It still remains to be seen what the actual requirements are, and even if F-Droid could become "approved" that doesn't mean they want to. Time will tell.
The "security" rationale is horseshit given just how much malware is readily download able on the Play Store. Google never cleans its own house before going after others.
If you (not you specifically) are unsure of your abilities to use computers, let a friend or a family member buy a dumbed down device for you or install parental controls or something. Or maybe have clicking the build number 7 times reveal "toddler mode" where you can lock your device down irreversibly as much as you want.
* iOS - walled garden, so no
* Android:
* * with a Google account and Play Services - a bit less of a walled garden, but still no
* * Android without Google:
* * * GrapheneOS - root or adb not supported, so no
* * * LineageOS - (edit: root or adb not supported, so no - just learned) seems like a viable option although it seems like it depends on Google's development of Android and keeping it FOSS. How's the situation with security updates? Which phones would you recommend? I don't count Samsung or whatever crap as they're generally quite user-hostile.
* Linux - IIRC only PMOS supported FDE. Is that still the case? Are there are good Linux phones? I tried PinePhone a few years ago, but it was crappy. The OS also lacked basic features like new windows showing up inside the screen.
* anything else?
If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I'm sure FOSS can make a feature equivalent Instagram (or Whatsapp, or whatever) but the people aren't in there.
I use all kinds of computers for communication. I'm communicating with you on my desktop. I had a call earlier on my laptop. And a phone IS a computer, so why pretend it's not?
> If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I wouldn't use proprietary work tools on a personal device. It's not good hygiene.
I don't care if Instagram requires an app on a non-rooted phone with verified Google attestations because I don't use it and it's not essential.
Banking apps ARE a problem because a lot of banks don't let you use their site without their app at all. That should be solved with regulations - give people a FOSS banking app or, better yet, an API, so they can bank however they want to. Let us create FOSS interfaces for the different banks. Right now we need to revert the regulations who more or less force us to rely on Google or Apple's attestation. Internet banking is important both because there's a trend, even in countries where cash is still widely used, to have places that don't take cash, and because it's a highly regulated system paid for my taxes - I should be able to participate in a modern way with bullshit restrictions allegedly made to prevent someone's grandpa from getting hacked or phished.
But if I can't access my bank online, I'm not going to bow my head and buy a bank-approved phone with a bank-approved OS and a bank-approved $tech_company account. Who banks that often that they really need to do that, outside of places like Sweden where cash is almost dead?
Sure, now get a date, connect with old friends, get invited to a party or join your children's school parent groups exclusively on free software.
>And a phone IS a computer, so why pretend it's not?
I agree we shouldn't, I'm just saying that it's unlikely for that need to meet a large enough demand.
You might consider Instagram, whatsapp or similar apps personally not essential, but for many (I would say most) people they are - if not truly essential for living, at least essential in the sense that they don't have much use for their phone outside of those apps.
Which was my point, as long as the main use of a phone requires passing through meta's (or whoever else's) hoops, it's going to be a hard battle.
The only minimally mainstream uses of a phone that currently lie outside the walled garden are piracy and emulators, and that's already a stretch.
Like the other poster said, you can get root on GOS. However it's highly ill advised and severely breaks the security model of devices. 99% of the time nobody, especially the average person, needs root on their phone (imo). Allowing that easily just opens up the average person to getting duped into getting their phone rocked with exploits and possibly persistent malware.
There is no reason that a lack of root access should be viewed as a negative within the context of GrapheneOS. In that case why even mention or choose GOS? Just choose an Android fork with poor security or a Linux phone with zero security instead.
Do you also not have root on your laptops or desktops? I don't get why it's so different. I don't just want to open TikTok and Instagram, I want to use my phone computer as a computer. I assumed HN folks would get it.
I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to.
Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?
And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?
I probably don't get it, but it's like people see 2 extremes - run nothing ever in root or run everything in root all the time.
I want to run like 5-6 apps I trust.
Maybe if I wanted to secure a billion dollars worth of Bitcoin, I would be OK with a separate phone without root, but then again I would likely use a hardware wallet. What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?
The security models of desktop operating systems are far, far behind those of mobile operating systems (Android/iOS). ChromeOS, followed by macOS are the closest to mobile security but are still severely lacking. Windows is farther behind and desktop Linux might as well be minimum security. It’s not even an equivalent comparison as you’re comparing mobile OSes to ones on a platform with a fundamentally worse security architecture.
I mean, even to an extent some of the Linux distributions understand the security problems with the traditional model. Look at what Universal Blue is doing with their images and leaning more into Flatpaks and containers for any developer like etc tooling while actively discouraging installing things via rpm-ostree.
> I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to. Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?
