Dan Goodin for Ars Technica:

As already alluded, the threat stems from the use of the Android clipboard, which acts as a temporary cache for text that is being copied and pasted, either within the same app or from one app to another. Android has no official programming interface that secures the clipboard. By design, its contents are available to any app installed on the phone, from the highest privileged banking app to one with no privileges at all.

Android wins.