1. I agree about unverified apps. But there have been security breaches even on authorized platforms, just as there have been on desktops and supposedly safe websites. The key is not that you should only download from the authorized locations, it's that you should know who makes the app and whether it's legit. There are plenty of apps with excess permissions and questionable code - I zap them before they get installed. Not to mention that the real problem is all the crapware loaded by the carriers as part of the preinstall, making the phone run more slowly and giving more places for a breach to occur (because most crapware is busy sending out your information constantly). All of the institutions that you trust so much have been guilty of spying on their customers and/or uploading data without notice, or installing bug reporters to use their customers as testing guinea pigs.
2. Jailbreaking/Rooting - since you said Smartphone, not iPhone, I'm going to include rooting because it's much more dynamic than jailbreaking, though I understand using them interchangeably by some people (they are not used that way in the android dev community). Probably the best thing you can do for security. Wipes out bloatware/crapware and trackers/senders that can be piggybacked by a trojan or malware, allows the user (now superuser) to install a REAL firewall, encrypt files and data, and install security software and utilities that aren't carried in the official app stores because they are for "evil rooted" devices. Blah blah blah. It only took the ICS update to finally have something resembling a BACKUP program without rooting. A freakin' backup program. And you think those guys are on the bleeding edge? No way.
3. Only an idiot doesn't have a password. As for the pasty kid, what the hell is he doing in your house to begin with? And I'm pretty sure he can break a 4-digit password, but I'm pretty sure he can't break military level 64-bit encryption. The real risk is black hat hackers in the cloud who use the stock OS vulnerabilities to break the security protocols.
4. Duh. As if people are scanning all their important documents and loading them on their smartphones. Not.
5. Hmmm....you mean the first release that everyone (almost) downloads right away and installs for those security fixes? The one with all the bugs that will be patched over in a month or two after the carriers and phone manufacturers have figured out the additional vulnerabilities by having their customers use them? Yeah, that sounds great. No thanks, I think I'll wait until the sheeple have tested it, then I'll flash over my previous leaked version of the ROM that was carefully deodexed, zipaligned and debugged by an experienced developer, with the newer version of the stock operating system, once again deodexed, zipaligned and debugged.
It appears that you have no idea what is happening in the real world, since you just spewed out a bunch of general guidelines that followed the decision tree rules of (1) Carriers and phone manufacturers good; (2) Third party developers bad; (3) Anything that's official is good; (4) Anything that's not official is bad; (5) Adults are stupid and should not be allowed to make decisions about the phone they own, but should be told by egomaniacal, deluded people (Verizon: We run the internet!) what they can and cannot do. You can put glasspacks, a Detroit locker and a Hurst shifter in your car, but don't be making changes to that phone, the entire technological universe will come crashing down upon us. Oh, and btw, can we spy on you for our marketing department?
And they wonder why people hate them so much.
Keep Up with TechRepublic