Firstly, the updating problem is a distribution flaw, not a design flaw. The carriers are to blame for that.
Secondly, code-signing is a very restrictive approach and is hardly without tradeoffs. If you're going to use iOS as an example, it strongly discourages casual development for a slew of reasons, and there are countless examples of Apple rejecting apps for arbitrary reasons, far beyond issues of malware.
Your third point is really only an extension of your second.
Maybe you don't personally feel you've had to give anything up for the security that iOS affords, but it's disingenuous to assert that there aren't any tradeoffs at all. Android's more open approach is more true to its open source roots. For it to be different than iOS gives us choice, which is a good thing.
The updating problem is a design flaw they knew they would have to deal with and that they did nothing about until version 4, when they started trying to separate core functionality out into apps. That's not acceptable.
Code signing can be implemented while still allowing for casual development. See my comment above about the hardware switch on ChromeOS devices.
My third point is regarding how the architecture of the platform complicates the ability to analyze apps that run on it for malicious behavior. The NDK, the access to the Linux kernel, and a strategy based around dynamic analysis were all design choices that impacted that.
I understand that Android wants to be more open than iOS but you're making the same mistakes the Android team did. Namely that there's no way to deploy the same or similar security improvements without sacrificing something else. It's just not true.
Secondly, code-signing is a very restrictive approach and is hardly without tradeoffs. If you're going to use iOS as an example, it strongly discourages casual development for a slew of reasons, and there are countless examples of Apple rejecting apps for arbitrary reasons, far beyond issues of malware.
Your third point is really only an extension of your second.
Maybe you don't personally feel you've had to give anything up for the security that iOS affords, but it's disingenuous to assert that there aren't any tradeoffs at all. Android's more open approach is more true to its open source roots. For it to be different than iOS gives us choice, which is a good thing.