There's extremely few reasons why a modern Android phone from Google or Samsung is less secure than an iPhone, against any attack vector that 99.sevennines% of people [1] would ever experience. The worst way I've ever seen the most tech-illiterate person ever mess up an Android phone is by installing some QR Code reader that took over as a home screen launcher so it could (nonmaliciously, but questionably) put its QR code reader as a home screen left of the app icons. It should be way harder for Play Store apps to do that, because this guy needed professional help (me) to figure out where his home screen layout went.
But that was it. That's the worst I've ever seen. Android's security is very good.
While not a security concern, I've had multiple iPhone users ask "what the heck is this screen to the right of my app icons" (referring to the App Library introduced ~2 years ago). One person thought they'd been hacked. Kind of a similar inconvenience vector as that QR code app.
[1] The 100-99.sevenines% of people who might actually find themselves the target of an attack vector that Apple's unique security can help mitigate are, for example, journalists or dissidents who find value in Advanced Data Protection and Apple's generally very good and healthy stance on cloud security and end-to-end encryption. This level of security should be available to everyone, on every cloud provider, even if it only directly advantages a small number of people, but Apple is the only one really doing this right now.
