Which platform would a typical IT guy be more on guard against?
While Windows has been known for decades to be a hot pot for all PC malware, Android phones are much more ubiquitous and personalized, and (as far as I know) aren’t hardened against malware in any way. I mean, it literally takes just two taps to install a rogue apk and that is notwithstanding that most OEM implementations and apps on the Play Store are ad-ridden privacy nightmares by themselves. At least when it comes to Windows, Administrators have greater control over client machines and can put in restrictions. How would someone handling infosec in an organization control security on people’s personal phones?
I think it depends on what you mean by safe. Do you mean privacy of personal data or protection against malicious software?
If you mean safe in terms of malicious software, probably Android is safer since there’s more vetting with respect to software installation. On Windows the simple act of downloading and opening an exe file can install malicious software. Most Android apps are installed through the store where programs are vetted. It’s possible to sideload stuff on Android (download and install an apk), but most people don’t go to the trouble. It’s not enabled by default and it’s not a trivial process to do it.
If you’re talking in terms of securing private data, I’d say Windows because there’s more control over the data programs can access. Android programs have a lot of access to data on your phone by default and you have to specifically disable it. Windows programs don’t have access by default and you have specifically enable it.
If you want to go full paranoid with respect to telemetry, it’s much easier to do that with Windows since you have easy access to low level configuration settings through regedit, also the group policy editor. In other words you can configure a Windows machine to disallow any telemetry and MS even provides a guide for it in their online technical documents.