Re: Déjà vu
I still want to know how many devices were infected that weren't rooted. I'm guessing the answer would be 0? The only thing I'm surprised at is that there aren't more infected smartphones (of any platform) that are basically allowing random apps to run as root (which was half the problem with Windows up until UAC).
Thing here is, the droid builds for rooted phones tend to let you perform post-install permission denial, either built in or by using an app like Permissions Denied. So, it can obviously be done. The only thing that prevents me from rooting my own devices is because I'd like to install Cyanogenmod or whatever distro, then re-lock the device under my own key.
Add the ability to root, mod, then re-lock, and I bet you'll slash the already small amount of Android virii out there.
Of course, if someone decides to enable downloads from unofficial sources (and let's see that code swapped to allow different 'official' app stores eh?), root the device, leave it open then go on a download binge from cracked-apk-downloads.com, you can't really blame the device or the system for that.