Comment by robertlagrant
1 day ago
> I find it disturbing that any app can examine your device in this much detail.
When I did a tiny bit of Android development a few years ago, I was astonished how free the app I made was to just examine the file system. I assumed it would be like the web, where each website can have its own little SQLite database and cookie store equivalent, but that's it. I don't know if it's changed, or if it was just because I was in a "dev mode" somehow, but that was very surprising.
It has certainly been locked down a bit. This makes easily backing up all your data using some techniques harder/impossible.
I can't include podcasts in the backup I do via rsync via termux anymore, unless I switch to an app that uses a shared storage area instead, as termux can not longer read app directories only its own and shared storage. You have to rely on each app that used app-local storage to have its own backup method. Not that I really care from the podcast PoV, hence I've done nothing about it, but it is a sign of apps being better sandboxed at the filesystem level than they used to be.
That's doesn't make sense either - not an android iser or dev but shouldn't there be a system level backup interface. Even if its storing the app-local storage as an opaque blob with a label?
Sounds logical, but it doesn't seem to be the case. The backup options are "Photos/Videos" "phone data" and "both". I don't think phone data includes all app-local data. Contacts, calendar entries, and such, get synced but that isn't due to a global backup process that is the Google apps syncing with your Google account. Other apps could do that with the right integrations, but not all have the option and either have no backup or backup by syncing to their own service or an external option like an S3 compatible store.
It is somewhat disjointed.
When I last changed phones, between phones from the same manufacturer both running recent Android versions, the "copy apps, settings, and data" process didn't include all app data either so I need to take extra steps.
I don't think there will be any big push to address the matter, because for the vat majority of users it isn't a big issue: most of their data is synched to various services anyway and that which isn't wouldn't be particularly missed if lost. There are very few app dealing with important data that are local-only.
1 reply →
Is it not the same for computers most of the apps data is accessible by all the apps. Mobile OS came from the paradigm of the past and as the way we use our phones change so do the way how mobile os work. For a long time Android devs have wanted to obfuscate the disk from the user like iOS does but have faced push back from users and developers so in the end they created a permission where an app needs to ask permission to access the disk. Keeping the file system a black box or allowing user/apps to mess with it is a development question of the times dumb it down or not. Then people here complain children don't know anything about computers these days well yeah because we have dumbed it down so much in the name of security and usablity.
Definitely the same for computers. LOTS of software rely on saving data on "secret" locations for shareware-style trials.
macOS for one has been asking to allow access to specific folders. Other OSs are possibly starting to do the same, but it used to be a free-for-all.
Linux has containers for this - firejail, flatpack and others have support for this.
Older software tended to be less obnoxious about it. I have never had a desktop app refuse to run for this sort of reason.
Desktop software installers do not claim to offer this security. Mobile OSes claim to be sandboxed so your expectations are different.
The sorts of applications you install are different too. Many mobile apps are things you would do using a web browser on a desktop. They should therefore be locked down the way webapps are.
By default you can `ls` almost anything on an entire drive.
That is how it works. Apps on android and iOS can’t access data outside of their contsiner.
Afaik all apps on android have the ability to list directories across most of the "sdcard" file system even without storage permissions.
Sure, but all the interesting data is stored in a subtree that mostly won't even show on that list. In fact, there doesn't seem to be a way for a user of non-rooted phone to view this data. This sucks.
2 replies →