If you think that the #media files you receive on your end-to-end #encrypted secure messaging apps can not be tampered with, you need to think again! explore this new type of media form jacking below.
Conversation
Iβve never coded for android but dream in Linux ...
How is it that android (based on Linux) does not run each app as a underprivileged user and set βowner only readβ permissions on files it writes to external storage???
This seems bloody obvious and relatively easy to implement.
2
I replied in twitter.com/DanielMicay/st. It misses that apps are sandboxed and external storage (i.e. external from the app sandbox) is explicitly meant to be a way for apps to share data. The same thing applies to requesting photos access at a more granular level. It's shared data.
Quote Tweet
Replying to @StefanSamne @analucia_B2B and @TheHackersNews
> How is it that android (based on Linux) does not run each app as a underprivileged user
Each app runs with a unique user / group for the app in the profile. They also run within a unique instance of the untrusted_app SELinux domain, which implements most of the isolation.