I don't think so - or if they do, then the functionality won't be very effective. A lot of the most common attack vectors have never existed in iOS. Applications on iOS can't draw over other apps, you can't implement your own accessibility service, you can't launch apps from the background without user interaction, you can't install apps outside of the App Store, you can't run a service in the background for unlimited time, you can't implement your own keyboard (key logger), or read SMS messages, notifications, system events and a lot of other things have never been accessible to developers on iOS. I haven't heard about banking malware on iOS. But on Android you can find hundreds of examples and even right now there are several circulating on Google Play. The openness of Android OS has advantages and disadvantages, but Google has been heavily limiting most of these options recently.

So Google should make new app category something like "Very sandboxed app", rather than this.

i imagine keyboard apps are another doozy

As far I know they more or less stop at detecting if the device has been jailbroken or not and if it has, refusing to function.