Over the past few years more and more security holes have been found in and around the Android platform. Now we have a push for more frequent updates to fix the problems, but this comes with it's own problem, as much of the android core is hard coded into the OS itself, and not easily fixable without changes to the core.
How can this be fixed?
For Google, it would be isolation, where the Kernel, Drivers, Android, Applications, are all operating seperately from each other, this would allow any single area to be replaced without the requirement of all of the services above it to be replaced. A single app can be configured to be used to install the default applications without them needing to be installed, and will be updated to the latest upon the first usage. This can also update the drivers and to the latest version of Android, as long as a kernel replacement is required, it would allow for more frequent updates to Android, and other security updates, without a massive overhaul of the underlaying operating systems.
Changes that would be nice to see
Backup capability
I would like to see the ability of backing up both the complete system that doesn't require root, such as Titanium Backup, there's been many times that this has been useful in restoring data to previous date.
Security
Firewall Security, would be nice, this can be accomplished with something as a simple as including creating the permissions. By default Android should allow no inbound connectivity.
Upgradability by for all vendor products.
One problem for Android, is that any updates may be missing on phone that are even only a few months old, and may take months if not years to be released. This is not a problem for iPhone, because they control the hardware and the software, where android doesn't. In the case of Android, this can be improved by creating a usermode driver model that would allow the drivers to be upgradable without a massive overall of the kernel, and the software the Android infrastructure isn't modified by the change of the driver. This could mean Android might be on Linux Kernel 4.0 but Android could be Android P. This is because the drivers themselves are not part of the kernel, and could lead to rapid prototyping of the drivers, and Android.