Even with Google's changes, F-Droid will continue to work with Android phones that do not use Google GMS.
If you care about your actually owning your device, install something else than stock OS. I would recommend GrapheneOS, since the security of some/most other alternatives is pretty bad.
Indeed. Sadly the reality is that most other Android devices are simply not secure enough. Many Android phones do not have a separate secure enclave (outside Pixel and IISC Samsung flagship and A5x range), so they are vulnerable to breaking PIN-based unlocking, side channel attacks, etc. Besides that they often only provide old vendor kernel trees, old firmware blobs, etc.
So, you have to wonder whether you want such a phone anyway if you care about security and privacy. If you don't care about security anyway, you could as well run /e/OS, etc.
Above-mentioned Samsung phones could perhaps make the cut, but don't support unlocking anymore (and when they still did, would blow a Knox eFuse).
GrapheneOS is working with a manufacturer to change this:[0]
> We're working with a major OEM and the devices will be the future versions of existing models they have now. The devices will be priced similarly to Pixels. The initial devices will have a flagship Snapdragon SoC for the best security and support time. Snapdragon flagships have significantly better CPU and GPU performance than Pixels. Snapdragon provides high quality Wi-Fi, Bluetooth, GNSS and cellular support as part of the SoC. eSIM and other functionality is also provided by the SoC. Snapdragon has decent image processing functionality included too, and good neural network acceleration.
The outlook webapp is quite decent. I've never used their native app, but I've manahed to get by fine with their webapp, even though notifications don't work (I just check it regularily). IIRC K9/Thunderbird also has support for exchange now.
Can you not setup your work email through a regular email client? I thought the days of being locked into Outlook specifically went away with Exchange. Everywhere I've worked since has been able to.
Also, what kind of banking are people doing that requires an app? I genuinely don't know what it could be.
AFAIK every popular Android phone uses a qualcomm modem chip with a separate OS that has complete access to ram. NSA most certainly has a backdoor there and such complete access to any Android phone. This was common knowledge after the Snowden stuff. I don't think this has changed at all since. Only few niche phones (pinephone) separate these systems or have a hardware switch to disable the cellular system.
There is common knowledge to suggest that it is not the case (or maybe is no longer the case):
>Mainstream smartphones do not provide DMA access from the baseband to the application processor's memory... Yes, getting baseband access then lets you monitor regular voice and SMS comms. But no, it does not instantly compromise the AP so using the Signal app would still be secure.https://news.ycombinator.com/item?id=10906488
>This is false FUD that keeps being repeated. It's not true. No iPhone ever has had a baseband with DMA access to my knowledge, and modern Qualcomm devices have advanced IOMMU systems to firewall away the baseband from the rest of system memory. I'm sure some phones somewhere existed where the baseband was privileged, but it's not the norm.https://news.ycombinator.com/item?id=30393283
>Connecting a cellular radio via USB provides far less isolation than the approach of a tiny kernel driver connected to an IOMMU isolated cellular radio on mainstream devices. USB has immense complexity and attack surface, especially with a standard Linux kernel configuration. Forensic data extraction companies mostly haven't bothered using attack vectors other than USB due to it being such a weak point. Many of the things people claim about cellular radios in mainstream smartphones are largely not true and they're missing that other radios are implemented in a very comparable way.https://news.ycombinator.com/item?id=46841004
> NSA most certainly has a backdoor there and such complete access to any Android phone.
Citation needed?
> This was common knowledge after the Snowden stuff.
Not to me, it isn't? As far as I'm aware, most of the Snowden stuff were centered around PRISM, which allowed widescale wiretapping of internet backbone, as well as agreements with big cloud providers to allow tapping into their data.
I haven't seen anything indicating that there was widespread compromise of personal computing devices at such a deep level of the root of trust. I haven't seen any indication that the NSA has a backdoor in the earlyboot CPU of any device, whether that is the Qualcomm boot processor, the Intel Management Engine or the AMD Platform Security Processor (which all have similar capabilities and hidden firmware).
If I missed anything/have links to research into these backdoors, I'd like to see them!
