In all fairness, the user has to go into their security settings and uncheck a setting to allow unsigned apps. Even after that, they are prompted with a screen that shows what the app will need to access (like the permissions screen on the BlackBerry) and they have to okay it.
Why would any user install a media app that asks for permission to access SMS? No matter how secure a device is, the weak link is the user. This isn't a sign of an non-secure OS, the security flaw here is the user.
The difference between stupidity and genius is that genius has its limits.
When you take things for granted, the things you are granted, get taken.
Even a mosquito doesn't get a pat on the back until it starts to work.
Too many people miss the silver lining because they're expecting gold.
[BES 5.0.3 / GroupWise 2012 HP2]