DiBona is so full of it
While it is true that there are snake oil salesmen in the mobile security business (which field of business doesn't have them?!) - like scanners with pitiful detection rates and overblown estimates of the number of Android malware programs out there - this DiBona chap is so full of it that it's not even funny.
Smart phones are not "inherently more secure than PCs". Just like with the PCs, the weakest link is the user. The user would install anything from anywhere without ever stopping to think. And it's kinda difficult to protect people from themselves, you know? No solution is fool-proof, because the fool is always bigger than the proof...
Mobile malware hasn't caused "much of a problem"? OK, let us assume, for the sake of argument, that it has hit only ONE user (in reality, thousands have been hit, but humor me). That certainly wouldn't be "much of a problem", compared to the millions of smart phones out there, right? Now, stop and think for a moment. What if that ONE user was YOU? Do you still think that protection for mobile devices is useless because malware "isn't much of a problem"?
No major cell phone has a virus problem?! I guess, he doesn't count Nokia as a major brand of cell phones, then. In the early days of Symbian (S60) - the OS that most Nokia smart phones used - many mobile viruses spread accross such phones over Bluetooth and MMS.
Regarding the "no Linux desktop has a real virus problem" crap, with the risk of being flamed by all the Linux fanbois here, I'd say that it again depends on how you define "no" and "a real virus problem".
One more point regarding the "snake oil salesmen". Please note that many (most?) Android security vendors offer their scanners for FREE and only sell for money their other, non-malware related cervices, like backing up the information on the phone into the cloud, tracking the phone, locking the phone and so on. You can hardly call a "snake oil salesman" somebody who is giving you their product for free. Or is Mr. DiBona actually claiming that the other security services are worthless?!
Now, speaking of worthless and incompetent stuff, how about a long and hard look into the Android security model, huh?
1) Android, out-of-the-box would install and run any signed app (if configured to use alternate markets). Signed by anyone, I mean. As opposed to that, the iPhone would run only apps signed by Apple. That's not necessarily a good thing - personally I'd take malevolent freedom over benevolent dictatorship any time - but it does have a negative impact on security.
2) Android is plagued by bugs, exploited by the various rooting exploits, the fixes for which take ages to reach the end user. This is not only Google's fault - much of the blame falls on the mobile operators - but fact is that Apple's model provides better security in this aspect too.
3) Android has the same user-incomprehensibility problem that has plagued the Windows security software for ages. You download an app. It tells you that it requires X, Y and Z rights. The vast majority of people have absolutely no clue what these rights really mean and why the app might need them. Android's description of them is pitiful. The responsibility for making a correct security decision is dumped entirely on the user. In such a situation, most users will fail to make the correct decision.
Why is it not possible to grant only some of the rights that the app requests?!
Why is it not possible to change later the rights granted to an installed app?!