If you have any of Google's apps installed, you'll also have Play Services installed - and this has already been updated to detect attempts to use the specific vulnerable certificates involved. If you only get your apps from the Play Store, you're fine, as they've already all been scanned (and no exploit attempts detected). Even if you sideload, so long as you left the Verify Apps checkbox on (default setting), then Play Services will scan any sideloaded apps too (no exploit attempts have been detected that way either).
While the vulnerability is a serious one, it's not something that will concern the vast majority of Google's Android users. It's probably a lot more significant for companies like Amazon, who will have to develop their own response, and (inevitably) for all those millions of Chinese users of generic non-Google Android derivatives.