Symantec offers an excellent in-depth article on how malware attacks operate.  In some ways, it is similar to installing a malicious application in Facebook, where the user provides permission before an infection takes place.  Likewise, mobile users are often offered “free applications” they can install.  

Android Threat Trend Shows That Criminals are Thinking Outside the Box

QUOTE:  But, if the criteria to qualify 2011 as the real “year of mobile malware” was to be challenged, then surely the events of the past few weeks alone should be enough to justify the fact that this year truly has seen considerable seismic activity that has shifted the tectonic plates of the mobile threat landscape

One such strategy is to separate the malicious package into staged payloads. The idea is simple: instead of having one payload that carries all of the malicious code for any given attack, break the threat into separate modules that can be delivered independently. There are several advantages to deploying the threat in this way.

As with its previous variant, Android.Lightdd still requires the user to accept the installation of any download—a major obstacle in this model of delivering a payload. However, another threat also discovered in the wild, Android.Jsmshider, has found a way to overcome this obstacle.