11

Application devlopement for mobile devices is generally more restrictive, i.e. the apps runs in a sandboxed environment, they have many limitations when accessing the filesystem, etc. compared to their desktop counterparts. What is the main reason for this?

j78981
  • 111
  • 3
  • 4
    First thought: Because they were designed far more recently with more modern needs in mind, and desktop OSes have yet to catch up. – Luc Apr 06 '14 at 01:34
  • Note that e.g. OS X is also moving in same direction starting sandboxing apps. – Andrey Apr 06 '14 at 05:43

2 Answers2

6

I think the comment of @Luc is as giving a direction that merits to be expanded here into an answer.

Consider the following. The hardware to have a 0.5lb mobile device run at 480p resolution etc is quite recent. Consequently it is only recently that those mobile systems you mention in your question exists. Desktop system which have been able to use big/heavy hardware (not mobile) has been around for much longer. The X Windows System for instance being an basis for many so Desktop system has been around since aprox. 1984 a time at which Internet and Networking and Applications have looked quite differently. Without the "high-speed broad-band everything connected" the exposition for attacks and hence the necessity for sandboxing has been different. The novelty of the mobile systems allowed to disregard largerly backwards compatibility issues and facilitated to implement techniques to address today`s risk/security threat situation.

Sticking to the example of X Server (i.e XOrg/XFree86) the need to protect applications from each other was not initially seen as it was rare that you installed untrusted code from less known origins. The number of apps making use of libXOrg or derivates was much smaller and changes was that one could have trusted all Applications that one allows to run on your system. With more and more applications from evermore diverse unknown origins makes this trust model difficult. Unluckily for being able to stick with compatibility (in case of the example of the X Server) the model is still used today. Therefore it is even today possible for one application to keylog the input of other applications in the same XSession, something that maybe not have been considered a threat/risk back then, as few X Applications were known and trusted to be bigger extend. Just as @Luc suggests the catching up is occuring and we see for example that some replacements for X Server, like the famous Wayland is considering models that move into including sandboxing and separation and in general a more modern day trust model.

The historical reasons sketched above (i.e. different threat situation at the time of the creation of mobile vs desktop system) is of course enhanced with potential other reasons and surely not a monocausal thing. The notion that sandboxing techniques will enhance the situation of power the owner/creator of the OS/system relatively to the app creators potential coercing them to comply with the agenda of the former.

humanityANDpeace
  • 1,432
  • 1
  • 12
  • 24
2

I guess only insiders from respective companies can provide definite answers, so please take the below answer with a grain of salt.

I believe that those restrictions are, in large part, to protect business model and the respective ecosystem.

For example, here's some data from Apple's recent 10-K filing:

The iTunes Store generated a total of $9.3 billion in net sales during 2013, a 24% increase from 2012. Growth in the iTunes Store, which includes the App Store, the Mac App Store and the iBooks Store, reflects continued growth in the installed base of iOS devices, expanded offerings of iOS apps and related in-App purchases, and expanded offerings of iTunes digital content.

(and this is the fastest growing product among all Apple's products)

Mobile devices are meant for consumption of content (be it music, movies, apps, or anything else), so it is critical for a vendor ensure that user will pay for that content. Hardening devices and restricting apps helps a lot in achieving this goal.

This is not to say that mobile vendors don't care about security and privacy; they certainly do. But restrictive app runtime environment is very likely due to business rather than security/privacy reasons.

Andrey
  • 2,236
  • 17
  • 14