The study was conducted by SourceFire, which analyzed vulnerabilities from the Common Vulnerabilities and Exposures (CVE) data and National Vulnerability Database (NVD) over the past 25 years. Yves Younan, senior research engineer at SourceFire's Vulnerabilities Research Team and author of the report, said that the results were "surprising", especially since despite Apple constantly releasing security fixes with each update, CVE continue to grow year over year.
According to the study, the iPhone has 210 vulnerabilities, which adds up to 81% of mobile phone platform vulnerabilities in the four platforms studied. Android has just 24 known vulnerabilities, Windows has 14, and BlackBerry has 11, which combined rounds out the remaining 19%. The study didn't extend to fringe systems like Symbian, bada, and the rest. To be fair, these numbers are a cumulative total since 2007, but even removing 2007 from the mix, iPhone still has 205 vulnerabilities to Android's 24.
Of course, he doesn't mention that only 0.5% of malware comes through the Google Play Store, so criminals still have to find ways to get Android users to sideload infected apps. It is still very possible that Android simply has fewer vulnerabilities because it is open-source (which tends to be more secure), and the only real serious vulnerability with Android is that users are allowed to screw things up if they aren't careful.