I can’t talk for others I’m personally interested in Linux phones (I have 2, PinePhone and PinePhone Pro) because I do not want to rely on Android because it’s lead, maintained and basically in practice owned by Google.
I would also much prefer to have “just” Linux because I know it better and because IMHO we reached a point, already few years ago, where “mobile” does not mean much anymore. “just” a computer with a battery is enough due to the power available.
IMHO the SteamDeck is the existence proof of that.
While lots of this is problem of desktops in general, but:
Linux applications can access your entire home folder, which likely contains most of your data. It can also access e.g. state of other applications, which can be bad.
While flatpak somewhat mitigates the issues, it is half-baked: permissions are granted directly when you install the app, and user has to manually revoke the permission - Needing e.g. FlatSeal for this is insane as well. With Android/iOS, the user only grants permission when needed, which reduces lots of attack surfaces.
Doesn’t too many apps want your home folder access by default? If you think about it, it is a huge security issue - you basically have to trust the app to keep your secrets intact.
Mic access can be very problematic, esp when it would be enabled by default if app requests it. Although I don’t know to which extent this would be abused.
Linux applications can access your entire home folder
That’s the default because that’s what most people want, or at least expect.
You can perfectly start an application within a container or even a dedicated user.
Nearly nobody does this not because Linux does not permit that, it does, but rather because most people believe (rightfully or not) they do not need this level of separation.
True, but asking user about permission to home folder vs. granting permission by default is huge difference. Also doesn’t flatpak also grant other permissions the app wants as well? Like the Mic permission.
The “know it better” is, I think, a big argument, that’s imo often a bit overlooked. Android does not have that much “tinkers” as “proper” Linux has. For the average Gnome DE @ Ubuntu user, Android forks are fine. But if you’re the kind of person, who optimizes their Arch system with cool scripts from Github, you won’t get the same experience on LineageOS. I know Termux is a thing but that feels more like a workaround.
Edit: Had to reword the comment, because people thought I was talking about malware and supply chain attacks.
Edit2 to clarify my point: I think big downside of Android is that if you want to tinker with it, you basically have to be an android developer. With “proper” Linux the barrier to entry is smaller and the learning experience is more granular. Hence why we think “we know ‘proper’ Linux better”.
Android does not have that much “hackers” as “proper” Linux has
It’s hard for Android to have hackers precisely because Google and manufacturers are trying their best to prevent that. They do not allow rooting, they blocks features on rooted devices, etc. So they do their absolute best to keep on exercising control despite collaborating on open source software.
… so why are eg flatpak apps less secure than Android ones?
And Play & Apple stores are full of unchecked scam apps. They basically are solving this by securing the os more. Yet apps (even Instagram) can still take pics without your action. I assume they listed in on you too.
The app (& SDK) argument I think has more to do with user- and dev-base. Something that Microsoft failed at in the mobile market. So basically we need a quality/seamless way of running Android apps on Linux.
And since we can run Win games on Linux very nicely I think this wouldn’t be that much of an issue … Tho minimal industry support (eg banking apps) is still needed.
I worded my comment badly. I was not talking about supply chain attacks, rather the ability to tinker on “proper” Linux which you don’t get on Android.
The difference between Android and “proper” Linux? You said it:
Android is a semi-immutable (heavily modified and basically owned by Google) distro that runs app in sandboxes.
That is not what “tinkerers” want. They want access to the system. I have not tried it but can you even run an android app from the command line? I guess you can somehow but that just brings me to my other point. You kinda have to be an Android dev to tinker with Android, while on “proper” Linux the learning experience is more granular.
edit: indeed running Android apps from CLI is not very tinker-friendly:
Sorry, I couldn’t follow/I don’t think I understood you.
Why wound you want or need to run anything via CLI?
Most Linux users never use anything CLI (similar MacOS & Windows). Why would Linux phone users? And what does that have to do with android app devs?
