None..Pay attention to ratings and permissions for apps, don't visit questionable sites, and you should be good. Never had a mobile AV, and never had an infection. Just be sure to install patches when they are released.
Antivirus (often free) is advisable.
It is also advisable to make sure that on the Android device, it is disabled the ability to install apps outside the Play Store: "Settings - Other - Security" and check off the box for "Unknown Sources" also, ask yourself if it is really necessary, check its permissions and check the reviews to see if anyone has reported any anomalous behavior. Finally, be careful to avoid altering the operation of the Android device with operations such as rooting.
Let's leave aside for now the scenario in which a happyclicker user installs the app he will find anywhere. I'm interested in the case where a download only through the app store of Google. I'm sure that at the time of publishing an app, Google itself uses all the existing systems to verify it...or maybe not.
What happen if someone discovers a malware dropped in this app at a later time, when the app is already widespread?
In that case what is the approach of Google? Warns the user that the app is deprecated, and it would be better to uninstall it? I don't think.
Antivirus can help you in this scenario.