Yes, there's much more work to be done here in the open source community, and I think it might have to be done there due to lack of aligned incentives otherwise.
For instance, on platforms such as Android that are meant to be secure in this way, I can't block an app from accessing the internet anytime it wants. Of course, the reason for that is that blocking internet access would also allow blocking ads, which Google has a negative incentive for.
Large corporations always take advantage of the sandboxing for anti-user features as well. In many apps I can download videos on desktop whether they want me to or not using inspect element etc, but this is often tricky or impossible on Android. Again, corporate incentives are aligned against the user.
We also need UX innovations that make granular permission management friendly for average users. I suspect good defaults are half the battle here.
If we use the popup approach for 20+ permissions when users download an app, they'll likely say yes to everything, no to everything or be frustrated at how much time they spend setting up their new app. None of these seem like good outcomes.
Permission management - not part of capability based security. That's the bad thing with the same name that happens on cell phones.
Capability based security is more like cash(an economic capability) in your wallet. You take out $5 to buy something, you can't risk more than $5 in the transaction.
With a phone, it's like you enable access to ALL of your money, effectively forever, in a binary manner. (Unless you remember to turn it off later, or the OS does after 3 months of non-use)
Edit/Append - Capability based security dates back to the 1970s. It's perfectly possible to do it with modern hardware. You just need to protect the OS from applications, which anything with an MMU can do. (Or, if you don't have an MMU, you could just run WebAssembly, which is capabilities based)
The key is that instead of giving file names to programs, you give handles (capabilities) at run time, when the user wants to open a file, save, etc. Otherwise the program has NO access to anything by default. (Thus it can't cause unwanted changes anywhere else)
Ah okay. Is it possible to have capability based security in software at all? Or is the definition such that it must be implemented at the hardware level?
For instance, on platforms such as Android that are meant to be secure in this way, I can't block an app from accessing the internet anytime it wants. Of course, the reason for that is that blocking internet access would also allow blocking ads, which Google has a negative incentive for.
Large corporations always take advantage of the sandboxing for anti-user features as well. In many apps I can download videos on desktop whether they want me to or not using inspect element etc, but this is often tricky or impossible on Android. Again, corporate incentives are aligned against the user.