security, packaging, compatibility

Andreas Jellinghaus aj at dungeon.inka.de
Wed Nov 14 23:36:28 CET 2007


I read the onlamp.com article about android, and there are a few issues
where I'm thinking "wow, they are getting this right!" and "but what is
openmoko doing in this area?". namely:

security: I read android will confine each application by both using java
sandbox security, but also by having an extra user for each application
so that application is confined to it's home dir, memory, process space
etc. and cannot interfere with other applications. openmoko so far does
run everything as root? I would like to use my moko as a security device
where I store rsa keys, do all the crypto (never reveal the raw rsa keys)
etc. and this will require very high level of security - including
protecting my high security app from all other application (e.g. games).
are there any plans in this direction?

packaging and distribution: I read android sdk will compile applications
into "dex" files which can be used to distribute it and install the app
on the phone. for openmoko I only know about the huge build tree, bitbake
and ipkg files and interim steps. I'm no ipkg expert but know deb quite
well and I think - might be wrong - the concepts are similar. extracting
any files as root and putting them somewhere on the file system gives
me a big shivers. if on the other hand a file can be downloaded, checked
(maybe signatures or something), and the unpacking process guarantees
it will end in a special directory, be confined in there, no chance
it can change anything anywhere else, access other apps. files and
(also quite important) cannot contain e.g. suid binaries, no apps
that will be in path and all that - this would be very nice from
security and packaging and distribution point of view. ipkg is fine
for the managing the core system, but what about addons that want to
be placed on web pages and downloaded, installed and started with
a single (or very few) clicks?

what about compatibility? openmoko grows to support more and more
phones. in the end I will have to compile or at least package my app
for each phone again? or can I create one package that will work everywhere,
even if the devices have different capabilities (e.g. screen size)?
itmight be too early to tell, but keeping an eye on such issues would be
very reassuring.

don't get me wrong, I'm not an android fan, lots of stuff in their
announcement makes me turn away (like promoting not sharing drivers
developed by manufacturers - that sounds to me they break the GPLv2
license of the linux kernel used). or the whole concept looks to me like
it optimized for everyone doing their own stuff, i.e. the opposite of
working together towards a common goal. but some of the ideas look like
what I was hoping for openmoko in the long term, so maybe this is a good
time to say "see, they do it that way, maybe we can do the same?"

what do you think?

thanks for your advice.

Regards, Andreas





More information about the community mailing list