You are talking as though joe consumer can actually run something like that when joe consumer cannot. With Android, joe consumer downloads an app from the app store and runs it, and the app happily slurps all of his data. With Apple joe consumer does the same thing and iOS pops up windows asking him if he wants to allow the app to access his contacts, or his GPS position, etc.
Similarly, Apple at least encrypts everything by default. Android requires you to use an option. Apple closes jailbreaks. Android... not.
VPN? You'd better hope Google store does a better job vetting those apps because the little requestor they put up is generated by the app, not by android. Apple puts VPN apps in its store through a sieve.
Joe consumer... you know, 99.9999% of the customers of these devices, can't program a single line of code and thinks linux is some sort of marsupial.
Guess which one is more secure? I'll give you a hint: People who give a shit about the security of their data and the integrity of their device don't choose android.
Google knows this is a problem. They just don't know how to fix it. But they had better pretty damn fast because fewer and fewer people are interesting in giving away all their personal data to every little app they download.
-Matt