Hacker News new | past | comments | ask | show | jobs | submit
well_ackshually | on: /e/OS is a complete, fully “deGoogled” mobile ecosystem
Fundamentally, not enough. Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device. Firejail is a good start, but proper user isolation as Android does is the right solution (each app is a different user, and accessing their data/user data is only done through Providers, or IPC), and anything else is naively trusting and not enough, no matter how many layers of sandboxing and suid-ing you do. Doubly so when all of its apps are written in C++. Can't wait to deal with use-after-free on my mobile device.

In addition, its compatibility with android apps is also chains: why would I bother developing for sailfish (especially since it involves Qt / Qt Creator) when I can just develop an Android app, and say it'll run well enough (unless it needs play integrity, which is the same problem, or somehow falls behind in android/androidx compatibility)

dbdr | parent | next
> Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device.

Honest question: why are mobile devices more hostile than laptops/desktops?

well_ackshually | root | parent | next
It is _the_ 2FA device. from SMS, to authenticators, to password managers, etc. It also has access to all of your personal information, your pictures, your contacts, your email. It actively receives notifications and messages from the outside world, from potentially any sender. It's connected through WiFi, GPS, 5G, bluetooth, UWB, every possible connection system imaginable. It can listen to your phone calls, read your text messages, interact on your behalf with pretty much everything in your life, and is a single facial recognition away from automating emptying your bank account. Not to mention the fact that mobile software does tend to want to at least survive a little bit when offline, so plenty of data is stored locally.

It's a key to your life. The perfect target for any attacker.

wao0uuno | root | parent | next
My Linux laptop is my 2FA device (email), it holds my passwords, and personal data like photos, contacts, email. It receives notifications and messages from outside world from potentially any sender. It connects through Wi-Fi, Bluetooth, Ethernet, 5G (built in WWAN). It even has cameras, microphones and I use it for my online banking and shopping. The only reason why smartphones "need" to be ultra secure is because everyone and their mother have one and the truth is most people can hardly tell a difference between their head and their butt.
eikenberry | root | parent
You just described a computer. There is nothing in your list that is mobile specific.
mixmastamyk | root | parent | next
They aren't, unless you want to run untrusted apps outside of a distribution.

Flatpak sandboxing is a thing however, and probably good enough in the meantime.

loading story #47223553
codethief | root | parent
Because regular users (non-techies) install all kinds of apps on their phones, from all kinds of sources/vendors, but not on their desktop. Most people use only a handful of applications on their desktop (browser, office suite, …) but they have dozens if not hundreds of different apps on their phone.
JCattheATM | parent
> Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device.

Linux has SELinux as a default option which Android makes good use of, some forks more than others, and setup correctly it is better than user isolation. You could also recreate the protection user isolation provides through policy alone.