Comment by AlBugdy
17 hours ago
What's the phone OS landscape now? What can someone who values their agency and wants FOSS choose?
* iOS - walled garden, so no
* Android:
* * with a Google account and Play Services - a bit less of a walled garden, but still no
* * Android without Google:
* * * GrapheneOS - root or adb not supported, so no
* * * LineageOS - (edit: root or adb not supported, so no - just learned) seems like a viable option although it seems like it depends on Google's development of Android and keeping it FOSS. How's the situation with security updates? Which phones would you recommend? I don't count Samsung or whatever crap as they're generally quite user-hostile.
* Linux - IIRC only PMOS supported FDE. Is that still the case? Are there are good Linux phones? I tried PinePhone a few years ago, but it was crappy. The OS also lacked basic features like new windows showing up inside the screen.
* anything else?
> GrapheneOS - root or adb not supported, so no
Like the other poster said, you can get root on GOS. However it's highly ill advised and severely breaks the security model of devices. 99% of the time nobody, especially the average person, needs root on their phone (imo). Allowing that easily just opens up the average person to getting duped into getting their phone rocked with exploits and possibly persistent malware.
There is no reason that a lack of root access should be viewed as a negative within the context of GrapheneOS. In that case why even mention or choose GOS? Just choose an Android fork with poor security or a Linux phone with zero security instead.
> 99% of the time nobody [...] needs root on their phone
Do you also not have root on your laptops or desktops? I don't get why it's so different. I don't just want to open TikTok and Instagram, I want to use my phone computer as a computer. I assumed HN folks would get it.
I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to.
Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?
And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?
I probably don't get it, but it's like people see 2 extremes - run nothing ever in root or run everything in root all the time.
I want to run like 5-6 apps I trust.
Maybe if I wanted to secure a billion dollars worth of Bitcoin, I would be OK with a separate phone without root, but then again I would likely use a hardware wallet. What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?
> Do you also not have root on your laptops or desktops? I don't get why it's so different. I don't just want to open TikTok and Instagram, I want to use my phone computer as a computer. I assumed HN folks would get it.
The security models of desktop operating systems are far, far behind those of mobile operating systems (Android/iOS). ChromeOS, followed by macOS are the closest to mobile security but are still severely lacking. Windows is farther behind and desktop Linux might as well be minimum security. It’s not even an equivalent comparison as you’re comparing mobile OSes to ones on a platform with a fundamentally worse security architecture.
I mean, even to an extent some of the Linux distributions understand the security problems with the traditional model. Look at what Universal Blue is doing with their images and leaning more into Flatpaks and containers for any developer like etc tooling while actively discouraging installing things via rpm-ostree.
> I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to. Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?
The first sentence is inherently incompatible with the security structure of GrapheneOS (for example). The point is to not give applications root, giving them root circumvents basically all of the protections GrapheneOS and Android give the user. Yes, mobile operating systems were designed sandbox first to treat all applications as untrusted. However it doesn’t matter if you’re only giving “trusted” apps root, all it takes is one supply chain exploit, one malicious developer, one anything to make that app with root do something its not supposed to do.
Not having root is the best way to harden security. Mobile OSes are designed to be heavily compartmentalized, each application runs in its own sandbox. Giving an application root circumvents the entire thing, allowing that application in theory to see into other sandboxed apps etc. If you want a real world example look at all the malware exploits that come into iOS via iMessage, one of the only apps on iOS that’s not fully sandboxed like normal apps.
> And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?
The problem is that we don’t know how they could leverage it, so the solution is to eliminate that pathway entirely.
This is also my issue with the push for Linux phones onto the average person (instead of the community coming together and forking AOSP if they want to escape Google). The platform has zero real sandboxing, and the average person still wants to use Meta apps as shit as they are. These big tech companies’ and governments’ apps would go absolutely crazy on Linux phones.
> What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?
To not get unknowingly pwned. Realistically even if you have a trusted app, you or the community can only verify that it’s trusted at a specific point in time. Realistically a community cannot verify that an app or package etc is consistently not malicious and will more often than not lag behind in the implementation of the exploit vs its discovery, it doesn’t matter if its closed or open source.
