(no title)

A smartphone is a computer that is more involved in your private activities. For example, a phone is likely to be on your body when you move around the city and talk to other people so it is exposed to more private information about you than a stationary desktop will be.

I wish this were true but the reality is that with the exceptions of QubesOS and ChromiumOS, desktop linux distros grant any process trivial access to elevate to root as there is no sandboxing model. Any process can alias your sudo command to steal your password, or run privileged docker commands, etc. It gets worse when you introduce snaps, appimages, and flatpaks usually uploaded, usually unsigned, by randos. This download-random-exes style model is becoming default and encouraged by distros like Ubuntu.

Windows is still a joke security wise but MacOS at least has some mediocre sandboxing nor offering defense suitable for casual visual media focused end users though you need Brew to do anything useful as a developer which throws supply chain security out the window. Personally though no one could ever pay me enough to MacOS even if they did have a useful secure package manager and good sandboxing as I value freedom and privacy in addition to security.

AOSP on the other hand substantial hardening and sandboxing isolating apps from each other somewhat like running every app in a docker container. Combine this with the admittedly small collection of dual signed reproducibly built apps on F-Droid and this is as good as it gets in open source end user friendly secure computing.

Well... almost. Trouble is you can not find an Android device hat does not ship with nasty highly privileged spyware and proprietary kernel modules allowing cell carriers, chipset makers, and the governments they obey to track you and have varying levels of access to your device if they really want it.

IMO QubesOS is the only halfway decent general purpose OS in terms of security and privacy you can use today and in the end there is just no good mobile solution that meets my privacy, security, and freedom needs so I just opt to not have a phone at all for now.

In practice, not really IMO. Both Android & iOS also supports disk encryption and are also locked for most of the day. I don't know why you say "few services exposed to the network" for Linux when virtually every installed package has unfettered access to the internet (unless you're wrapping it with something like Docker or manually setting up your own network namespaces). Android and its apps can be run 100% open source as well.

On the other hand, there are two big security advances prevalent on mobile but rare on Linux and other desktop operating systems:

- capability-based sandboxing (ie. enforced app permissions)

- device integrity attestation (ie. the system can tell if you've modified your device in non-standard ways)

Linux does actually have nascent and partial efforts on both fronts (eg. Flatpak, Snap, Secure Boot support) but even then they're usually not popular or easy to use.

I think iOS devices are much more secure than a Linux desktop.

Any iOS device that has not been registered with Apple for use on a dev team or rooted can run only built-in apps and ones instslled from the iOS Store.

That means it can only run apps explicitly approved by Apple.

Sure, Safari has had some zero days, as has iOS generally, but as Heartbleed, Shellshock, and Log4Shell have shown, open source is not magical fairy dust that makes things secure.

Overall, my bet's on the team at Apple being better at securing their systems than the random collection of individuals and overworked maintainers that have assembled the parts in a modern Linux desktop.

Desktop operating system are less secure than mobile devices.

Linux is also the worst of desktop operating systems.

https://madaidans-insecurities.github.io/linux.html