Comment by mapcars
9 hours ago
> There are zero OSes that are 1/ open source 2/ appropriate for phones 3/ with good hardware support. There's absolutely nothing
Sailfish?
9 hours ago
> There are zero OSes that are 1/ open source 2/ appropriate for phones 3/ with good hardware support. There's absolutely nothing
Sailfish?
Fundamentally, not enough. Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device. Firejail is a good start, but proper user isolation as Android does is the right solution (each app is a different user, and accessing their data/user data is only done through Providers, or IPC), and anything else is naively trusting and not enough, no matter how many layers of sandboxing and suid-ing you do. Doubly so when all of its apps are written in C++. Can't wait to deal with use-after-free on my mobile device.
In addition, its compatibility with android apps is also chains: why would I bother developing for sailfish (especially since it involves Qt / Qt Creator) when I can just develop an Android app, and say it'll run well enough (unless it needs play integrity, which is the same problem, or somehow falls behind in android/androidx compatibility)
> Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device.
Honest question: why are mobile devices more hostile than laptops/desktops?
It is _the_ 2FA device. from SMS, to authenticators, to password managers, etc. It also has access to all of your personal information, your pictures, your contacts, your email. It actively receives notifications and messages from the outside world, from potentially any sender. It's connected through WiFi, GPS, 5G, bluetooth, UWB, every possible connection system imaginable. It can listen to your phone calls, read your text messages, interact on your behalf with pretty much everything in your life, and is a single facial recognition away from automating emptying your bank account. Not to mention the fact that mobile software does tend to want to at least survive a little bit when offline, so plenty of data is stored locally.
It's a key to your life. The perfect target for any attacker.
2 replies →
They aren't, unless you want to run untrusted apps outside of a distribution.
Flatpak sandboxing is a thing however, and probably good enough in the meantime.
2 replies →
Because regular users (non-techies) install all kinds of apps on their phones, from all kinds of sources/vendors, but not on their desktop. Most people use only a handful of applications on their desktop (browser, office suite, …) but they have dozens if not hundreds of different apps on their phone.
> Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device.
Linux has SELinux as a default option which Android makes good use of, some forks more than others, and setup correctly it is better than user isolation. You could also recreate the protection user isolation provides through policy alone.
Not entirely FOSS, unfortunately :( (though, it would be cool to see someone take their kernel and implement Plasma Mobile on it)