> Most anyone who is willing to root and ROM will be savvy enough to know how to avoid security issues and things like malware in non-market apps.
Based on nearly every thread I've read on xda-developers forums, I'd put my money on the fact that most users are just savvy enough to copy-paste directions, and the moment something goes wrong the only recourse is to jump to the internet and hope someone else has figured it out already. I have plenty of friends that don't have the slightest clue as to what root actually means or what sudo or su do with rooted Android phones running CM.
Hell, the Rooting scene is one of the shadiest scenes I've ever seen. Have you seen how many links are on xda-developers that point to random binaries on mediafire.com? Half those binaries are completely open source, with the majority being distributed with the Android SDK, as in, there is no reason it needs to be distributed as a binary, but most users don't know how to compile it anyways, so it comes in the easiest unsigned format without sha/md5 sums. The other half are kernel modules to install or binaries you execute as root on your phone. I wouldn't touch a random kernel module from mediafire.com on my desktop or servers, but since it's going into my phone, it's somehow safe? How is installing that any different than installing a non-market malware app?
Based on nearly every thread I've read on xda-developers forums, I'd put my money on the fact that most users are just savvy enough to copy-paste directions, and the moment something goes wrong the only recourse is to jump to the internet and hope someone else has figured it out already. I have plenty of friends that don't have the slightest clue as to what root actually means or what sudo or su do with rooted Android phones running CM.
Hell, the Rooting scene is one of the shadiest scenes I've ever seen. Have you seen how many links are on xda-developers that point to random binaries on mediafire.com? Half those binaries are completely open source, with the majority being distributed with the Android SDK, as in, there is no reason it needs to be distributed as a binary, but most users don't know how to compile it anyways, so it comes in the easiest unsigned format without sha/md5 sums. The other half are kernel modules to install or binaries you execute as root on your phone. I wouldn't touch a random kernel module from mediafire.com on my desktop or servers, but since it's going into my phone, it's somehow safe? How is installing that any different than installing a non-market malware app?