This isn’t always enough though.
There are documented cases of bad apps with active malware in the Google Play store.
It is an ongoing issue, just search most any smartphone centric tech news site and you will find recent lists of bad apps that were discovered, sometimes after years of use, that have had malware in them of varying degrees.
Google seems to have to play catchup. Apple has had bad apps to in thier app store, however, it seem much more rare for malware/bad apps on iOS so i have read. Google Store also has millions of what are clones of other apps…so many camera or torch apps, it drive one mad. Sticking to well rated, and paid ad free versions of apps, is best practice. Read the reviews for the app before u install it…and read alot of them, not just a few. Or free but Open Source apps.
That being said, yes, i used to run ESET and Malwarebytes on a smartphone in the past, and even when I was mass installing random apps, those that give u rewards, gift cards etc, questionable apps etc, those so called security apps never alerted or found any issues…ever. I even installed them on my grandparents phones for a while, to see if they helped combat the random junk apps that “the phone installed it self” they say, that were ad serve machines and took over the phone. nope, nada.
Those apps biggest issue, is updates and detection. These apps are not like the software’s used on PC. Zero day exploits are near impossible to protect from. Active exploits or whatever new comes out in some shaddy app, often takes much time to become known, code made to fight and remove it, then that info sent and those security app updated. By then, the bad app has been removed by Google and has already done its work on the users phone.
In my opinion, having those apps on your phone is useless, a placebo. Should you get actual malware somehow on your phone, factory reset it. and keep frequent backups of your data. But your typical, shaddy, ad nutty apps, most often, can just be uninstalled and cause no real harm.