I have ranted about this before, but so many apps are spyware and some are just plain malicious. Google does a piss poor job of vetting because for many of them which are spyware, they benefit as they are able to hoover up more user info. As one of the commenters to the article stated

So what it does is just allow network probing from behind a company or personal firewall, should you actually be behind one that matters? That’s potentially troubling, but doesn’t appear to be “controlling” the device. What bothers me more is that Google appears to have made too many compromises for ad-paid games, carriers, and OEMs instead of giving people the easy control over what can do things on their own devices.

Quote

“DressCode” apps turned phones into listening posts that could bypass firewalls.

Google Play was recently found to be hosting more than 400 apps that turned infected phones into listening posts that could siphon sensitive data out of the protected networks they connected to, security researchers said Thursday.

One malicious app infected with the so-called DressCode malware had been downloaded from 100,000 to 500,000 times before it was removed from the Google-hosted marketplace, Trend Micro researchers said in a post. Known as Mod GTA 5 for Minecraft PE, it was disguised as a benign game, but included in the code was a component that established a persistent connection with an attacker controlled server. The server then had the ability to bypass so-called network address translation protections that shield individual devices inside a network. Trend Micro has found 3,000 such apps in all, 400 of which were available through Play.