Some days ago I received a new HTC Pro Windows Phone, now running with Windows 7.5, the "Mango" release. Overall, I really like that phone. It is smart, it is very easy to configure. I never had a phone which was up and running with access to all mail accounts, calendar, and tasks so quickly. It works pretty seamless with Office 365. OK, having Skype on the phone would be great, in particular given that Microsoft owns Skype.
So far, so good. But then you start this phone and are asked for the PIN. But if you just cancel the PIN entry, you have full access to everything which is on that phone. In the out-of-the-box configuration, there is not even a password required. You have to opt for this and change the settings so that the phone requires a password.
I know that there is a balance between usability and security. However, I'd like to have more options for security and I'd like to at least be prompted for decisions about the security when setting up the phone. And there are options you can build in these phones for more security. Biometrics like fingerprints wouldn't be that difficult to add. Secure stores for sensitive information (sort of TPM++) should be feasible.
But currently it is still about usability first and then ---- nothing for a very long period of time. Only minimal security. It still looks like security and mobile phones are totally different worlds, being in parallel universes. The bad thing: You might find some software tools ("apps") to increase security. But there could be hardware security built in at reasonable cost, there could be done much more. But vendors are just still ignoring mobile security. And while mandatory security might be inconvenient for many users, optional security (which is still easy to use) might be of value to many of them.