Most cases are caused by users who root their phones and try to download random cracked apps from outside the app store. If you do that, the chances to download a android rat are big. Otherwise, it's very difficult to sneak a infected app in the app store without being detected, since they are periodically tested.
And even if they can break through the play store security, there is not much they can do if you are not rooted and don't give the app root permissions. So it's fairly simple to avoid malwares.
This is why I don't really tend up to root my phone.You would really able to use the phone on its full potential since its being rooted but the risk would really be there which it can really weaken phones security and its more prone to be compromised specially if you are an user which do fan of downloading things.As most people are saying here Phone wallet hacks is lesser compared on pc itself. The fact that on just listing it on playstore or any other legit download places will already filter them for any possible malwares or they are already infected and removed them.