If I would design a new OS from scratch… here is stuff I’d do differently.
Make program based rights, not user based ones
Back in the old days, you had one big expensive mainframe, shared by many experts. So was born the unix system rights “read/write/execute” for “user/group/anyone”. At the time, it made perfectly sense.
However, things are very differently now. It’s not one big mainframe for everyone, it’s several small devices per person. Moreover, users nowadays are more noobs than expert, they just want things to work. Me too.
Why is user rights based bad?
Because, basically, if you install a piece of software, it can automatically access all your files! yay! And so viruses, malware, trojans, etc. were born! Wouldn’t it make more sense that a software could access only it’s own files? Or that you have to authorize it to access other files? What about the network? What about the browser or system settings? …you know, that annoying spam bar which got installed because you didn’t pay attention. Currently, if you install something, you can’t “limit” it. It has access to everything.
So what should we do?
The solution is “program rights”. Once you install something, it should ask:
- can I read/write on disk (in my own directory)
- can I read/write some other files?
- can I access internet?
- can I launch myself as background service at startup?
This should be built-in in the OS. This way, we’d have a tight leash on all the viruses, malware, trojans, and so on. If some shady piece of software wants to read your private stuff, modify your system and talk to the web, you’d have to authorize it beforehand.
Isn’t that what Android does?
Yes and no.
Android asks authorizations for all kind of features, indeed. This exactly what is meant by “program rights”.
…but … all of this is built “on top” of the operating system, in a rather contrived and unexpected way.
If you don’t know it yet, Android is based on the Linux kernel. It’s a big layer on top of it. So if the kernel is user rights based, how do they achieve their apps to run “isolated”? The trick is simple: install and run every app as a different user! (you can read it here: https://source.android.com/security/overview/kernel-security.html) …fancy right? They moved from “user rights” to “program rights” just by interpreting programs as users, so that they can’t interfere with one another. It’s smart, it’s ugly, it’s basically a giant hack …but it works.
Nevertheless, I’d prefer to see it built-in rather than through abusing an unused feature. I guess it also has it’s weaknesses. For example, you couldn’t even prevent an App from filling your disk space. It can be argued that Android is not secure per-se, but that it’s secure because of the highly curated App store. This monopole enables Google not only to make loads of cash but also to ensure all Apps play nice.