Unconfined apps

Keneda · 17 May 2021, 11:07

I wonder something, is it possible to install unconfined apps from outside the OpenStore ?
I mean, for now uTouch is still a quite confidential system, but the more it'll spread, the more it'll attract garbage "devs", and, unexperimented users.

On android, most of malicious software comes from outside the store, from apk that users install from crappy sources, with high privilege that allow them to steal any data (last but not least Teabot).

Is that kind of "phishing" is possible on uTouch ? Is there a safeguard that prevents unconfined apps from being installed outside openstore and if not, would it be possible to add such a safety ?

poVoq · 17 May 2021, 12:15

@keneda you can install apps through the UTtweak tool, unconfined or not.

Imho there will always be a way to install apps in unofficial ways and I honestly would find it terrible if that would be further restricted.

I think the much higher risk is actually the open-store itself. People think that apps are trustworthy there, but the truth is that other than some very basic checks and the "unconfined" destinction, anyone can upload and distribute malware through it.

I personally would like to see a more trustworthy channel or alternative store that does not allow developers to directly upload their own binary artifacts. A model like f-droid, which compiles the apps from source themselves would be best I think.

Edit: you are btw wrong, on Android by far the most malware comes from the playstore itself.

kugiigi · 17 May 2021, 12:59

@povoq unconfined apps and those with special persmissions are manually reviewed and uploaded by the OpenStore maintainer so that's some layer of security. Of course, it's not enough and can be improved. I remember there was an app that was able to change somerhing in the system, boot splash I think. It was in the Ubuntu store if I am not mistaken.

CiberSheep · 17 May 2021, 17:05

@keneda said in Unconfined apps:

I wonder something, is it possible to install unconfined apps from outside the OpenStore ?

Yes. Through UTTT or OpenStore App

Is that kind of "phishing" is possible on uTouch ? Is there a safeguard that prevents unconfined apps from being installed outside openstore and if not, would it be possible to add such a safety ?

UTTT is for advanced users. You have to install the click through the menu

OpenStore app, it will ask you to install it. Not even some experienced users knows you can do that.

Keneda · 17 May 2021, 18:37

@povoq said in Unconfined apps:

you can install apps through the UTtweak tool, unconfined or not.

@cibersheep said in Unconfined apps:

Yes. Through UTTT or OpenStore App

I was not sure you could do that also with unconfined apps.

@povoq said in Unconfined apps:

and I honestly would find it terrible if that would be further restricted.

Maybe yes, but at least it could be there some warning telling the app that is going to be installed by this way is unrestricetd/unconfined, thus could lead to some security issue.