Virtualization does not introduce vulnerability to malware. In fact it is a way of managing/isolating sessions that brings with it enhanced security.
The reason iOS and Android are vulnerable is that they are a classic OS design, with both having roots in Unix with common core architectures. Androids higher malware rate is that they are much more open source and fragmented across manufacturers. Apple controls it with walled-garden. But both are inherently unsecure.
Sorry, that is not so. UNIX™ has been around so long that it has been tested by many people for flaw in that basic architecture and its system of permission is industrial strength. If what you were saying were true, then unjailbroken iOS would have malware and hacks coming out its ears. It doesn't. There is not a single viable hack or malware in the wild for unjailbroken iOS.
The Hacker Team sells tools to break into all mobile devices to government agencies around the world except for UNJAILBROKEN iOS devices, because despite years of working to create a means of doing it, they were unsuccessful in creating a means to do it. This is the company that provides the tools to the FBI, NSA, CIA, MI6, Scotland Yard, police agencies around the world, and THEY cannot do it. Yet you blithely claim that iOS is "inherrently insecure" with absolutely no evidence to back your claim!