Android has a lot of hardening and sandboxing that desktop Linux doesn't (and won't for UX reasons).

> desktop Linux doesn't (and won't for UX reasons)

Can you elaborate?

	▲	akdev1l 30 minutes ago \| parent \| next [-]
		A very comprehensive SELinux deployment for one. SELinux will stop any process in android from loading kernel modules, that’s not allowed. The android permission model as a whole is ultimately backed by SELinux.
	▲	danudey 43 minutes ago \| parent \| prev [-]
		Not sure what specifically they're referring to, but Android (and iOS) add a lot of sandboxing to ensure that each application can only access its own files, can't access hardware willy-nilly (bluetooth, scanning wifi, etc), can only link against certain libraries, etc. Imagine if Linux only let you run stuff from Flatpak, and if stuff didn't work in Flatpak then too bad for you. Most Linux users would hate it and it would be a mess a lot of the time, so, for user experience (UX) reasons, they don't do it. Android can get away with it because that's been the app paradigm for decades now.

▲

miduil 3 hours ago | parent | prev | next [-]

Yes, it demonstrates that it's possible to harden well - at least for some cases. It appears depending on the environment hardened kernel / runtime environments are pretty much possible to have safeguards working today already.

▲

2 hours ago | parent | prev [-]

[deleted]