Comment by ignoramous
2 months ago
A more recent (2023) sandboxing + isolation overview by the Android team: https://arxiv.org/html/1904.05572v3/ (section 4.3)
2 months ago
A more recent (2023) sandboxing + isolation overview by the Android team: https://arxiv.org/html/1904.05572v3/ (section 4.3)
> Android’s security design has fundamentally been based on a multi-party authorization model: an action should only happen if all involved parties authorize it.
> these are user, platform, and developer (implicitly representing stakeholders such as content producers and service providers). Any one party can veto the action.
How is this not anti-user? It explicitly states that the app developer should be able to veto my decisions...
Under the shared responsibility model, such veto makes sense. Just because the end-user (the app has no way to determine if it was a thief or a spy or a monkey or the actual device owner) approves of an action doesn't mean the OS and the app have to grant authorization.
I can see how such a setup is hostile to power users, but then Android is used by 50% of all humanity, and your guess is as good as mine as to just how many want "sudo make me a sandwich" level of control.