| > app sandboxing is huge difference alone. Is anyone implementing it? No, sandboxing exists in Linux and tools like firejail are built-in in Debian/Mobian. > How are app specific permissions handled? With fine grained security profiles. Besides, this is all largely irrelevant when the average android TORCH app is a blob of closed source code that can do telemetries. Contrasted to FOSS applications developed in the open, reviewed by package managers and users, built reproducibly. > How full e2ee or secure boot is implemented? It's there and it works. And secure boot is really unimportant for the attack vectors of most phones. > By default, you have to add alot in top of Linux kernel. Not at all, it's all supported by seccomp, cgroups and co. |