What makes you think Android isn't audited besides insufficient knowledge on the subject? Wouldn't you think that the most popular OS in the world that has the top security researchers and companies combing through its source code trying to find vulnerabilities for over a decade would classify as being somewhat audited? I find it odd that you would not "touch Android with a 10ft pole" yet have no problem touching an OS that you, or a security researcher, can't audit the source code of. Security through obscurity doesn't work and your pole can't really help you when it bites you and it will.