Hacker News new | ask | show | jobs
by surak 2483 days ago
We can still not sandbox apps access to data by default. Numerous academic projects have show how this can be implemented, e.g. by fudging data when details are not needed. Also, in order to get these security fixes I have to buy a new device from one of their partners.. Google has failed society by advancing surveillance capitalism to the extreme.
2 comments
panpanna 2483 days ago
I don't think you have really used Android lately.

1. Google has added API to access resources without getting full unconditional access

2. They are enforcing use of correct APIs on their store

3. Most of the system is now updated from the store. This is significantly faster than any of their competitors

4. Most vendors are now providing timely security updates. Some even have an Enterprise program with 4-5 years of updates.

link
surak 2482 days ago
I use it every day. Regarding P1, if an app ask for permission access to e.g. images or location, and you use the app, how would you limit what the app can send home or even review it? See discussion in the other comments if you're not an Andriod developer.
link
vetinari 2482 days ago
Since Android v1, it offers APIs (intents) for picking items belonging to other apps or doing an action on behalf of other apps.

Applications do not need access to gallery; they can ask the gallery to let the user pick the pictures he wants to work with; the app does not need the access to camera, it can ask the default camera app to let the user make the photo and get the result. The app does not need access to telephony; it can ask dialer to dial a number on it's behalf. Etc, etc.

The developers didn't use these APIs because users were asking for iOS style integrations, where any apps does everything for itself, instead of using system components. So they got it.

link
Already__Taken 2483 days ago
my android one branded Nokia has had a decent amount of updates and my partner's last few Motos. it's getting better for Android slowly
link
surak 2482 days ago
Going after a subset of low end devices seems a bit off-putting to me. A-One should be mandatory, but most manufacturers are hooked on adding bloatware to track you.
link