Comment by potwinkle
4 days ago
Security seems like a solved problem on desktop already? Secure Boot + LUKS + SELinux gives anyone a pretty airtight userspace.
Microsoft/Apple have similarly secure set ups for their operating systems. Bitlocker by default (although there is a convenient backdoor for high-paying customers to protect against data loss and for law enforcement forensics) and Apple's Secure Enclave (only broken into by a certain five countries intelligence agencies and for older versions streaming pirates) should protect the average user pretty well.
Is there anything special about Android phones (especially budget ones) that makes them more secure? That's not what I've seen.
As the other comment mentioned, is that Android is way ahead on app sandboxing and not doing things like exposing sudo to apps. Yes, apps can literally ask for your user's password using a fake dialog and then elevate to root and then do whatever. Even without root programs can spy on you by recording your screen, and mic. Programs can cryptolock your files or steal them (browser login information is a juicy target to steal). Android shuts down all of these kinds of malware by design. Apps can't escalate to root. Apps can't read or write to all of your files. Apps can't steal files from other apps. Apps have to ask for permission to record users. Apps can't see you have a root terminal up and start typing commands into it. Also in regards to writing APIs that are permissions Android makes it easy.
Per app isolation vs single user account.
There isn't that much demand for that on Linux because the apps aren't adversarial. If you install Facebook on your phone, you want it locked in a jail where it can't suck up everything on your device and send it to Meta. If you install the Signal desktop app on Linux, it's open source and doesn't do that. And to the extent that you use the likes of Facebook it's the web version.
Meanwhile per-app isolation is a pain. You download a picture in a browser, crop it in a photo editor and attach it to an email. All three apps need access to the same picture. Your backup app needs access to everything. Your password manager is filling in fields in other apps.
You do want to be able to isolate something questionable, but the usual way to do this for sophisticated users is virtual machines or containers. Maybe that could use a coat of paint to make it easier for unsophisticated users to use it, but maybe unsophisticated users should just stick to the system package manager anyway.
> You download a picture in a browser, crop it in a photo editor and attach it to an email. All three apps need access to the same picture. Your backup app needs access to everything.
On Android, each of those three apps would ask you for file system permissions on first launch. Your choices are "full access to user files", "limited access" (usually one directory and all its sub-directories), "full access, but only this time", and "no access".
Both the "save file as" and the "open file" dialog only show directories the app can access, and have a button at the top that reads something like "change storage scope" or "allow more access".
The system even has options where apps can request access to e.g. all photo/video/media directories - the photo editor would probably request only those to begin with.
Also, apps can pretty much never access each others config/keys/etc files - which they never should. If they need to communicate with each other, they're supposed to use interfaces like the Content Provider, Intents or Bound Services.
I think it's pretty well designed.
1 reply →