Honestly I have no idea. I'm running on a flip-phone from 1999, because they're super cheap on ebay and you can just buy them in bulk. Broke the screen? Just swap the SIM card! Left it on a bus? Get a replacement SIM card! Went through the laundry? Screw it, pop the SIM in a spare. Done. Everyone I know is sadly using an iPhone with a busted screen while waiting for their "upgrade offer" to kick in so they can get (and break) the next model up. I'm using the paper-plate method, and it's working for me.

The general belief is that Google Play Store has no gatekeeper and is full of malware, whereas Apple's App Store requires corporate approval and is therefore "safer."

The consensus in the security world is that ANY app you install on your smartphone basically gives the developer admin/root access. By installing their app, you're trusting them with your whole phone, and everything your phone knows about you; your browsing, your location, your friends, who you call. PLUS all the data that the app itself collects. Sleep-health apps know if you get enough rest. Calorie-counting apps may be ratting you out to your health insurer.

The only difference on iOS is that you're trusting Apple to only let good-guy developers sell on their store. Their definition of "good-guy" and YOURS may not match up. And just because a phone doesn't have the corporate definition of malware on it doesn't mean it's not doing things you wouldn't want it to.

iOS itself was caught tattling on users' GPS location dozens of times a day, and creating detailed databases of user movements.

Android does the same thing, but a) tells you about it up front, b) Google gives you an interface to look at or remove the data, and c) actually advertises its constant location-tracking as a sort of service. iOS was very quiet on the subject until it came up at a Congressional hearing.

Sooo.. I guess the short answer to your question is "define security."