Comment by goldenarm
7 hours ago
Tweaking user-hostile OSes into user-friendly ones is impressive, but not sustainable. Even worse, it slowing us down from leaving Android entirely.
Look at the AdBlocker crackdown of Google Chrome. Every single chrome-fork has shut down MV2 extensions, even Brave is about to do it, because it is impossible to maintain features that complex on a browser that Google spends >$1B/year to develop.
Same story for /e/ and GrapheneOS, the day Google pulls the plug on source code releases, god knows how long they will last. We should focus our efforts on truly open platforms.
>Even worse, it slowing us down from leaving Android entirely.
There are zero OSes that are 1/ open source 2/ appropriate for phones 3/ with good hardware support. There's absolutely nothing. Running Ubuntu Touch isn't a viable option. Neither is postmarket, librem, tizen, they're all terrible. Security wise, for something as critically important in our lives as a smartphone, I am also not trusting any new pet project that won't be stable for 10 years.
Sure, you might be a poweruser that doesn't care about your phone burning its battery in your pocket after 1 hour because you know how to SSH on it from your watch and put it in sleep, but that's not a viable option. Leaving Android is suicide. A large part of its critical underpinnings are already into the kernel anyways, just disabled. (although a distro running binder could be a fun project). APIs are reverse engineerable generally speaking, except for the server part of play services. But then, if your issue is "my bank won't let me access their app without play services attesting me", I have great news, you won't even have an app for it on your new OS anyways, so it will not work by default. There's already not enough people working on GrapheneOS _or_ on mainstream linux OSes, what makes you think the sitation won't be ten times worse for your custom made mobile OS ?
>We should focus our efforts on truly open platforms.
Android is one, and that can never be taken away. Google pulls the plug ? cool, you're stuck on Android 17, which is centuries of work ahead of literally anything else in the open source community. Hell, for all the shit that Google is doing, they're still constrained by having to work with other vendors: the system privileged notification receiver is swappable at build time, the recent app signing/verification system also is, because Samsung wouldn't let them control it all.
What about Sailfish OS? I heard good things about it, but didn't dare switch... yet. Does anyone have some 1st hand experience?
I do agree, mobile OSS OSes are rough. My point is that we should help them instead of helping Google's toxic relationship. It happened with Chrome/Blink, and everyone already forgot that lesson.
About hard-forking Android, no one was brave enough (pun intended) to do that for Chrome, considering the insane complexity and engineering costs (>$1B/y). (Only Apple was able to affort it with Webkit/Safari, but they are in the ad business too.)
I kinda dont see how both of you cant be right. We need a mobile OS that google isnt involved in. Why not use pure open source android to do it. It can only be cheaper than making it from scratch, since it has alot of work already done on it
3 replies →
chrome was the fork. KHTML from Konqueror became webkit became Safari and chrome.
1 reply →
The whole notion of smartphones is designed for intrusive user surveillance, from the regulatory side to the hardware itself to the software designed for it.
We need tablet computers that don't have hostile hardware like cameras and mics and sensor suites that can be remotely controlled, under proprietary firmware, completely out of owner control.
We need radio hardware and software that is entirely under owner control, with protocols and standards based connection controls; the notion that spectrum and cellular make network connectivity magically necessary to put under the draconian gatekeeping and surveillance of cellular carriers is flaming dumpster garbage.
The carriers are a primary threat vector. The hardware is a primary threat vector. The software is a primary threat vector.
There is absolutely no way to fix the current cellular phone security status quo, every single facet is designed to be leaky and allow "good guys" backdoored access "for the right reasons" and so on, whether it's "user experience telemetry" or "we have a warrant".
Running bog standard linux with sensible security defaults and a good softphone over an internet connection would be fine. There's nothing magical about phones or UX or wtfever this month's marketing rationalization is.
Handheld tablet computers with optional hardware, or even modular hardware, are going to be the future. The current paradigm of parasitic cellular carriers, invasive governmental regulatory bodies working on behalf of all sorts of corrupt interests, and complicit hardware manufacturers are 100% all in on milking consumers for every last unearned penny or intercepted PII they can get their grubby hands on.
