That was quick! Security researchers at Microsoft and Sophos say they may have spoke a bit too soon about Android phones hosting a BotNet and spamming through Yahoo mail servers. Terry Zink, one of the discovers of the issue, said the following on his MSDN security blog:
Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the message-ID thus overriding Yahoo’s own Message-IDs and added the “Yahoo Mail for Android” tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices.
In addition, researchers at Google and Alex Stamos, CTO of Web-security firm Artemis Internet, say it's far more likely that the people behind the attacks were spoofing the mail headers and adding the tagline, simply because it's difficult to spoof the IP on a mobile device.
In any case, the rest of the warnings still stand. If you're not going to pay for apps, whether because you're cheap or because you're unable to, use some common sense and be careful. Malware certainly does exist, even if it's not at the proportions some members of the media try to make it out to be.