[nickpsecurity]

I already agreed with you on that. It was malware and secure-on-insecure-OS points I was countering.

I'll add that user education has mostly failed. The recent consensus in INFOSEC is we need to design solutions where it's hard to do it insecurely and still easy to use. Signal messaging app is a great example of that. Another is Combex's PowerBox scheme for permissions on files where file dialog transparently grants a single file's access to app when user uses it. OS or runtimr protects its security. But, what user is giving to what application is clear even without technical knowledge.

So, education plus better design like I described is next steps.