friend.