Security research firm recommends that Android buyers stick to a Nexus or Samsung phone only

Duo strongly recommends that Android users install each security update as it arrives. Because not every manufacturer is really pushing the security updates, Duo suggests that consumers looking for a secure Android phone limit themselves to Nexus and Samsung models only.
"As always, we find the only Android devices that we can recommend without major reservations are Nexus and, now, Samsung devices, provided they keep releasing those security updates quickly."-Duo Labs
In a message to corporate IT chiefs, Duo says that corporations should develop policies to prevent vulnerable handsets from putting company data at risk of being hacked. By having strong corporate policies in place, IT personnel can determine which users are sporting Android phones that are vulnerable to attack. Most BYD'ers don't realize when their Android phone is vulnerable to an attack.
source: Duo via AndroidAuthority