iOS is safer in terms of attack vector as far as I am aware (due to general restrictions and approval validation which is definitely more aggressive than on Android) but a silver bullet to attackers doesn't exist. You can go out in public wearing a bullet-proof vest 24/7 but only part of your body will be protected, the rest will still be vulnerable to bullets, and even the bullet-proof vest will become saturated depending on impact - vest or no vest you can still feel shock and pain.
Good luck to anyone trying to find a virus for iOS, that will be impressive. Viruses spread via infection and this isn't going to generate any income even if an attacker managed to do this. On Android, you have a permission mechanism and it does work really well but when you install an application, you grant the application specific permissions to do what it is allegedly going to do, and thus if you install a rogue application... Now it has the permissions it needs.
On iOS there is a ton of things you cannot do by default, and Apple are big haters of jail-breaking (they used to file court cases trying to get it banned) unlike Google who seem to support Android rooting. For the record, jail-breaking your Apple device or rooting your Android device is definitely a bad idea from a security point of view because it introduces a higher threat surface and provides new and creative opportunities for attackers.
If you're using iOS:
1. Password protect your lock-screen using a PIN or normal password. Don't enable finger-print/iris scanning (?) features.
2. Only install applications from the official store (e.g. Apple Store)
3. Check reviews and reputability before installing any applications even from the official store. Data theft is still possible, advertisement spam is still possible, etc...
4. Browse safely.
5. Keep a backup of your personal documents with iTunes on a Desktop/Laptop so you can factory reset if anything unexpected happens.
If you're using Android:
1. Follow #1, #2 (Google Play), #3, #4 and #5 (of course not with iTunes for Android) from the iOS tips.
2. Make use of the Permissions mechanism to restrict this and that.
3. You are likely going to want free security software available (e.g. Avast).
There are many different attack vectors for iOS you may have thought of but such are present for all environments and usage of online web. For example, if you have sensitive and important data stored in iCloud and your account becomes breached (e.g. you re-used passwords and then another service was breached and a dump was leaked and then an attacker tried the e-mail and password combination which belongs to your account for another service but with iCloud and it was successful) then an attacker could steal those personal documents.
I think Apple Store is doing much better in terms of providing a safe environment. I rarely hear of issues regarding malware with the Apple Store, so maybe it's lack of experience with iOS, arrogance, or both. However, I regularly hear of issues with Google Play. Then there's the Chrome Store (also by Google) which isn't for Android and I've first-hand gone hunting for rogue extensions and managed to find about 30 in an hour, all obviously rogue by infringing the names of popular AV vendors... And then it took more than a week for the report to be handled.
I would get either iOS or Android if I was in your shoes - whichever one you prefer/trust the most. I've been an Android fan for many years and this isn't going to change because I prefer it but if I had to recommend either iOS or Android from a general security point-of-view against online attackers then I think I would choose iOS because: a). I see it as a lower target because it appears to be easier to target Android; b). Apple do not support jail-breaking/rooting techniques; and c). the requirements for Apple Store is greater than with Google Play.
You need to take all of this with a grain of salt, but just remember that there are attack vectors no matter what environment you're using. Don't disregard good security practices while operating an iOS device.
Majority of Android infection I know of was from installing apps outside Playstore. Android allows to do this easily while you have to jailbreak or use some other really inconvenient method in iOS to install apps outside Appstore. This alone would make iOS much secure for average users who keep falling victims to silly scams outside the store. Like "download free ram", "Your device is infected with 5000 virus, download free Kasperdefender pro plus premium antivirus to clean and boost your phone" etc.Some people download cracked paid apps and get victims to malware. iOS doesn't allow this easily so the average users stay safe from making these mistakes. The more restricted an OS is, the harder it is to get infected.
But users who are even a little aware of it won't fall victims to such silly scams. Like myself, I'm not even an advanced user but I've stayed safe from malware on Android for many years without using real time Antivirus. I only use adblock. I had downloaded some antivirus but they didn't last more than 2-3 hours on my phones as they never find any malware. Yes, there have been malware apps sneaking into Playstore from time to time but those apps feel scammy just by looking at description and install numbers. Security forum users won't fall victims to such things.
However OS updates is a problem for Android. Vulnerabilities are patched late or stay unpatched forever. Hopefully Project Treble, which is supposed to make newer Android updates much faster and easier for OEMs to optimize will solve Android updates issue to a certain degree. iOS is great with security updates. There may be planned obsolescence by Apple which slow down iPhones over time but you get quick security patches for 5 years. On Android its like 3 years for flagship phones.