you haven't seen this yet is because most malware is directed at turning a machine into a zombie
I admit to not reading the article, but this is my concern here. Is mobile malware the same definition?
I have an android phone. Permissions are such I can tell if an app wants "unneeded" permissions in some cases. An (offline, single player) game that needs no permissions, or maybe wants to have "disk access" (save a little game state) sounds safe.
On the other hand, certain apps (gmail, you name it) need lots of permissions for "legitimate" purposes. The problem is, just because an app might have good use for camera or GPS permissions, doesn't mean I can trust it to only read/store/send those values as I expect.
I'm concerned about all the "free" apps that may collect information. I don't (yet anyway) have a good way to know whether they are behaving or not. I just have to trust that they do. And certain things, like my phone number, I can't necessarily just put in fake data for.
There are lots of reports (many exaggerated) that talk about this already happening. I'm not sure to what extent, but I wouldn't doubt I've been "victimized" and just don't know it. If 2011 is the year I find out the hard way, I'm can't say it will be all that surprising.
But yeah, I don't see "regular" (desktop) malware getting substantially worse on mobile in a short time frame.
I'm not sure there's an easy fix for this either. Java applets allowed much more fine grained permissions, and it sucked ("Yes to all"). I think android is better, but I still want a way to override and (to the extent I trust the OS) have the OS enforce it.