Google doesn't have a great track record with preventing malware from hitting the play store (though they do remove it once it's been publicized/detected), so don't rely on just because it's there it's safe. Stick with popular software (where the more people have used it, the more likely a problem has already been detected) from popular developers.
Sideloading is an advanced maneuver, and probably should be avoided by the uninitiated, but it's hardly a universally dangerous activity. The Amazon app store has to be sideloaded, and at least historically, has been safer than the play store. Sideloading safely means only doing so from trusted parties, and as a general rule, that would disclude most 3rd party stores. But there are still developers who sell their app outside the store. If they've been around a while, are mostly say PC devs where 'sideloading' is the norm, not the exception, and have a public forum with years of customer engagement, those are some signs things are legit.
Android apps all come with a list of permissions, and while you may not be eager to learn what each one does, pay attention to what the popular apps you're installing ask for, the more familiar you are with them, the more you'll notice when an app asks for way too many permissions, and then just try to find a less intrusive option.
The best safety probably comes from buying rather than using free apps (exception: free apps from major services are safe, ex. gmail). Free apps have to get their money somewhere, and that means trusting unknown parties for revenue. Malvertising is a growing threat everywhere, and a lot of the recent issues that have come up have been from third party plugins in apps designed for revenue, not from the developers themselves. When you buy your apps, there are fewer parties involved and it's more clear how the developer is earning their keep.
