Android doesn't jail() apps (where the application cannot see outside the space it sits in), but it does sandbox apps. Apps get their own UID, and by default, they cannot get into other apps spaces. /system is usually root owned and the whole volume is read-only, for example.
Recent versions of Android use SELinux, so if an app does get access it shouldn't have, it still is stuck in the role it was assigned. For example, some app getting root will still be constrained even with UID 0, so it couldn't remount /system read-write, for example.
Android 4.3 adds onto that by adding SELinux rules onto the external SD card, limiting its use. If you have root, you can use a utility like NextApp SD fix to change SELinux rules back to how they were previously, or SELinuxModeChanger to entirely disable SELinux on your device. Disclaimer: SELinux is a good thing overall, and killing it does weaken security.
iOS's security model is weakened by a jailbreak, while Android's is unaffected if the user has root (assuming the user didn't use the su app to give a rogue app root .)
Of course, Android's model has its issues... the all or nothing aspect  (where one can choose what stuff an app has access to in iOS), for example.
: Newer apps have a special permission on install which shows the user that it might want root, and the su binary will warn or not allow access to any apps that don't declare that permission in their manifest.
: Cyanogen's privacy features help, as well as XPrivacy. XPrivacy gives extremely fine grained control to what an app can use or cannot use. However, I'd not consider this part of Android proper, though it should be.