Google puts forth a major effort to keep Android as secure as possible, and according to Android security director Adrian Ludwig, their Verify Apps framework has done a good job of that, thus far finding an extremely low number of phones infected with major bugs like MasterKey and FakeID. To be precise, Ludwig claims that devices running Google's full suite of security measures through the Google Play system saw absolutely zero confirmed cases of the Stagefright vulnerability infecting any phones, MasterKey managed eight infections for every million users, and FakeID infected one out of every million users. All of these were major bugs that could potentially have affected large swaths of the Android population, but Ludwig claims that Verify Apps and Google's implementation of monthly security patches helped to keep them at bay.
While Ludwig only spoke about a few of the more major malware types that had plagued the Android world in recent years and his figures did not include devices not running Google's infrastructure, such as devices from China or Amazon devices, it is still quite a considerable feat to keep that sheer volume of devices as safe as they have been kept. To put the figures for possible effect at the time they were all found out for reference, Stagefright could have potentially affected 95% of all Android users, while MasterKey could have hit 99% of Android devices, and FakeID could have endangered up to 82 percent of the Android world.
Google's ongoing security efforts in Android are becoming increasingly complex as exploits and the malware they bring do the same. Along with keeping the Play Store and compliant devices safe, Google has to keep Chrome locked down, and act quickly to patch up holes in Android that could be taken advantage of via networks or social engineering, which doesn't necessarily only affect gullible users. New exploits are being found by white hat hackers and staff security researchers daily, putting pressure on any would-be hackers looking for a way into Android's inner workings. With mobile OSes being tightly locked down and harder to develop for than desktop OSes, the two may never reach parity in terms of risks to security, so long as companies like Google and Apple continue their work in keeping them secure.