Meh, that is more of a problem for the advertisers then the person who's device has the app.
You are correct however that using a device that runs code opens you to the possibility of a malicious code attack. The more code you use, from different places, the greater the risk.
Since it's practically impossible to live in the US today without some kind of, or several kinds of, competing devices it falls on the user to be reasonably careful. Nothing really new there.
I also have bad news: if you have a smart phone, you use apps. Everything on an android phone is an app.