The Truth About Linux Security

I can't say about the sandboxing because I have no clue, but don't they have a point with the secure boot though? For Android, most devices do a check to see if the images are tampered or not at boot, and uses hardware-backed (TEE) file-based encryption, both of which are enabled by default. Loading tampered images is hard because the bootloader (I think? Or it was that Trusty image) does cryptographic checks on the image it loads.

Not that I like this kind of design as I want to have more control over what happens on my devices, but it is definitely useful for devices that are much more likely to be stolen, especially for the general public. Both can achieve great level of security, but mobile devices are much easier to do so.

4 comments

anyone who is serious about data security would laugh at this
- At what exactly?
- I can't say about the sandboxing because I have no clue, but don't they have a point with the secure boot though? For Android, most devices do a check to see if the images are tampered or not at boot, and uses hardware-backed (TEE) file-based encryption, both of which are enabled by default. Loading tampered images is hard because the bootloader (I think? Or it was that Trusty image) does cryptographic checks on the image it loads.
  Not that I like this kind of design as I want to have more control over what happens on my devices, but it is definitely useful for devices that are much more likely to be stolen, especially for the general public. Both can achieve great level of security, but mobile devices are much easier to do so.
I don't think android is really comparable to desktop operating systems. Phone OSs are much more locked down so they can enforce a lot more security.
If you want to focus on security, maybe try Qubes OS (A reasonably secure operating system)