1. Don't sideload applications
As much as you want to install that fun looking game you heard about (the one only available as a download from some nefarious-looking site)—don't. Period. End. Of. Story. Sideloading applications might be okay for those who are trying to test new features in upcoming releases of official software (that have yet to make their way to the Google Play Store). It's not okay for installing games, themes, and other sundry apps. It's just not. Why? Because there is absolutely no vetting to be had with that software. You have no idea where it came from, what's in it, and no way of knowing. In fact, chances are actually good that game is nothing more than a front for a data siphon or ransomware.
2. Use caution in the Google Play Store
Thing is, you can't even be certain if the apps you want from the official Google Play Store can be fully trusted. Why? Ads. Although ads are a great way for developers to monetize their applications, it's also a great way for ne'er do wells to inject malicious code onto your device and sniff your traffic.
3. Go full-on open source
Another option is to go the route of F-Droid. What is F-Droid? F-Droid is an app you install (not from the Google Play Store) that serves as an installable catalogue of open source applications for the Android platform. But wouldn't it be even more of a risk to install from an entity that doesn't have the massive and official backing of Google?
One thing you should know about F-Droid is that none of the applications found within the catalogue include tracking. F-Droid also has a very strict auditing process and, because the apps are all open source, it's quite easy for the auditors to comb through the app source code to find out if everything is on the up-and-up. In fact, F-Droid even has its own site audited, to ensure it follows best practices. They've worked with Radically Open Security and Cure53 for audits. Their first external audit (in 2015) found some critical issues with the site's opt-in beta features and some minor issues with fdroid import, which isn't used on core infrastructure.
4. Only install what you have to use
At some point the burden of blame has to also land on the shoulders of the user. Why? Because no one is making them install any and every shiny new thing they see on the Google Play Store. To that end, stop installing random apps. Just stop. Install only what you need to remain connected, informed, and productive. Sure, go ahead and install Facebook, Twitter, WhatsApp, and Instagram. And, of course, install a game or two (but only from reputable game developers).
But everything else? Forget it. No more FaceApp. No more shopping/coupon apps. In fact, any app that looks "too good to be true"—avoid it as though the life of your data security depends on it (because it likely does).
Being completely honest, I could probably get by with only the following apps: