I'm surprised no one has mentioned this, but android, IOS, and Windows Phones are all secure. Reason: If and only if you use the built in market/store to download apps (controled environment). The problem with Android: "Allow Unknown sources" can be enabled, thus allowing you to install apps from non-market locations (more likely to get malware). So, on android...stick with Google Play and don't enabled Unknown Sources. Google spends millions monitoring both Google Play and your device (yes, they actively scan your phone for malware).
We can go into things such as fragmentation (older Android OS), but I don't think that would be a problem with most users on this board.
Use this example of above with Windows: If Windows 10 only allowed installations from the Windows store, how much less malware would we likely see on Windows PCs? Probably an enormous amount because Windows would have the ability to control what gets put into the store, which would in turn limit 99% of the junk .exe made across the internet. Yes, less options...but that's another story. I honestly think that is the direction Microsoft was trying to take Windows 10 store (more secure Windows PC environment via controlled apps...+ more money of course).