Im still a newb to Android would they have sideloaded the app to get infected or get it from another source? How can I ensure this doesnt happen to me or what are the rules of the road someone should know to prevent Android infections? I would imagine its still the user not paying attention or doing something stupid.

Over 10 million Android devices reportedly infected with Chinese malware

Ten million Android devices have been infected by malware called HummingBad, according to Check Point. The cybersecurity firm said it discovered the malware in February, and has been tracking it ever since.

Avoid side loading apps, only install apps from the official google play store also avoid adding alternative App stores to your device.

If you see a site offering a program that does something really cool for free but isn't in the app store avoid it at all costs.

Google doesn't have a great track record with preventing malware from hitting the play store (though they do remove it once it's been publicized/detected), so don't rely on just because it's there it's safe. Stick with popular software (where the more people have used it, the more likely a problem has already been detected) from popular developers.

Sideloading is an advanced maneuver, and probably should be avoided by the uninitiated, but it's hardly a universally dangerous activity. The Amazon app store has to be sideloaded, and at least historically, has been safer than the play store. Sideloading safely means only doing so from trusted parties, and as a general rule, that would disclude most 3rd party stores. But there are still developers who sell their app outside the store. If they've been around a while, are mostly say PC devs where 'sideloading' is the norm, not the exception, and have a public forum with years of customer engagement, those are some signs things are legit.

Android apps all come with a list of permissions, and while you may not be eager to learn what each one does, pay attention to what the popular apps you're installing ask for, the more familiar you are with them, the more you'll notice when an app asks for way too many permissions, and then just try to find a less intrusive option.

The best safety probably comes from buying rather than using free apps (exception: free apps from major services are safe, ex. gmail). Free apps have to get their money somewhere, and that means trusting unknown parties for revenue. Malvertising is a growing threat everywhere, and a lot of the recent issues that have come up have been from third party plugins in apps designed for revenue, not from the developers themselves. When you buy your apps, there are fewer parties involved and it's more clear how the developer is earning their keep.

Thanks this all seems like good common sense and I have no problem spending a couple bucks for the non malvertisement possibility (thanks for the tip). A few bucks to keep from getting garbage on my device is worth it. I don't plan on sideloading unless at some point I get into developing my own apps but I have a lot more training ahead of that.

antivirus does exist for android but i dont know how well it does in detecting existing infections other than bad apks. but still anything is better than nothing. i personally use avast but i say usewhat you trust and that will add another layer of sercurity.

read reviews on the google play store especially the one and 2 star reviews. those occasionally contain info that can help determine if the app has any malicous content or if it is just crap.