1. Linux is the kernel, not a distribution, and the kernel supports per-application sandboxing.Head_on_a_Stick wrote:(...) Linux lacks coherent per-application sandboxing (and no, firejail doesn't count, user namespaces are a gaping wide hole in the system).
2. I'm sure You know that it's trivially easy to sandbox every single application f.e. by simply modifying its startup script/launcher.
Now, the question is why sandboxing is needed at all?
You have mentioned Chromium - this is a very good example, because it explains the need for sandboxing applications on Android:
The reason for sandboxing web browsers is that they are executing unknown, untested, possibly unreliable and possibly harmful code -> the web pages code.
In a normal system (like Debian) there are only 2 kinds of applications which can execute code from unknown sources: web browsers and e-mail readers. Every other program (application) has a constant code, and if it comes from Debian repositories, You can be sure that it's not a virus/malware.
So, It is completely OK that Debian is not sanboxing every single application -> that would make no sense, since 100% application on Debian are proven to not be a malware. Sandboxing is not a cost-free -> it causes serious performance drop and higher power consumption (much more code has to be executed during simple task switching - thousands of times per second)
But this is not the case in Android woirld: 99% of the applications are using external sources f.e.. for displaying advertisements (there are other reasons too...) -> so every application behaves similarly to a web browser -> it can download and execute unknown/dangerous code.
Another problem is, that many of the Android apps are coming from untrusted sources -> f.e. if You new shiny smartwatch requires to download some app for activation, from completely untrusted/non-verified web site...
Yet another thing is, that sandboxing does not defend the users from applications intentionally created for spying/collecting unwanted informations about the user - because formally they are "normal" applications
Yet another thing is, that sandboxing does not prevent the applications to use security holes in underlying system services...