> There are zero OSes that are 1/ open source 2/ appropriate for phones 3/ with good hardware support. There's absolutely nothing
Sailfish?
Fundamentally, not enough. Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device. Firejail is a good start, but proper user isolation as Android does is the right solution (each app is a different user, and accessing their data/user data is only done through Providers, or IPC), and anything else is naively trusting and not enough, no matter how many layers of sandboxing and suid-ing you do. Doubly so when all of its apps are written in C++. Can't wait to deal with use-after-free on my mobile device.
In addition, its compatibility with android apps is also chains: why would I bother developing for sailfish (especially since it involves Qt / Qt Creator) when I can just develop an Android app, and say it'll run well enough (unless it needs play integrity, which is the same problem, or somehow falls behind in android/androidx compatibility)
4 replies →
Not entirely FOSS, unfortunately :( (though, it would be cool to see someone take their kernel and implement Plasma Mobile on it)
> you're stuck on Android 17, which is centuries of work ahead of literally anything else in the open source community.
It's far ahead, but at the same time, I think we shouldn't over-emphasise how much. Functionality at the beginning of a project's lifetime is way more important than incremental improvements (or just changes) made later, and thus while much more effort has been invested into Android, new projects primarily need to catch up when it comes to e.g. phone call support and stability, and won't have to redo a lot of the effort of e.g. implementing Material You 3 or whatever.
Which is to say that we're still years out from a viable competitor, but at the same time, there could be one five years from now, which is also not that long.
Material 3 is mostly not part of the AOSP tree (aside from some very, very deep code like shadows) and is just UI libraries. I actually wonder if M3 has View implementations, or if everything has been migrated to Compose.
You're also underestimating the amount of fundamental work that goes in Android. The vast majority is hardware integration. It's not all fancy little bells and whistles. It would have the added benefit of not having to relearn the security mistakes like LIST_ALL_PACKAGES or READ_SMS permissions being open to all, at least.
>critically important in our lives
This is the sad part. I've resisted that slippery slope as much as possible. In part because of ideological reasons, and in part for usability reasons. I have large hands and poor eyesight - using a phone for non-trivial tasks is tedious. I think the only thing I encounter from time to time that requires a smartphone is paying for parking. Everything else I do from a desktop, or don't do at all (doom-scrolling etc.)
I wish society would resist the smartphonification of everything for no reason. A lot of it is marketing- and surveillance-driven.
> Tweaking user-hostile OSes into user-friendly ones is impressive, but not sustainable. Even worse, it slowing us down from leaving Android entirely.
Not sustainable as opposed to what, exactly? Developing and maintaining a completely different mobile operating system? Focusing on truly open platforms sound nice in theory, but completely falls apart the moment you consider what people want to do with their phones compared to the developing resources available.
> Every single chrome-fork has shut down MV2 extensions, even Brave is about to do it
That's just wrong, there are other forks that still support MV2 extensions right now, and at least brave has no plans of shutting down MV2 extensions even after Google removes MV2 from upstream completely. It will certainly add maintance effort on brave's side, but they already patch a million other things that upstream doesn't support.
(Reposting my comment from below)
Brave said they'll try to maintain temporarily limited MV2 support for only 4 specific extensions, but recommend Brave Shields as the go-to adblocker for the future. Google is about to remove most of the MV2 code from the codebase, which will explode the complexity soon.
https://brave.com/blog/brave-shields-manifest-v3/
The word "temporarily" isn't mentioned anywhere on that page, and that's already a very different claim to "Brave is about to shut down MV2". And the MV2 support is not specific to those 4 extensions, the hosting on Brave's servers is (though for other extensions not that much changes with MV3 anyway).
1 reply →
> Developing and maintaining a completely different mobile operating system?
The cost of writing code has fallen 100x in the past 3 years, and will likely fall 100x further. So actually, yes, thanks to AI it probably actually is reasonable to launch a fully new stack from scratch.
>The cost of writing code has fallen 100x in the past 3 years
Maybe, but the cost of actually shipping a product has fallen by maybe 10%. I don't see dozens of production ready mainstream OSes and web browsers popping up because LLM can dump tens of lines of code per second.
