There are a few products with Chinese base (as with Quihoo 360) and/or researchers as is the case with CM Security, offer vulnerability fixes (as long as the app is indtalled) for example the sms flooding issue on som devices. CM Security has also been putting out a number of scanners for Heartbleed, Struts 2 and a cryptolock uninstaller if you get ransomeware on your device. Both also include surfing protection. (CM uses the Kingsoft cloud enjine).
The question is, how much security is needed. Lets start with device and app physical access. Everyone I know uses a lock screen. CMS has a built in app lock which you can lock any app including CMS itself. Quihoo and Sophos are the only others that offer this fulky free (Avast lets you lock 2 for free). I recommend at least locking the system settings and th app store. In terms of antivirus protection CMS scans on install. If aa product detects an app when its installed and uninstalls it as with CMS and a full scan detects and removes any residual malware on your device and those files won’t harm your system until you run or install them. Is a lot of what others offer an overkill or a neccessity? Certainly something I’m always debating and I agree on both aspects but I suppose it boils down to what type of user you are, dpesn’t it?