Secure Mobile OS

[ryo]

Do you even need app isolation if you're already careful?
Do you even need app isolation if you know how to avoid malware?

Defense in depth dictates that you shouldn't trust any measure to be infallible. Maybe tomorrow your nice secure chat app (Signal, Matrix, Jami, anything you like) has a vulnerability discovered and an attacker is able to execute remote code just by sending a message; no matter how much common sense you used, you are then at risk.
In practice, the risk is definitely tiny, and it may be true that in general you really don't need it, provided you don't believe you will be the victim of targeted attacks. But I wouldn't state that as an objective answer.

Mind you, I'm using 2 chat apps (3 if you count the Jabber server at work), neither of them are considered secure.
They're both closed source even.
But because of that, I keep the risks in mind, and not simply assume that they will keep me safe.
That's why I said "A computer user is both the best anti virus and the worst exploit at the same time." immediately after these 2 sentences.

Speaking of Signal, thanks for pointing out a "secure chat app" that isn't actually secure at all.
Consider this, are you sure you want to trust an app recommended by 2 rather questionable individuals (one being the CEO of Twitter, and the other being a CIA agent who might probably not even be in Russia but in China instead, working closely with the CCP)?


For reference:


And:


Edit:
As for URLs to the last 2 screenshots:
https://wikileaks.org/ciav7p1/#PRESS
https://qalerts.pub/?n=4672
https://8kun.top/qresearch/res/10608751.html#10609489

No need to link to the first one, it's on the front page of Signal.

Edit 2:
The Wikileaks part is rather a breach in Android and iOS, not specifically the app.
But still a way too commonly ignored fact.
For Signal specific issues, consider @\jack and ES.