I agree, but the probability that this is going to happen anytime soon is near-0. The current US administration is not going to rein in the tech broligarchy and if they did, it would be done out of spite and the pieces wold sold to administration-aligned oligarchs (e.g. Ellison), which might end up being worse.
The EU is not going to force this, because it has enough fights to pick with the US, and this is not the hill that they are willing to die on. It would be far more likely for them to financially support an AOSP-based OS.
As of now, Google isn't destroying non-Google android installs, so F-droid will still work there (correct me if wrong). So until Google takes android fully closed or succeeds in getting popular/necessary apps to blacklist non-Google-verified devices, F-droid still has a role
I hope so. The changes can mean two things: people can only use it easily in custom roms (I guess there is an overlap there) or they actually would play with Google: i guess technically they could as well register and sign the stuff with a Google key as the software is all FOSS and would allow defining another responsible developer (otherwise Google would have to through out all FOSS without CLA from their playstore). I guess quitting would be an option, but IMHO the outrage outside the bubble would probably be hardly noticable, so what would be the point?
Even with Google's changes, F-Droid will continue to work with Android phones that do not use Google GMS.
If you care about your actually owning your device, install something else than stock OS. I would recommend GrapheneOS, since the security of some/most other alternatives is pretty bad.
GrapheneOS works only with Pixel devices, which doesn't make it much useful for the vast majority of Android users.
Indeed. Sadly the reality is that most other Android devices are simply not secure enough. Many Android phones do not have a separate secure enclave (outside Pixel and IISC Samsung flagship and A5x range), so they are vulnerable to breaking PIN-based unlocking, side channel attacks, etc. Besides that they often only provide old vendor kernel trees, old firmware blobs, etc.
So, you have to wonder whether you want such a phone anyway if you care about security and privacy. If you don't care about security anyway, you could as well run /e/OS, etc.
Above-mentioned Samsung phones could perhaps make the cut, but don't support unlocking anymore (and when they still did, would blow a Knox eFuse).
38 replies →
GrapheneOS is working with a manufacturer to change this:[0]
> We're working with a major OEM and the devices will be the future versions of existing models they have now. The devices will be priced similarly to Pixels. The initial devices will have a flagship Snapdragon SoC for the best security and support time. Snapdragon flagships have significantly better CPU and GPU performance than Pixels. Snapdragon provides high quality Wi-Fi, Bluetooth, GNSS and cellular support as part of the SoC. eSIM and other functionality is also provided by the SoC. Snapdragon has decent image processing functionality included too, and good neural network acceleration.
[0]: https://old.reddit.com/r/GrapheneOS/comments/1o32gpg/deleted...
3 replies →
Huge opportunity for Lenovo/Motorola here who have been the quiet Linux favorite for a while but we shall see if they even bother.
Sounds like a consumer problem for their own choices of vendor lock in
Would love to ditch google and use grapheneOS, however have so many banking and (stupid) outlook for work.
You can check banking app compatibility here:
https://privsec.dev/posts/android/banking-applications-compa...
3 replies →
The outlook app works for me on GrapheneOS, is there something about it that doesn't work for you?
Many banking apps do work on GrapheneOS, the list had already been linked to by others
> Would love to ditch google and use grapheneOS
grapheneOS only works with google phones.
4 replies →
The outlook webapp is quite decent. I've never used their native app, but I've manahed to get by fine with their webapp, even though notifications don't work (I just check it regularily). IIRC K9/Thunderbird also has support for exchange now.
Apparently a lot of banking apps work with the sandboxed Google malwares. Not sure though, I'm not a user (wrong hardware)
2 replies →
Can you not setup your work email through a regular email client? I thought the days of being locked into Outlook specifically went away with Exchange. Everywhere I've worked since has been able to.
Also, what kind of banking are people doing that requires an app? I genuinely don't know what it could be.
9 replies →
Theres e/OS where you can have a locked bootloader with some phones
Why do people need banking on their phones though? Banks have websites too.
