Second, no closed-source company's limited set of developers--each of which is bound to have its own timetable and agenda--can possibly do a better job of finding and eliminating vulnerabilities than the worldwide mass of developers and users, which is who's at work 24/7 for open source software's security.
Zooming in more specifically on Android, the software draws many security advantages from the Linux operating system that underlies it. Much the way Linux users are not typically given the "root," or administrator, privileges that would be required in order for a virus to do widespread harm, so Android apps are isolated in separate "silos," unable by default to read or write data or code to other applications.
With Android, users are explicitly asked for permissions right up front, when the app is installed. On the iPhone, users can only blindly trust Apple to keep things secure for them--a trust that seems misplaced at best given the threats that have slipped into Apple's "walled garden" anyway.
'Most Vulnerable' of 2010
Then, too, there's the data.
Security research firm Lookout, for example, recently reported through its App Genome Project that Android applications are more secure than iPhone apps are because they're less likely to be capable of accessing a user's contact list or retrieving their location. It also found that nearly twice as many free iPhone apps can access the user's contact data.
Security firm Secunia, meanwhile, declared that Apple products now have more security vulnerabilities than any others--including even Microsoft's. Apple, in fact, topped Secunia's ranking of the top 10 vendors with the most vulnerabilities in 2010.
Even more recently, researcher McAfee fingered Apple products as growing targets for malware this year.