Why phones are more secure than desktops

Sources [1a] www.reuters.com/technology/apple-must-face-siri-vo… [1b] www.nbcnews.com/tech/security/google-sued-u-s-trac… [1c] www.theguardian.com/technology/2015/jul/31/windows… [2] source.android.com/devices/tech/config/device-iden… [3]developer.android.com/guide/topics/permissions/ove… [4] developer.android.com/training/articles/keystore [5] arxiv.org/pdf/1904.05572.pdf [6] source.android.com/security/encryption [7] ssd.eff.org/en/module/how-encrypt-your-iphone [8] source.android.com/security/app-sandbox [9] source.android.com/security/overview/app-security [10a] source.android.com/security/apksigning [10b] apps.testinsane.com/mindmaps/google-play-submissio… [11] developer.apple.com/app-store/review/ [12] support.apple.com/en-us/HT204053 [13] support.google.com/accounts/answer/27441?hl=en [14] developer.android.com/reference/android/Manifest.p… [15] source.android.com/ [16] grapheneos.org/usage#sandboxed-google-play [17] safety.google/intl/en_us/privacy/privacy-controls/ [18] grapheneos.org/features#improved-user-profiles [19] www.theatlantic.com/technology/archive/2019/01/app… [20] www.nytimes.com/2021/08/18/technology/apple-child-… [21] www.reuters.com/article/us-apple-fbi-icloud-exclus… [22] www.nytimes.com/2021/05/17/technology/apple-china-… [23] support.apple.com/en-us/HT201222 [24] www.xda-developers.com/how-android-security-patch-… [25] support.google.com/pixelphone/answer/4457705?hl=en [26] grapheneos.org/faq#supported-devices [27] source.android.com/security/bulletin/ [28] www.cyberscoop.com/ios-zero-day-zerodium-high-supp… [29] www.zerodium.com/program.html [30] www.wired.com/story/android-zero-day-more-than-ios…

There are no privacy settings exist on a Linux because 99% of the distros/DEs are not collecting data, so there is no option to turn it on/off because it's always off

As an Android app developer, it is very easy to get around the phone's permissions and implement a startup service to monitor geofencing. You can also listen for and act upon events from all of the device components, even when your app isn't running. There's no way a desktop cannot be made more secure than a phone, for one thing the desktop is stationary and does not move so it's much easier to spoof location. But at the end of the day, you are using other people's software, and they have access to everything. There is no such thing as privacy anymore.

Yes but aren't phones by nature compromised because of their connection to cell towers? The government can pinpoint their location anytime they want to and this is not really possible on PC with proper protection no?

Jokes on you, my 2006 thinkpad x60 running gentoo isn't even connected to the internet most of the time 😎

A lot of problems that you mentioned about dekstops can be resolved with proper configuration. System Encryption? Use luks with tpm + pin decryption and secure boot with custom keys. Permissions? Use flatpak, it has sandbox and permission model. It is true that in some cases it's not that good but it's getting only better

As said by the other guy most of the complaints you had about desktops weren't based on any fact in case you didn't know the privacy advocates who use linux probably don't just use ubuntu or another distro based off of it Android literally uses SELinux for sandboxing, and flatpaks also exists. Most if not all of what you can do on android can be done on linux but in distros they might not come out of the box. You're also pushing aside security via obscurity, which is a pretty big factor imo especially when you take into consideration how fractured the linux landscape is in terms of consistancy this would inevitibly lead to more security regardless of how reliable that security is.

The only point I get is that Linux has no permission settings by default. But to get your phone secure, you need go though a difficult installation process to replace the OS with an open source alternative, then gapps are missing you have to solve that. Then harden your system. On Linux installation is much simpler, and you can harden it with user permission and selinux.

The great thing about desktops vs phones is the sheer customization. You can beat a phone's security if you choose to on your desktop, or you cannot. Or you can have different operating system's for different purposes, even more so when you consider the option of running virtual machines. Desktops thanks to their endless customization, with the right mind operating them, will beat any phone in most ways. The only thing that dictates how good your security model on desktop is, is the user.

I can't tell if this is a joke video or not. I hope it's a joke, I've respected your content so far. But regardless of the visual privacy settings you're shown on the phones, Google and Apple both know everything that happens on it. And google at least openely shares all that data with auction brokers for ads. No one gets anything unless I want them to on my linux PC.

This is very poorly researched. If you use full disk encryption on a modern Linux desktop, it is as secure. If you use apps packages with Flatpak or even Snap they are similarly sandboxed. A TPM on a PC can help you not having to enter the full disk encryption key. It also has limitations on number of times you can enter a PIN - exactly same as on a phone. Debian, Yum, Arch repositories, have signing. Flatpak and Snaps also have signing and include permission manifests, so it is no different than app stores.

You don't need privacy toggles on Linux because Linux apps aren't harvesting your data. If they were, people would quickly find out since you can view the source code, and on top of that applications don't even have access to your data unless you give them that access with things like sudo.

What about Qubes OS?

Flatpaks under linux are an increasingly popular OS agnostic packaging system for apps. Flatpaks are sandboxed and you can specify what they have access to in quite great detail. They do need a lot more disk space tho.

While I agree with the overall message, some things are wrong or misleading in this video. The Linux community is striving towards better isolation. Wayland only allows the application in focus to read keystrokes, and Flatpak allows apps to have their permissions restricted, and require privileged tasks to be done through "portals" that require the user's approval to be opened. Flatpaks also use a permission manifest of sorts. It's also not really true that Android is 100% open source. While the core OS is open source, all Android devices depend on proprietary (non-open source) software for hardware support. You use these even in e.g. GrapheneOS. Partially as a consequence of this, Android phones can realistically only get official updates for at best 3 years, and third-party "ROMs" are stuck with outdated software that doesn't receive security updates. In Linux, unless you have an NVIDIA GPU, you don't have this. All the drivers are open source.

A Linux distro out of the box typically may not have a lot permissions toggles, but if you have everything installed as flatpaks, snaps or containerized appimages, it blows any stock Android system out of the water for the simple fact that you, the user, have root access to your system and not some corporation that can remotely access your device at any time without your knowledge or consent.

Phone cannot use ethernet like a PC can. Phone cellular make u instantly trackable

1:29 that's not quite true. Recent versions of macOS ask you to give permission to applications in order for them to have access to your computer's peripherals like camera or microphone, contacts, or even access to the file system or key folders such as the desktop or downloads folder.

I'd like to interject. What you refer to as "Android" in this video is actually AOSP without Google services, or better yet, something like Graphene OS. On top of that, you imply that the user will cautiously and correctly grant/limit permissions to new apps and make them work with microG / have working replacements where needed. I argue that this level of usage is on par with basic hardening on Linux on your own (at least full disk encryption) if not more. I do have a real example: user migrates some contacts to Telegram but uses basic chats there (which are unencrypted, unlike secure chats with the green lock). In that sense: following your video, half the people will take away "Android phones are better" without understanding what you said. Also: "WIFI RCE" valued at 100k? That's far lower if the individual is targeted than WhatsApp RCE+LPE cost shown.

Interesting take. There are also IMEI identifiers for phones, and I think Stingray surveillance tech is a threat that should be considered. Great video, this got me thinking.