If you think that the #media files you receive on your end-to-end #encrypted secure messaging apps can not be tampered with, you need to think again! explore this new type of media form jacking below.
Conversation
Iβve never coded for android but dream in Linux ...
How is it that android (based on Linux) does not run each app as a underprivileged user and set βowner only readβ permissions on files it writes to external storage???
This seems bloody obvious and relatively easy to implement.
2
> How is it that android (based on Linux) does not run each app as a underprivileged user
Each app runs with a unique user / group for the app in the profile. They also run within a unique instance of the untrusted_app SELinux domain, which implements most of the isolation.
1
1
2
> set βowner only readβ permissions on files it writes to external storage
The usual storage location for apps is in their internal app sandbox. External means outside of the app sandbox and requesting access to external storage is a legacy approach to sharing data between apps.
1
2
The whole point of external storage is that it's shared storage between apps. The ability to request global access to it was a poor design that started to be phased out in Android 4.4 which introduced granting case-by-case file access instead. 5.0 extended that to directories.
Scoped storage (developer.android.com/preview/privac) will finally remove the legacy approach to shared storage, by getting rid of storage permissions to request global external storage read / write access. It emulates the legacy approach with a scoped directory but it's not the intended use.
1
2
developer.android.com/guide/topics/p is how apps were supposed to access storage since Android 4.4. It opens a system file picker and the user chooses the files / directories. This way, there are no permissions, and they can select files / directories from external drives or app providers.
1
1
3
Show replies