• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
UBports Robot Logo UBports Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Unconfined apps

Scheduled Pinned Locked Moved Unsolved General
5 Posts 4 Posters 602 Views 2 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      Keneda
      last edited by Keneda 17 May 2021, 11:07

      I wonder something, is it possible to install unconfined apps from outside the OpenStore ?
      I mean, for now uTouch is still a quite confidential system, but the more it'll spread, the more it'll attract garbage "devs", and, unexperimented users.

      On android, most of malicious software comes from outside the store, from apk that users install from crappy sources, with high privilege that allow them to steal any data (last but not least Teabot).

      Is that kind of "phishing" is possible on uTouch ? Is there a safeguard that prevents unconfined apps from being installed outside openstore and if not, would it be possible to add such a safety ?

      2015-2023 : Meizu MX4 ☠️⚰️✝️
      2023-2024 : Nexus 5 ☠️⚰️✝️
      2024-***** : FPOS Fairphone 5 waiting UT for freedom 😉
      🇲🇫🇬🇧

      P C 2 Replies Last reply 17 May 2021, 12:15 Reply Quote 0
      • P Offline
        poVoq @Keneda
        last edited by poVoq 17 May 2021, 12:15

        @keneda you can install apps through the UTtweak tool, unconfined or not.

        Imho there will always be a way to install apps in unofficial ways and I honestly would find it terrible if that would be further restricted.

        I think the much higher risk is actually the open-store itself. People think that apps are trustworthy there, but the truth is that other than some very basic checks and the "unconfined" destinction, anyone can upload and distribute malware through it.

        I personally would like to see a more trustworthy channel or alternative store that does not allow developers to directly upload their own binary artifacts. A model like f-droid, which compiles the apps from source themselves would be best I think.

        Edit: you are btw wrong, on Android by far the most malware comes from the playstore itself.

        Fairphone 5 (waiting for port)

        K 1 Reply Last reply 17 May 2021, 12:59 Reply Quote 0
        • K Offline
          kugiigi @poVoq
          last edited by 17 May 2021, 12:59

          @povoq unconfined apps and those with special persmissions are manually reviewed and uploaded by the OpenStore maintainer so that's some layer of security. Of course, it's not enough and can be improved. I remember there was an app that was able to change somerhing in the system, boot splash I think. It was in the Ubuntu store if I am not mistaken.

          1 Reply Last reply Reply Quote 0
          • C Offline
            CiberSheep @Keneda
            last edited by 17 May 2021, 17:05

            @keneda said in Unconfined apps:

            I wonder something, is it possible to install unconfined apps from outside the OpenStore ?

            Yes. Through UTTT or OpenStore App

            Is that kind of "phishing" is possible on uTouch ? Is there a safeguard that prevents unconfined apps from being installed outside openstore and if not, would it be possible to add such a safety ?

            UTTT is for advanced users. You have to install the click through the menu

            OpenStore app, it will ask you to install it. Not even some experienced users knows you can do that.

            Another planet, another time, another universe!

            K 1 Reply Last reply 17 May 2021, 18:37 Reply Quote 0
            • K Offline
              Keneda @CiberSheep
              last edited by Keneda 17 May 2021, 18:37

              @povoq said in Unconfined apps:

              you can install apps through the UTtweak tool, unconfined or not.

              @cibersheep said in Unconfined apps:

              Yes. Through UTTT or OpenStore App

              I was not sure you could do that also with unconfined apps.

              @povoq said in Unconfined apps:

              and I honestly would find it terrible if that would be further restricted.

              Maybe yes, but at least it could be there some warning telling the app that is going to be installed by this way is unrestricetd/unconfined, thus could lead to some security issue.

              2015-2023 : Meizu MX4 ☠️⚰️✝️
              2023-2024 : Nexus 5 ☠️⚰️✝️
              2024-***** : FPOS Fairphone 5 waiting UT for freedom 😉
              🇲🇫🇬🇧

              1 Reply Last reply Reply Quote 0
              • K Keneda marked this topic as a question on 15 Apr 2023, 05:43
              • K Keneda has marked this topic as solved on 15 Apr 2023, 05:43
              • K Keneda has marked this topic as unsolved on 15 Apr 2023, 05:43
              4 out of 5
              • First post
                4/5
                Last post