|
|
|
|
|
|
by Wowfunhappy
2715 days ago
|
|
|
> An iOS app can't extract my contacts unless I grant permission, yet an application installed on Ubuntu via `apt` can casually start rummaging around my home directory which I won't know about unless I spend considerable time on mandatory access control profiles, isolation through containerisation or virtualisation, or something equally esoteric for the average user. Fwiw, this is becoming increasingly less true on macOS. And the newer Macs also have secure enclaves. I'm generally not a fan of the trend, as it means more hoops for me to jump through, and I'm not convinced I benefit from this level of security. But, it is much closer to iOS. |
|
|
In particular, I like that it kept it simple by either an application being sandboxed with explicit user permissions for certain features, or not being sandboxed at all. Contrast with Linux FlatPaks where even "sandboxed" programs can have a wide range of implicit permissions based on the image configuration, which aren't obvious to end users when running `flatpak install` in the same way that macOS's privacy settings are for each sandboxed macOS app.
I remember some FlatPak applications defaulting to allowing unsandboxed home directory access without prompting me on installation, which seemed to defeat the purpose somewhat. It does block nefarious control flow attacks against programs that declare a strict sandbox, but that doesn't seem to go far enough in my view.