To be clear though my view is that we shouldn’t be pushing root-capable mobile operating systems onto the average person and that no root is infinitely more secure than having it. Maybe companies could provide alternatives, i.e. offering devices with rooted versions available but offering no customer support if something goes wrong with the software. But it certainly shouldn’t be a default available feature for the majority of the population.
—
An edit: Also preventing root allows devices to pass attestation checks. I know it has a dirty connotation in light of how companies are behaving recently, but it really is a security benefit for a device to be able to prove that it’s base operating system is unmodified (i.e. no persistent malware is present).
2 replies →
You need root to get around all the stuff that Google won't let you do. There's tons of examples I've encountered over the last 20 years, but the one I encountered most recently is that without root, when I plug in an external display to my phone, I can't actually make the phone display go off. So it sits there powering the external display and its own display (that I'm not using) because of permissions.
I had the first two iPhone models, but then moved to Android. So I've been an Android user for ~15 years. This will probably be the drop that makes me go back and try an iPhone again. If all phone OSes are going to be walled gardens, might as well go for the best one.
Android has always been lagging on usability/performance/polish, but I stuck with it for the openness and because it generally was first to tryi new things. I remember how people at work laughed at me when I got a Samsung Galaxy Note ("It's so big it looks like you have an iPad in your pocket"), yet a few years later every phone was that size. And now Android is leading with foldables. I love my OnePlus Open, but OnePlus seems to be pulling out from the Western market so further support is looking "iffy", so might as well get an iPhone.
GrapheneOS - does allow you to root/ADB. It's just not official, just like LineageOS. You can even sign your own images and relock the bootloader and have root i f you put in the effort.
So I misunderstood about LineageOS - I haven't read anything about it for a while. Everyone on GrapheneOS's forum is really anti-root, they even mention it's not GrapheneOS anymore. From what I saw you can't get any support whatsoever if you have an issue with root or adb, which seems like a core component to any OS to me. Would've been nice if there was a community that gave each other support for rooted LOS or GOS. There could be one, though - I haven't researched it.
I think a problem is that phones, as a concept, are communication first, rather than general computing first.
If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I'm sure FOSS can make a feature equivalent Instagram (or Whatsapp, or whatever) but the people aren't in there.
> I think a problem is that phones, as a concept, are communication first, rather than general computing first.
I use all kinds of computers for communication. I'm communicating with you on my desktop. I had a call earlier on my laptop. And a phone IS a computer, so why pretend it's not?
> If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I wouldn't use proprietary work tools on a personal device. It's not good hygiene.
I don't care if Instagram requires an app on a non-rooted phone with verified Google attestations because I don't use it and it's not essential.
Banking apps ARE a problem because a lot of banks don't let you use their site without their app at all. That should be solved with regulations - give people a FOSS banking app or, better yet, an API, so they can bank however they want to. Let us create FOSS interfaces for the different banks. Right now we need to revert the regulations who more or less force us to rely on Google or Apple's attestation. Internet banking is important both because there's a trend, even in countries where cash is still widely used, to have places that don't take cash, and because it's a highly regulated system paid for my taxes - I should be able to participate in a modern way with bullshit restrictions allegedly made to prevent someone's grandpa from getting hacked or phished.
But if I can't access my bank online, I'm not going to bow my head and buy a bank-approved phone with a bank-approved OS and a bank-approved $tech_company account. Who banks that often that they really need to do that, outside of places like Sweden where cash is almost dead?
> Who banks that often that they really need to do that, outside of places like Sweden where cash is almost dead?
I often pay cash in physical stores, but when buying things online I (and every other Dutch person) use Ideal (Wero). That means authorising each payment via my bank, and that means either using my smartphone (GrapheneOS) with the bank's app, or using the bank provided OTP device with my debit card inserted.
Using my smartphone is, unfortunately, the easiest way. I hate both options for the fact that I need to fetch either my smartphone or my debit card though.
Banks want their stupid app because it is the easiest way to keep some client-side secret secure in a nearly fool-proof manner. I can do everything I want in any browser, but authorisation and authentication happens by means of that app, so even just logging in means scanning a QR code with the app, and then continuing in the browser of any device I want.
