Android browser, sandbox feature if possible.

I would like if comodo would make a browser for Android too, and if possible do so we can open the browser as sandboxed.

Don’t be foolish. Don’t sandbox a phone.

Why not? Well, not sandboxing the phone but the applications running on it.

With the exception of a small amount of Android OS code running as root, all code above the Linux Kernel is restricted by the Application Sandbox.
https://source.android.com/devices/tech/security/ https://developer.android.com/training/articles/security-tips.html

Application sandboxing is possible in Android platform. And in terms of security measures, that makes much sense.

We’re working on creating such an application, that will let you run any other application is sandbox, enable limitations of some functionalities and/or system calls.

Which features do you think would be good, other than obvious ones?

All applications run above root access, (unless specifically given root access). You should not need to add an additional sandbox causing functionality issues within the phone.
Personally, I think this is a bad idea, but I will reserve judgement and look into it further.

Sandboxing is not only possible, it is mandatory for all applications. So what are you planning to do, and why? :wink:

What about a behavior blocker (viruscope ish (?))?

Edit: Actually that may be thread hijacking?

Block a sandboxed application’s behaviours? :-\

What flaws in Android’s security would that, or the application fatih.orhan spoke of, fix?

To create a sandboxing application for an already sandboxing OS, there must be a serious flaw in the OS to fix. Are there any serious flaws in current versions of Android? :-\

I don’t know, but are you saying that Android is fully secure with its sandbox and that malware for android is a myth? That a potential malware abusing towelroot (or similar) could never happen? That potential malware can’t harvest personal data?

Guess anti-malware for android is useless then? Might as well uninstall CMS in that case.

Edit: Also, not block a sandboxed applications behavior but rather detect malicious behavior and alert user, but applications for android can apparently never be malicious, so never mind.

What I’m saying is that before you look for a solution, you have to look for a problem. If applications can escape Android’s sandbox and cause harm, then there is a problem to fix. The next question is how to fix it. Probably the best solution would be to submit patches that fix the problem, or report it to developers who can fix it.

Nothing is impenetrable, and in October 2013, Google revealed that “less than an estimated 0.001% of app installations on Android are able to evade the system’s multi-layered defenses and cause harm to users”.

If malware for Android is a myth? I have seen reports, from AV-vendors, that there are huge numbers of malware for Android. In a footnote they admit that only 1 ‰ or so is available in Play Store. Android’s default setting is to not allow installations from unknown sources. For how long is a bad application in Play Store available, on average, and how many users install them, on average?

I will not tell you if you need CMS or not, but Adrian Ludwig, the lead engineer for Android security at Google, has his opinion (on AVs in general).

Do consider older android versions that aren’t updated anymore-- quite insecure. (eg privilege escalation)
Mentioned scenario is a trend and new manufacturers that you’ve never heard of rely on it for a living.

Then again, mobile security needs rethinking.

What do you have in mind?

I think the principle of least privilege is the way to go. There is of course always room for improvements of the implementation, but the chosen principle is the right one. Compared to a legacy platform like Windows, security has been rethought.

Updating of Android needs rethinking in many cases. Nexus and Android One show how it should work.

It sure is possible. Besides the mandatory Application Sandbox, a multi-process browser may use SUID to further sandbox each tab-process. Unsurprisingly, Chrome does that. How about a Chromium-based Comodo Dragon for Android? :wink: