Secure Mobile OS
#11
Thank you all for your replies and insight.  It gives me a lot to consider while learning along the way.  Reading your discussion surrounding this complex topic is helpful to get an idea of what needs to be considered, not just the software and hardware, but user interaction as well.  And as far as knowing what to look for in hardware and software, it's apparent to me I have a long way to go since many of the things you all mentioned, I have no clue about (desktop apps vs HTML5 apps, or Mandatory Access Control of the files, etc.)   But the more I read the more I learn, so thank you for your thoughts.   Smile
#12
(12-10-2020, 03:42 PM)ryo Wrote:
(12-10-2020, 08:50 AM)displacefish Wrote:
(12-10-2020, 06:41 AM)ryo Wrote: Mind you, I'm using 2 chat apps (3 if you count the Jabber server at work), neither of them are considered secure.
They're both closed source even.
But because of that, I keep the risks in mind, and not simply assume that they will keep me safe.
And therefore, the logical thing to do is employ techniques like app isolation.

My point is that being careful is great, and no security system can't be improved by using it carefully. The most hardened, airgapped system in the world can be defeated by a privileged human logging in and manually running malware with root access out of carelesness. However, the opposite is true as well: you can be as careful as you want, but there's always both the possibility of slipping up (we're all human after all), or that it turns out you weren't careful enough.

That's what defense in depth is. More layers of defense, rather than trusting any single one to be infallible. Being careful is a layer of defense like any other - a perfectly good one, but best used in complement with others.
That's a very good point.

(12-10-2020, 08:50 AM)displacefish Wrote: While I'm all for being paranoid, the fact is Signal is open source, and has received plenty of scrutiny. They're using established crypto protocols (Telegram, looking at you here) and no significant issues have come up yet. I've heard plenty of criticism about requiring a phone number to sign up, which was a privacy issue, but I believe that has been relaxed some time ago.

In the end, one thing is true: if all your acquantainces use Facebook Messenger, and you download The Perfect Secure Chat App™, your conversations are all still gonna be as secure as Facebook Messenger. If Signal is what you can convince your family, friends, etc. to use, because things like Matrix or Jami aren't polished enough or suffer from issues due to their federated and p2p nature (respectively), then it's far, far better to talk to everyone over Signal, than to have all your favourite chat software installed but still talk to people over Whatsapp and the like because nobody else is using it.
I don't necessarily consider myself paranoid, rather I question everything regardless of security.
Of course you can say "my app is fully open source, therefore you can see for yourself that no spyware is available" as much as you want, it takes 1 OTA update to sneak in spyware in a way (or even pre-install it) to completely destroy the entire point you made.

The most obvious example of that is Android.
Android is open source, private, secure, etc as long as Google remains entirely absent.
"I can't install anything, so I'll install the Play Store and login to my Gmail account" → privacy is gone.

So when someone installs Anbox on a Linux phone to use a couple apps not available on Linux, privacy is gone?
#13
(12-12-2020, 07:53 PM)PineSupporter Wrote: So when someone installs Anbox on a Linux phone to use a couple apps not available on Linux, privacy is gone?
That's not what I said at all.
Please read again, maybe it'll become more clear.
母語は日本語ですが、英語も喋れます(ry
#14
(12-13-2020, 07:31 AM)ryo Wrote:
(12-12-2020, 07:53 PM)PineSupporter Wrote: So when someone installs Anbox on a Linux phone to use a couple apps not available on Linux, privacy is gone?
That's not what I said at all.
Please read again, maybe it'll become more clear.
Hi ryo, I should have been more clear with my question.  From what I understand you said, if using the Google Play store and logging into Gmail, that destroys privacy. So what I was wondering is if that is also the case when someone downloads Anbox?  I’m not really clear on what Anbox is, if it’s degoogled or if Google can still track anyone using it.
#15
(12-13-2020, 10:42 AM)PineSupporter Wrote:
(12-13-2020, 07:31 AM)ryo Wrote:
(12-12-2020, 07:53 PM)PineSupporter Wrote: So when someone installs Anbox on a Linux phone to use a couple apps not available on Linux, privacy is gone?
That's not what I said at all.
Please read again, maybe it'll become more clear.
Hi ryo, I should have been more clear with my question.  From what I understand you said, if using the Google Play store and logging into Gmail, that destroys privacy. So what I was wondering is if that is also the case when someone downloads Anbox?  I’m not really clear on what Anbox is, if it’s degoogled or if Google can still track anyone using it.
Ah, I thought it was either a question based on a misreading, or a challenge question.

For some insight, Anbox was created by Canonical if I recall.
What's unique about Anbox compared to other Android emulators is that it doesn't include any Google Apps (or GApps), so you'll have just a tracking-free AOSP Android VM until you install GApps.
Think of something like the custom ROM /e/, but in a VM.
GApps is what makes Android Google.
母語は日本語ですが、英語も喋れます(ry


Possibly Related Threads…
Thread Author Replies Views Last Post
Question Mobile Carriers 67comet 29 7,724 07-14-2021, 11:47 PM
Last Post: rocket2nfinity
  Intermittent Mobile Data csmgj7 4 424 07-13-2021, 03:28 PM
Last Post: Nutmeg
  T-mobile USA region celluar issue FOSSagent0 6 1,281 06-07-2021, 06:02 AM
Last Post: FOSSagent0
  New Zealand network providers mobile data Linux2thabone 2 819 04-30-2021, 07:54 PM
Last Post: Linux2thabone
  LG is shutting down their mobile production daniel_mazurkiewicz 4 1,004 04-07-2021, 05:16 PM
Last Post: dsimic
  Problems updating KDE Plasma Mobile OS IMSAI8080 1 648 03-07-2021, 01:12 PM
Last Post: mark1250
  Mobile Data, KDE Community Edition and pinephone-modem-setup plaristote 1 764 02-15-2021, 10:59 PM
Last Post: C0ffeeFreak
  What is the difference between mobile networking across the following appetizingard1ark 1 578 02-14-2021, 12:47 PM
Last Post: xalius
  Plasma Mobile CE Pinephone - battery not fully charging PineSupporter 11 2,623 02-09-2021, 11:20 AM
Last Post: PineSupporter
  Mobile Data not working yajirobi 3 1,598 11-22-2020, 12:44 PM
Last Post: p1trson

Forum Jump:


Users browsing this thread: 1 Guest(s)