• Anafabula@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    4
    ·
    11 days ago

    I don’t think android is really comparable to desktop operating systems. Phone OSs are much more locked down so they can enforce a lot more security.

    If you want to focus on security, maybe try Qubes OS (A reasonably secure operating system)

    A diagram of Qubes OS's architecture. Most systems and apps are separated into their own VMs

    • [object Object]@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      11 days ago

      I can’t say about the sandboxing because I have no clue, but don’t they have a point with the secure boot though? For Android, most devices do a check to see if the images are tampered or not at boot, and uses hardware-backed (TEE) file-based encryption, both of which are enabled by default. Loading tampered images is hard because the bootloader (I think? Or it was that Trusty image) does cryptographic checks on the image it loads.

      Not that I like this kind of design as I want to have more control over what happens on my devices, but it is definitely useful for devices that are much more likely to be stolen, especially for the general public. Both can achieve great level of security, but mobile devices are much easier to do so.