• Skull giver@popplesburger.hilciferous.nlOP
    link
    fedilink
    arrow-up
    1
    arrow-down
    2
    ·
    1 year ago

    It’d be hard to forget about because persistent daemons require a persistent notification. Android also submits regular reminders about background apps if you’ve hidden the persistent notification.

    This risk exists with all apps, though! Abandoned apps regularly get bought out and infected with adware or other malware. Anything user content facing has the risk to be exploited down the line.

    I think people have become quite paranoid about open ports since the XP era where every machine hooked up to the internet would be infected within seconds. People still use Windows 7 as daily drivers and so far the risk is much lower than I ever expected at least.

    • RustedSwitch@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      2
      ·
      1 year ago

      You are commenting as if everyone who would turn this feature on would have the technical acumen to understand how any of it works.

      • Skull giver@popplesburger.hilciferous.nlOP
        link
        fedilink
        arrow-up
        2
        arrow-down
        3
        ·
        1 year ago

        And you are commenting as if this isn’t possible for malicious use already on any port above 1024. Unless you have a firewall installed, there’s a good chance an app on your phone has opened a port right this moment.

        The only change I would need for Android is that a) the 70s UNIX privilege port legacy should be dropped and b) phones should have a special, popup based permission, like location access. The risks are all there already, if we’re going to be risking random adware serving up crapware and destroying your data connection, we might as well see the benefits as well.

        • some_guy@kbin.social
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          1 year ago

          We get it dude; you wanna run servers off of android.

          Good thing the base is open source, you can go ahead and build that dream phone OS that doesn’t care about your personal security.

          Nobody else wants to do this so I’m not sure why you’re arguing to hard for everyone to be able to do it. Why would I want to self host a website on a phone and expose myself to a million new attack vectors when there’s free hosting available en masse?

          I run a server now for lots of local stuff and I still pay for a web server so my home isn’t constantly exposed to the internet at large. Why the fuck would anyone want to do that, IDK. it’s a fucking privacy nightmare.