I agree with those concerns. For example, for point-to-point communication, an app developer would just use SSL, like on any other platform. For lost/stolen device, Android provides Device Management capabilities which are part of the operating system.
So, from those two points of view, platform takes care of this (just like any other operating system) and an app developer does not need to worry about those particulars.