Android is based on Linux. True, while it isn't an actual open source OS, it has had its vulnerabilities exploited. Why? I believe because of its popularity, and its use by people who have NO IDEA how to use it. I don't believe you need to verify passwords to install or change stuff on it either, whether because it's logged on as root, or whatever. That could be a point, as well.
I tried last night to put a program on my Linux desktop computer, it used to work, but with a few updates to the kernal and a new release under its belt, enough dependencies were broken to where I couldn't figure it out. "Compile from source" was the solution. Well, being the geek I am, I still haven't figured THAT out. The instructions were too vague and confusing. BUT I couldn't just download a new program and bam.. have it work (and who knows what came in with it?) True I could have gotten the updated version but I've tried that and it works horribly. I think I should have stuck with the old distro, the old versions, etc. where everything worked!
Part of the problem was, this is not a Linux native program, but converted for it from Windows. Most likely it's horribly complicated and never will "just work" on Linux.