8 replies →
I don't much like the official Outlook app. Been using Nine for ages, it does everything I've needed.
AFAIK every popular Android phone uses a qualcomm modem chip with a separate OS that has complete access to ram. NSA most certainly has a backdoor there and such complete access to any Android phone. This was common knowledge after the Snowden stuff. I don't think this has changed at all since. Only few niche phones (pinephone) separate these systems or have a hardware switch to disable the cellular system.
>I don't think this has changed at all since.
There is common knowledge to suggest that it is not the case (or maybe is no longer the case):
>Mainstream smartphones do not provide DMA access from the baseband to the application processor's memory... Yes, getting baseband access then lets you monitor regular voice and SMS comms. But no, it does not instantly compromise the AP so using the Signal app would still be secure. https://news.ycombinator.com/item?id=10906488
>Apple mitigates baseband processor vulnerabilities by putting it behind what's essentially an IOMMU. https://news.ycombinator.com/item?id=29440154
>This is false FUD that keeps being repeated. It's not true. No iPhone ever has had a baseband with DMA access to my knowledge, and modern Qualcomm devices have advanced IOMMU systems to firewall away the baseband from the rest of system memory. I'm sure some phones somewhere existed where the baseband was privileged, but it's not the norm. https://news.ycombinator.com/item?id=30393283
>Connecting a cellular radio via USB provides far less isolation than the approach of a tiny kernel driver connected to an IOMMU isolated cellular radio on mainstream devices. USB has immense complexity and attack surface, especially with a standard Linux kernel configuration. Forensic data extraction companies mostly haven't bothered using attack vectors other than USB due to it being such a weak point. Many of the things people claim about cellular radios in mainstream smartphones are largely not true and they're missing that other radios are implemented in a very comparable way. https://news.ycombinator.com/item?id=46841004
> NSA most certainly has a backdoor there and such complete access to any Android phone.
Citation needed?
> This was common knowledge after the Snowden stuff.
Not to me, it isn't? As far as I'm aware, most of the Snowden stuff were centered around PRISM, which allowed widescale wiretapping of internet backbone, as well as agreements with big cloud providers to allow tapping into their data.
I haven't seen anything indicating that there was widespread compromise of personal computing devices at such a deep level of the root of trust. I haven't seen any indication that the NSA has a backdoor in the earlyboot CPU of any device, whether that is the Qualcomm boot processor, the Intel Management Engine or the AMD Platform Security Processor (which all have similar capabilities and hidden firmware).
If I missed anything/have links to research into these backdoors, I'd like to see them!
1 reply →
This piddly open source effort pales in comparison to what we should really be doing:
Horizontally splitting Google into multiple companies.
Not division via department splits, but equal partitioning across the company into multiple horizontal businesses that compete on the same offerings.
The EU and next DOJ/FTC need to force this.
I agree, but the probability that this is going to happen anytime soon is near-0. The current US administration is not going to rein in the tech broligarchy and if they did, it would be done out of spite and the pieces wold sold to administration-aligned oligarchs (e.g. Ellison), which might end up being worse.
The EU is not going to force this, because it has enough fights to pick with the US, and this is not the hill that they are willing to die on. It would be far more likely for them to financially support an AOSP-based OS.
4 replies →
As of now, Google isn't destroying non-Google android installs, so F-droid will still work there (correct me if wrong). So until Google takes android fully closed or succeeds in getting popular/necessary apps to blacklist non-Google-verified devices, F-droid still has a role
I still think they are planning on coming down side loading and app dev registration with newer phones
https://keepandroidopen.org/
Is there a KDE/GNOME/kernel-like group forming to take over Android AOSP development and provide free alternative yet?
I hope so. The changes can mean two things: people can only use it easily in custom roms (I guess there is an overlap there) or they actually would play with Google: i guess technically they could as well register and sign the stuff with a Google key as the software is all FOSS and would allow defining another responsible developer (otherwise Google would have to through out all FOSS without CLA from their playstore). I guess quitting would be an option, but IMHO the outrage outside the bubble would probably be hardly noticable, so what would be the point?