By default, installing apps outside of the Google Play Store is disabled on most Android phones. If you try to install an APK file, you'll see a warning and you'll have to check an option in the Settings to enable app sideloading.
Just in case you install APK files, Google Play Services includes a feature that verifies apps when you install them. It blocks potentially harmful apps and it has been used more than 4 billion times. The anti-malware feature is now a lot more powerful: it now monitors apps even after installing them.
"We're rolling out a new enhancement which will now continually check devices to make sure that all apps are behaving in a safe manner, even after installation. In the last year, the foundation of this service - Verify apps - has been used more than 4 billion times to check apps at the time of install. This enhancement will take that protection even further, using Android's powerful app scanning system developed by the Android security and Safe Browsing teams."
Apparently, Android is more secure than you would think. "We've found that fewer than 0.18% of installs in the last year occurred after someone received a warning that the app was potentially harmful," mentions Android's blog.
QZ.com reported last year that the percentage was 0.12% and that "0.001% of app installations on Android are able to evade the system's multi-layered defenses and cause harm to users". 95% of the phones have Verify Apps enabled by default and 0.5% of app installs from unknown sources receive a warning. Just because you receive a warning doesn't mean that the apps are actually dangerous: 40% of the warnings are for apps that root your device, another 40% are for fraudware apps that send premium SMS messages and another 15% of the warnings are for commercial spyware.