
Free phone operating system - sanctumware
https://www.fsf.org/campaigns/priority-projects/free-phone
======
em3rgent0rdr
I've been using Replicant since the early days. But I eventually gave up due
to lack of updates to latest Android security patches. Unfortunately a free
phone isn't useful if it is insecure.

~~~
ge96
I'm curious, I've never had an interest in a free operating system for a
phone, I sort of was under the impression Android is free except that
sometimes it's device specific eg. they'll stop updating your old model phone.
I don't know though. Also if Linux is a free OS and Android is based on
Linux?...

What made it insecure? You don't mean password security but what? Vulnerable
like WiFi/internet packets? I don't understand. It's interesting though.

I mean when you "Flash a new ROM" or something on your Android device, what is
that? You can't just grab a general Android OS and put it on a phone?
Interesting stuff but again haven't looked into it before/had a reason to
aside from the interest of like Virtual Boxing equivalent on a phone.

~~~
aexaey
Not the GP, but it looks like significant number of Android vulnerabilities
[1] are local privilege escalation (as in: install an app from a questionable
source, app use vulnerability to silently gain root, app siphons off your data
and/or wrecks havoc on the phone).

Hefty fraction of local privilege escalation vulnerabilities are in the Linux
kernel, and pretty much every single Android device out there ships with its
own, unique, outdated out-of-tree kernel with dependencies on a number of
version-specific binary-only blobs. End result of all that is - even if
underlying vulnerability is fixed in mainline kernel, phone's vendor still
needs to repeat this exercise _for each and every phone_. Moreover, because of
binary blobs, phone vendor oftentimes has to contact their SoC vendor, SoC
vendor has to contact the vendor for that IP block they've shipped binary blob
for, etc... All this process is extremely fragile, costly, and lengthy. Not
exactly something you want to have in place for security updates. Google
somehow manages to do half-decent job updating their Nexus/Pixel phones for
few years after hardware hitting the market. Most other vendors drop the ball
to some degree here, often completely.

Replicant took on a Sisyphean task of enabling blob-free (a.k.a. 100% free and
open-source) firmware to some Android devices. Among other things, this could
_eventually_ enable one to use mainline kernel and do security updates much
more quickly and efficiently.

Current status however is far from that ideal. Latest "stable" Replicant (4.2)
uses various versions of 5-year-old kernel 3.0.x branch [2,3], and didn't
achieve fully blob-free status either. That said, you _can_ run blob-free, as
long as you can do without 3D, WiFi, bluetooth, hardware-accelerated video and
(depending on the hardware) without camera, GPS and NFC too [4].

[1] [https://www.cvedetails.com/vulnerability-
list/vendor_id-1224...](https://www.cvedetails.com/vulnerability-
list/vendor_id-1224/product_id-19997/Google-Android.html)

[2]
[https://git.replicant.us/replicant/kernel_samsung_smdk4412/b...](https://git.replicant.us/replicant/kernel_samsung_smdk4412/blob/replicant-4.2/Makefile)

[3]
[https://git.replicant.us/replicant/kernel_samsung_espresso10...](https://git.replicant.us/replicant/kernel_samsung_espresso10/blob/replicant-4.2/Makefile)

[4]
[http://redmine.replicant.us/projects/replicant/wiki/Replican...](http://redmine.replicant.us/projects/replicant/wiki/ReplicantStatus#Replicant-42)

~~~
ge96
Wow thanks a lot for the information. Both of my phones are outdated/no longer
updated. I guess I should be careful what I install. How would you even know
that you're affected? One thing I was was you can have malware that won't go
away even flashing I think. You had to do something, as some memory wasn't
touched on reformat or something. Man that's crazy, thanks.

~~~
vurpo
If a rouge app had root access, it could install a completely undetectable
rootkit on the phone. That's why root access is very dangerous -- it means
literally unrestricted access to everything on the phone, only limited by the
hardware and nothing else.

~~~
ge96
How would you even know that you were compromised, I think even system logs
might be wiped to prevent detection.

