Android may overwhelmingly be the target for malware in the mobile space, but as usual the media have got the details wrong!
Kyubey has the Android logo’s eyes and ears!
McAfee's Threat Report for the second quarter of 2011 (PDF link) listed iOS as having no malware, and Android as having an order of magnitude more malware than any other platform. Understandably, the media have pounced on the latter… well, not as much as they would have if it were iOS, but still.
While I'm not an Android fan, the problem here isn't the OS but the OEMs that distribute it. It can be an unclear distinction for most consumers who just see "phones" (which is why the whole iOS versus Android debate is silly) but it's important.
While tech savvy folk would presumably prefer an unmodified copy of Android installed on their phones (the Microsoft Signature Experience, but for Google), their third party PlaysForSure hardware manufacturers have a vested interest in differentiating their products from the competition. This may come in the form of alternative user interfaces, additional applications, and/or modified defaults and branding… all of which would need to be thoroughly tested for compatibility with any Android updates.
They say Branding, she’s a fine girl…
Unlike vertically integrated manufacturers like Apple and RIM that can push updates to all compatible devices as soon as they're made available, official Android updates have to be made available by these manufacturers, some of which are better Android citizens than others.
This middle man approach unavoidably introduces a delay, which is why a startling percentage of Android devices are still running older versions of the OS. It's not Google's fault, or the fault of consumers.
This potentially may have been one of the reasons why Google bought Motorola: by being the manufacturer they could ensure the latest software updates are always made available for their devices, and in a quick and timely fashion. They have experience with pushing regular updates with Google Chrome, this would allow them to do this on mobile hardware as well.
Given the closed direction of Android they've started with Honeycomb, it could be another reason for OEMs to worry.