What, me worry (about mobile viruses)?

Kaspersky, via PC Magazine, has graciously told the public to worry about mobile phone worms. I'm not worried, and there are many reasons why you shouldn't be concerned... yet. It is commonly accepted that there have been very few pieces of mobile malware that have ever been spotted, and noted outbreaks are even less common. Why is there a disconnect then between marketing statements and the threat, and more importantly, will this threat ever exist?

AV companies have been predicting the emergence of mobile viruses for years. These warnings may be truly genuine. After all, cell phones are pocket sized computers that can execute third party applications and have a high bandwidth phone interface. They could also be purely the output of marketing departments, looking to expand their products into new segments. Rather than examining their motivations, lets look at the ecology in which mobile malware would have to exist:

Cell phones have a smaller pool of developers, and consequently malware authors, than desktop computers. Network-based delivery of applications is highly controlled by carriers and manufacturers and impractical for most handsets currently in the field. In many markets, people don't use their handsets for electronic financial transactions. Handsets are replaced frequently, which limits the lifetime of installed software. The handset population is incredibly diverse, limiting the number of devices that could be affected if a vulnerability is discovered. All this is occurring against a backdrop massive number of easily compromised PCs, making for a very unfriendly environment for mobile malware.

These are all the reasons why mobile malware epidemics on the scale of what we have seen in the PC world have not yet occurred. Tomorrow I will completely contradict myself and write about all the reasons why mobile malware epidemics are just around the corder. Or will I?