The difference between Android and “proper” Linux? You said it:
But (what I said is that) all of that you can get in various Linux distros too - what I was saying that the basic difference for devs is Google/Android SDK.
we need a quality/seamless way of running Android apps on Linux
Like Waydroid? There was a thread recently on that and it seemed (even though not necessarily a representative sample) most people used it for… games, not “actual” applications. They were NOT used for banking apps also (at least I don’t remember anybody mentioning that) because I bet most people just go on their bank website for that.
The issue is that the banking app is often the only way to get 2 factor authentication. The other way is to use SMS but that can be hijacked by social engineering attacks so it cannot be considered secure.
It’s nothing sophisticated. You just steal someone’s phone number by calling their phone service provider pretending to be them. I don’t know how serious this threat is but for this reason SMS is not considered secure in the “security circles”.
I would consider that VERY sophisticated. One needs to basically conduct identity fraud, so have enough information to port your SIM via your phone company. I imagine that if you do not call your phone company with your existing number they have a few extra steps to allow anything to happen.
Anyway, beyond that, which as you shared (thanks for taking the time to put those links) is indeed not infeasible (but still requires targeted work and skills) this is only 1 step out of 2 for authentication against a bank. One still needs to know the bank and the login/password pair the Website requires.
Even once that’s done, I believe most banks do not allow large transfers, e.g. above 10K EUR, without another verification. Typically transfers have a daily and weekly limit that can be modified temporarily.
So… IMHO it’s sophisticated (in the sense that a “script kiddie” or scammer without technical skills can’t do it) and has limited economical value.
I will remember it (again, thanks for pointing it out) but I won’t lose sleep over it.
PS: I’m wondering what’s the consumer law on this actually because arguably some steps, e.g. no limit transfer or SIM porting would be on failure on the side of companies, not consumer. I wouldn’t be shocked if companies had insurance for that and might have to pay back whatever amount would be stolen. Obviously this would be regulation dependent.
I honestly did not give much thought to the difficulty of pulling such attack off. With “not sophisticated” I just meant that it’s not complex to grasp. “You just have to pretend to be a different person”. I guess yeah that is pretty difficult.
Yeah I mean it’s often said that any second factor is better than just password so it’s probably not a big deal. My issue is mostly that it’s an attack vector that could easily be eliminated. For example if banks allowed third party 2FA apps. I think I’ve read somewhere, that some banks even only allow hardware keys for business accounts which is honestly absurd.
I can’t talk for others I’m personally interested in Linux phones (I have 2, PinePhone and PinePhone Pro) because I do not want to rely on Android because it’s lead, maintained and basically in practice owned by Google.
I would also much prefer to have “just” Linux because I know it better and because IMHO we reached a point, already few years ago, where “mobile” does not mean much anymore. “just” a computer with a battery is enough due to the power available.
IMHO the SteamDeck is the existence proof of that.
Can you please clarify?
While lots of this is problem of desktops in general, but:
That’s the default because that’s what most people want, or at least expect.
You can perfectly start an application within a container or even a dedicated user.
Nearly nobody does this not because Linux does not permit that, it does, but rather because most people believe (rightfully or not) they do not need this level of separation.
True, but asking user about permission to home folder vs. granting permission by default is huge difference. Also doesn’t flatpak also grant other permissions the app wants as well? Like the Mic permission.
The “know it better” is, I think, a big argument, that’s imo often a bit overlooked. Android does not have that much “tinkers” as “proper” Linux has. For the average Gnome DE @ Ubuntu user, Android forks are fine. But if you’re the kind of person, who optimizes their Arch system with cool scripts from Github, you won’t get the same experience on LineageOS. I know Termux is a thing but that feels more like a workaround.
Edit: Had to reword the comment, because people thought I was talking about malware and supply chain attacks.
Edit2 to clarify my point: I think big downside of Android is that if you want to tinker with it, you basically have to be an android developer. With “proper” Linux the barrier to entry is smaller and the learning experience is more granular. Hence why we think “we know ‘proper’ Linux better”.
It’s hard for Android to have hackers precisely because Google and manufacturers are trying their best to prevent that. They do not allow rooting, they blocks features on rooted devices, etc. So they do their absolute best to keep on exercising control despite collaborating on open source software.
… so why are eg flatpak apps less secure than Android ones?