1 reply →
> Not sustainable as opposed to what, exactly? Developing and maintaining a completely different mobile operating system? Focusing on truly open platforms sound nice in theory, but completely falls apart the moment you consider what people want to do with their phones compared to the developing resources available.
Multiple open source desktop/laptop operating systems are maintained.
I appreciate that there are people out there working on stuff like /e/OS, but the number one question I have when I learn about a mobile OS that isn't iOS or "Googled" Android is: will the banking and payment apps I need to operate in the modern world run on this OS?
A lot of people don't think this way because they haven't had any problems. But then one day it happens to you and you realize, ok, this is the one thing that matters - you're in a cashless store and the only way you can pay for your meal is to use Approved Apple or Approved Google operating systems.
Where I live, the app my electricity utility provides for viewing and paying my account DISABLES ITSELF FOREVER if you so much as enable USB debugging on your phone (even after you've disabled it again).
To their credit Graphene maintains a global database of which of these apps work and don't. They're the only ones I know of so a thousand upvotes to Graphene OS.
But for my banks, the records in that database are grim. They won't run on Graphene, and they don't respond to reports about it.
One of my banks just discontinued its web UI because "people don't use it anymore, they use the app only."
This is how they're going to get us, folks. This is how we're going to lose it all. Writing code alone will not solve this. It will require some kind of collective action to defend our liberties. Some parts of the world are already lost. So this situation will likely come to a jurisdiction near you eventually: to make a transaction you will need permission from Google, Apple, Visa, Mastercard, or it won't happen. Then that four company list will start to shrink.
> the app my electricity utility provides for viewing and paying my account DISABLES ITSELF FOREVER if you so much as enable USB debugging on your phone (even after you've disabled it again).
These are self-inflicted problems by these apps. Nothing to do with the OS. These apps simply don't work. Complain to the companies that push these broken apps to you.
Would you buy a microwave oven that kills itself if you play the wrong kind of music in your kitchen?
The problems may be inflicted by these apps but the reality is that in many cases you're stuck with them. Electric company freezes your account if you enable USB debugging? Well, you can't choose a new electric company. We can complain to these vendors all we want but they just ignore us.
So these problems become problems of the OS, not because the OS has a problem, but because it affects the reality of using the OS.
4 replies →
You’re implying we have more choice than we do and asking “the average joe” to change banks to accommodate their smartphone is not a serious suggestion.
My utility company, for instance, literally won’t let you navigate their site with a VPN running. These kinds of practices are commonplace and becoming standard.
I promise your electric company accepts payments outside of an app on your phone. I further promise that other banks are available that don't have terrible apps. These problems are way more surmountable than you're painting them here.
Plus, you can still do electronic banking and payments. Use your computer, it's a much better experience anyways
1 reply →
Can't you pay with a card?
> Tweaking user-hostile OSes into user-friendly ones is impressive, but not sustainable. Even worse, it slowing us down from leaving Android entirely.
I would say we need both a sustainable free mobile OS in the long term, and a "less worse Android" today in the meantime.
Initiatives like FairPhone paying someone to upstream device support in the mainline kernel / postmarketOS are interesting for both approaches at the same time (but extra effort would be needed, the FairPhone 5 almost working under postmarketOS [1] is kinda irritating, I hope it reaches full support before Lineage OS stops being updated for this device).
Ignoring hardware support, Linux mobile OSes are quite usable now.
Hardware support is the next step, and only then we can imagine the proprietary apps we are forced to use to work there (though Waydroid provides some answer to this as well).
Another way of helping the cause would be, I suppose, lobbying for laws that forbid the dependency on an stock Google or Apple mobile OS. Or, maybe we can dream a bit, mandatory open source releases for those apps and standard APIs.
[1] https://wiki.postmarketos.org/wiki/Fairphone_5_(fairphone-fp...
> that Google spends >$1B/year to develop.
Let's see...
https://www.techpolicy.press/the-true-cost-of-browser-innova...
