Apple is by far the most secure, which is why you rarely see kernel exploits and the market for IOS security researchers are in high demand. While the market for android researchers are hot, it's luke warm in comparison. Even in IOS 13, meaningful iphone exploits are hard to come by, while android it's like candy.
Key point, it's going to be difficult to find a way to unlock the bootloader on an Iphone, or a root on modern versions of IOS. Meanwhile you can buy a android phone day 1 and load your own bootloader and get code running in the kernel. This is exactly what a malicious application does. The security boundaries of apps are pretty strong on both OS's, but Apple makes sure apps can't violate that.