Comment by well_ackshually
10 hours ago
>Even worse, it slowing us down from leaving Android entirely.
There are zero OSes that are 1/ open source 2/ appropriate for phones 3/ with good hardware support. There's absolutely nothing. Running Ubuntu Touch isn't a viable option. Neither is postmarket, librem, tizen, they're all terrible. Security wise, for something as critically important in our lives as a smartphone, I am also not trusting any new pet project that won't be stable for 10 years.
Sure, you might be a poweruser that doesn't care about your phone burning its battery in your pocket after 1 hour because you know how to SSH on it from your watch and put it in sleep, but that's not a viable option. Leaving Android is suicide. A large part of its critical underpinnings are already into the kernel anyways, just disabled. (although a distro running binder could be a fun project). APIs are reverse engineerable generally speaking, except for the server part of play services. But then, if your issue is "my bank won't let me access their app without play services attesting me", I have great news, you won't even have an app for it on your new OS anyways, so it will not work by default. There's already not enough people working on GrapheneOS _or_ on mainstream linux OSes, what makes you think the sitation won't be ten times worse for your custom made mobile OS ?
>We should focus our efforts on truly open platforms.
Android is one, and that can never be taken away. Google pulls the plug ? cool, you're stuck on Android 17, which is centuries of work ahead of literally anything else in the open source community. Hell, for all the shit that Google is doing, they're still constrained by having to work with other vendors: the system privileged notification receiver is swappable at build time, the recent app signing/verification system also is, because Samsung wouldn't let them control it all.
> Sure, you might be a poweruser that doesn't care about your phone burning its battery in your pocket after 1 hour
Not even the original pinephone has that poor of battery life. Hyperbole doesn't help your argument.
> Google pulls the plug ? cool, you're stuck on Android 17
And you're stuck on the current hardware generation. Pretty much the only reason why Android sucks less than other mobile OSes is that hardware vendors have a pressing reason to make it work. The further the Google Android kernel diverges from its last-open version, the harder it will become to backport drivers -- and that's assuming that hardware vendors even bother to comply with the GPL when Google decides not to.
> And you're stuck on the current hardware generation.
As someone using a Pixel 3a as their main device that gave me a chuckle.
What do we do when the supply of second-hand Pixel 3s on eBay dries up?
A viable project can't be tied to hardware which is not made any more.
I had Pixel3 until Nov 2025 - when it suffered its final drop. I was kinda grumpy I couldn't convert to Graphine cause the hardware was not supported.
> The further the Google Android kernel diverges from its last-open version
Can it even diverge though? The kernel code is GPL so I don't think Google can close it down even if they wanted.
Yes it definitely can diverge while still staying open source. Happens in the Linux kernel for example whenever the ABI changes.
Unless they invent kernel as a service or undertake a remarkably ambitious AI license laundering project, I think you're right.
I do agree, mobile OSS OSes are rough. My point is that we should help them instead of helping Google's toxic relationship. It happened with Chrome/Blink, and everyone already forgot that lesson.
About hard-forking Android, no one was brave enough (pun intended) to do that for Chrome, considering the insane complexity and engineering costs (>$1B/y). (Only Apple was able to affort it with Webkit/Safari, but they are in the ad business too.)
I kinda dont see how both of you cant be right. We need a mobile OS that google isnt involved in. Why not use pure open source android to do it. It can only be cheaper than making it from scratch, since it has alot of work already done on it
AOSP has so few of the features a full phone needs today. Google has moved too much of the Phone OS into "Google Play Services". This is already the Extend phase of the classic "embrace, extend, extinguish". Given how the next most popular AOSP implementation, Amazon's Kindle Fire isn't even trying to compete in the phone space and involves an equally large company throwing nearly as much money into an "also ran" alternative to "Google Play Services", it seems easy enough to argue Android may even already be in the extinguish phase.
(ETA: See also Microsoft's many years of trying to build its own "Google Play Services" competitor. Eventually breaking and making use of Amazon's. Then giving up entirely again on a de-Googled alternative to running Android apps.)
2 replies →
(Copying my reply from below)
Building and maintainance cost are not linear, especially when you inherit legacy code. The AOSP codebase isn't great, is 4x bigger than the Linux Kernel, and full of "Ship now, patch later" mess.
But I agree that it is a significant endeavor. But the OSS community succeeded in similar projects before, and the current state of the Linux desktop makes me hopeful.
3 replies →
chrome was the fork. KHTML from Konqueror became webkit became Safari and chrome.
I still use Konqueror occasionally. It no longer uses KHTML (it uses blink now iirc through Qt webengine (which just got webextension support, someone's working on adding them to falkon so I'm sure Konqueror isn't too far behind)) but it works surprisingly well. It's still a great file manager if any of you remember how good it was
The whole notion of smartphones is designed for intrusive user surveillance, from the regulatory side to the hardware itself to the software designed for it.
We need tablet computers that don't have hostile hardware like cameras and mics and sensor suites that can be remotely controlled, under proprietary firmware, completely out of owner control.
