Check Point advocates multi-layered security as a defence against Binder-based exploits.
They might advocate that.
Me? I'd advocate a complete rethink of the Android infrastructure to understand that it is an operating system and as such requires updates and patches just like all the other operating systems. This to happen as and when necessary. Without the need for carrier intervention because we know sure as hell that such a thing just won't happen. My phone is running Android 2.3.something. That was "old" when I bought the phone new (but Sony took its merry time making ICS available and Orange France totally ignored that). They still seem to be stuck in the mindset of the feature phone where what is shipped is what you get. Couple this with an insistence on having locked bootloaders and an updater that can't handle running on anything under 2GHz (what, to push some data down a USB link?) and only works on Windows anyway, you have so many fail points it isn't even funny.
Since rooting the phone and flashing something third-party is outside of the skill set of most users, Android needs to be capable of self-patching.