In the past Microsoft remove AVG from their app store because it does nothing except collect users data for ads purposes. Similar to Linux computer you don't need antivirus, the harm done to the system tenda to be scripts that download and launch. Most antivirus just scan apks, but you're downloading apks from the Playstore anyway. If you are sideloading an apk and have network, Google sevices will scan that apk for virus as well, so its kind of pointless to have an antivirus.
There are malware apps that can utilize automation to install adwares or malware if you allow installing apks from Unknown sources, so just remember to disable that when you're done side loading. Also disable USB debugging.
One thing you can't stop is adwares that come with most freewares and large amount of paid apps, some are more concerning than others since apps can have permission to your info like contacts, location, imei, etc. This can be stopped with ads blocking which require root and App Ops which Google removed access to starting with 4.4.2, unless you have root.
Apps that steal your info etc are still just apps imo, it does what it's designed to do, you just have to be careful of what you download. Real malware to me is when something have a capability to exploit some part of Android or have a piece of Trojan in it and doesn't do what the user intend. I think Google does a poor job at checking apps submission since it doesn't involved human intervention.
People have to realized a lot of malware are web based and you can't fault the OS for it. The problem here is that many Android utilize web interface fully or partially so they are susceptible to these usual kind of exploits.
sent via tapatalk