We need radio hardware and software that is entirely under owner control, with protocols and standards based connection controls; the notion that spectrum and cellular make network connectivity magically necessary to put under the draconian gatekeeping and surveillance of cellular carriers is flaming dumpster garbage.
The carriers are a primary threat vector. The hardware is a primary threat vector. The software is a primary threat vector.
There is absolutely no way to fix the current cellular phone security status quo, every single facet is designed to be leaky and allow "good guys" backdoored access "for the right reasons" and so on, whether it's "user experience telemetry" or "we have a warrant".
Running bog standard linux with sensible security defaults and a good softphone over an internet connection would be fine. There's nothing magical about phones or UX or wtfever this month's marketing rationalization is.
Handheld tablet computers with optional hardware, or even modular hardware, are going to be the future. The current paradigm of parasitic cellular carriers, invasive governmental regulatory bodies working on behalf of all sorts of corrupt interests, and complicit hardware manufacturers are 100% all in on milking consumers for every last unearned penny or intercepted PII they can get their grubby hands on.
FLX1s running FurioOS, a Debian variant. [0]
World would be better off if they De-Google and De-Apple! You have to pay me to use Google and Apple!
[0] https://furilabs.com/
Do you own one? How is camera and audio and geolocation support? Decent?
> you're stuck on Android 17, which is centuries of work ahead of literally anything else in the open source community.
It's far ahead, but at the same time, I think we shouldn't over-emphasise how much. Functionality at the beginning of a project's lifetime is way more important than incremental improvements (or just changes) made later, and thus while much more effort has been invested into Android, new projects primarily need to catch up when it comes to e.g. phone call support and stability, and won't have to redo a lot of the effort of e.g. implementing Material You 3 or whatever.
Which is to say that we're still years out from a viable competitor, but at the same time, there could be one five years from now, which is also not that long.
Material 3 is mostly not part of the AOSP tree (aside from some very, very deep code like shadows) and is just UI libraries. I actually wonder if M3 has View implementations, or if everything has been migrated to Compose.
You're also underestimating the amount of fundamental work that goes in Android. The vast majority is hardware integration. It's not all fancy little bells and whistles. It would have the added benefit of not having to relearn the security mistakes like LIST_ALL_PACKAGES or READ_SMS permissions being open to all, at least.
> There are zero OSes that are 1/ open source 2/ appropriate for phones 3/ with good hardware support. There's absolutely nothing
Sailfish?
Fundamentally, not enough. Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device. Firejail is a good start, but proper user isolation as Android does is the right solution (each app is a different user, and accessing their data/user data is only done through Providers, or IPC), and anything else is naively trusting and not enough, no matter how many layers of sandboxing and suid-ing you do. Doubly so when all of its apps are written in C++. Can't wait to deal with use-after-free on my mobile device.
In addition, its compatibility with android apps is also chains: why would I bother developing for sailfish (especially since it involves Qt / Qt Creator) when I can just develop an Android app, and say it'll run well enough (unless it needs play integrity, which is the same problem, or somehow falls behind in android/androidx compatibility)
> Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device.
Honest question: why are mobile devices more hostile than laptops/desktops?
7 replies →
> Linux's default security mechanisms are simply too weak for something as potentially hostile as a mobile device.
Linux has SELinux as a default option which Android makes good use of, some forks more than others, and setup correctly it is better than user isolation. You could also recreate the protection user isolation provides through policy alone.
Not entirely FOSS, unfortunately :( (though, it would be cool to see someone take their kernel and implement Plasma Mobile on it)
> you're stuck on Android 17, which is centuries of work ahead of literally anything else in the open source community
Honestly if this happens, look to China to maintain Android going forward and add new parallel implementations of Android 18+.
Right now almost all of China runs on various forks of AOSP; every phone manufacturer in China has their own AOSP fork (Xiaomi: MIUI/HyperOS, Huawei, HarmonyOS, TCL: TCLUI, etc.). Apps in China are distributed both as .apk files as well as through a bunch of different domestic app stores. They are compatible with all of these Android forks. These apps are also designed to be compatible with Google Android for Chinese folks overseas.
TBH China is much, much closer to "decentralized" development of Android than the Google-centric US ecosystem.
Granted most of those AOSP forks in China also often have spyware of sorts, but at least there are multiple active forks and a healthy app ecosystem working on all the forks.
What about Sailfish OS? I heard good things about it, but didn't dare switch... yet. Does anyone have some 1st hand experience?
I believe it's a paid OS now. Requires subscription. It was already dead before they announced it so I guess it's deader than dead now.
Edit: So apparently they're launching new hardware so maybe it's not as dead as I thought it is.
>critically important in our lives
This is the sad part. I've resisted that slippery slope as much as possible. In part because of ideological reasons, and in part for usability reasons. I have large hands and poor eyesight - using a phone for non-trivial tasks is tedious. I think the only thing I encounter from time to time that requires a smartphone is paying for parking. Everything else I do from a desktop, or don't do at all (doom-scrolling etc.)
I wish society would resist the smartphonification of everything for no reason. A lot of it is marketing- and surveillance-driven.
Imagine if Boot2Gecko / FirefoxOS had someone kept going, I wonder if I'd have evolved sufficiently enough to be commercially viable?