Given all the malware on Android, including giant botnets, it would seem that poor sandboxes are the current state of the art.
The difference is that Apple is willing to recognize this and protect their customers from the shortcomings.
Android's million node botnets and thousands of pieces of malware are not Apple's marketing. They are the reality of what Apple's policy has succeeded in protecting it's customers from.
It's funny that you keep referring to 'all the malware' on Android but not referring to the malware on iOS. It exists on both. Even botnets exist on iOS thanks to the automatic tools used to exploit the same iOS vulnerabilities used to jailbreak enabling drive-by installs of malware on iOS devices.
There was only one very large botnet ('up to' a million nodes) on Android and it wasn't on proper Android. It was on Android in China. So, no Google Play store and proper Android setup like you get on every phone in the US, Europe, etc. The botnet spread through... you guessed it... stolen games on unofficial 'app stores' of pirated software.
Comparing Apples to Apples, Google Play Android devices and un-jailbroken iOS devices, malware is virtually non-existent.
If you are pretending that the level or risk of malware on iOS is comparable to that on Android, you are either misinformed or dishonest.
Android is open by design. Alternative app-stores are part of that. If you discount the malware that results from people taking advantage of Android's openness, you must also discount any advantages you claim a lack of restriction would bring to iOS, or you are guilty of misrepresentation.
Because a ton of phones in China shipped with a random 3rd party app store that specifically contains pirated apps with malware, you're going to paint all of Android with that brush? Because Android allows an advanced end user to disable certain security precautions and purposely install stolen software that contains malware? That's either disingenuous or outright misleading.
The simple fact it, both Android and iOS, when used as shipped an intended, don't get malware for the average consumer. They both pass the 'mom test'.
There are 3rd party app stores available for Android that include malware infected pirated apps. These app stores are not sanctioned or approved by Google.
There are 3rd party app stores available for iOS that include malware infected pirated apps. These app stores are not sanctioned or approved by Apple.
If your rather lame attempt at painting all of Android as insecure is due the fact that you can run a 3rd party app store with malware, then it should also be true for Apple.
The simple fact is that it's incredibly easy to avoid malware on either platform. Don't hack it. Don't install apps outside of the app store (Google Play or Apple App Store).
I never claimed Android malware only propagates via 3rd party app stores. Nor did I claim that iOS malware only propogates via 3rd party app stores. I'm unsure why you continue to make up things I have said to use as strawmen to knock down.
Both Android and iOS have had issues with badware getting into their app stores and with drive by downloads due to insecurities... the same insecurities used to jailbreak/root the devices in many instances. These issues are publicly documented.
As no one here in the US or in Europe or anywhere else (except China) is buying an Android phone with one of the malware-ridden app stores shipped in China on it, there are simply zero concerns about it when you walk into AT&T or T-Mobile and buy an Android phone. Why on earth would someone here care that some non-Google Android phones shipped with a pirated software app store get malware? By that logic, used iOS devices that contain malware in the US would make you leery of buying a new iOS device in a legitimate store. Except that that isn't the case, nor should it be.
Based on the way you continue to argue against points I never made and seeing similar things in your HN comment history, I'm going to bow out of this conversation at this point.
So because your attempt to dismiss half of android as being irrelevant because it's 'not sanctioned by Google' failed, you now decide that Android devices outside the U.S. don't count? I guess this is the closest you'll come to conceding that you were wrong.
The difference is that Apple is willing to recognize this and protect their customers from the shortcomings.
Android's million node botnets and thousands of pieces of malware are not Apple's marketing. They are the reality of what Apple's policy has succeeded in protecting it's customers from.