[multimoon]

That’s a strange take.

Installed programs are the weakest link in the security of an OS like windows - should users not use programs? Users are just as likely to download a sketchy program as a sketchy extension, is that not even more severe of a risk?

User education and better marketplace policing are the solution, not silly blanket statements like that.

[noman-land]

Running untrusted code is the weakest link. In an ideal world users would be writing the code themselves or running a verified, trusted, signed and hashed reproduceable build binary.

[LinuxBender]

Running untrusted code is the weakest link.

I agree with this however that would limit just about all software unless it has been properly and deeply inspected by people paid to do just this. If I go through the project pages of all the software that comes with Linux I know I will not find code reviews at each artifact release version that has been reviewed by the NCC group, Google project zero, etc... FWIW it could be said that most of the software in use today is untrusted in that regard, even the most commonly used browsers. Some may think browsers have so many eyes on them that a subtle weakness could not be introduced but I also disagree with that. A more widely used application is an even bigger juicy delicious target for nation state actors to get employed and introduce multiple subtle changes that work in conjunction with one another and OS design flaws. I would wager that every browser has malicious actors either contributing subtle weaknesses or possibly sleeping until they are given orders.

[noman-land]

If you were forced to step back and rank the features on your phone you found most important, ones you couldn't live without, not mere conveniences, you would find it's only a few main things. Securing those things can be achieved with simple, free, auditable, reproduceable, off the shelf tools, they just lack the conveniences that we get from the corporate apps with masses of random developer add-ons.

[LinuxBender]

I use voice and text. I've only had a smart phone for a couple years and I hate it. Whoever it was here that gave me the nickname Jethro Gibbs was right. I am currently looking for a real for really real dumb phone that can do VoWifi basically SIP over ipsec because my LTE coverage is awful. I do not consider anything related to wireless to be secure as it is closed source and the carriers care not about their customers. source: I worked for one and helped build out their network They can't even kick China back out of the FBI lawful intercept API's, even to this day.