The first sentence is inherently incompatible with the security structure of GrapheneOS (for example). The point is to not give applications root, giving them root circumvents basically all of the protections GrapheneOS and Android give the user. Yes, mobile operating systems were designed sandbox first to treat all applications as untrusted. However it doesn’t matter if you’re only giving “trusted” apps root, all it takes is one supply chain exploit, one malicious developer, one anything to make that app with root do something its not supposed to do.
Not having root is the best way to harden security. Mobile OSes are designed to be heavily compartmentalized, each application runs in its own sandbox. Giving an application root circumvents the entire thing, allowing that application in theory to see into other sandboxed apps etc. If you want a real world example look at all the malware exploits that come into iOS via iMessage, one of the only apps on iOS that’s not fully sandboxed like normal apps.
> And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?
The problem is that we don’t know how they could leverage it, so the solution is to eliminate that pathway entirely.
This is also my issue with the push for Linux phones onto the average person (instead of the community coming together and forking AOSP if they want to escape Google). The platform has zero real sandboxing, and the average person still wants to use Meta apps as shit as they are. These big tech companies’ and governments’ apps would go absolutely crazy on Linux phones.
> What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?
To not get unknowingly pwned. Realistically even if you have a trusted app, you or the community can only verify that it’s trusted at a specific point in time. Realistically a community cannot verify that an app or package etc is consistently not malicious and will more often than not lag behind in the implementation of the exploit vs its discovery, it doesn’t matter if its closed or open source.
To be clear though my view is that we shouldn’t be pushing root-capable mobile operating systems onto the average person and that no root is infinitely more secure than having it. Maybe companies could provide alternatives, i.e. offering devices with rooted versions available but offering no customer support if something goes wrong with the software. But it certainly shouldn’t be a default available feature for the majority of the population.
—
An edit: Also preventing root allows devices to pass attestation checks. I know it has a dirty connotation in light of how companies are behaving recently, but it really is a security benefit for a device to be able to prove that it’s base operating system is unmodified (i.e. no persistent malware is present).
librem 5 is also an option. It is sorta expensive and weak but is the most capable.
https://wiki.postmarketos.org/wiki/Devices
right now im on calyxos but development has been paused for like a year
Fairphones seems OK, although for €549 I'll probably stick to a dumb phone and invest in a better laptop for now. I'm not saying it's too expensive for what it is, though - it's still a tiny computer with all kinds of periphery.
I just wish there was a version with a shitty camera for €50 less or with no Bluetooth for €10 less - you get the idea.
Interestingly, when I went to
https://www.fairphone.com/shop-home
the prices for the headphones were lower for a few seconds and got higher afterwards.
€186.75 -> €249
€74.25 -> €99
while the phone price remained the same. Both are increases of 33.(3)%. Probably a script that determined my location and added a VAT.
I'm quite surprised people who post here don't get that. I've been lurking for years even though my account is new and even though general hackerishness here has gotten a bit reduced over the years, but it's still HackerNews, not ConsumerNews. No offense implied - I just hoped I'd see more people willing to claim their right to own and modify their OS like a true hacker.
> If you choose to root, then I believe its not considered to be "GrapheneOS" any longer and assistance will not be provided for issues you face
Getting no support would suck. Obviously it's a FOSS OS, so it would be community support for the most part, but it's still invaluable when you run into issues.
> Google’s been working hard to relive everyone’s fears...
For example, lots of people use phones without any google play framework installed. Without that framework, how does it "carry over"?
This just raises more questions about how this whole process works.
Is it only the play api doing so? If so, then if you de-google, this entire problem goes away?
If not, then how can you 'carry over' to a phone unless you also install the play framework? Seems like that's unhelpful.
So this is vendor lock-in to an online account being sold as a way to "win" against a problem _created_ by said vendor? I would prefer a per-device wait time and I sincerely hope a Google account will not be a hard requirement. I didn't consider this initially.
Google is in the process of stealing the shirts from our backs and selling them back to us. Whoever wrote this article is drinking the kool-aid. This should NOT be presented as a positive thing. Some of us use Android without a Google account and would still like to sideload.
It was really nice last year when I moved to a new device. I restored my last SMS, call log, and contact backup with the open source app I use for that, then loaded the rest of the apps I use from their APKs. It was a lot like getting a new PC. Very enjoyable.
WTF Concession? Why are we asking google for permission to use the devices we bought as they see fit?
Ok, google is doing what is best for them, abusing users. But the manufacturers are really to blame here because the devices are by default locked to what google and them decide. There is no Market Choice here.
They're still moving the Overton window on making Android a walled garden. They're playing a longer game.
Also, let's be clear about the mobile landscape right now. Many apps aren't written in Java or Swift, but instead are being transpiled from other languages like TypeScript and using UI libraries that aren't locked to the mobile platform itself.
When a new mobile platform enters the space it will require some react-native and capacitor glue code and we are in business.
What a joke. It's not a journalist job to shill for corporations