There isn't that much demand for that on Linux because the apps aren't adversarial. If you install Facebook on your phone, you want it locked in a jail where it can't suck up everything on your device and send it to Meta. If you install the Signal desktop app on Linux, it's open source and doesn't do that. And to the extent that you use the likes of Facebook it's the web version.
Meanwhile per-app isolation is a pain. You download a picture in a browser, crop it in a photo editor and attach it to an email. All three apps need access to the same picture. Your backup app needs access to everything. Your password manager is filling in fields in other apps.
You do want to be able to isolate something questionable, but the usual way to do this for sophisticated users is virtual machines or containers. Maybe that could use a coat of paint to make it easier for unsophisticated users to use it, but maybe unsophisticated users should just stick to the system package manager anyway.
> You download a picture in a browser, crop it in a photo editor and attach it to an email. All three apps need access to the same picture. Your backup app needs access to everything.
On Android, each of those three apps would ask you for file system permissions on first launch. Your choices are "full access to user files", "limited access" (usually one directory and all its sub-directories), "full access, but only this time", and "no access".
Both the "save file as" and the "open file" dialog only show directories the app can access, and have a button at the top that reads something like "change storage scope" or "allow more access".
The system even has options where apps can request access to e.g. all photo/video/media directories - the photo editor would probably request only those to begin with.
Also, apps can pretty much never access each others config/keys/etc files - which they never should. If they need to communicate with each other, they're supposed to use interfaces like the Content Provider, Intents or Bound Services.
> On Android, each of those three apps would ask you for file system permissions on first launch. Your choices are "full access to user files", "limited access" (usually one directory and all its sub-directories), "full access, but only this time", and "no access".
Which isn't completely useless, but in most cases the only thing you really want is "full access" or "I don't actually trust this thing" -- and most users aren't going to comprehend the difference between more fine-grained alternatives anyway -- and then you're basically looking at the distinction between normal trusted apps and something you run in a container.
> Also, apps can pretty much never access each others config/keys/etc files - which they never should.
And that's the problem, because the backup app is supposed to be able to back up everything, a malware scanner can't have potentially malicious apps hiding something from it, etc.
There isn't that much demand for that on Linux because the apps aren't adversarial. If you install Facebook on your phone, you want it locked in a jail where it can't suck up everything on your device and send it to Meta. If you install the Signal desktop app on Linux, it's open source and doesn't do that. And to the extent that you use the likes of Facebook it's the web version.
Meanwhile per-app isolation is a pain. You download a picture in a browser, crop it in a photo editor and attach it to an email. All three apps need access to the same picture. Your backup app needs access to everything. Your password manager is filling in fields in other apps.
You do want to be able to isolate something questionable, but the usual way to do this for sophisticated users is virtual machines or containers. Maybe that could use a coat of paint to make it easier for unsophisticated users to use it, but maybe unsophisticated users should just stick to the system package manager anyway.
> You download a picture in a browser, crop it in a photo editor and attach it to an email. All three apps need access to the same picture. Your backup app needs access to everything.
On Android, each of those three apps would ask you for file system permissions on first launch. Your choices are "full access to user files", "limited access" (usually one directory and all its sub-directories), "full access, but only this time", and "no access".
Both the "save file as" and the "open file" dialog only show directories the app can access, and have a button at the top that reads something like "change storage scope" or "allow more access".
The system even has options where apps can request access to e.g. all photo/video/media directories - the photo editor would probably request only those to begin with.
Also, apps can pretty much never access each others config/keys/etc files - which they never should. If they need to communicate with each other, they're supposed to use interfaces like the Content Provider, Intents or Bound Services.
I think it's pretty well designed.
> On Android, each of those three apps would ask you for file system permissions on first launch. Your choices are "full access to user files", "limited access" (usually one directory and all its sub-directories), "full access, but only this time", and "no access".
Which isn't completely useless, but in most cases the only thing you really want is "full access" or "I don't actually trust this thing" -- and most users aren't going to comprehend the difference between more fine-grained alternatives anyway -- and then you're basically looking at the distinction between normal trusted apps and something you run in a container.
> Also, apps can pretty much never access each others config/keys/etc files - which they never should.
And that's the problem, because the backup app is supposed to be able to back up everything, a malware scanner can't have potentially malicious apps hiding something from it, etc.