Linux phones tend to just be the desktop versions of desktops adapted for a smaller screen.
Android has well built ecosystem with strong privacy and security features not really found anywhere else. The entire system focuses on least privilege with strong security isolation so even if you do download something bad it will have a hard time doing real damage.
Errrrmmmm I think this is just an issue either with your choice of distro or your approach to security.
The Linux ecosystem has by far some of the greatest security technologies available for modern operating systems. Android is a Linux distribution after all.
Most of the issues with Linux on a phone so far is more the hardware and architecture to support and integrate the hardware.
Major mobile device manufacturers have secure enclaves, cryptographic co-processors, advanced face/depth cameras, fingerprint readers, etc. The system architecture needs to be tailored to the hardware and security architecture for the threat models mobile devices face that you want to mitigate.
iOS is Unix deep under the hood, Android is Linux deep under the hood. The issues here aren’t with the kernels, they’re with userspace, hardware selection, and perhaps the odd supporting driver, service, or interface.
Current Linux doesn’t come close to Android. I wish it did but you still need root access and permission controls leave something to be desired. I think that is mostly fine for desktop but on mobile the stakes are much higher since spyware could have much more access.
I’m not trying to be rude but none of these points are true. I imagine you’re confusing a single Linux distribution and their architecture with being representative of Linux as a whole. You can indeed spin an unprivileged, immutable distribution with SELinux for MAC, hardened kernel, and so much more, which would blow Android et al out of the water.
I’m basing this all on the Android documentation along with my experience on desktop Linux. I would love if there was a Linux system that was as solid as Android but I haven’t seen anything as of yet.
Build it. Gentoo, Arch, and any other minimalist distro where there’s less userspace fluff out of the box can easily be configured to be incredibly hardened.
Your looking for a desktop distribution that doesn’t really exist out of the box (perhaps Qubes). Android is a mobile OS for a reason and has a different architecture in userspace to accommodate for is threat model and use cases.
Just because desktop distros don’t typically lock down userspace out of the box doesn’t mean it’s not possible.
No specific sources as this is just generic Linux. Just look up hardening guides for various distros like Arch etc.
I’ve looked at a couple linux phones and those tend to be designed with hardware switches for antennas and cameras, which I would argue are more secure
“uses regular Linux security mechanisms” is true regardless of whether any distributions you use configure them the same way or not.
The Android platform takes advantage of the Linux user-based protection to identify and isolate app resources.
As part of the Android security model, Android uses Security-Enhanced Linux (SELinux) to enforce mandatory access control (MAC) over all processes, even processes running with root or superuser privileges (Linux capabilities).
Flatpak has promise but the sandbox much weaker than Android. I wouldn’t run anything untrusted with it as sandbox escapes are likely possible. Bubblewrap is highly portable at the cost of being less secure. Kernel level sandboxing such as SElinux and Namespaces are much more bulletproof since they leverage the kernel.
Honestly if you are building something from the ground up I would instead focus on virtualization since the Linux kernel isn’t exactly free of security issues.
Do you have examples where that isn’t the case?
Linux phones tend to just be the desktop versions of desktops adapted for a smaller screen.
Android has well built ecosystem with strong privacy and security features not really found anywhere else. The entire system focuses on least privilege with strong security isolation so even if you do download something bad it will have a hard time doing real damage.
Errrrmmmm I think this is just an issue either with your choice of distro or your approach to security.
The Linux ecosystem has by far some of the greatest security technologies available for modern operating systems. Android is a Linux distribution after all.
Most of the issues with Linux on a phone so far is more the hardware and architecture to support and integrate the hardware.
Major mobile device manufacturers have secure enclaves, cryptographic co-processors, advanced face/depth cameras, fingerprint readers, etc. The system architecture needs to be tailored to the hardware and security architecture for the threat models mobile devices face that you want to mitigate.
iOS is Unix deep under the hood, Android is Linux deep under the hood. The issues here aren’t with the kernels, they’re with userspace, hardware selection, and perhaps the odd supporting driver, service, or interface.
Current Linux doesn’t come close to Android. I wish it did but you still need root access and permission controls leave something to be desired. I think that is mostly fine for desktop but on mobile the stakes are much higher since spyware could have much more access.
I’m not trying to be rude but none of these points are true. I imagine you’re confusing a single Linux distribution and their architecture with being representative of Linux as a whole. You can indeed spin an unprivileged, immutable distribution with SELinux for MAC, hardened kernel, and so much more, which would blow Android et al out of the water.
Source?
I’m basing this all on the Android documentation along with my experience on desktop Linux. I would love if there was a Linux system that was as solid as Android but I haven’t seen anything as of yet.
Build it. Gentoo, Arch, and any other minimalist distro where there’s less userspace fluff out of the box can easily be configured to be incredibly hardened.
Your looking for a desktop distribution that doesn’t really exist out of the box (perhaps Qubes). Android is a mobile OS for a reason and has a different architecture in userspace to accommodate for is threat model and use cases.
Just because desktop distros don’t typically lock down userspace out of the box doesn’t mean it’s not possible.
No specific sources as this is just generic Linux. Just look up hardening guides for various distros like Arch etc.
Android is Linux, and uses regular Linux security mechanisms.
Sort of
It does use SElinux but the user space software is all Android specific.
That’s not the case. Android is extensively modified in order to have sandboxed applications only and restrictive hardware permissions.
Run any executable on Linux. Likely by default it can access ~/Photos and the webcam. Android doesn’t allow that
I’ve looked at a couple linux phones and those tend to be designed with hardware switches for antennas and cameras, which I would argue are more secure
A hardware switch for software accessing a directory?
“uses regular Linux security mechanisms” is true regardless of whether any distributions you use configure them the same way or not.
https://source.android.com/docs/security/features
Android also doesn’t require root for basic functionality
Flatpak?
And some level of immutability?
It doesn’t seem like much of a step for Linux distros to cover the “gap” if/when we get any sort of viable mobile options for eg 1% of the market.
Flatpak has promise but the sandbox much weaker than Android. I wouldn’t run anything untrusted with it as sandbox escapes are likely possible. Bubblewrap is highly portable at the cost of being less secure. Kernel level sandboxing such as SElinux and Namespaces are much more bulletproof since they leverage the kernel.
Honestly if you are building something from the ground up I would instead focus on virtualization since the Linux kernel isn’t exactly free of security issues.