alt Hacker NewsFundamentally, not enough. Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device. Firejail is a good start, but proper user isolation as Android does is the right solution (each app is a different user, and accessing their data/user data is only done through Providers, or IPC), and anything else is naively trusting and not enough, no matter how many layers of sandboxing and suid-ing you do. Doubly so when all of its apps are written in C++. Can't wait to deal with use-after-free on my mobile device.
In addition, its compatibility with android apps is also chains: why would I bother developing for sailfish (especially since it involves Qt / Qt Creator) when I can just develop an Android app, and say it'll run well enough (unless it needs play integrity, which is the same problem, or somehow falls behind in android/androidx compatibility)
Replies
> Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device.
Honest question: why are mobile devices more hostile than laptops/desktops?
> Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device.
Linux has SELinux as a default option which Android makes good use of, some forks more than others, and setup correctly it is better than user isolation. You could also recreate the protection user isolation provides through policy alone.