Are you referring to the old "shallow bugs" myth?

I've always been under the impression that Blackberry and Symbian phones were designed with security in mind. Security versus convenience is a tradeoff that many people choose convenience instead. Symbian has dialogs where user interaction is required to affirm an action that it becomes an annoyance to people who just want things to work "automagically".

Rule of thumb is why the hell should any app, unless it's a web browser need a data connection unless it needs to acquire something for it to work.
I agree with unoace. The popularity of something will eventually be it's downfall. If it's security you want don't go mainstream.

As for Sailfish, can't say at such an early stage. But Jolla's watchword has been "Security by isolation". Probably meaning the Android layer isn't embedded and can be removed if the end user wishes, maybe it's built into one of the "Other Halfs".

I think the question is more about real security, not in the sense of how exposed a system may be.

In fact, I submit that Maemo is probably the most insecure mobile OS. For the simple reason that about 101% (+/- 5% of the users have rootsh installed. Meaning any program or script can simply run "sudo gainroot" and do whatever it pleases.

But then again, Maemo is Linux is Unix. User is expected to know what he's doing.

There is intrinsic security and there is perceived security. Regarding the former, I absolutely agree with reinob. Maemo is intrinsically insecure for many reasons, not just because of rootsh. You have no way of knowing or controlling what the apps you install do behind your back (unless you check their source code, but who can do/does it?)

Android is more secure since you have to explicitly allow applications to do certain things. The trouble is you have to do it at install time and you have to allow all or nothing. No way of saying, I am happy to install this cool game but I do not want it to connect to some server in China. Which sort of defeats the whole point and what is meant to be a security measure becomes just another annoying step that users just want to wave out of their way.

I do not know enough about iOS, WP or RIP to comment. Sticking to what I know, PalmOS was just as bad as Maemo with its "free for all" approach, with the added benefit of the source generally not available. Symbian was probably the best in this regard but, as has been mentioned before, it went a bit too far to the point of being intrusive, both for the user and for the developer.

Then there is the perceived security.

This is a bit trickier and depends on many factors, the most important of which is the OS's popularity. Despite various claims of open-source fascists enthusiasts I do not agree that on the desktop, Linux is intrinsically more secure than Windows. I would even argue that it is the opposite. Windows allows you a more fine-grained level of specifying who can do what and has a more focused development force behind it. But it has two big disadvantages. One, it is the most common (popular?) platform and two, partly because of number one, it is used by clueless users. Both make it a popular target for attackers. Security holes are more likely found and more eagerly exploited.

In this regard, Maemo is probably one of the most secure OSes simply because no one will bother to attack it and Android the least secure because everybody will. To illustrate it simply, I would not bother with any security software on Maemo but it was always my first thing on Android.

very nice post, thank you for that.
however, i wonder whether you ever heard of... Security-Enhanced Linux
i suspect the only thing most users care to do about it is disabling it, but if used properly, i think it provides more then decent security

Linux does have the advantage of the closed ecosystem however, without being really closed. You have the convenience to install everything from repos, thus trust one authority for your security, and scrutinize only the odd app you download from the internet. On windows you have to trust a wide variety of vendors either because they are well known (microsoft, apple, adobe, autodesk, and the list goes on) or because of prior experience, plus scrutinize everything else you need (utilities etc.). And even then, you never know if the download mirror has wrapped an unarchiver with a browser toolbar around the setup program.

Even in our small maemo community, you are pretty safe if you keep everything installed from extras. This peace of mind is for me one of the greatest values of the N900. I don't care that I don't have a choice of 130000 launchers, when I can apt-get blindly and be pretty sure nobody steals all my data.

i'm not sure if software is the most common source of malware
on windooooz, a lot of ppl get infected by browsing or e-mail, no?
security is but one aspect of software availability for any platform.

• quality of the software
• availability of developer for improvements
• cost - not only monetary, but also the time wasted wadding thru "shareware cr@p" to try & find the right app
• ???

Yes, but believe it or not, browser malware is not choosy and affects Linux just as well as Windows. The days of "I don't need antivirus, I use Linux" have gone.

This is even more crucial on servers. I once had my personal website infected on one hosting server (that shall not be named). I cleaned it and got reinfected within minutes. I found that other punters coplained about the same thing. The sysadmins were clearly in the "Linux is immune to viruses" school. I switched to a more clueful bunch before you could say "antivirus".

Well, it is not Android http://bluebox.com/corporate-blog/bl...id-master-key/