Do you have an actual number for "probably" - assuming normal browsing habits (i.e. not to the sort of porn site with a higher likelihood of installing malware), and an outdated version of iOS or Android?
How is that number changed by not using public wifi?
>i.e. not to the sort of porn site with a higher likelihood of installing malware
Porn sites are not where most malware comes from. Ad networks are. I've had more attempts at virus and malware installs from 'legitimate' sites that have had poor control of their banner ads.
I'm not assuming anything: I asked a question, rather than stating a fact.
"Not significantly" would be a valid answer to the second question. However, you seem to be answering "are home routers entirely secure?", which wasn't my question: my question was about real-world risk levels (i.e. "_are_ public wifi points significantly more likely to deliver threatening payloads", not "_could_ they be").
I'd still be interested in an answer to the main question.
Oh no, not a month's allocation of mobile data down the drain!
An impersonal passive botnet would likely do less damage than status quo "apps" that are built to siphon as much personal data as possible.
Never mind these few Mifi devices that I have - default configs that listen on wan telnet with static passwords! Well known domestic manufacturer, not worth attempting to report - the manufacturer obviously did not care, has long moved on, and there's countless other models with the same problem.
The panacea of every node being secure with an identifiable owner fell apart long ago. You can either cling to that belief in a fundamentalist manner (and prop up the totalitarians who wish to track communication ever more). Or you can work on understanding how non-technical people actually attempt to moderate their own exposure to these insecure-by-design surveillance devices.
Sure, and I didn't advocate doing otherwise. My point is the larger context - there is no "secure" on mobile.
Likewise, my point about losing a datacap was that it was preferable to having more personal info backhauled into commercial surveillance databases. It's not an either-or and I'm not desiring either one - just calling attention to the larger context of user-security versus the myopia of marketing/corporate security.
There is secure on mobile. Secure is not a binary property, it's a spectrum of options and possibilities which heavily depend on your environment and your threat model.
You either get security updates at the possible downside of sending more data to some database of a known vendor or you get the very possible risk of being part of a slide on DEFCON Fail Panel by some unknown blackhat.
I choose a known advesary over an unknown any day.
At its core, digital security is a binary property equivalent to mathematical proof. Since universal security is neigh impossible (two people can keep a secret if both are dead), we then predicate it on various trust relationships / threat models - what one is secure against.
The modern non-technical but security-conscious person concedes that their devices are pwnt by (ie they are forced to trust) AppGoogAzon anyway, and simply shies away from trusting technology. The phenomenon is what it is - I'm not advocating for it, but advocating for understanding it.
Furthermore, are you saying that you actually know all the players in the commercial surveillance industry?!
I'd appeal to your same argument of known versus unknown, but point out that at least the motives of the rando blackhat are known. Whereas the surveillance industry will be innovating new ways of monetizing their malicious databases for the next century!
As another comment mentions; security is not binary.
Binary Security is a sign you failed at security. You can be not secure at all, somewhat secure, etc, against a set of threat models or anywhere in between those steps.
Whether or not you have properly prepared against a threat model and you are confident in defending against it is a binary property (or rather, two binary properties) but the underlying security is not.
How is that number changed by not using public wifi?