So are malware vendors looking for who spends the most on software or for biggest impact through sheer number of installations

I'm guessing they're looking for the users they can steal the most from in the least amount of time. Aka, the most lucrative.

Apple's ecosystem means that most of the devices are up to date, or close, and because they control the full pipeline, things behave better.

This means that targeting ios is easier (since they'll be on closer versions and behave uniformly) and that because they spend more money, which they have, means that targeting them is easier and more lucrative.

Most are looking to hack. If they're looking to build a botnet, android might be better.

> This means that targeting ios is easier

I don't think so? Android devices are much more likely to be vulnerable to well-known exploits. Stealing keys and passwords of course is much easier if your app can get root on the device.

Finding vulnerabilities on both will be complicated.

But targeting when there’s less device variances will make it easier, yes.