WingNews logo WingNews
top | item 46042362

(no title)

potwinkle | 3 months ago

Security seems like a solved problem on desktop already? Secure Boot + LUKS + SELinux gives anyone a pretty airtight userspace.

Microsoft/Apple have similarly secure set ups for their operating systems. Bitlocker by default (although there is a convenient backdoor for high-paying customers to protect against data loss and for law enforcement forensics) and Apple's Secure Enclave (only broken into by a certain five countries intelligence agencies and for older versions streaming pirates) should protect the average user pretty well.

Is there anything special about Android phones (especially budget ones) that makes them more secure? That's not what I've seen.

discuss

order

charcircuit|3 months ago

As the other comment mentioned, is that Android is way ahead on app sandboxing and not doing things like exposing sudo to apps. Yes, apps can literally ask for your user's password using a fake dialog and then elevate to root and then do whatever. Even without root programs can spy on you by recording your screen, and mic. Programs can cryptolock your files or steal them (browser login information is a juicy target to steal). Android shuts down all of these kinds of malware by design. Apps can't escalate to root. Apps can't read or write to all of your files. Apps can't steal files from other apps. Apps have to ask for permission to record users. Apps can't see you have a root terminal up and start typing commands into it. Also in regards to writing APIs that are permissions Android makes it easy.

lmz|3 months ago

Per app isolation vs single user account.

AnthonyMouse|3 months ago

There isn't that much demand for that on Linux because the apps aren't adversarial. If you install Facebook on your phone, you want it locked in a jail where it can't suck up everything on your device and send it to Meta. If you install the Signal desktop app on Linux, it's open source and doesn't do that. And to the extent that you use the likes of Facebook it's the web version.

Meanwhile per-app isolation is a pain. You download a picture in a browser, crop it in a photo editor and attach it to an email. All three apps need access to the same picture. Your backup app needs access to everything. Your password manager is filling in fields in other apps.

You do want to be able to isolate something questionable, but the usual way to do this for sophisticated users is virtual machines or containers. Maybe that could use a coat of paint to make it easier for unsophisticated users to use it, but maybe unsophisticated users should just stick to the system package manager anyway.