Thursday, November 30, 2017

security - Why does every application run as a separate user under Android?


If it's for security reasons, so that one application cannot harm another, why is it not like that in the desktop Linux distros?


If desktop operating systems do prefer interaction between applications, why isn't it the same in the mobile ones? What's the difference?


What needs does a desktop Linux have that justify interaction between applications, that Android doesn't have?



Answer




Why does every application run as a separate user?




Because Android enforces a far stronger process isolation as traditional (desktop) operating systems like Unix, Linux or Windows, while still allowing interaction between applications (IPC is one of the strengths of Android) secured by a good security model.



If it's for security reasons, so that one application cannot harm another?



It is mostly for privacy reasons, but also comes in handy from a security perspective. The strong isolation of Apps in Android guarantees that no App can affect another App.



why is it not like that in the desktop Linux distros?



Most modern desktop multi-user systems have the focus on isolating users. Processes are also isolated, but not as strong as on Android. For example, if you install a program on Linux or Windows, it will have full access to your private user data. On Android, if not special permission is granted, it will have only access to its own data.


A while ago, the fact that Android apps that request the READ_EXTERNAL_STORAGE permission also get access to the users pictures residing in /sdcard/DCIM was a big shop stopper. Somehow, nobody seemed to remember that under a normal GNU/Linux or Windows installation, every installed app that is run by the user has full access to it's private data.



Android is a few steps ahead compared to traditional operating systems when it comes to permissions and access control for normal end-users. Typical Linux installations for end-users don't expose those features yet. Likely because nobody has written nice, user-friendly GUIs for them. And if there will be ever another Windows version after Win8, we likely see a similar permissions system there too.


No comments:

Post a Comment

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...