Hey all. I was listening to episode 160 and I heard @dasgeek talking about how Android doesn’t embody Linux in it’s stance on privacy, etc. I wondered if malicious software that’s been written for Android could take advantage of Linux systems. What do you think?
The simple answer is to the degree Linux code is present in AOSP and penetration concepts can carry over too.
AOSP uses pretty basic Linux though which is extremely hardened given most of it benefits from the feedback of running practically the entire Internet. The complexity Android stacks on top of Linux is a much softer target.
Android tries, or at least puts out the nice fuzzy feelings that it’s trying by telling somebody installing an app from the Play Store all the permissions you are allowing the app to have, like control over your contacts, your camera, your emails, your browser and who knows what else.
For me the biggest problem with Android is that over 90% (if not 99%) of the users are Microsoft Windows users and are so used to just installing a program or an app and could care less about the circumstances of installing an app.