And Play & Apple stores are full of unchecked scam apps. They basically are solving this by securing the os more. Yet apps (even Instagram) can still take pics without your action. I assume they listed in on you too.
The app (& SDK) argument I think has more to do with user- and dev-base. Something that Microsoft failed at in the mobile market. So basically we need a quality/seamless way of running Android apps on Linux.
And since we can run Win games on Linux very nicely I think this wouldn’t be that much of an issue … Tho minimal industry support (eg banking apps) is still needed.
I worded my comment badly. I was not talking about supply chain attacks, rather the ability to tinker on “proper” Linux which you don’t get on Android.
Android is a semi-immutable (heavily modified and basically owned by Google) distro that runs app in sandboxes.
What is the difference?
The difference between Android and “proper” Linux? You said it:
That is not what “tinkerers” want. They want access to the system. I have not tried it but can you even run an android app from the command line? I guess you can somehow but that just brings me to my other point. You kinda have to be an Android dev to tinker with Android, while on “proper” Linux the learning experience is more granular.
edit: indeed running Android apps from CLI is not very tinker-friendly:
https://stackoverflow.com/questions/6613889/how-to-start-an-android-application-from-the-command-line
Sorry, I couldn’t follow/I don’t think I understood you.
Why wound you want or need to run anything via CLI?
Most Linux users never use anything CLI (similar MacOS & Windows). Why would Linux phone users? And what does that have to do with android app devs?
But (what I said is that) all of that you can get in various Linux distros too - what I was saying that the basic difference for devs is Google/Android SDK.
Like Waydroid? There was a thread recently on that and it seemed (even though not necessarily a representative sample) most people used it for… games, not “actual” applications. They were NOT used for banking apps also (at least I don’t remember anybody mentioning that) because I bet most people just go on their bank website for that.
The issue is that the banking app is often the only way to get 2 factor authentication. The other way is to use SMS but that can be hijacked by social engineering attacks so it cannot be considered secure.
Can you please share an example? I’d be curious how that would work, especially if it works while understanding how it works.
It’s nothing sophisticated. You just steal someone’s phone number by calling their phone service provider pretending to be them. I don’t know how serious this threat is but for this reason SMS is not considered secure in the “security circles”.
https://www.howtogeek.com/358352/criminals-can-steal-your-phone-number-heres-how-to-stop-them/
https://www.fcc.gov/consumers/guides/cell-phone-fraud
I would consider that VERY sophisticated. One needs to basically conduct identity fraud, so have enough information to port your SIM via your phone company. I imagine that if you do not call your phone company with your existing number they have a few extra steps to allow anything to happen.
Anyway, beyond that, which as you shared (thanks for taking the time to put those links) is indeed not infeasible (but still requires targeted work and skills) this is only 1 step out of 2 for authentication against a bank. One still needs to know the bank and the login/password pair the Website requires.
Even once that’s done, I believe most banks do not allow large transfers, e.g. above 10K EUR, without another verification. Typically transfers have a daily and weekly limit that can be modified temporarily.
So… IMHO it’s sophisticated (in the sense that a “script kiddie” or scammer without technical skills can’t do it) and has limited economical value.
I will remember it (again, thanks for pointing it out) but I won’t lose sleep over it.
PS: I’m wondering what’s the consumer law on this actually because arguably some steps, e.g. no limit transfer or SIM porting would be on failure on the side of companies, not consumer. I wouldn’t be shocked if companies had insurance for that and might have to pay back whatever amount would be stolen. Obviously this would be regulation dependent.
I honestly did not give much thought to the difficulty of pulling such attack off. With “not sophisticated” I just meant that it’s not complex to grasp. “You just have to pretend to be a different person”. I guess yeah that is pretty difficult.
Yeah I mean it’s often said that any second factor is better than just password so it’s probably not a big deal. My issue is mostly that it’s an attack vector that could easily be eliminated. For example if banks allowed third party 2FA apps. I think I’ve read somewhere, that some banks even only allow hardware keys for business accounts which is honestly absurd.
… people miss Android … to play Android games? Omfg.