The Play Store is a cesspit
"Google should also take another look at its malware scanning systems. While the Chocolate Factory claims that its AI-powered code checkers booted out 700,000 malicious apps in 2017, it's clear the ad giant is still asleep at the switch."
I have yet to see Google's "Play Protect" flag any dodgy app.
I have logcat logs showing apps taking screenshots of the device in the background as well as the usual full screen ads that play sound and post more ads to the notification screen and much more.
Overlay attacks that trick users into downloading or sharing other apps by placing an X over the top of other buttons.
Apps that attempt to root a device or attempt to run su, chown, chmod on an already rooted device.
And each and every time I see these things on an Android phone Play Protect says everything is OK.
The problem is that users then download some other so-called "security" app to try and remove the adware that just compunds the problems.
The only time an app ever gets booted from the Play Store is when there is media attention.