I can't imagine someone who wants to use their phone wants to spend that time using it setting up sandboxing by hand.
Turret3857
joined 1 year ago
2026 is year of Linux phone
Linux sucks on phones for security
Why?
Linux security on phones is not equivalent due to these factors
but Linux supports these things which are either not exact equivalents or would take an entire Dev team with full time funding to do
Can you find me a phone & OS that meets those requirements
Why? that has nothing to do with the topic of Linux security on phones?
are you being serious with me right now? what about my question wasn't "on topic"? If the hardware and software don't exist, its not going to happen and you're making a hypothetical argument to a factual statement.
I never implied it was, however if someone is using graphene as a way to achieve mobile security, it can generally be assumed they want said security if they switch to a different OS. Iodé and CalyxOS both support more than just pixels, and don't do data collection, nor do they sacrifice physical security. Mobile Linux on the other hand, has very little physical security, and very poor application sandboxing compared to the aforementioned android forks. It wouldn't make sense from a security perspective to skip over android forks directly to {postmarketos, Ubuntu touch, armbian/mobian, manjaro mobile...} unless your goal is to use a Linux phone without caring about physical security and app sandboxing (which would not make sense if you are using Graphene, and don't want to change your threat model too much while not supporting Google.)
Find me a phone that supports secure boot (which is not the same as verified boot btw), and a distro that will run on that phone that properly sandboxes applications (Flatpak does not count, as there are still many security flaws and missing xdg-portals in its implementation.)
I'm not really sure what about the sandboxing makes it difficult to use. Most of the permissions are switches you can just toggle on or off. You can also root phones that run custom Roms (which are the only phones that are worth a damn IMHO) if you really want access to the entire fs.
You're more than welcome to use a less secure system, but most people would generally prefer a secure one.
I mean if you want to get technical, KitKat (4.4 in 2013) introduced verified boot. So from Android 1 to 4.4, it took about 5 years. I believe some form of sandboxing has always existed in Android, but the earliest version I can find online was in Android 5.
I feel like with the backing of Google, they were able to implement such tight security in their mobile OS without much pushback. Mobile Linux in it current state is entirely hobbyists with very few daily drivers. Unless someone can release some stunning Linux mobile hardware that a lot more enthusiasts buy I don't think we will see any sort of major progression in mobile Linux for some time, as the current method most mobile Linux uses is replacing the bootloader on the phone with an open source implementation which takes a lot of man power to achieve, and it would take even more to make it secure.
I would absolutely love to be proven wrong about the time frame however. The sooner secure Linux phones hit the market, the better the world will be.
or Calyx or iodé or post market or Ubuntu touch or...
A hardware switch for software accessing a directory?
Since the original user doesn't actually know the answer to the question asked, its because
Mobile Linux doesn't support any sort of verified boot like android does, leaving it open to evil maid attacks
Mobile Linux doesn't sandbox applications as well as android, leaving it open to spyware (Think Facebook intercepting Snapchat DMs, not old school steal your credit card spyware)
and I feel like there's a third major big thing but I can't recall it at the moment. Android's security model is genuinely one of the most secure out of any modern operating system. I'm all for Linux phones, but they need to prioritize parity with Android security before I daily drive one.
If you're on Graphene for security, Linux mobile will be the last thing you want as the security of those devices is akin to carrying around a bootloader unlocked android with no app sandboxing. You'd be better off buying a fair phone and using iodé until they can't develop any further.
Surprisingly I've been stuck on one hyperfocused hobby for line 5 years, self hosting and digital privacy. Just when I feel like I've made the perfect machine, I have to change something
I agree with you, in fact the only reason I know about the security differences is because I wanted to jump ship when they started down this closing AOSP path. I found that at the current moment the security model won't work for me, and that I'd also have to buy a new phone just to get support. I really want to try out plasma mobile though, it looks nice.