As the other comment mentioned, is that Android is way ahead on app sandboxing and not doing things like exposing sudo to apps. Yes, apps can literally ask for your user's password using a fake dialog and then elevate to root and then do whatever. Even without root programs can spy on you by recording your screen, and mic. Programs can cryptolock your files or steal them (browser login information is a juicy target to steal). Android shuts down all of these kinds of malware by design. Apps can't escalate to root. Apps can't read or write to all of your files. Apps can't steal files from other apps. Apps have to ask for permission to record users. Apps can't see you have a root terminal up and start typing commands into it. Also in regards to writing APIs that are permissions Android makes it easy.