Magnus Eriksson has located a trove of detailed location history stored by Android phones that is very similar to the one stored by iOS devices. The Android file is a little harder to extract, but it isn't encrypted, and would be just as vulnerable to a phone thief, forensics expert, or malicious software as the iOS file.
Like iOS, Android stores these databases in an area that is only accessible by root. To access the caches, an Android device needs to be "rooted," which removes most of the system's security features. Unlike iOS, though, Android phones aren't typically synced with a computer, so the files would need to be extracted from a rooted device directly. This distinction makes the data harder to access for the average user, but easy enough for an experienced hacker or forensic expert.
Another important difference, according to developer Mike Castelman, is that Android keeps less data overall than iOS devices. "The main difference that I can see is that Android seems to have a cache versus iOS's log," Castleman, who contributed some code improvements to Eriksson's tool, told Ars. That is, Android appears to limit the caches to 50 entries for cell tower triangulation and 200 entries for WiFi basestation location. iOS's consolidated.db, on the other hand, seems to keep a running tally of data since iOS is first installed and activated on a device. iOS will also keep multiple records of the same tower or basestation, while Android only keeps a single record.