Replies (60)
Android is very secure and insecure at same time because of Google invasive control.
Exactly. Linux isn’t inherently more secure than other mainstream operating systems. It has to be hardened. That’s why I use Qubes.
Yes, you are in a fortress surrounded by a moat with alligators and a army of 10,000 on an island, while google is in your bedroom picking out your gimp outfit for the day.
So the "linux" solution to the problem is having an entire OS for each app? :)
Containerization improves this a bit although it's still uncommon on the desktop.
The use case is a bit different on the desktop to begin though. You wrote about it yourself the other day. Users are more careful about which apps they install on the destop.
Mobile apps are more like web apps on the desktop which are properly sandboxed in the browser.
sounds like ultimate sandboxing.
...maybe not "ultimate"
Qubes users also relate to this
Lol that is dark, but true.
I hear you, but it’s not like installing “an entire OS per app.” Qubes runs on a single Xen hypervisor and uses shared templates—AppVMs borrow their root filesystem from them—so you’re not installing 20 separate full OSs. You can use minimal templates and dedicate a lightweight AppVM to a single app if you want. It’s about isolated trust domains, not full installs everywhere. :)
Snap does this out of the box.
AppVMs don't share resources other than the filesystem on disk.
You're not installing 20 chromes, but you are **running** 20 chromes.
(Still, Qubes is gold standard for linux sandboxing IMO)
last time I checked Flatpacks have access to the user's home folder by default and save everything there too. I know they made stricter permissions but the defaults are still quite wide.
💯
😂🤣
Does Snap have permission requests to access the web (sockets)?
Even if people are more careful, it is still crazy that the default behavior is to access the entire filesystem and access and modify everything in the user's folder.
Isn’t this just another way of saying (in general) “been doing mobile OS development for so that desktop OSs seem extremely insecure by comparison.”
That's why we use Graphene. But yes, manufacturers make everything worse.
💯
Yes but can I run crisis on it?
It's a bit weird yes we didn't think of it as weird before mobile apps.
Android sucks, you're just trying to scare me into going back to using windows
Nah, SELinux, the thing that isolates Android apps, was developed by the NSA since 87 and merged into the kernel in 2003, way before any notion of mobile apps existed. Basically 40 years of work for the defaults to still not use it.
Hm right.
MacOS has app sandboxing. It's just linux and windows (and freebsd) that suck at it.
You mean closed source MacOS?
Yep. It's closed but it is more secure. Apps cannot fuck around. Lots of devs tried :)
Love android. When Valve gets Proton/Vex layer fleshed out, we might get all the benefits of other OSes in a full Android desktop OS
That is the interesting part. Android is falling behind in that integration for games. There are no mappings to Kotlin for them yet (as best as I know). So, it is hard to integrate them with the rest of the ecosystem. But it will get there...
To me as a user. I can test the shit out of dangerous apps without worrying too much about the data I have in the same machine. It's not perfect, but it does help a lot.
There are different ways to create your QubesOS stack. If you run standalone templates you have really fully separated systems. The normal way is to build an templates which have your apps installed and you can share those apps to different AppVMs. The goal here is to separate user profile and data from other ApoVMs for security and privacy reasons. Each AppVM can have another network or is offline.
Apple probably does. But I deal with them in a different way that I deal with a random dev out there.
what surprised me is that they revealed that even the most secure VPNs have defects in Linux.
View quoted note →oof, storage scopes way better. comeon grandpa 😂
Linux is made by and for autists and enterprise. It's genuinely unusable for normal people.
It has many versions though. Ubuntu for example is usable by anyone.
I need to come back to android soon
Yes, snap allows access to internet, e.g. some browser apps are offered within snap strict sandbox.
It really isn't. I haven't seen a single distro that doesn't ultimately make you use the command line to do something that you'd find in a menu on windows. Ubuntu might be better but it's still far from normie usable.
Yes, but does it block the web by default and only open the permission when the app requests it and the user approves?
Interesting. That would be too strict wouldn't it. Android does not do that either.
Mint or Pops are very normie level imo
What's interesting about totalitarian surviellance states is that the streets are extremely safe and secure.
Isn't it too heavy? Don't you get stressed using it?
Yeah, there are many distributions focuseds in privacy and security , like tails, qubes, kodachi...
Safe for whom, and to each their own. I guess they like you. How fortunate
I've worked on macos and iOS. It is a tyrannical system full of compliance obligations. Can't sideload apps. You call that safe?
I had to build monero from source to get it to run. I hope you aren't serious.
I'd people cannot use Linux mint they should not have a computer
Insecure in the wrong hands. Desktop is freedom. Android is the light version of OS. Touch nothing. Modify nothing. Secret folders untouchable
That is secure for the developer but not safe for the user. What you are really saying is the only data that can be harvested is by Apple or approved vendors. They issue is we trust them less than scammers and hackers
Sideload sarcasm indicator
You can sideload apps
On an iPhone?
Yup, and without jailbreak. Can use the AltStore.
I see. Well that didn't exist when I was forced to use it for work. I was told I only had to build for android and then they made me buy a Mac and build for iphone. A part of me died inside and I quit shortly after.
