"are a step backward when it comes to security, privacy, and anonymity: by default, the user's files on an Android smartphone are not encrypted, instant messaging communication can be sniffed, and web browsing is not anonymous."
Just so we don't cause widespread panic. This is not a step backward but a step forward. All major operating system in use operate in this unsafe way in their default configurations. Even encrypted hard drives for laptops tends to be the exception rather than the rule. This is because speed sells. Most end users believe their systems are secure up until the moment their system displays a security violation message.
If all systems were encrypted then the public would be conditioned to accept that level of performance. Only some clever people out there would sell acceleration kits for these platforms that remove the encryption.
Mobile devices have an advantage here in that the end user does not expect the level of performance that the laptop or desktop systems have. So if these are slowed down by security measures then the user may not notice or care. But young people will care if they can't play the latest video game because the files can not be read from the file system at a fast enough rate.
It would be better if security sensitive data would be stored in a separate device or partition from main storage. Encryption works worst when the contents contain repetitive patterns as you may find in media files that contain frames of data. Encryption works best when the contents of the encrypted material are not known. You should use encryption sparingly by only encrypting what is important.
Be smart with your mobile devices and always assume that they are insecure and can not be secured. Do not rely on encryption for security. Do not use your cell phone to make Internet purchases when you can do the same thing with your desktop computer.