Android isn't insecure, it's very secure.
Designed by an advertising company with hooks to every aspect of the device it's on, with the sole aim of gathering and sending data to them.
Then they offer the data gathering APIs to all third party programmers to use as they will.
Then there's the poorly vetted app store, the fact that even the devices they themselves make get poor security support after a very short time, or the fact that lots of third party manufacturers are loath to move to newer, safer versions because Alphabet keeps upping the onus on them with each new version...
<sarc>Well, you can't get much more secure than that, can you?</sarc>