Most of the basic security has to be done for them, and has to be built into either the devices or the operating system.
Cannon's little demo is another example of why Android's current security scheme needs a major overhaul, not a few minor tweaks.
Trust is a good thing, in general, especially in conjunction with verification. It's fine for Android to trust the security information applications give it, but only if it continues to keep track of what those apps do to make sure their main purpose is to provide a useful function, not to cross all the permission barriers Android can set up and hand off control to a stranger.
That shows a little too much trust.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.