Emulating Windows system calls, take 2

Posted Jul 19, 2020 19:29 UTC (Sun) by clump (subscriber, #27801)
In reply to: Emulating Windows system calls, take 2 by nix
Parent article: Emulating Windows system calls, take 2

I respectfully disagree. Security features are nice, but you have only to look at "all permissions" for nearly any application installed by default on Android. Look at Google Play Services, which includes the following mandatory permissions:

"disable your screen lock"
"have full network access"
"record audio"
"access location in the background"
"take pictures and videos"
"reroute outgoing calls"

I can't remove these permissions. I can't audit their use. I can't examine the source code. Not my idea of secure, private, or user-respecting.

If pointing out issues with Google Play Services is too easy, look at "all permissions" for other apps. There is also the matter of Android's exploit track record, and all of the well-documented issues with applications served from the official Google Play Store.

My point is that Android uses Linux but offers none of its benefits.

Emulating Windows system calls, take 2

Posted Jul 20, 2020 12:35 UTC (Mon) by nim-nim (subscriber, #34454) [Link]

All the "privacy" initiatives Google sponsored in the past years have been trying to protect Android and Chrome data both from "evil" telco operators/ FSB / CIA / whatever and "evil" users. Google documents will not call it that way, but they will dismiss any actual user control because of straw-men like social engineering… The truth is the only power Google wants to give users is the power to do things Google agrees with.

You can not understand Android or Chrome security choices if you do not acknowledge they are extensions of Google IT, and the user is outside the target security perimeter.

Emulating Windows system calls, take 2

Posted Jul 23, 2020 10:22 UTC (Thu) by domenpk (guest, #12382) [Link] (3 responses)

What you write is valid criticism, but it's not a comparison in any sort of way.

What's the permission system on common Linux desktop like? Most "apps" are running under same UID, have access to all the data users actually care about, many peripherals etc.

Emulating Windows system calls, take 2

Posted Jul 23, 2020 13:59 UTC (Thu) by clump (subscriber, #27801) [Link] (2 responses)

You're right about typical distributions. However the security features of Android are useless if the user has no choice but to accept all or none of an application's permissions. Some Android applications allow users to disable some permissions, while some applications fail to function at all unless you accept everything. Worst of all you have no choice whatsoever about which applications can use networking.

Android's additional security features are meaningless in practice.

Emulating Windows system calls, take 2

Posted Jul 23, 2020 14:47 UTC (Thu) by pizza (subscriber, #46) [Link] (1 responses)

> Android's additional security features are meaningless in practice.

Incorrect.

Android completely isolates applications from each other. One application cannot see/access the data of another.

> However the security features of Android are useless if the user has no choice but to accept all or none of an application's permissions.

That sounds like a problem brought on by using proprietary software, not the underlying permission/security model.

Android's model requires those permissions to be explicitly stated and granted, which is a huge step forward from the free-range model of a traditional desktop environment (Linux or Windows or whatever) -- where applications have carte blanche to do pretty much whatever they want -- including audio, video, networking, and access to every file the user has.

Emulating Windows system calls, take 2

Posted Jul 23, 2020 16:20 UTC (Thu) by clump (subscriber, #27801) [Link]

> Android completely isolates applications from each other. One application cannot see/access the data of another.

Unless the storage permission is required which makes the external storage a free-for-all. I trust you'd agree that there's plenty of valuable application and user data on the external storage.

Great points about a traditional desktop environment. An exploit or hostile application shouldn't allow the compromise of a user's entire home directory by default. We can and should do better.