A recently released DHS-sponsored study by Kryptowire has found that millions of Android devices are vulnerable to remote data harvesting, factory reset, and monitoring, all right out of the box–no need to accidentally download a malicious app or visit a compromised website.
Fundamentally, millions of Android devices have security broken from before it reaches the user. The vulnerabilities are baked in by either the manufacturer or the carrier, or perhaps both. It appears most everyone associated with Android wants to jump on the monitize user information wagon, and there are currently no laws to prevent this.
The full story may be found on wired at https://www.wired.com/story/android-smartphones-vulnerable-out-of-the-box/.
What can you do as an Android owner to fix the problem? Currently, nothing–other than voting with your dollars. The only real alternative to Android is iOS (Apple products). Being a closed architecture and a company committed to making its money from product sales and not selling user information, iOS has proven to be far more secure overall than Android.