Those are two discrete problems with the same name. Windows malware tends to be installed without the user's knowledge and is then allowed access to look at all the user's data.
Android malware on the other hand warn the user that it'll look at your contacts, send SMS messages, make phone calls etc. The sand boxing means that one app isn't allowed to access another app's data (unless the data is stored on the SD), and certainly isn't allowed to modify other executables.
Have you seen the removal instructions for Android malware? "Go to Settings, Apps. Select app. Click remove". If there is a *real* security issue where an app that runs with elevated privileges, then I'll be pretty bloody annoyed.
Somebody used a seat belt analogy, mine has a light and an alarm if there's weight on the seat and the belt is plugged in - it's bloody annoying when I've shopping on the seat. However, it's up to me to make an educated guess on whether to heed that warning or not.
My major problem with android? Textareas are still buggy after so many years and sometimes online images aren't down in the stock email client.