Android malware is a repeating news item here – and the way the Google Play Store operates is part of the problem but not the whole story.
Another part of the reason is that unlike Apple and iOS, Google exerts far less control over the Android operating system and third parties adapt it for their hardware making security patches decentralised across these vendors. It is possible to install apps to an Android that do not come through the Google Play store something Apple users cannot do with breaking their devices.
All of this gives an Android user more control over the software and hardware, which many of them like.
Now Google is not negligent when it comes to operating their app store – they do police it, just in a different way to Apple. To combat rogue apps in 2022 they expelled 1730,000 developers from the platform. They also blocked 1.5 million apps from reaching the app store for violations of Android terms and conditions.
Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)
User policies for both Android and iOS
Whether it is an Apple phone that belongs to the company or an Android phone that belongs to a team member, you need a policy that explains your position on your information on that phone. Lays out acceptable use and outlines the risk of rogue apps.
Clive Catton MSc (Cyber Security) – by-line and other articles