According to Business Insider, security firm Dasient alleged that 8% of Android apps, that's 20K apps today, send user information to servers without user knowing about it or what they are for.
When on the G1 or my other Android devices, I've been pretty good about installing apps from trusted and big named companies. But there are tons of independent developers with great apps. But I general stay away from them because of the way the Google implements the Marketplace.
BI advocate that Google step up its vigilance on what apps can or cannot make it into the marketplace. But then that would really have to force Google to redefine what "open" is again. And that would not do - it'll be Apple-like.
However, Google may not have a choice if things become worse. Google has already lost control of the Android market as Chinese and other Asian device makers and developers make use of its OS. Pretty soon, a lot of the security issues and malware will leak onto our shores if it has not already.
I think the solution should be 3rd party app stores like Amazon or another like it that will allow in apps that they can be very certain that they do what do and not try to steal user information for nefarious purposes.