Lack of updates from OEMs, and a general lack of attention to security on the part of the same, at least on Android. Many devices still haven't received the patch for last month's Broadcom vulnerability, for example.