First this (via Reuters):

The change came after security researcher Joshua Drake unveiled what he called Stagefright, hacking software that allows attackers to send a special multimedia message to an Android phone and access sensitive content even if the message is unopened.

then this:

Samsung Vice President Rick Segal acknowledged that his company could not force the telecommunications carriers that buy its devices in bulk to install the fixes and that some might do so only for higher-end users.

Samsung and telecoms taking care of only the top...maybe. And if you use the HTC One Max X and utilize the fingerprint reader (via The Guardian):

Researchers from FireEye have found that data that could be used to clone a user’s fingerprint was stored as an unencrypted “world readable” image file on HTC smartphones.

Four security researchers discovered that the image file, which is clear replica of a user’s fingerprint, could be stolen by rogue apps or hackers.

“While some vendors claimed that they store user’s fingerprints encrypted in a system partition, they put users’ fingerprints in plaintext and in a world readable place by mistake,” the authors wrote. “On the HTC One Max X the fingerprint is saved as /data/dbgraw.bmp with a 0666 permission setting (world readable). Any unprivileged processes or apps can steal user’s fingerprints by reading this file.”

This is why Apple does what it does. I can't say never, but so far, they really are winning when it comes to security and protecting its users.