That's a good one. I'm a power user in the windows family (windows, windows server, microsoft SQL, ...) but not as familiar with android.
For myself I try to apply the same behavior rules. Don't open suspicious mails, check the comments if you install an app from the appstore, install latest security updates if your manufacturer supplies any or consider a custom ROM if you device is not supported anymore, don't root your android device and install a (free) anti-malware suite.
I usually practice all of these safety tips, but I must say, rooting is very tempting for sure. I have one rooted device that I tinker with at times, but the risk seems to outweigh the rewards.