Android Security is Mad
The basic idea seems to be that if the user wants to install random, unaudited software, they can safely do so without worry that the application will steal their contacts, record their voice, or otherwise engage in bad behaviour. What keeps the user safe is the ability to allow or deny an app access to these various resources on a case-by-case basis. However, the more detail we add to this story, the stranger it becomes.
Many apps simply won’t work without a lot of permissions, so our would-be insecure messaging app, which then asks for permission to use ’the camera, microphone, access contacts, and make calls’, remains insecure. The average user cannot make informed decisions about how much to trust an app, and how much to let it access.
The security model on Windows seems comparatively better, as it does not show the false safety-net of discreet applications, leaving the user to only install what they should trust with a vague message about the app ’not being verified'.
Despite the boasts of GrapheneOS that it has ’the best security model’, due to so much separation, it doesn’t come close to Linux’ open-source-only package managers. The Linux security model - when working as intended - means that software only goes onto the computer when it goes through the following stages:
- Someone shows off their app with the source code and a healthy history.
- Different package-maintainers (all able to audit the code) build the package.
- The end-user installs the audited software from their app-store.
The difference here parallels someone with amazing home-security letting known criminals into their home, and someone with no security only letting reliable and honest friends into their home. The first person may boast about how much better their security deals with problems, but we all know which house we would rather live in.