I run FireAmp mobile by cisco systems, along with a back up scanner from Avl (non-pro version works better in my opinion, does excellent job scanning system/root level files). My network on it passes through grey shirts no root firewall. I utilize a app called network connections, to monitor all outbound/inbound traffic. For hidden file management I use powergrasp and sandisk memory zone. I try to keep everything light as possible , but effective. Android is a secure device to begin with , out the box , main issue I focus on is network traffic since the malware is sandboxed and main thing it depends on is the network.