Currently, in order for Android app to appear in the official Store, developer has to allow Google to repackage their app and sign it with Google key. So while we can inspect what is there in the code of the app in git, we don’t really know what lands on our phones if installed via Google Play
You can still open an APK and decompile it… it being signed with a specific key is no different than the digital signatures some attach to their emails, it’s a way to prove authenticity, not a way to encrypt the message… you can open the email without having to even care about the signature.
They have less to loose, then. That’s just as dangerous, if not more.
I’m a small fry too, would you run a binary I send you without any form of sandboxing?
No, we typically run them with the same user that stores all our useful private data and that we typically type our passwords with.
Also, why are you OK with that level of sandboxing? don’t you want more “control”? You say containers are bad, but using user roles to protect parts of the system is ok? why are you not running all as root if you want “control”?
Not really, by default you have access to other drives (
Z:\
being/
, the fs root), wine is not a perfect sandbox, it’s not designed for that… and if you actually did want it to become one (which ultimately would also lead to a need for memory separation to fight memory-leak attacks) then it would not be that different from what’s being pursued. You’d be essentially building the container in a custom version of wine shipped by Valve on Steam, it does not make any difference in terms of “control”.