[fc417fc802]

It's important to keep separate the parts of the security model mobile did well from the parts it got wrong. Declaring that app developers can decline end user access to app files is unacceptable. I get final say on my device. I get to run as root. Hell, I get to run as ring 0 if that's what I want to do.

[palata]

IMO, the developers choose what software they want to write. If Microsoft Word decided to remove the "export to PDF" feature, that would be their right. And it would be your right to stop using Microsoft Word. If you want to be root on your system, you are free to install a system that gives you root access.

And that's the part that I believe should be a right: if you buy a smartphone, you own that piece of hardware, and you should be able to install the system you want. But if you are not the one developing that system, you don't get to decide what this system does. Just like you don't get to decide whether Microsoft Word can export to PDF or not.

[fc417fc802]

You're saying that the Android security model shouldn't be illegal. I agree.

I'm saying that despite all they get right, the Android and Apple security models, when foisted on the mass market, are socially and ethically flawed. I'm saying that the end user has a fundamental right to tamper with the software on his own system. Those designing an OS that intentionally thwarts the user's will are in the wrong.

Just because something is legal that doesn't mean doing it is a good thing.

[palata]

I may be biased, but I have never seen anyone who would want to tamper with the software on their own system and would not be capable of installing an alternative OS, given that their device allows it (e.g. allowing unlocking the bootloader, etc).

For "normies", it feels like the existing security model is actually not that bad. I can't imagine what would happen if everybody was running something without any sandboxing.

[fc417fc802]

You have to install a different OS in advance though. Even when the bootloader can be unlocked doing so wipes all the data (as it should). It's no help if you start with a stock phone and then later discover that a particular app you've been using doesn't support data export (for example).

> I can't imagine what would happen if everybody was running something without any sandboxing.

I don't think anyone implied that? Having root or signature spoofing or even the ability to install kernel modules doesn't imply anything about the rest of the security model.

[palata]

I guess my point is that it is a bit of a gradient. You say you want Stock Android to allow you to get root access, others will say that Stock Android should not allow a normie to be tricked into getting root access and shooting themselves in the foot. Truth is, none of those is a "right": there is a product (Android) that tries to do well for the vast majority of its users. It seems totally reasonable to me that Google doesn't want to invest a lot of resources into making an extremely small minority happy. I am pretty sure that the number of people who want root on their smartphone is a rounding error.

Second thing is: if you have root and change something on the system, you break the secure boot. So you fundamentally cannot have full access, can you?

That's why my opinion is that it's not Google's role to make everyone happy. They should just not be allowed to prevent alternatives. So that the rounding error minority can install the system they want and be happy with it.