Just because you’re on an older version of Android does not mean that you’ve not received security updates. What is labeled as “malware” also matters, often just apps that have requested permissions that the user GRANTED. So what you’re calling exploits is skewed.
Things like SE-Linux and dm-verity go a long way. I’ve never had a problem in many years of use, you just have to understand what you’re installing and what it is asking for. I’m on security mailing lists for multiple OS’s and the bottom line is, don’t be lured into a false sense of security with any one of them. iOS is not special.
Actually, it pretty much does. That model relies on the Android user updating the security updates on a regular basis, taking an active responsibility for their own security. The percentage of users who do that is very small. Anything that relies on the alacrity and reliability of users to take care of updating their own devices in a toxic environment is a dangerous model. It assumes every user is a perfect device manager with nothing but time on their hands and interest in taking the time to seek out what's necessary to properly manage their Android devices.
In addition, many Android users rely on their carriers for updates. . . and the carriers aren't very good at doing updates and even some manufacturers aren't:
Android phone makers skip Google security updates without telling users study
The Guardian, by Samuel Gibbs, April 13, 2018.Users told smartphones software has been updated with monthly patches when it hasnt, new research claims
We found several vendors that didnt install a single patch but changed the patch date forward by several months. Thats deliberate deception, and its not very common, says Security Research Labs founder Karsten Nohl. (Photograph: Not Shown due to being a Getty Image)
Some Android smartphone manufacturers are skipping security patches without notifying users, instead claiming their smartphones software is up to date with Googles monthly security releases, researchers say.
Researchers from Germanys Security Research Labs (SRL) conducted a two-year study into the state of Android security focused around the monthly updates that Google issues and urges smartphone manufacturers to install.
These monthly updates are crucial for keeping smartphones secure, fixing collections of known bugs and holes each month to keep hackers at bay. But the researchers found there is often a hidden patch gap between what the manufacturers tell the users and what they actually do to the software some simply tell people they have updated the phones without actually patching anything.
This is an excerpt, more information at the link. . .
Older versions of Android are in even a more precarious situation. Nice try.
iOS is not special.
Interesting you'd say that. The proof of the pudding is always in the eating.
There are now over one BILLION active iOS devices in the wild, fuzzy. Exactly where are the matching levels of malware commensurate with that number of active devices? You claim is that it is equivalently vulnerable to the other platform which has millions of different malware in the wild targeting that platform. You certainly cannot claim security by obscurity due to low numbers of distribution for iOS with over a billion active devices. Your Linux devices can certainly be counted there, but not iOS or even Macs. So, I again ask you, Fuzzy, where is all the malware for the iOS platform?
What is labeled as malware also matters, often just apps that have requested permissions that the user GRANTED.
Also nice try trying to obfuscate the meaning of "Malware." It doesn't wash.