May be someone with deep pockets like Elon must get Linux to work on mobile. I know there's efforts going on but seems slow progress. That will break the back of the duopoly and also make things like this so much easier.
Getting Linux running is not the problem. All android phones have a working Linux kernel, and could probably be made to run some kind of Linux based software if you can get through the bootloader hurdles. The issues so far with open source phone stacks are largely around getting all the hardware talking with open source software, battery life, mobile appropriate UIs and finding ways to bring the apps people expect on board.
AFAIK the sandbox on Android is quite a bit stronger than your run-of-the-mill container (starting with every app running under a different UID[0], apps having very restricted access to the screen buffer[1], et cetera).
But it's not really about sandbox security and file system access. The issue is that the more walls you erect and the tighter you make your sandbox, the harder you will make it for apps to access system resources for legitimate purposes. This is where Android shines as it provides a huge, fine-grained API for apps to access system resources while still making sure they only access what they're allowed to access. On Linux we don't even have that fine-grained an API, let alone the same level of fine-grained control. You either grant an application access to your bluetooth/wifi/… device or you don't.
What's more, all Android apps and their UI have been built around this permission-based system these days. Compare this to Linux where applications still assume they have access to everything by default and you have to work very hard to confine an application while making sure it's still usable and the user is not thrown off by weird error messages.
In other words: The strength of Android (and iOS) is that they built in a tight & fine-grained capability-based system from the get-go and also solved the UI challenges that went along with that. These days, they can count on an entire ecosystem of applications that expect to live (and are usable) in that sandbox.
Regular Linux distributions are lightyears away from that. Personally, I really hope SpectrumOS[2] will make a dent here.
I'm not tech enough to challenge you on that but in practice most apps demand far more than they need and users generally click yes. If I don't I get annoying reminders every time and feature restrictions. Like my app that comes with smart watch. At some point I guess most will say take it can stop bothering.
I don't follow what you mean by "give or don't" isn't that how Android works? Like I give file system or drive access to some app so it can pick pictures. Do I know what else it does with that permission?! Just have to trust.
I agree that's an issue but I would say it's a separate one. At least in Android these days you don't have to agree to everything upfront (during installation) but you can choose the permissions you want to grant one by one later during runtime. E.g. when the app wants to access the camera, it asks you for access right there and then and you can also only give it one-time access. That's already been a big UX and security improvement and I'm sure this can be improved even further.
> Like I give file system or drive access to some app so it can pick pictures.
In past versions of Android yes. Nowadays, however, in order for the app to access select photos it no longer needs the general file system access permission. The file picker has become a system component, and by picking photos you grant the app access to the selected files and the selected files only. Of course if the app is, say, a photo gallery app, then it will probably still need access to your entire camera folder (or even the entire file system), not just individual files. In such cases, I at least will probably review the app a bit more carefully.
> Do I know what else it does with that permission?! Just have to trust.
That's always the case when you grant permissions to someone or something. At least, the more fine-grained your permission system is, the more control you have, and the easier it will be for you to build that trust.
In my case I usually disable internet access[0] for apps by default, so that even if they need access to, say, my entire file system, they won't be able to send my files anywhere or do anything shady. Only for select apps that I've reviewed carefully I might also enable internet access.
Either way, I hope we can agree that Android gives you a lot more control over what you allow your apps to do than Linux. In Linux I have to blindly trust all apps at once. It's all or nothing.
[0]: I use GrapheneOS. In regular Android the internet permission is no longer exposed to the user, I think.
