As many as 90 percent of Android phones are vulnerable to malware, Juniper found.
"GingerMaster," a Trojan rootkit cicrulating in China, for example, jailbreaks the phones it attacks and gives the access mechanism to a stranger.
One developer that goes by the name "Myournet" poisoned at least 21 Android apps earlier in the year and uploaded them to the Android Market for distribution.
Apple's greater filtering and anti-virus on iTunes is one big reason malware for iPhones is more rare than for Android, the report said.
Another is that Google and the ISVs that build apps for Android aren't that good at responding to news about vulnerabilities.
The holes exploited by "Myournet" were known already when the exploits were found in March, and have yet to be fixed, Juniper reported.
A bigger problem – paranoia – slows the response of both Apple and Google. Security developer Charlie Miller, for example, has broken several iterations of iPhone's security, telling Apple about it each time like a good "partner." The most recent time, Apple kicked him out of the program for being a security risk, apparently for having found one.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.