not a hot take, this is just straight up true
I think it`s more about fragmentation than difficulty... Time investment in a 0 click iOS vuln might be higher, but the payoff is sooooo much more. Android has come a long way, and Linux sandboxing is powerful but many targets aren`t using a state of the art phone anyway.
Android is actually my favorite example of how SELinux doesnt HAVE to suck.
The reason why a bug like Bad Binder (CVE-2019-2215) was so powerful is because it was in Binder, the IPC mechanism that Android uses to sandbox. Any other system call that gets into dicey Linux kernel code is blocked by SELinux from an unprivileged context (ex: an untrusted App)
glad my fights with zuk were able to produce lasting content
You`ve inspired me to revisit Android stuff again!
To be fair, and in general, I think the topic point (and you) are true. My problem is the (possible) exceptions and the skills needed for the consumers to be able to verify these things. It just isn`t there for most people.
...because all Android makers and their suppliers are equal, and all Android based phones and their makers can be trusted. Right? :) Not saying it can`t be true mind you...I just doubt it...(which, on the grand scale of things, is worth very little). :)
sent from: Twitter for iPhone
android has rust therefor android wins, it`s as simple that, hate to own everyone like this but i gotta say my truth
