This never even occured to me!
I had always assumed that the ad libraries, at least the ones that come with Android itself, would be firewalled off from the rest of the application and only get the information that they need to do their job. I never would have made the connection in a million years that since the library is running within the app, that Android would just let it have whatever access that the app had.
Sounds to me like a GREAT way to slip a virus into Android would be to start a bogus ad network, promising massive payouts, and putting the virus in the ad library. Or simply imitating the site for an existing ad system, try to leap frog it in search engine results, and use it to distribute the bogus ad library.
Once again, I am grateful that I am not an Android user.
J.Ja
