If you've ever submitted an app to Google playstore, you'll notice that nobody from Google bothers to test it, whether it is bugged, loaded with worms, malware or if its some scam app.
The app is only reviewed if there's complaints and stuff, but whats the use now? the infection is already spread.
Compare this with Apple and Windows (Closed source, they do not allow rooting and stuff, APple does to a certain extent but not as much as android), each app is manually reviewed before its made public. You try to upload some worm and they'll catch you for real.
The difference?
I can spread a very nice game, loaded with a nasty worm that hacks the users data and stuff under android.
Try the same thing with Apple and wp8 and I won't be able to breach the gates.
Besides, Playstore has a 1 time fee of $25 to publish unlimited apps, all are made live without any checking and stuff. Meaning, pay $25 and infect countless souls.
Apple needs a yearly payment, wp may have changed policies, but from what I remember they needed an yearly payment too, they did drop it to a 1 time payment of $19 but I don;t know if its still valid.
Ahh, I understand now. You do not know the first difference between closed-source and open-source code, and the differences that they entail. Moreover, you have confused the respective platforms' app store review mechanisms with open vs. closed source.
Open vs closed has really nothing to do with security. I present to you one example which usually proves my point:
What is the most insecure desktop OS on the planet: MS Windows (closed source)
What is considered to be the most secure OS: Various flavours of Linux or UNIX, which are open-source (btw, Mac OSX is also a POSIX-compliant UNIX-based but closed source OS).
I will admit that Play Store's mechanisms for enforcement are not up to Apple's standard, but nor are they completely non-existent. Things have changed.
Firstly, little of the malware on Droid has spread via the Play Store itself - if you download and run APKs from random sites, it's like clicking on a link on a Windows box "Free naked pictures of Miley Cyrus (or male equivalent, if that's your taste). The recent Verify Apps function, which scans sideloaded APKs helps here. Also, in 2012, Google launched Bouncer, which scans apps on the Play Store by executing them in a simulated environment to identify harmful behaviour. This was bypassed of course, but has only improved. See this for more:
Contrary to what you’ve heard, Android is almost impenetrable to malware – Quartz where they show the details.
Finally, note that a great percentage of this malware is only applicable to rooted devices. The vast majority of consumers do not.
In conclusion, open source does not automatically mean malware.