I read this article awhile back and watched the 13 minute video link within the article. I definitely think twice these days about downloading silly apps since stuff like this can be encoded within them. I think it's a matter of time before we see third party developers like Symantec, McAfee, or Kaspersky develop mobile internet security for various phone platforms. BlackBerry has spyware risk too, researcher says | InSecurity Complex - CNET News
I guess the only good practice today would be to leave the internal firewall on and keep the password enabled to activate the 'Prompt On Application Install'. However, the internal firewall doesn't flag data activity for any OS RIM application. Only third party apps are flagged when attempting to transmit data. I think a third party firewall would flag all operations - like a PC based firewall would do (of course if you block everything, you could render the phone useless). However, over time, tweaking like with a home firewall could lead to an acceptable balance between security and still having a functional phone. I guess time will tell as these so called smartphones are becoming as vulnerable as home computers.