The Android sandboxing feature is frequently invoked
as providing dramatic security advantages, but there's
really no reason to believe it.
Local privilege vulnerabilities [edit: enabling escape from the sandbox] in Linux kernel are dime a dozen, and Android phones are notoriously outdated wrt security patches.
There simply hasn't been a lot of OS level vulnerability exploitation in Android malware so far. Probably the biggest reason is OS fragmentation + malware apps can just request any privileges they need on the market and the users will haplessly click accept, and the biggest threat to the malicious apps is Google removing them from the Market when
they're found out.
Local privilege vulnerabilities [edit: enabling escape from the sandbox] in Linux kernel are dime a dozen, and Android phones are notoriously outdated wrt security patches.
There simply hasn't been a lot of OS level vulnerability exploitation in Android malware so far. Probably the biggest reason is OS fragmentation + malware apps can just request any privileges they need on the market and the users will haplessly click accept, and the biggest threat to the malicious apps is Google removing them from the Market when they're found out.