Seems like the jury is out on SMS, and things like QKSMS aren’t necessarily recommended over the AOSP messages app. Does privacyguides have a GrapheneOS guide for these replacements that we apparently need? That would be lovely.
I believe what Lukas meant is that Google and/or Android broadly considers those placeholder apps, not that GrapheneOS specifically recommends replacing them.
This is in my opinion one of the more insidious aspects of Android as an ““open source”” project. AOSP is indeed open source, but it has been designed in such a way that in its open form it is quite anemic, and the AOSP apps receive little attention, and a lot of dependence on proprietary apps like Google Play Services is build in by design for even basic core features of a smartphone. This is one of my biggest frustrations with Android (open source, designed to depend on closed source for basic functionality).
Google has slowly been dropping support for many projects under AOSP. Recent releases of Android haven’t actually added many user visible features to Android itself, most of those features are actually apart of Google Apps.
Examples:
6.0 = Now on Tap
5.0 = Android Wear Integration
4.4 = Google Now and Google Play Store
4.1 = Google Now
All older versions implemented features that were available in AOSP
What’s been (partially) dropped and what it was replaced with:
App developers choosing to develop their apps in a way that depends on Google Play Services and then only publish those apps to the Play Store is their fault, not the operating system’s fault.
Choosing to build basic functionality which apps are intended to rely on, into proprietary Google Play Services and other proprietary Google system apps instead of AOSP itself is a conscious choice that Google made and continues to double down on. This is in my eyes a very deliberate choice on Google’s part, akin to a dark pattern at the development level.
App developers can go out of their way to cater to the 0.1% of us who care about free software, and/or transparency, and/or privacy, but most developers (including even many somewhat privacy focused projects) take the path of least resistance or rely at least partially on proprietary Google stuff.
Android is still an amazing operating system, and nothing else comes close to it.
It’s licensed under a permissive license.
It’s very secure, unlike desktop operating systems.
AOSP is a lot more private than iOS.
While most Linux distributions are privacy-friendly themselves, they don’t have strong privacy protections from third-party apps and services, and Android is literally the best at this. The sandboxing and permission model is just a chef’s kiss.
GrapheneOS, in my opinion, has by far the best privacy and security while not heavily sacrificing usability and performance, and GrapheneOS is obviously based on AOSP.
F-Droid alone has over 4,000 completely FLOSS apps that don’t have any proprietary dependencies and can be built almost exclusively using FLOSS tools.
I just wish the “Linux phones” focused on having well functioning Android as opposed to the current blob filled devices. Would still have downsides like lack of secure boot, but would be vastly superior with regards to mobile app availability.
Wouldn’t agree with this, I hate how Android hardware companies avoid copyleft. The Linux kernel has tons of open source drivers included with the kernel, and on desktop various manufacturers contribute upstream (Yes, even there, companies like NVIDIA and Broadcom don’t open source their drivers, but that’s considerably less common than with chipset makers on Android), and both Intel and AMD contribute a LOT, Intel being the biggest overall contributor to Linux in general (opposed to, say, Qualcomm, which has never done so for Android. This won’t be the case for their laptop CPUs though.). Most of them are GPL licensed as well. The copyleft nature is much better, unless we end up with the Android driver situation.
I will say I don’t know the exact details, but I’m pretty sure there is some layber between the Linux kernel and blob drivers so it doesn’t violate licenses as well. And of course, each chipset has its own forked kernel with blob drivers included.
Yeah, I guess I framed the first post poorly… I agree with RMS that if your threat model is similar to his you just shouldnt use a phone… but I don’t have such an extreme threat model so this became a long conversation about how to use GrapheneOS and apps suggested by privacyguides without using Google Play Services which is what I’m doing now.
I do want to call out that it’s not a threat model that drives Mr Foot Gunk’s choices, it’s the “freedom at all costs” ideology. No one is trying to hack his shit, and if they were, they’d have a pretty easy time given the security issues with most libre alternatives to mainstream linux tooling.
For sure. Anyone using garbage tools will get owned.
Dr Foot Gunk in particular doesn’t online bank, pays cash, and PGPs his emails left and right. Historically he uses some insane email proxy system to ‘browse’ the web and disables javascript on every site he sees etc… While your point is true for libre idealists in general, it’s probably not true for RMS in particular.
(And also he is 100% making those choices bc FREEDOM! not bc threat model… but I was trying to use the lingo to keep the convo flowing.)
Hi, did you know that a cell phone can be located by timing the signal, so the phone is a cetrain distance from a tower, and where does it cross houses. This is where you most likely live.
C
This is called triangulation, and you need to be pretty paranoid to worry about it unless you’re in the US, where your location is sold to everyone willy-nilly.