Install apps only from the Play Store, there's no 100% guarantee of course that everything from it is safe but Google does have established rules and guidelines in place so it's not a matter of just anyone can have their product there, and when something that's a problem is discovered it will get pulled out.
But conversely, if you're just downloading apk files from just some web site you see referred to in some review article, you have no idea if it's valid or not, or if it's been compromised or not, or if it's an intentionally deceptive app that can add a security or privacy exploit into your device. While there are a handful of valid, non-Google apk repository sites, be very selective about which ones you use. The bottom line is if you opt to install apps outside of the Play Store, you greatly increase the risk of compromising your phone. There are simply too many black hat hackers out there who know they can get away with just posting some tempting apk files that appear to work just fine but in reality also install some kind of malicious service that runs in the background.
