We have the option to have the user take a picture for us with their usual camera app (without needing the permission) to scan it from that. What we did before was spawning the external zxing app with users granting that the Camera permission instead. Wanted a better UX though.
For most apps the answer is just "no, not at all" and then you run it in a complete sandbox that looks like a fresh Android install with just one app.
-
-
Having isolated profiles/workspaces can work well for that, which is something Android has today and just doesn't make convenient enough for it to be widely used for more than multi-user and work profiles.
-
People can just install the app in the profile where they want to run it, and as long as profiles are easy enough to use it should work well. Too inconvenient right now for most people / use cases.
-
Apps can't communicate / share data across profiles unless they do it via the network, etc. It could be reinforced with a VM instead of just being on top of the same Linux kernel with SELinux (MLS is used as an extra layer for multi-user) + seccomp-bpf.
-
The OS we eventually end up with should be something like Qubes with UI tailored for mobile, and largely-virtualized Android just as a guest.
-
Yeah, that's what we want in the long-term, but we'll still need to do substantial hardening for the Linux kernel, Android and the app layer since the security of the guests / apps matters too.
-
It'd be really neat to have something like Microsoft's Linux and cancelled Android app layer on top of a nice microkernel. Could run multiple instances of it, avoiding needing the whole Linux kernel running in each VM.
-
That's something vaguely like what I'll be doing once somebody wants to fund it..
-
Really want generic mobile hardware with standard security features (verified boot, hardware key derivation and delays) that doesn't cost $649+ like Pixels. It really feels like we have to raise a huge amount of money and make it ourselves.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.