I’ve looked at a couple linux phones and those tend to be designed with hardware switches for antennas and cameras, which I would argue are more secure
“uses regular Linux security mechanisms” is true regardless of whether any distributions you use configure them the same way or not.
The Android platform takes advantage of the Linux user-based protection to identify and isolate app resources.
As part of the Android security model, Android uses Security-Enhanced Linux (SELinux) to enforce mandatory access control (MAC) over all processes, even processes running with root or superuser privileges (Linux capabilities).
Flatpak has promise but the sandbox much weaker than Android. I wouldn’t run anything untrusted with it as sandbox escapes are likely possible. Bubblewrap is highly portable at the cost of being less secure. Kernel level sandboxing such as SElinux and Namespaces are much more bulletproof since they leverage the kernel.
Honestly if you are building something from the ground up I would instead focus on virtualization since the Linux kernel isn’t exactly free of security issues.
Android is Linux, and uses regular Linux security mechanisms.
Sort of
It does use SElinux but the user space software is all Android specific.
That’s not the case. Android is extensively modified in order to have sandboxed applications only and restrictive hardware permissions.
Run any executable on Linux. Likely by default it can access ~/Photos and the webcam. Android doesn’t allow that
I’ve looked at a couple linux phones and those tend to be designed with hardware switches for antennas and cameras, which I would argue are more secure
A hardware switch for software accessing a directory?
“uses regular Linux security mechanisms” is true regardless of whether any distributions you use configure them the same way or not.
https://source.android.com/docs/security/features
Android also doesn’t require root for basic functionality
Flatpak?
And some level of immutability?
It doesn’t seem like much of a step for Linux distros to cover the “gap” if/when we get any sort of viable mobile options for eg 1% of the market.
Flatpak has promise but the sandbox much weaker than Android. I wouldn’t run anything untrusted with it as sandbox escapes are likely possible. Bubblewrap is highly portable at the cost of being less secure. Kernel level sandboxing such as SElinux and Namespaces are much more bulletproof since they leverage the kernel.
Honestly if you are building something from the ground up I would instead focus on virtualization since the Linux kernel isn’t exactly free of security issues.