Which platform would a typical IT guy be more on guard against?
While Windows has been known for decades to be a hot pot for all PC malware, Android phones are much more ubiquitous and personalized, and (as far as I know) aren’t hardened against malware in any way. I mean, it literally takes just two taps to install a rogue apk and that is notwithstanding that most OEM implementations and apps on the Play Store are ad-ridden privacy nightmares by themselves. At least when it comes to Windows, Administrators have greater control over client machines and can put in restrictions. How would someone handling infosec in an organization control security on people’s personal phones?
If you are to just hand the platform over for a random person to use I feel Android is much less risky. Most people aren’t going to go install random apks. Google play store is better than them going off to download random exes even with sketchy apps on there. There’s less likely to go wrong on a phone OS. I’ve never been prompted randomly to download and install a random apk, but I do use Adblock so not sure how frequently using a browser without that on Android would lead to a random person unknowingly downloading then installing an apk after a pop up asks them to.