[evgen]

It is also trivial to convince technically unsophisticated users to over-ride these security settings to get some ephemeral (and probably not even true) benefit. On the front page of HN today was another story describing how Facebook harvested a large chunk of contact info and text messages because people _gave it permission to do so_ when the app asked for it. Expecting these same users to be sophisticated enough to know what they are actually opting out of in this case strikes me as being a bit delusional.

[darawk]

So make it difficult and explicit. Or shit, just don't go out of your way to make it impossible. Android threads this needle extremely well. Installing a different kernel is not something a casual user can be tricked into doing. It requires a restart, and a moderately complex sequence of clearly dangerous actions. There is no epidemic of people being 'tricked' into installing alternate Android kernels.