<...>
I tried the long press, but it is a risk in case the press is not long enough, and only once is enough to infect and wipe out a device, or fall victim to malware. Also, people are not going to do that, they see what looks like a legitimate message and they tap without thinking. Android is ages behind a PC GUI for security and user feedback. How many times do we open an app, only to have no help, and no idea what an icon does, this is unacceptable for a any GUI. All icons should have the text backup view, or hover text, or tool tips. Why is android specifically designed to have people need to randomly click to find out what is going to happen? All icons need some text hover or alt-text explanation, just like accessibility demands for images on a properly designed website. Malware is going to have no trouble fooling people to do bad things, as people are being trained to click first then try to fix the mess after with Android. It is like most devs have learned nothing from the mistakes learned from 20 years of PC use. Imagine if no knobs or switches were labeled or indexed in a power station, or a piece of heavy machinery?
Sent from my SM-P900 using Tapatalk
While I agree with you that Android design in general is far from secure, I'd disagree that everything has to be dumbed down and labeled. (It is actually the feature of the Western society to expect everything dumbed down.) Or rather, I thing that there should be some optimum balance.
[ Philosophical exercise ]
When you come to a stylish bathroom (in a house or hotel), and the vanity or shower faucets are not labeled with red and blue (*). How do you know that the left one is usually hot and the right one is cold (at least in the US/Canada)? And one can argue that it is dangerous to just try it, as you can get scalded.
And I am talking just about old-fashioned 2-valve faucets, while there is a large variety of other devices, where you are supposed to turn, lift, twist, push etc. handles and buttons. Several years ago, I observed how a guest from Europe, an experienced mechanical engineer with a college degree, had a problem turning on the water in one of the public restrooms. And that was after he spent a couple of weeks in the North America, and mastered up a variety of faucets. The secret was simple: the water was activated by a foot pedal below the sink. Who would have thought?!
Yet another example, - look, I am sure you are using TV/DVD/BR/CD/TiVo... remotes. You know that "|>" pictogram means to play, "||" is to pause, "[]" to stop, "<<" and ">>" mean to rewind/advance, etc. How did you figure it out in the first place? There are no pop-up text hints around those buttons. By pressing the buttons!
And it is quite possible that your parents might have stopped you when you tried to push random buttons as a kid. But when you did, - nothing dangerous has happened. That's how most appliances should be made. So, in some sense, a phone should be designed pretty much like that.. Except that now a phone is not a phone, but a computer with an app for making phone calls.
In principle, computers should've been done the same way (and that's what e.g. Apple has done several times, building their success on it- with their Macintosh, iPod, iPhone, -making their best that those would be akin simple appliances, where you can safely experiment with the buttons, scroll wheels, etc.).
But there are two factors:
1. With the popularization and spread of the Internet, the world is no longer disconnected, and all connected devices (including all appliances, including a fridge, car, medical equipment) should be built differently.
2. But somewhere along the way of developing personal computers and software for them (and in part thanks to the fast cycle of development), on one hand it became acceptable that the software can be released and sold undertested. On another hand, for most people (that includes users, but I am talking about developers first) the security paradigm has never caught up. And I am not even talking about privacy - that part has been "sold" in North America (US, Canada, and beyond) and at least Western Europe long time ago.
(For the record, no, I am not hinting at Kostya or Aquamail, - he is much more aware of security and privacy issues than most software developers, even those who work for industries and products where those things are very important.)
[ /Philosophical exercise with examples ]
Now, the "accessibility" features of the websites that are required by the ADA in the US and some CCD and provincial acts (such as ODA) in Canada are not security features. (Since you have some expertise in computer security, I am surprised that you mentioned those features in relation to security.) As you probably know, all the "hover-over" and "img alt" text represent just what was coded there, which might not be the actual link.
-----
(*) Curiously enough, the assumption that red is hot and blue is cold is not universal. f you were to talk to astronomers, they'd tell you that blue for cold and red for hot is wrong, and that blue stars are much hotter than the red ones.