[matharmin]

Google Apps are typically installed as system apps. Play Store is obvious, since it needs to be able to install/update applications without prompting. The need for other apps (e.g. Gmail) to need system-level permissions is less obvious, but most of them fail to run if you just sideload it without the permissions.

[md_]

Huh? What permissions are you referring to that the Gmail app has?

Also, if I remember right (and I'm not an Android expert, so grain of salt here), Android OS itself enforces sandboxing based on app signing keys; even the Play app can't overwrite the Signal binary without a binary signed by the same key (though conceivably it could install some other fake-Signal app that looks just like Signal and has a similar icon--but that app would not have access to your private key!).

[crowbahr]

While you are correct about the enforcement applying to Google Apps the Google Play Services has all possible permissions. I don't know if they could do something with the kernel from that alone though.

Personally I trust Android as much as I'd trust iOS... Which is to say I expect the government can get at either with physical access but only at the highest levels of government (CIA/NSA/FBI).

[md_]

True. But Play Services is effectively a part of the OS (from Google's perspective).

As you say, in both cases (iOS and Play Services) it's a commercial closed-source bundle. shrug

I don't personally spend time worrying about that, given that Google and Apple's code is probably better reviewed than some random open source app, but some people like to nerd out about such things.

As you say, the FBI was eventually able to get access to the San Bernardino shooter's phone. But this isn't exclusive to the highest levels of government; it just depends on your budget: http://www.reuters.com/article/us-apple-encryption-fbi-idUSK.... It's not surprising the CIA would have a stockpile of unpatched 0days, found or bought.

I don't believe I'm worth $1m to anyone, so I feel pretty safe using both iOS and a recent, patched Android.

[crowbahr]

Totally agree with you. I like my Nexus 5x a lot. I figure that usually it's the highest levels of government who are actually willing to pay a sum like that though. I doubt the local PD is willing to dedicate 1mil to cracking a phone if you get arrested for possession of a controlled substance or something.

And it's kinda an unspoken goal of mine to, ya know, not end up on a CIA watch list. Now I know some of the concern goes around controlling so the Government doesn't get out of control but I think that we would expect a government's worth of resources able to do something as trivial as cracking a commercial phone.

[md_]

> And it's kinda an unspoken goal of mine to, ya know, not end up on a CIA watch list.

First rule of not being on the watch list is not to admit you don't want to be on the watch list.

What, do you have something to hide? Huh?

[crowbahr]

I invoke my 5th amendment right.

[jcfrei]

> Huh? What permissions are you referring to that the Gmail app has?

Maybe he was referring to these privileged permissions: http://android.stackexchange.com/a/17874/104563

[md_]

I don't think that confers any ability to bypass the sandbox. Again, not an Android expert, so happy to be shown I'm wrong.