For non-rooted - in fact, just either stumble upon a site with a virus, or install an apk with it. Moreover, the market-not the market does not play the piano here - and on the market it is easy to stumble upon an appliquha with an infection. You need to carefully look at the rights that the application requests.

Nothing depends on you. In androids versions 6 and older, there are such glaring holes that winding up on screws, rummaging through the Internet, and even in muddy places, is just a matter of time. Nothing depends on the user. You can LITTLE the risk by using the advice given by other speakers - don't install left software, don't enable permission to install APK from third party sources, don't rummage around. But in general, this somewhat reduces the risk, but does not eliminate it completely. There are a lot of infection vectors, and not all of them are connected to the Internet. In some cases, Bluetooth or WiFi enabled is sufficient. Yes, yes, just enabled on the device, no more actions from the user are needed to break the device. Here, for example, please: https://www.theverge.com/2017/9/12/16294904/blueto...