Active Topics

 


Reply
Thread Tools
Guest | Posts: n/a | Thanked: 0 times | Joined on
#1
Hello,

I used Android Smartphones for some time unti I switched to the iPhone a few years ago. The iPhone is quite secure in terms of hacking and Malware Protection and has a nice Permission Management but you Apple has everything under control and I dont want that anymore.

At first I thought I would buy a Nexus Phone and install a good AOSP ROM (like OmniROM or maybe Copperhead OS) and tweak it with XPrivacy, AFWall+ and such Stuff.

But then I read about Sailfish OS. Linux based, fully Open Source, Android Support. It sounded cool! Then I read that many Apps and the UI arme not Open Source, that the Androis Support isnt Open Source too, that Jolla had Financial Problems and crashed their Tablet Project, and that the only Phone with Sailfish OS is over two years old.
But okay, the Financial Problems seem to be solved, the Tablet Funders get refunds, Jolla is still releasing Updates and new Phones are coming, so its okay I think.

But I want to Talk about why I opened this Thread.
Sailfish OS is Open Source and the Android Apps are working in a Sandbox, so maybe this is more Secure then a tweaked Android Phone?

But I couldnt find much Information about it. And what I found was pretty old and probanly outdated. So I thought the best way to find answer is to ask the People who are already using Sailfish OS.

1. When I run Android Apps what Data & Information can they access? (Contacts, Photos, GPS Data, IMEI etc.) Do they have access to more or less Data than on Android?

2. Is there a possibility to change or remove any Permissions Sailfish OS or Android Apps have?

3. Is there a possibility to prevent some Sailfish OS or Android Apps from accessing the Internet?

4. What is the Jolla & SSH Cooperation all about? In the First Statement it sounds Sailfish Secure would be the next Generation of Sailfish OS, or maybe an optional additional. But in the Interview from Last Ocotber it sounds like Jolla and SSH would work together on a Smartphone.

5. Is there a way to encrpyt the Phone?

I also have some Questions which are not related to Security and Privacy

A. When I run Android Apps, do they work in the Background? For example, if Im using a Android Alarm Clock App, do it work reliable?

B. Does Sailfish OS Support CalDAV & CardDAV?

C. Does Sailfish OS support OwnCloud? To synchronize Files, or maybe just for uploading them

This are my questions, it would be very nice if someone could say something about them.

At last I want to ask you about your Overall Experience with Jolla and Sailfish OS, would you recommend it? And would you recommend it to me? Would you say that Sailfish OS could be a better Solution for my needs than a tweaked Android Phone?
 

The Following 3 Users Say Thank You to For This Useful Post:
javispedro's Avatar
Posts: 2,355 | Thanked: 5,249 times | Joined on Jan 2009 @ Barcelona
#2
Originally Posted by GlassCandle View Post
Sailfish OS is Open Source and the Android Apps are working in a Sandbox, so maybe this is more Secure then a tweaked Android Phone?
To run "random" Android apps? The answer is definitely NO.

Reasons:
1) The Android runtime is not actually sandboxed,
2) The Android runtime is old, 3rd party, and thus less tested than the e.g. AOSP,
3) The only 'privacy' setting you can alter using the UI is whether Android programs have access to contacts, or not (more are probably tweakable using Android tools)
4) many parts of the runtime are actually closed source (namely, the bridges that connect it to the host sailfish APIs, much to my annoyance)

To run Sailfish/Linux apps?

The answer is that it is mostly as secure as any other Linux desktop. Which basically means that if you want any sandboxing you have to take care of it yourself, by doing manual code review and/or using the many utilities available on desktop Linux, and you can do pretty nifty things indeed. Containers, ptrace, chroots, seccomp,... you name it.

But the stock system will basically restrict access to the stock contacts database and not much else.

As a general answer, FLOSS is still the only way to guarantee actual privacy, but so far you will have to work to obtain it. Android and their ecosystem provide UI ways that work much easier, but have the disadvantage that "you can never be sure" of what's happening behind the scenes because of the complexity involved.
 

The Following 8 Users Say Thank You to javispedro For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 05:45.