As we know, Android have a good amount of trouble with malwares and the primary reason is that the apps are taken from the unofficial marketplaces instead of Android's Marketplace.
Google should seek to quickly release it's protocols for accessing the official marketplace and make an app that anyone can download and install the official marketplace app. An example is the Android version of the Archos tablets where there is no access to official Android Marketplace but some other marketplaces.
Google should also see to provide SHA 256 and SHA 512 hash signatures for every application and provide a hashing tool that would show the users if their application's hash signatures matches.
Google should also consolidate and look over all Android marketplaces and may need to move in the direction like Apple's Appstore to establish a central final authority but Google should be like a benevolent dictator. This would solve most of the headaches of becoming splintered and allowing bogus apps or apps that have been deliberately modified from the original and pass off as a copy of the real app, to harm others, be nearly impossible with the use of a central authority.
Hosting hacking competitions and more open research and discussion that can be conveniently accessed by the general public would allow better discovery of bugs and exploits.
By following Linux kernel development's footstep which actively exposes it's development in real time and allowing the community a piece of the pie to research and contribute would really enhance Android.
The Android development team within Google would not be enough. Tapping into the power of community development and listening to the community would proof to be the wisest decisions.
In the end, Android's malware exploits are mostly caused by Google's own undoing for the above I have stated and partly caused by malicious minded people who are out to make a quick bug and harm others, not regarding the privacy and safety of others.