Unknown sources, root, and the Android security conundrum

Afraid all answers here can only be opinions. It's not possible to give a purely objective answer without a lot of "ifs" and "coulds". If root were that big a security threat, you'd need to completely disable that on Unix/Linux systems as well (and definitely do the same for the Administrator account on Windows). Similarly "installing apps from other sources". If we had a kind of "driver's license" for technical devices, that could assure the correct use. As we don't have it, removing those features would harm the technically experienced.

Unknown Sources

While it's often recommended leaving these "unchecked" (i.e. disable them) for "security reasons", it's a "double-edged sword":

• pro disabling: the only "known source" is Google Play, which is considered "most save" due to precautions taken by Google. Users are much less likely to (though not absolutely safe from) installing malware to their devices – hence less issues in this context.


• contra disabling: many reasons for this:
  
  
  
  
  • openness: sources like F-Droid are as safe as Google Play in this context, but would need "unknown sources" to be enabled
  
  
  • testing: if you encounter a bug in an app, and the dev is going to fix it, the fix needs testing before a new version is published. How to do the testing (e.g. by the reporting user, who nows best about what went wrong/did not work) without the ability to install it? Cat chasing its own tail: App could only be installed from playstore to test it, but could not be put to playstore before being tested ¹
  
  

root

Here our sword even has more than two edges.

• user experience: if you don't need root, don't root your device


• completely bug-free software is impossible, so one cannot prevent rooting (or there wouldn't be jail-breaking on iOS)


• openness: people like me don't want to be jailed neither to Apple nor to Google or any other company. Getting rid of their "fences" (including their, the manufacturer's, and the provider's bloatware) requires root access


• as rooting cannot be 100% prevented, a non-rooted device is not that much safer by this definition


• nothing is safe from "crazy users", and a saying goes that "with great powers comes great responsibility": true, with "root powers" you can cause a lot of problems to your device (best examples can be found a lot on this site, in posts from users who "accidentally removed essential system components". But build a system for idiots (or make software idiot-proof), and only idiots will use it (sorry for the harsh phrasing, but you know what I mean).

Verdict

You can find many reasons pro and contra each item – but there's no objective answer of which way is best. As usually, "best" is always subjective: what's best for me might be worst for you; "one man's owl is anothers nightingale". Non-rooted non-rootable and unknown-sources-unavailable devices might be a good choice for novice non-tech-oriented users – but would be avoided by even a-little-more-technical users like the devil avoids holy water. You cannot defend freedom by using jails for the "free".

^{1: sure one can bypass this using adb install – but wouldn't you consider this a similar "security hole"? Or, on the other end, would you expect that "reporting user" would go through all steps to install drivers and ADB stuff on a Windows computer (considering Windows is the widest spread desktop OS, and impute this user even has a computer) to test your solution? You'd lose approx. 80% of potential testers this way.}