Android is a hotbed for malware attacks because of so many reasons. Firstly, Android allows you to install apps from any sources. This makes your phone more vulnerable to malicious cyber activities because they have multiple entry points to attack you.
There are no hard and fast rules to avoid malware attacks. However, there are sure-fire ways for you to minimise the chance of getting infected. Here are some basic rules you have to consider to reduce the risk as outlined by security company Kaspersky Lab:
Download apps from Google Play
While some cybercriminals still find loopholes on the Google Play Store, it is best to download apps here only. Despite Android's weaknesses, there is still hope that you can be protected from any potential threats from your app downloads since there is an army of malware hunters behind Google Play. They intercept malicious apps before getting into the store.
For an added protection, disable automatic download from unknown sources through Settings > Security > Unknown sources.
Download apps from trusted developers
Tonnes of Android apps are available for a particular use. Hence, it pays that you choose to download those that are made by trusted developers. Before even hitting the Install button, check the developer's full name, list of published apps and contact details.
Read reviews and ratings
Apps with four to five stars can be a good sign that they are great. Highly-rated ones is a "hallmark of a good, helpful and safe app". Additionally, it pays to read reviews of these apps to see how they go for some users. However, it is important to note whether these comments are submitted by real people or bots. Detailed reviews likely come from real people.
Be cautious of app permissions
One of the biggest mistakes an Android user usually makes is granting every single app permission request. This is a good way for criminals to gain entry into your device as you allow malicious apps to be installed.
"Before installing an app, carefully review the specific permissions it is requesting and evaluate these requests reasonably: Does the app really need these permissions — and why? Are the permission requests at all suspicious?"