Somewhat ironically (compared to the Windows desktop situation), the only people I know who have actually gotten virus-like infections on Android are people advanced enough to be running custom rooted 3rd party roms on their devices.

This isn't to say it can't or hasn't happened on phones running factory stock roms, the Samsung /dev/exynos-mem permission bug on its own was one example of a huge attack vector on a limited set of Android phones, I just haven't seen or directly heard of it happening on a stock phone.