Originally Posted by NJBlackBerry
Also, it can't be installed without user approval, right?
The user is almost always the gate between malicious code landing on your filesystem and any kind of system protection. It's either the user clicking OK or exploitation of a vulnerable system service on the platform.
In the case of Saudi Arabia you can't really blame the blackberry users since the infection/monitoring was government orchestrated and carrier executed.