Security and Privacy
Security is of primary importance in the modern world. Security is the capability of a device to withstand malicious attacks to avoid allowing the attacker to gain access to capabilities or data on the device. Sailfish OS aims to be a secure operating system to power the devices of users around the world.
Sailfish OS devices can be updated with so called “hotfixes” for specific security issues outside of the normal release update cadence. This allows vendors to provide users with security updates as they become available, with minimal delay. These fixes are provided as package updates via the normal package management systems, and are fully versioned and delivered securely with end-to-end encryption to avoid man-in-the-middle or other contamination attacks.
Sailfish OS currently uses a three-level security architecture.
- Third-party applications submitted through the Harbour are rigorously examined for any signs of malicious behaviour.
- Every application, irrespective of its origin, is run in a Sailjail sandbox with an explicitly assigned set of application permissions to limit the scope of malicious activity achievable by exploiting a possible vulnerability in the application.
- Furthermore, access to certain sensitive user’s data like the address book or communication records, is only available to a limited set of privileged applications and/or services. Linux user groups are used to separate privileged processes from non-privileged ones and file system access control is enforced by the Linux kernel.