Great topic! While I love the openness of Android, it also results in security being a nightmare and really hit or miss. Like mentioned previously, it really depends on the phone manufacturer and carrier. Having the option to be in control of my phone is important to me. I don't want to be at the mercy of the manufacturers and carriers for security updates, since the track record is usually not good at all. I buy my phones based in part on the ability to change the operating system if I choose to. The current Moto G4 play that I'm using actually just got a security update to the February patch, previously it was August, and a Nougat update is expected soon. Sadly, this is more than most Android devices will ever see. Now, the actual operating system that I'm running on my phone, LineageOS, has a lot more options for security. It's updated weekly, so the latest security patches from Google are included, as well as being Android 7.1.2. Root is NOT installed by default. You don't have to install ANY Google apps if you don't want to. You can enable Privacy Guard by default if you want, and the phone can't even make a call until you give the dialer app permission to do so. I also follow the updates that get included each week and I frequently see kernel patches that address buffer overrun and data leak vulnerabilities, so they are actually ahead of Google on some of those. The main disadvantages are the occasional bugs, and having to hope that the Gerrit review process keeps people with bad intentions from slipping in some malicious code.