According to Google, by October 2014 less than 0,5% of Android devices had Potentially Harmful Application (PHA) installed. That number is excluding non-malicious Rooting apps, but that is no surprise.
And, more importantly, “fewer than 0.15% of devices that download only from Google Play had a PHA installed.”
One main reason was that Google made improvements in the Android platform security technology, e.g., using SELinux sandboxing and use of Verify Apps functionality.
Read the full article here.