The biggest threat to Android security is the inability of normal users to control their firewall.<p>What? Android has a firewall?<p>No, of course not. But Linux has a firewall, and it's installed by default on every Android phone. If you don't have root privilege, it's useless to you -- everything is open. But if you do have root, the DroidWall app is a simple way to manipulate it.<p>You see, every Android app has its own UNIX userid. That's how cross-app permissions are enforced. And iptables can associate packets with the userids of the processes sending or receiving them. So DroidWall offers you a simple list of all of your apps, with checkboxes for allowing packets through via cellradio or WiFi (or both or neither).<p>Frankly, Android ought to ship with something like this.<p>(Not the author, just a happy user.)