asked 2013-12-29 10:14:14 +0200
I'm wondering what kind of security model Jolla has and how it compares to Android's?
More specifically how can I know that some random app doesn't upload my contact book without my knowledge?
answered 2014-02-09 02:37:02 +0200
The security model is NO SECURITY at all, simply the same as on Linux desktop.
unfortunately this is true! and should be the correct answer. QA will not screen apps for security breaches(like scanning device for bitcoins, stealing emails/sms or connecting and transfering data online) QA will just say: "We publish this app, as it does not crash the phone"
PeterParker ( 2014-03-25 15:23:18 +0200 )editanswered 2013-12-29 13:59:34 +0200
Basically the Harbour application store QA makes sure it it behaves well. And of course if the given application is open source, you (or someone else) can check its source code.
This is imho much better than the failed attepts with the Aegis security system on the N9 that did not bring any real security benefits but managed to alienate many experienced application developers. The Android system is not much better with its "accept all ridiculous permissions or the app would not install" model. So basically, this is hard to do and if done badly can cripple application usability and alienate developers. It is also a form of post-factum security - the potentially malicious is already on your device where it can try to attempt to exploit security vulenerabilities, etc.
Therefore the current system - QA and checking the source code of open source applications is IMHO better as it should stop malicious stuff before it can be even distributed.
This is also basically how major Linux distributions, such as Fedora, work - all packages need to pass a package review and get enough "karma" from testers to be included in the main repositories. This is made easier by all packages being open source & compiled by the distribution, so you can always check the source to see what the program actually does and you can also be sure that the binaries were really built from the given source code.
@rainisto, there seems to be no isolation between installed apps. For instance, emails are stored in ~nemo/.qmf, which has owner nemo:privileged and mode 700. I've installed a third party app from the store, and it runs under user nemo. Hence, my emails are accessible to the third party app. Not a comforting thought :|.
clau ( 2014-01-07 21:46:35 +0200 )editYes currently emails are accessible for nemo user. Might not be conforting though, but there currently has never been any reported malware applications for Sailfish OS (And there was no malware for N900). Currently devicenumbers are not lucrative for malware writers.
rainisto ( 2014-01-07 21:54:56 +0200 )editanswered 2013-12-29 11:35:49 +0200
I think you should consult privacy policy at Jolla.com for checking if it fills up your wishes...
Perhaps I phrased my question badly, but I'm not that much concerned that Jolla Ltd. would do something fishy. What I was asking about is how can I know that some seemingly benign app that I choose to install does what it says and not a bunch of other stuff in the background?
Marc1 ( 2013-12-29 11:45:59 +0200 )editYou can also ask for the source code if you have the skillls to verify. I don't know other ways at this moment.
juju_des_highlands ( 2013-12-29 12:04:11 +0200 )editAsked: 2013-12-29 10:14:14 +0200
Seen: 1,061 times
Last updated: Feb 09 '14
