Re: How many Android devices are secure in any case?
By the time a vendor has identified a vulnerability, crafted a patch, tested the fix, crafted a further patch because the first was incorrect or incomplete, tested that, and eventually distributed an update, the malware folks have probably moved on to exploiting a different vulnerability. In the current vernacular, the malware people are more agile. And they can afford to be. If their current product works poorly, there's always tomorrow. The same, unfortunately does not apply to you.
Given the current state of internet security, it appears to me that frantically patching your software is the "Pearl Harbor" defense -- protecting yourself from the last war's technology. Not totally useless probably, but likely not very effective.
So, what to do? AFAICS at present and for the immediate future, I'd suggest keeping your financial affairs off the internet to the greatest extent possible. Use paper and the postal service where possible. Bank physically, not electronically. If your country's consumer legal protections are weak, consider using cash or prepaid debit cards. Yes, that's inconvenient. Extremely so. But, as we say here in the states "It is what it is."