I'm curious about how authorization works on Android devices versus PCs. My understanding is that UNIX systems trust the user, which is why when I run applications like Chrome, it uses my user ID and has access to everything I can access. This seems risky, especially with Chrome extensions possibly having more power than mobile apps, which run with unique user IDs. So, it feels like there's an implicit permission system on PCs where the kernel decides permissions, while mobile apps have a more explicit level of authority. Can someone clarify if userland permission prompts are just superficial when compared to the kernel-level access, and elaborate on why web extensions could be seen as riskier?
1 Answer
Actually, the idea that UNIX philosophy is about trusting the user is a bit off. It's more about protecting users and the system from each other through permissions. Apps running with your user ID means they have the same power you do, but that can be risky. Instead of blaming the app itself, we might need to look at how permissions are handled at a deeper level. Just because an app runs with your privileges doesn’t mean it’s inherently less secure than something on mobile with unique IDs.
But isn't it true that if a program escalates its permissions, it's just shifting the blame? If both mobile and desktop systems have holes, why should we trust one over the other?