It's a horse, water, drink situation.
It's an information problem.
It's an Internet issue.
In the years before Google+ and lower occurrence of independent blogs, people relied on forums for rooting information.
People were afraid of bricks and the threat level was low.
Back then a common first post was, "I'm new here, I need help understanding what a nandroid backup is, I'm want to try rooting." Further discussion revealed lurking occurred before selecting one or more forums.
Today, forum traffic is down everywhere and the common first post is either, "I bricked my unnamed phone and I don't see why I should include more information, plz help fix it right away, it's urgent," or, "I accidentally erased all of my partitions and I don't have a nandroid backup, what's my next move?"
We had an epidemic of that earlier this year when our own sister news site ran a low rate story of how easy it was go clickity clack, get rooted, and rush over to XDA to find out how to fix your phone by installing a new rom (with a don't forget, CM is teh bestest).
I complained to deaf ears. They've run that story often before and they're going to again for the same reason that all of the blogs, big and small, do it - clicks and lots of them.
Let's talk about piracy, it's absolutely related.
Once upon a time, someone would ask how to root and get warez - and be flamed by a hundred voices to wake up.
No more. Another popular first post, "I'm having trouble pirating warez, help me right away." And it's rarely reported or posted against outside of staff.
But here's a statistic that is not made up - 5/6 of the known Android infections due to a bad app came from piracy.
And what lesson did Stagefright teach that so far as I know, I'm the only one who mentioned it with no ensuing discussion?
That it may have been possible all along to become completely compromised by movie piracy directly from the movies instead of just from the distributing web sites.
And only one known hole is getting plugged.
We are very close on this issue but we're also far apart.
When you give anti-anti-virus advice or say don't root, you're expressing your holistic approach in parts.
That's why I always enjoy our discussions on this - I want lurkers to see the full picture.
If I'm one in a hundred and people are asking, I don't think that the answer is that rooting makes you less secure as a con, and hope to reduce the number of rooters.
I want to increase the ratio of getting it done right because people are going to do it anyway.
I'd like a lot more people to see what I see all of the time -
You install an app that seems straightforward - and the next thing you know, your firewall is unhappy or worse, Network Connections says that your new flashlight app just had a long conversation with a server in China.
Or you visit a good website, see a thoughtful comment with a link that explains more, you click it and you get - page not available - but it is on your pc.
Safe practices are not enough for most people, and I'm talking about knowledgeable folks who are actually trying to follow safe practices. They're still susceptible to those attacks and have fallen victim often without ever knowing.
For the first six months of advising the use of a proper firewall for Android here and elsewhere, I was generally ridiculed. That changed after one other guy spoke up in favor. Then it started to spread.
In my pro reasons for rooting I try (and probably fail) to be consistent - the advantages are the firewall, ad blocking (because it's not just ads, it can block toxic sites), and better backups.
And if you're not rooting, yes, a security suite to at least try to help with what rooting can help you achieve, and using your not fastest browser in favor of one that will help you ad block. That's a distant second to rooting.
I've been torn since I've known what I showed here about sharing my Stagefright simulation in the Stagefright thread or other security threads.
On the one hand, I want people who root to know that you can protect yourself from the unknown - evidence suggests that if the bad guys had gotten there first, I would have been safe from the threat.
But the danger is that too many people these days would do a TL/DR and say, oh root protects me, where's Google - ah unsafe Chinese clickity clack rooter, no problem...
Anyway, thanks for the correction on Kondik's name. The danger of a learning keyboard - misspell it once and it corrects the wrong spelling forever after. You're going to see a moderator edit mark on your post and my previous one to fix only that out of respect for the man.
And if Kondik said that you can take steps to make your system more secure on the key points mentioned without root - have you?
Has Google?
I don't think so.