Thread: JollaMobile : Jolla continues Nokia's excellent work on #MeeGo based smartphones
View Single Post
lma is offline lma
2012-07-10 , 11:14
Posts: 2,802 | Thanked: 4,491 times | Joined on Nov 2007
#372
Originally Posted by qwazix View Post
Aegis, and it's wrong reasons-to-be has (justifiably) created a huge hatred against security frameworks.
Oh, the hatred was already there. See any number of equally broken and hated attempts like Symbian Signed, Trusted^W^W^W^W^Weacherous Computing, Tivo etc locked devices, and more recently UEFI boot.

On the other hand the basis of it's implementation (fine-grained permissions system) not only is correct, it is in my opinion needed in any modern smartphone with so much personal data stored in it.
That's not what it's for. It's designed to protect the "content" (and by extension the device and content vendors' business models) from you, the owner of the device, and in order to do that it puts your computer under the control of everyone in the foodchain except you.

We are now protected by obscurity, but if I publish tomorrow a dancingbunny_8.32_armel.deb on devel and I promise android app compatibilty I can just upload all of MyDocs of the poor guys that installed it to my server and then wipe their N900 with the init script on next reboot. (or even flash zeros to the kernel area, overclock to death and other nice things).
And if you believe Aegis can protect you from that I've got a nice bridge to sell you too ;-) Trivial proof: inception.

A current smart device, phone whatever, must have the user in full control.
That, and an active community with decent skills, peer review and responsiveness is the only thing that can work IMHO. Cherry was a good example around these parts.

A control panel applet should be enough to allow realtime granting and revoking privileges to apps. Thus we need a security framework, with the roles reversed, and the human the only one with full caps.
That doesn't work. You either end up with too coarse granularity (Android) or too fine (SELinux).