* Most of the personnel involved in developing web technologies are engineers, but they also include product managers, sales, marketing, legal, customer support, and other functions.
* Given the complexity of Chrome and web technologies, the engineering teams skew towards higher levels of seniority. Assume that Staff Software Engineer is the most common engineering level represented across the web technologies teams, which is towards the more senior end of Google’s software engineering job ladder.
* The average base salary for Google employees working on web technologies is $240k and the average annual take-home pay is $500k, including salary, bonuses, and stock payments. These estimates are close to the current average base salary and take-home pay for Google Staff Software Engineers listed on industry salary data sites.
* Google has approximately 2000 staff working on web technologies.
Using the above assumptions, the estimated personnel cost for web technologies is 2000 * $596k = $1.2B. Of course there are additional costs associated with these businesses. Based on this sketch, it seems fair to assume that Google spends at least $1-2B annually on Chrome, Chromium, and the evolution of the web platform.
> Even worse, it slowing us down from leaving Android entirely.
I appreciate the vibes where this is coming from, but does it really? I think that assumes that everyone that works on this would work on a true open source OS otherwise, and that if they did, that would result in us breaking free from Android where we otherwise wouldn't. I'm not confident about either of those assumptions.
Meanwhile I'll keep complaining to orgs that don't allow me to work through their website, and tell them that their app won't work on my phone.
There are more OSS devs active on Android ROMs than OSS devs working on independent mobile OSes. We are running out of time, and we are misallocating ressources.
It's like bailing out water from the Titanic. We should prepare the lifeboats instead.
And there are even more devs working on Windows. It's like we're actively drilling a hole into the Titanic.
The thing is that those people aren't "resources" that you can just "reallocate". And even if they were, two extra buckets weren't going to save the Titanic.
(GNU/)Linux on mobile is the true sustanable, independent OS. It relies on the existing, strong Linux development, natively runs existing Linux apps and guarantees you lifetime updates. What else do you need?
Sent from my Librem 5.
22 replies →
True, SailfishOS :-)
Extensions prior to MV3 were notoriously insecure and granted extension developers a very wide attack surface. Assuming that Google only has a sinister reason to switch to a better standard in an ecosystem riddled with ill-intentioned actors is a bit too cynical.
> Every single chrome-fork has shut down MV2 extensions, even Brave is about to do it
Source?
Brave said they'll try to maintain limited support for MV2 for only 4 specific extensions, but recommend Brave Shields as the go-to adblocker for the future. Google is about to remove most of the MV2 code from the codebase, which will explode the complexity soon.
https://brave.com/blog/brave-shields-manifest-v3/
Brave has perverse incentives to discontinue it because of their BAT crypto business model that rewards looking at ads.
Unfortunately even the fully open source Firefox isn't immune to the pressure from the advertising industry, with all their Google funding and their purchase of anonym.
3 replies →
I wouldn't call Android user hostile. What makes most Android phones user hostile is Google Play Services.
I can call Android user hostile. Most Banks and gov apps require play services nowadays, and Google is about to ban app installation outside of their store. Cherry on top, the play store is mostly adware junk. My parents phones are full of adware, bloatware, notification spam, it's almost worse than windows 11.
In your earlier comment you said that deGoogled Android alternatives are what's "slowing us down from leaving Android entirely", but that is not consistent with saying that most banks and government apps require play services.
If these apps cannot run on deGoogled Android, then deGoogled Android cannot be slowing us down from leaving Android because using deGoogled alternatives is as inconvenient for banking and government services as using a non-Android alternative would be.
1 reply →
so it's the play services. /e/OS has none of these problems except for apps that require original play services. so yeah, those don't work.
interesting tidbit: my bank offers their app from google and from huawei store. it doesn't work on /e/OS however. (but that might also be a /e/OS bug).
this means what we really need is a viable play store alternative. EU regulations could make that happen.
> Every single chrome-fork has shut down MV2 extensions
Ungoogled chromium still supports MV2, and uBlock origin extension works fine.
Yes it's behind a flag, but the removal of MV2 from multiple parts of the codebase is imminent.
