|
|
|
|
|
|
by fsflover
754 days ago
|
|
|
Security doesn’t equal to giving away the full control to a third party. By this logic, Linux servers are insecure. Also you can’t install Linux on Android due to the closed specs and proprietary derivers. Not even on Google Pixels advertized by the GrapheneOS crowd. |
|
|
Allowing the user to install and run any software does result in a less secure system.
Also if that software is run in a sandboxed way (but allowing installation from anywhere).
Because software could impersonate and trick the user into giving away sensitive information, such as credit card data, or authentication to act on behalf of the user.
> By this logic, Linux servers are insecure.
Yes, if we go with there being one single thing called "Linux servers", they are insecure by the same measurement.
I would differentiate between mobile software that targets end users and server software that targets professionals.
With server operating systems, you provide secure/convenient defaults (with Linux distros often leaning towards convenient), but you always provide the systems administrator the ability to `curl ... | sudo sh`. You also say it is the system administrator's fault if they ever do that and something goes bad. If you are a platform owner with millions of users, you cannot claim security when you allow for any code to be run, sandboxed or not.