I think most people use bank several times a week at the very least. Some do it constantly and put debit cards on their smartphones and concentrate everything financial on that single device, but even folk who keep ready amounts of cash on hand and don't buy things online too often bank several times a month, even if just to pay taxes and keep an eye on their finances.
>I use all kinds of computers for communication. I'm communicating with you on my desktop.
Sure, now get a date, connect with old friends, get invited to a party or join your children's school parent groups exclusively on free software.
>And a phone IS a computer, so why pretend it's not?
I agree we shouldn't, I'm just saying that it's unlikely for that need to meet a large enough demand.
You might consider Instagram, whatsapp or similar apps personally not essential, but for many (I would say most) people they are - if not truly essential for living, at least essential in the sense that they don't have much use for their phone outside of those apps.
Which was my point, as long as the main use of a phone requires passing through meta's (or whoever else's) hoops, it's going to be a hard battle.
The only minimally mainstream uses of a phone that currently lie outside the walled garden are piracy and emulators, and that's already a stretch.
1 reply →
fairphone support for pmOS is improving. What DE were you using? It was probably just slow on the pinephone.
librem 5 is also an option. It is sorta expensive and weak but is the most capable.
https://wiki.postmarketos.org/wiki/Devices
right now im on calyxos but development has been paused for like a year
It was a long time ago, so I don't remember. Phosh or Plasma. I tried to like Sxmo, but it was really unintuitive, unlike tiling WMs on Linux.
Fairphones seems OK, although for €549 I'll probably stick to a dumb phone and invest in a better laptop for now. I'm not saying it's too expensive for what it is, though - it's still a tiny computer with all kinds of periphery.
I just wish there was a version with a shitty camera for €50 less or with no Bluetooth for €10 less - you get the idea.
Interestingly, when I went to
https://www.fairphone.com/shop-home
the prices for the headphones were lower for a few seconds and got higher afterwards.
€186.75 -> €249
€74.25 -> €99
while the phone price remained the same. Both are increases of 33.(3)%. Probably a script that determined my location and added a VAT.
You can root GrapheneOS, they just don't recommend you doing so.
In their forum they repeatedly say stuff like:
> If you choose to root, then I believe its not considered to be "GrapheneOS" any longer and assistance will not be provided for issues you face
Getting no support would suck. Obviously it's a FOSS OS, so it would be community support for the most part, but it's still invaluable when you run into issues.
Obligatory mention of Sailfish OS.
Website: https://news.ycombinator.com/item?id=41749296
Why do you want to root? I didn't really feel the need for the past few years.
Backing up all app data.
That breaks Android's security model and reduces overall security.
2 replies →
An alternative if you are using Graphene would be to build your own image with the changes that you want, without or without root.
Because my new phone would be my new phone. And a phone is a computer. That should be enough of a reason.
I'm quite surprised people who post here don't get that. I've been lurking for years even though my account is new and even though general hackerishness here has gotten a bit reduced over the years, but it's still HackerNews, not ConsumerNews. No offense implied - I just hoped I'd see more people willing to claim their right to own and modify their OS like a true hacker.
Exactly. It is my device. End of story.
If I could point out, the vast majority of people you see writing things as stupid as that are either have a huge stake in the company/industry or the government.
Thanks for all of your other comments in this thread I read them all and it is such useful advice for everyone, even seasoned security people.
It isn't natural to want less freedom.
I do (re-)root my phone (after each update I have to flash the Magisk-modified boot.img again), but FWIW almost nothing needs root on Android, it lets you do way more by default than iOS. I think some people equate jailbreaking and rooting when there's not really a jail to begin with. You can install a custom ROM without having root and I think that's what most people really want to do. Cleaner base system, maybe some new features. I run LineageOS without gapps and it's great. I can use `sudo` inside termux since I have root. I don't really use it for anything except to verify that Magisk reinstalled okay (I do `sudo ls /` as a quick check). Installing F-Droid doesn't need root. You can even do it on locked down TVs and Amazon tablets usually. adb works as well, not sure why someone was saying it doesn't. Hell, adb should work even without either root or a custom ROM. I use it to reboot my phone into fastboot without the button combo and then flash Magisk right after.
2 replies →