[sf-lug] android

Rick Moen rick at linuxmafia.com
Thu Apr 7 00:07:35 PDT 2022

I wrote:

> 3. The obvious way to escape the clutches of the 2nd most nosy
>    corporation in the world -- and still use Android if that is 
>    one's cuppa is to _not use Google's Android builds_, but rather
>    (hardware support permitting[1]) one of the third-party, 
>    less-filled-with-vendor-captive-proprietary-junk Android,
>    Replicant or CopperheadOS for the purists, PostmarketOS for 
>    the realists.  

I misremembered the relevant names, on account of writing

The ur-implementation of truly open source Android was CyanogenMod.
When that project imploded, its flagship successor, and main current
example of the genre, is LineageOS.

The hardcore-FSF-leaning, militant-free-software version of LineageOS
with absolutely all proprietary bits omitted is Replicant. 

/e/ (formerly Eelo) is a fork of LineageOS with microG, a free and
open-source implementation of Google APIs substituted for Google Play

There are, predictably, others.

_PostmarketOS_, is a real Linux distribution for mobile devices, not an
Android variant.  It's a popular choice for PinePhones.

>    and one must select very carefully.
> 4. Privacy?  Using commodity Android means laughable security 
>    _and_ privacy, and also that you're fine with your handset
>    getting EOLed in a ridiculously short period of time.
> 5. That's not even talking about the skunk in the garden, the thing
>    cellular pphone users seldom even think about, the problem of the
>    baseband chipset getting rooted and puppeteered over the air by 
>    average nation state spook agencies and, these days, probably by 
>    even modest criminal organisations.  This is a largely unsolved
>    problem, but Pine Store and Purism at least partially deal with it
>    by decoupling the main and baseband chipsets rather than having
>    them share a data/RAM bus as with most phones -- communicating,
>    if memory serves, over USB.  With power switches for various 
>    subsystems.
>    Enlightening study from 8 & 6 years ago:
>    https://blog.torproject.org/mission-impossible-hardening-android-security-and-privacy/
>    https://blog.torproject.org/mission-improbable-hardening-android-security-and-privacy/
>    (not the same URL twice!) 
>    Illustration of the baseband problem at work, with a quite 
>    unforgiveable backdoor built into the Samsung Galaxy by the vendor:
>    https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor
>    More on the baseband problem: 
>    https://news.ycombinator.com/item?id=10905643
> You asked a question that invites, well, a wide-ranging and highly
> debatable discussion.  I've only dipped my toe in, above.
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/ 

More information about the sf-lug mailing list