Android on the other hand, has isolation mechanism built in as the central thesis of its apps system. Additionally, it also has some additional layers on top.
Unfortunately since nothing gets updated it maybe all moot, but I don't think somehow Linux distros are more secure.
Arguably the security model of main desktop OSes is bad enough so that they are also easy to penetrate. That should not make us dismiss the problem of the way too many unmaintained Android systems!
But the entire system as a whole doesn't get updates to lower parts. E.g. Updating your java app doesn't solve the problems in the underlying C libraries the system uses. We're at the mercy of vendors for that, if ever.