Re: Imaginary Bugfixes
Android is "very secure"? Well, ignoring the ability for someone to send you an MMS that executes code on your phone, not to mention similar issues that exist unpatched on many Android devices. How is app scanning and ALSR supposed to mitigate that? It doesn't, which is why the patches for it (third month in a row for different versions of the same exploit, I believe) are marked as critical.
You've just got your head in the sand, and assume because there hasn't been a widespread malware infestation yet that it must be secure. Didn't Windows fanboys all make the argument about XP's security for the same reason, until stuff like I.Love.You and NIMDA showed that it was more a matter of a hacker lacking the will than the way.
The main thing preventing such a widespread attack is that they probably haven't figured out how to monetize it effectively. If some old school malware guy who just wants to make a name for himself and see the world burn decides to do, there is nothing Google to do to prevent it since they can patch the issues but they can't deliver the install the fixes to end users.
Personally I think Android users should root for such a widespread attack, assuming it is one that does no real damage. That might shake up the OEMs and carriers enough to realize that they have to do a better job with patching, at least for the really serious holes. Get that same brand of bad publicity that caused Microsoft to get serious about security back in the 2003-2004 timeframe.