We may never know if it was exploited, but it was certainly extremely easy to exploit [zdnet.com], so it doesn't fall anywhere near the realm of a "hypothetical" bug.
Real bug, hypothetical exploit, of course. I guarantee you almost every piece of software you use has at least one exploitable bug (and every OS has dozens), but their exploit is obviously hypothetical and unlikely.
As far as google serving up ads with malware, (a) that didn't go on for 18 months
Who cares? It was real, not hypothetical. Sorry, but that makes all the difference *in practice* (being the definition of not hypothetical ;)
No, much better to make blanket assertions that Apple handles data better
Never remotely said that and I don't think it's true, anyway. Google surely collects orders or magnitude more of your personal data than Apple, and overall they are VERY good at protecting it (luckily for all of us!) But if you want to start quoting iOS vulnerabilities it's trivial to find Android vulnerabilities as well. My point is a bunch of anecdotes doesn't make an argument.
And *Android* sure as hell isn't a good example of best security practices. Or I guess you could say Apple's draconian approach to locking down their hardware and evaluating submitted apps in fact does result in a lot less distributed malware. Is that Google's "fault"? Not sure I'd call it that, Android is intentionally more open just like a desktop OS is more open. There are a LOT of pluses to that, but security and malware prevention may not be one of them...