>It doesn't have to be massive to be a problem or even to be significant, it just has to be out of the ordinary.
The fact that it exists, regardless of if anyone installed it or was damaged by it, is the problem. It's time to start thinking of solutions for that problem _before_ you or anyone you know is affected.
If we look at it this way, we should address the problem of sandbox escape on WP7 because it can happen we don't know exactly how.
One way to check for malicious software on Androids would be to automatically run it on virtual hardware and flag malicious behavior for review by human beings.
I agree. The best way to protect from malware is to stop it before it happens. What better place to be able to do this than on embedded software, where everything can be controlled centrally? It'd be hard to fully protect sideloading apps on Android, but at the very least the marketplaces should be fully protected.
Every app on every marketplace should be tested for malware, and the device should be able to scan for apps acting outside of the limitations imposed in the API. I have a WP7 device, and it's kind of like the new Mac where thanks to its marketshare it's not a huge target. But I'd be willing to bet there's some exploits out there that could be targeted, and that scares me as a netsec employee.
The fact that it exists, regardless of if anyone installed it or was damaged by it, is the problem. It's time to start thinking of solutions for that problem _before_ you or anyone you know is affected.