I wish it were possible to enable a stricter mode that uses something like filesystem overlays to help contain known-unruly software like Adobe Creative Suite. Under this mode, any attempted filesystem reads outside of ~/Library/Application Support/<appname> that aren’t explicitly approved by the user would simply return nothing, and eliminating all traces of the software would be as simple as deleting its respective FS layer/sparseimage/etc.
This is actually one of the features I like in Android. You can strictly limit where an app can access. They are tightening the screws with each release as well.
Only if the same limitations were applied for Google services...
I'm torn about this feature. The case you describe is helpful, but I mostly notice this feature when it's preventing me from snooping in application-specific folders of third party apps. I hate the feeling of knowing that a lot of data my phone is processing is completely invisible and inaccessible to me, the phone's purported owner.
Yes, any such feature should be bypassable by the owner. I hate that on phone they've decided that the owner doesn't have complete rights to their own system.
This is what SELinux provides though, is the thing. What we've really messed up on with desktop is not getting this to a state where it's reasonably manageable.
Problem is again that these screws also do apply to the user and smartphone OS are the worst role models I can think of.
Smartphone OS now are neither particularly secure, nor very useful considering the relative power of what the devices could do in theory.
Sure, there are ways around it, but to me the ecology of phone OS is disastrous enough, that I just don't bother with it aside for doing calls and using it as a mobile router. Even if it is a shitty router that could be so much better.
And no, I don't want an OS that gives me an advertiser ID and gaslights me that that is for my best. And no, I don't care that I can randomize it with a press, it is designed to ID you and at some point you will be too lazy to care about your quite shitty operating system.
This is kind of how sandboxed apps on the Mac work - they can only see files or directories that the user has manually opened in the app though one of the OS facilities (double-clicking a file, drag & drop, or the OS-provided file open dialog)
It would have been nice if you could just force non-sandboxed apps (basically anything from outside the Mac App Store) to be sandboxed.
System log files have the potential to contain all kinds of sensitive data from all users of the system. Your own processes only have access to your own data.
