Revision history [back]
 | 1 | initial version | posted 2018-08-29 16:59:47 +0200  |
Current Privacy / Security status
Hi, not a Sailfish user yet but in the middle of getting my Xperia sorted to join the fun. I had a query that didn't seem to be clearly answered or are old questions from a few years ago, so, what is the current privacy + security state of the latest SailfishOS?
This question can also be extended to include:
Is it wise to add Android apps if permissions can't be locked down (eg stopping Signal from accessing contacts if desired), and if some options are available are they all global or app based. Are there any other considerations like microphone recording running in the background? See: https://together.jolla.com/question/104071/app-permissions-sailfish-android/ (2015, starting blocking Android apps from accessing things globally, nothing for native apps.) and https://together.jolla.com/question/174718/sailfish-x-a-newbies-security-concerns-and-questions/ (Good thread but as of Nov 2017 the only thing protectable was the Contacts and not Camera, GPS etc. Also mentions wifi passwords are stored in plaintext, is this still the case?)
Are there any current encryption options? I know that Sailfish3 is likely to have encryption options in place and I have seen a post about encrypting partitions but it sounds a bit risky / tricky for someone not completely comfortable in Linux. See: https://together.jolla.com/question/2158/optional-encryption-of-the-device/ (Latest from 2015 about an update / asking for this and always used as the 'duplicate' link for newer questions).
Where / how is the fingerprint info stored when using on the Xperia X and has Jolla confirmed to users about the security of this. See: https://together.jolla.com/question/187865/fingerprint-data-lost-error-when-adding-fingerprint/ (Data stored in a fingerprint database, is this encrypted at least?)
Does anyone know how thoroughly the Sailfish team review any apps added to the Harbour? I imagine there's probably no problems at all with those as there probably isn't loads of them and they are also not huge in code size but still takes time if someone has to review things and that sounds like the thing that the Sailfish team understandably struggle with - time. Lost of the Harbour questions are from 2014 / 15
Thanks for any updates, I know some of this has been covered in some of the linked tickets above but most of that is over 2-3 years ago and there sounds like plenty of Sailfish updates since then.
| | 2 | No.2 Revision |
Current Privacy / Security status
Hi, not a Sailfish user yet but in the middle of getting my Xperia sorted to join the fun. I had a query that didn't seem to be clearly answered or are old questions from a few years ago, so, what is the current privacy + security state of the latest SailfishOS?
This question can also be extended to include:
Is it wise to add Android apps if permissions can't be locked down (eg stopping Signal from accessing contacts if desired), and if some options are available are they all global or app based. Are there any other considerations like microphone recording running in the background? See: https://together.jolla.com/question/104071/app-permissions-sailfish-android/ (2015, starting blocking Android apps from accessing things globally, nothing for native apps.) and https://together.jolla.com/question/174718/sailfish-x-a-newbies-security-concerns-and-questions/ (Good thread but as of Nov 2017 the only thing protectable was the Contacts and not Camera, GPS etc. Also mentions wifi passwords are stored in plaintext, is this still the case?)
Are there any current encryption options? I know that Sailfish3 is likely to have encryption options in place and I have seen a post about encrypting partitions but it sounds a bit risky / tricky for someone not completely comfortable in Linux. See: https://together.jolla.com/question/2158/optional-encryption-of-the-device/ (Latest from 2015 about an update / asking for this and always used as the 'duplicate' link for newer questions).
Where / how is the fingerprint info stored when using on the Xperia X and has Jolla confirmed to users about the security of this. See: https://together.jolla.com/question/187865/fingerprint-data-lost-error-when-adding-fingerprint/ (Data stored in a fingerprint database, is this encrypted at least?)
Does anyone know how thoroughly the Sailfish team review any apps added to the Harbour? I imagine there's probably no problems at all with those as there probably isn't loads of them and they are also not huge in code size but still takes time if someone has to review things and that sounds like the thing that the Sailfish team understandably struggle with - time. Lost of the Harbour questions are from 2014 / 15
I have found out about the device lock which eases my mind a little (https://jolla.zendesk.com/hc/en-us/articles/201440487-What-are-the-Device-Lock-and-Security-code-), key to keep everything on the internal device for now.
Thanks for any updates, I know some of this has been covered in some of the linked tickets above but most of that is over 2-3 years ago and there sounds like plenty of Sailfish updates since then.