It's easy to see that the Android ecosystem currently has a rather lax policy toward security, but a recent study from the University of Cambridge put some hard numbers to Android's security failings. The conclusion finds that "on average 87.7% of Android devices are exposed to at least one of 11 known critical vulnerabilities."
Data for the study was collected through the group's "Device Analyzer" app, which has been available for free on the Play Store since May 2011. After the participants opted into the survey, the University says it collected daily Android version and build number information from over 20,400 devices. The study then compared this version information against 13 critical vulnerabilities (including the Stagefright vulnerabilities) dating back to 2010. Each individual device was then labeled "secure" or "insecure" based on whether or not its OS version was patched against these vulnerabilities or placed in a special "maybe secure" category if it could have gotten a specialized, backported fix.