Android 4.2 only detects 20% of malware apps
Testing was done by Xuxian Jiang, a professor of computer science at North Carolina State University, who tested 1,260 samples of malicious apps on a Nexus 10 running Android 4.2, and found that the built-in scanner detected only 193, a detection rate of just 15.32%. Jiang then tested Google's malware detection compared to antivirus apps from Avast, Symantec, and Kaspersky, and found the detection rates of the antivirus apps ranged from 51% to 100%, compared with 20% for Google.
There were two reasons that Jiang cites for Google's failure to detect malware that is sideloaded. First, the service uses cryptographic hash signatures to identify apps known to be malicious, but these hash signatures can easily be manipulated and bypassed. Second, the scanner is hosted in the cloud, and doesn't have a client-side option, so if you aren't connected to the web, it can't detect malware at all.
As we said, this isn't much of a concern if you get all of your apps from the Play Store, but if not, you should still be careful about where you get your apps.