Aegis, and it's wrong reasons-to-be has (justifiably) created a huge hatred against security frameworks. On the other hand the basis of it's implementation (fine-grained permissions system) not only is correct, it is in my opinion needed in any modern smartphone with so much personal data stored in it. We are now protected by obscurity, but if I publish tomorrow a dancingbunny_8.32_armel.deb on devel and I promise android app compatibilty I can just upload all of MyDocs of the poor guys that installed it to my server and then wipe their N900 with the init script on next reboot. (or even flash zeros to the kernel area, overclock to death and other nice things).

I'm writing this in this thread because it has to do with community involvement (a "bad" security system can hinder community support (aegis) while a "good" one can boost it, especially now that we are nowhere safe, see Carrier IQ, Apple GPS tracking etc.)

A current smart device, phone whatever, must have the user in full control. A control panel applet should be enough to allow realtime granting and revoking privileges to apps. Thus we need a security framework, with the roles reversed, and the human the only one with full caps.

PS. Apple and MS has tried to solve this with the dreaded isolated storage, which forces all the apps to contain half-baked versions of other apps in order to work ok, definitely not the linux way
Google asks the user for permissions during install however with no possibility to revoke them. Thus most apps ask for many more permissions than they require and nobody pays any attention to that dialog box.