Here it is. I'm surprise it took this long for the government to warn about Android use in government due to the plethora of security issues and due to forking, older Android problems likely will not be fixed by Google or its partners.
There really is no excuse about from Mountainview, CA, Google HQ. If Google find this report to be unfair, it needs to address it or address how it will deal with the issue. I understand that Google is a commercial company but as the caretaker of the most popular mobile platform in terms of numbers of devices deployed, it has a responsibility to users who gave it so much trust.
In many cases, and more often, that trust is misplaced. I totally think Google is not evil but their mantra of "don't be evil" certainly does not apply. However, it should adopt a new one in these cases called "don't sit on your hands..."
The problem is that 44% of users still use told much older Gingerbread and devices based on it are still being sold. While many of the security issues were addressed on newer Android versions, the sheer number of potential exploits are very great.
It's likely places on the US and outer Western nations should have sufficiently lower number of these devices. Even South Korea, home of Samsung, Taiwan, home of HTC, and Japan, home to many giant consumer companies that all deal with Android devices should be better protected. That is not to say that security problems for Android, even the latest version, should be brushed aside until Google releases Android 5.0.
A patch is needed.
The three main issues are listed above. The bulk of these are easily addressable if you're a savvy Android or tech user. However, I can tell you most folks are not. There were reports of a previous threat that even was able to get around installed anti-virus and malware protection apps.
The problem here is rooted in Google's Android view. At times, it can be frustrating knowing that Google may have the answer but is holding back for some reason. Often, Google and its partners point fingers at each other in an attempt to absolve themselves of the responsibilities to the users once the devices are sold. It's possible that Google and its partners, device makers and carriers, figure users will upgrade to new devices that are safer with less security problems.
However, it also begs that this question be asked. If there are all these issues with Android, why would the government even allow its use? I think if someone were to ask this in a very public and meaningful way, it would get the attention of Google and its partners real fast.
As an Android user with no connection to government or use my device for work, I'm not as concerned. I put minimal information about myself on there as possible. However, I'm unable to recommend Android devices to people I know who cannot take care of themselves.
Here's the link to the report (PDF).