• jsomae@lemmy.ml
    link
    fedilink
    arrow-up
    25
    ·
    5 months ago

    The real problem is that the security model for apps on mobile is much better than that for apps on desktop. Desktop apps should all have private storage that no other non-root app can access. And while we’re at it, they should have to ask permission before activating the mic or camera.

    • Pussista@sh.itjust.works
      link
      fedilink
      arrow-up
      11
      arrow-down
      2
      ·
      edit-2
      5 months ago

      macOS has nailed it*, even though it’s still not as good as iOS or Android, but leagues and bounds better than Windows and especially Linux.

      ETC: *sandboxing/permission system

        • Pussista@sh.itjust.works
          link
          fedilink
          arrow-up
          4
          ·
          5 months ago

          It’s a joke. Apps have defined permissions already allowed on install and some of them have too many things set to allow like home or host access. Also, changing any permission requires restarting the app. It’s heading in the right direction, but it has a looooong way to go to catch up with macOS, let alone Android and iOS.

      • tmpod@lemmy.ptM
        link
        fedilink
        arrow-up
        3
        ·
        5 months ago

        What does Windows do? Genuine question, I’ve not used it since the 7 days. Regarding Linux, that’s true for stuff installed through regular package managers and whatnot, but Flatpak is pushing a more sandboxed and permission oriented system, akin to Android.

        • ruse8145@lemmy.sdf.org
          link
          fedilink
          arrow-up
          3
          ·
          5 months ago

          You have granular control over universal windows apps (ie windows 8+ apps) and one global lock over all desktop apps (non uwp), and one global lock over everything. It’s pretty solid considering how little control Microsoft has and it’s wonderful fetish for compatibility.

          Tldr basically same as Linux, except app distribution in Linux was bad enough for so long that more stuff is in the new restricted format while windows still has tons of things which will never go away and aren’t in the sandbox. I think not finding a way to sandbox all desktop apps was a mistake.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      4
      ·
      5 months ago

      Firejail and bwrap. Flatpaks. There are already ways to do this, but I only know of one distro that separates apps by default like Android does (separate user per app), which is the brand new “EasyOS”.