First of all, total disclosure: I am a registered Apple, Android and Nokia developer. I have no real preferences. There are good and bad points for all platforms. This article is my opinion only.
The Android OS is developed using Java, an interpreted language that runs on a virtual machine within the mobile device. In spite of the wide array of Android devices they all run Java Virtual Machines with their standard Java runtimes. They are far more vulnerable for exploits for several reasons. Here are a few.
A Java exploit could be used that is intrinsic to the development libraries. (Libraries are mini-programs that execute functions like creating an encrypted tunnel to the banking server, and another is used to connect to the account database.) Exploits utilizing the core libraries are easier to surreptitiously embed on Android, because Android can load programs from email, attachments or pernicious websites without the convoluted encryption process that Apple uses through iTunes. iOS like iPad and iPhone will not accept binary executables unless they come from iTunes or a corporate server having an encryption certificate certified by Apple that is iTunes compatible. Unless an iPhone is "jail broke" (illegally altered), you cannot just load any old program on it.
It is technically much harder to get an exploit to be seen and executed by the iOS than by Android.
So, all in all, Apple is still safer than Android. Using their native Objective C language with the XCode development environment, it is the rocket science of app design, and coding exploits is an incredible difficult thing to do with Apple. Whereas with the Android development system, it is fairly easy to find java keylogger libraries on the internet and deploy them on an Android mobile device in a surreptitious manner.
Having said all of this, I am a firm believer that mobile banking can be quite safe. What has not flown, is the NFC or Near Field Communications (tap 'n go chips) which is being taken off many mobile devices because they are very easy to exploit.