undefined | Better HN

0 pointssaagarjha2y ago0 comments

I wish you’re right but I don’t see how what you’ve mentioned stops most malware.

0 comments

In a nutshell, because an application won't be able to do anything evil. We're already halfway there on mobile devices. An Android app cannot access system files or files of other apps, period. "Run as admin" doesn't exist. It can't access shared files like camera photos or documents without explicit user permission.

This is mostly accomplished using SELinux, which is an afterthought slapped onto the original OS architecture.

There are exploits that defeat these walls, but it's getting harder. Walls built from the hardware level up will be almost impenetrable and might require finding an error in the chips' microcircuit designs.

saagarjhaOP2y ago

These are, quite frankly, easy protections to put up. I know a lot of work is invested into them but it’s pretty clear that apps shouldn’t be able to scribble all over the address space of other processes, or just have access to all system devices. The hard part is when you actually have a legitimate need to do certain things but not every app should be granted this permission. For accessibility reasons some apps should be able to simulate user input. Obviously, giving this permission to every app is not good. Some apps should be able to know where you are. The one that your spouse installed on your phone secretly to track you? Probably not. This is where the challenge is these days.

j / k navigate · click thread line to collapse

0 comments

flangola72y ago

This is mostly accomplished using SELinux, which is an afterthought slapped onto the original OS architecture.

saagarjhaOP2y ago

j / k navigate · click thread line to collapse