[sf-lug] android

Wed Apr 6 20:23:28 PDT 2022

Quoting Alex Kleider (alexkleider at protonmail.com):

> Bobbi in her report of Sunday's meeting reported (at least this was my
> interpretation) that Rick eschews android.  Rick, if you're listening
> and so inclined, I'd be very interested in knowing why.  Is it the
> privacy thing?  .. google collecting data?

1. Android's just less interesting.  Seriously, a primary coding
   environment that's an offbranded Java workalike ("Android Runtime" =
   ART, and previously "Dalvik")?  An impoverished userspace that 
   cannot and does not compete with real Linux?  Ew.  Dreadful and 
   boring, and doesn't even allow decent app performance for the 
   hardware capability provided.
   https://arstechnica.com/gadgets/2009/02/an-introduction-to-google-android-for-developers/

2. Real Linux is more familiar, malleable, and provides better
   facilities for user control of the computing environment.

3. The obvious way to escape the clutches of the 2nd most nosy
   corporation in the world -- and still use Android if that is 
   one's cuppa is to _not use Google's Android builds_, but rather
   (hardware support permitting[1]) one of the third-party, 
   less-filled-with-vendor-captive-proprietary-junk Android,
   Replicant or CopperheadOS for the purists, PostmarketOS for 
   the realists.  But hardware compatibility is problematic, 
   and one must select very carefully.

4. Privacy?  Using commodity Android means laughable security 
   _and_ privacy, and also that you're fine with your handset
   getting EOLed in a ridiculously short period of time.

5. That's not even talking about the skunk in the garden, the thing
   cellular pphone users seldom even think about, the problem of the
   baseband chipset getting rooted and puppeteered over the air by 
   average nation state spook agencies and, these days, probably by 
   even modest criminal organisations.  This is a largely unsolved
   problem, but Pine Store and Purism at least partially deal with it
   by decoupling the main and baseband chipsets rather than having
   them share a data/RAM bus as with most phones -- communicating,
   if memory serves, over USB.  With power switches for various 
   subsystems.

   Enlightening study from 8 & 6 years ago:
   https://blog.torproject.org/mission-impossible-hardening-android-security-and-privacy/
   https://blog.torproject.org/mission-improbable-hardening-android-security-and-privacy/
   (not the same URL twice!) 

   Illustration of the baseband problem at work, with a quite 
   unforgiveable backdoor built into the Samsung Galaxy by the vendor:
   https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor

   More on the baseband problem: 
   https://news.ycombinator.com/item?id=10905643

You asked a question that invites, well, a wide-ranging and highly
debatable discussion.  I've only dipped my toe in, above.