alt Hacker NewsMy position regarding devices is that only 2 out of 3 should be satisfied:
1. Used as a proof of identity (for banks, govt services, etc.)
2. Is distributed to laypeople who have more pressing concerns in their lives than security.
3. Is an open platform where you can download apps arbitrarily from the Internet that can read your data and exfiltrate them to a malicious actor.
The mainstream today chooses 1&2. Novelty, underpowered devices choose 2&3. Hobbyists have option 3 (and those who like to live dangerously 1&3) with some inconvenience. You can still run GrapheneOS... and the mainstream apps that expect your device to be a proof of your identity won't work... and I find that quite reasonable.
Replies
I take issue with the idea that openness and freedom to install arbitrary software cannot occur without strong safety mechanisms. Android/GrapheneOS/iOS have sandboxing and permissions systems that put most desktop OSes to shame. The base platform can control apps' access to every resource, and an app store can put its own caveats and reminders to users for what kind of access is needed for the functions of a given app.
It's a number of false choices. Google has complete control over Android and they could easily implement 1, 2, and 3 if they wanted. It's not as if they couldn't provide the means for certified secure enclave apps in addition to normal ones.