I wish this were true but the reality is that with the exceptions of QubesOS and ChromiumOS, desktop linux distros grant any process trivial access to elevate to root as there is no sandboxing model. Any process can alias your sudo command to steal your password, or run privileged docker commands, etc. It gets worse when you introduce snaps, appimages, and flatpaks usually uploaded, usually unsigned, by randos. This download-random-exes style model is becoming default and encouraged by distros like Ubuntu.
Windows is still a joke security wise but MacOS at least has some mediocre sandboxing nor offering defense suitable for casual visual media focused end users though you need Brew to do anything useful as a developer which throws supply chain security out the window. Personally though no one could ever pay me enough to MacOS even if they did have a useful secure package manager and good sandboxing as I value freedom and privacy in addition to security.
AOSP on the other hand substantial hardening and sandboxing isolating apps from each other somewhat like running every app in a docker container. Combine this with the admittedly small collection of dual signed reproducibly built apps on F-Droid and this is as good as it gets in open source end user friendly secure computing.
Well... almost. Trouble is you can not find an Android device hat does not ship with nasty highly privileged spyware and proprietary kernel modules allowing cell carriers, chipset makers, and the governments they obey to track you and have varying levels of access to your device if they really want it.
IMO QubesOS is the only halfway decent general purpose OS in terms of security and privacy you can use today and in the end there is just no good mobile solution that meets my privacy, security, and freedom needs so I just opt to not have a phone at all for now.
>desktop linux distros grant any process trivial access to elevate to root as there is no sandboxing model.
That "trivial" access would have to be an actual exploit. The software in a typical Linux system is not actively attacking the user as the proprietary software in a typical smartphone is. The need for sandboxing is much less.
Last I heard Android mostly depended on the Unix security model as implemented by Linux for isolation where each program was run as a separate user. The same sort of local privilege escalation exploits would work on Android as well. Things like Docker containers are susceptible to those sorts of exploits as well. You need actual virtualisation to have any sort of defence against that sort of exploit. That what Qubes does.
Theres a lot more to the android app sandbox than just running processes as seperate users. Theoretically something similar could be implemented in some other 'typical linux system'. It would be a huge undertaking.
If you are thinking about security need to consider not only malicious apps, but possible attack vectors opened up by any application.
This paper is a couple of years old, it explains how it all works on Android https://arxiv.org/abs/1904.05572
Most modern flatpaks under wayland are quite well sandboxed. They'll only have access to manually selected folder, can't access other windows (not even the way accessibility services on android can) and their process and network namespaces are limited as well.
Windows is still a joke security wise but MacOS at least has some mediocre sandboxing nor offering defense suitable for casual visual media focused end users though you need Brew to do anything useful as a developer which throws supply chain security out the window. Personally though no one could ever pay me enough to MacOS even if they did have a useful secure package manager and good sandboxing as I value freedom and privacy in addition to security.
AOSP on the other hand substantial hardening and sandboxing isolating apps from each other somewhat like running every app in a docker container. Combine this with the admittedly small collection of dual signed reproducibly built apps on F-Droid and this is as good as it gets in open source end user friendly secure computing.
Well... almost. Trouble is you can not find an Android device hat does not ship with nasty highly privileged spyware and proprietary kernel modules allowing cell carriers, chipset makers, and the governments they obey to track you and have varying levels of access to your device if they really want it.
IMO QubesOS is the only halfway decent general purpose OS in terms of security and privacy you can use today and in the end there is just no good mobile solution that meets my privacy, security, and freedom needs so I just opt to not have a phone at all for now.