The dedicated site, hosted at SDLstory.com, provides never-before-seen video footage and photos from many of the SDL’s key players, and uncovers a collection of little-known anecdotes. For example, Microsoft said that in the early 2000s, the company had to bus engineers to the customer support call center to keep up with high call volumes coming in as a result of security incidents. Microsoft also said that in early February 2002 the entire Windows division shut down development and diverted all developers to focus on security."
Link to Original Source
"You will never find a more wretched hive of scum and villainy. We must be cautious." Obi-Wan Kenobi
It is not possible to check every application to see if it is harmless or not. Nobody has those kinds of resources.
You do know we're talking about Google, right? Why would Google not have those kinds of resources? They scan the Internet every day, upload an hour of video every second, filter spam for hundreds of millions - better than anybody, and they made Android so they have the inside track on detecting undesirable code.
I think it is 100% accurate to say Android is insecure by design in much the same way DOS era Windows file sharing is 100% insecure by design.
These two things are unrelated. Now you seem to be saying you're complaining about Android security because others complain about the security of your preferred system. That is not relevant. Also, it's a confession that your argument lacks merit. Maybe not the direction you wanted to go.
Android is intended for a mass market audience of people who know nothing about computers or software threats... Knowing this the designers decided the only access controls would be take it or leave it DEMANDS made by APPLICATIONS. This is why Android is insecure by design... it totally and utterly fails to protect the USER in the most basic rudimentary way possible.
Now we are talking about a totally different thing - apps which require excessive permissions. As in, the end user gets to decide how much access he is willing to give each application. This is not malware at all and off topic for the discussion, but let's cover it. This is restraining applications that want to be more than the end user wants them to be, giving the end user full disclosure when an update seeks to do things it didn't do before. You make it sound like a bad thing, when in fact it's an enhancement above the other methods of application security provided by the system that empowers the user to be more restrictive than any algorithm could appropriately be. You make it sound like a bad thing. It's not.