>Tweaking user-hostile OSes into user-friendly ones is impressive, but not sustainable. Even worse, it slowing us down from leaving Android entirely.
To what?
>We should focus our efforts on truly open platforms.
De-Googled Android was/is a truly open platform. Same result. You're pointing out maintenance issues.
How many developers do we have to maintain this or any other platform without pay? That problem applies to a de-Googled fork of Android, or a complete bottom up build of a new platform.
The benefit of using an Android fork is the labor savings on what's already built.
Maintenance is not going away just because we build a new OS.
The day AOSP sources aren't relased, Google will just lose control over Android and it will be managed by a Chinese consortium instead.
8 of the 10 top smartphone manufacturers are Chinese, there's no going back from that.
I think this is a false dichotomy.
Basically what you’re implying is that all the people working on Android derivatives like Lineage, Graphene, and /e/ coming together and working instead on a fully open source OS like a Linux mobile distribution would result in better outcomes and actually get us closer to a daily driveable open source environment phone operating system.
That’s analogous to saying that an automotive tuning shop that puts turbochargers and body kits on Toyota Corollas shouldn’t waste their time, and they should instead design and mass produce their own sports car.
The level of effort difference between AOSP derivatives and a fully open source OS is massive.
You don't have to use Chrome or Chromium.
The irony of this is that when using Firefox to browse to /e/OS url to check for compatible devices:
https://e.foundation/installer/
I get a pop-up telling me that my browser is not compatible, and I should use Edge, Opera or Chrome. See [1]
[1] https://imgur.com/a/al1Q9DM
When I clicked "Browse supported devices" it took me to https://doc.e.foundation/devices
I think it's due to the lack of WebUSB API support in Firefox, it is needed for the web installer, both for eOS and GrapheneOS
1 reply →
That's a bizarre one. 'You need Chrome' is bad enough, which even the bloody NHS are guilty of, but I always assume that's 'just' an assumption that not Chrome means IE or something, and they haven't woken up even to the proliferation of mobile Safari users.
2 replies →
Yes fortunately we have browser alternatives.
But on mobile, my bank and my government force me to use the Android/iOS duopoly.
How do they do that? I'm not doubting that, it's an honest question. I understand how this works on Apple phones but I don't understand why an identity or attestation service cannot be replaced by another one by the alternative operating system when the hardware is not controlled by Google. Does Google have keys in tamper-proof chips? How else would those banks determine their apps are on the right phone? Or do those apps use Google authentication directly over the Internet, using hard-coded Google public keys?
3 replies →
Chrome is just an example. Google stopped pretending Android is a general purpose OS and started cracking down on what is possible without Google’s approval. See developer verification, everything within Google services, etc.
> even Brave is about to do it
Why anyone ever gave that browser a second of trust is beyond be. The damn thing was built on hijacking ad revenue into some imaginary IOU crypto thing, and built by a creep.
Chrome did not crack down on adblockers in Chrome. In fact the chromium team worked together with adblockers on mv3.
>it is impossible to maintain features that complex on a browser
While Chromium is complex, it is modularized which does make it possible for teams to maintain features.
> We should focus our efforts on truly open platforms.
But currently AOSP is very much open. That's also what the GrapheneOS devs say and why they want to continue using Android. Until it becomes clear that they will completely stop releasing the source code under a free software license i dont see why one should not use Android.
AOSP dev went private, and Google is slower and slower at releasing the source, now twice a year. Worse, many stock apps like the Dialer and Gallery went closed-source years ago.
But the source isn't the point, it's the governance. Just like Chrome, having the source is not enough to guarantee an open platform. Sure you can disable telemetry flags. But you cannot afford to maintain an important feature Google wants to remove, like MV2.
https://arstechnica.com/gadgets/2025/03/google-makes-android... https://www.androidauthority.com/android-16-qpr1-source-code...
> But you cannot afford to maintain an important feature Google wants to remove, like MV2.
That depends on who "you" is. Maintaining extensive patch sets is still way cheaper than building and maintaining an entire browser.
The problem is, if you cannot afford to maintain it, how could you afford to both build AND maintain your own version of it?
2 replies →