Yes, I totally see the double edged sword of disabling your hardware buttons. Absolute security would be assured, but what if you got in trouble and needed them. I could see a brick problem happening really fast...unless there was a way to password protect the volume rocker.
My original point was that, yes, ODIN hack would still be a vulnerability; one that is likely unavoidable at the present time. However, if recovery was password protected, a computer with ODIN (or other hacking software) would be needed to hack the phone. This would buy the user some time. The phone could be locked in the on position, GPS could be remotely enabled, the phone could be ordered to screem when you knew you were close to it, remote pictures and recording could aid in it's recovery. The phone would likely be stolen some distance from the thief's hacking computer (if he is that sophisticated). Most phones are stolen by people that are not hackers, but may be knowledgeable about recovery. All phone have a recovery and recovery can be used to hack any phone to a clean state in less than 5 minutes, on the spot, regardless of how fancy you think your anti-theft software is. Then the SIM card can be replaced and you phone is as good and gone forever.
But, what if recovery was password protected? A hacker would remove the battery and ODIN hack it at his convenience, but most thieves are not that knowledgeable. Somebody finds a phone and decides they want it for their own, instead of trying to return it. There are a lot more people that can figure out a recovery hack than there are people that know how to ODIN hack.
So I respectfully disagree with your proposal that password protected recovery would be useless. In most cases, it would buy those of us with anti-theft software time and a greater chance of retrieving our $600+ phone, before hack occurs. We can password protect literally everything on an android phone, except its greatest vulnerability; recovery.
