Hacker News new | past | comments | ask | show | jobs | submit login
The Search for a Free/Open Source Mobile Operating System (emacsen.net)
306 points by emacsen on Aug 25, 2021 | hide | past | favorite | 153 comments



Switched to GrapheneOS with the Pixel 5. Email/Calendar integration works fine (K-9 Mail). Signal as instant messenger. Organic Maps as Map application.

Replaced Apple Watch with GadgetBridge and a Mi 6 band (cheaper and I have easy access to all data, you need to sync once with their app after you get the key you can delete it ... did the setup on the iphone and copied out the key with a commandline python script from github).

Syncthing is amazing (local sync of audio books, camera images).

AntennaPod is equally amazing as a podcast client (I prefer it to overcast switching from the iPhone).

Other apps I'm using regularly: AnkiDroid

So far so good, not having the Google Services seemed ok, except: 1. still in search for good camera application, recommendations welcome. 2. a replacement of Reeder as an RSS reader (so far have not found a solution that works for me).

Yet, just started programming for it a bit and have to say I love flutter. It's pretty polished (and great for my needs).


You can use Google's camera application, which is optimized for the Pixels of course. I think it will probably work with the new sandboxed play services implementation, but there is a simpler way: https://github.com/lukaspieper/Gcam-Services-Provider

This is a stub implementation of what gcam needs and it works great. I believe, independent of sandboxed play services, GrapheneOS team plans to implement stub play services like this for all parts, not just those required by gcam.


I downloaded the latest Google Camera from APK mirror and turned off all network access in Datura Firewall (comes with CalyxOS). This is a pretty common recommendation on /r/CalyxOS. Another recommendation I've seen and wish I'd done is to extract Google Camera's APK from your stock Android via adb before you flash Calyx, thus avoiding APK mirror.

Only trouble is after you take a picture and tap the thumbnail to view it immediately, it wants to open it in Google Photos and that is apparently not configurable. Simple enough solution - downloaded Google Photos from Aurora and blocked all network access just like Google Camera. Most stuff in Google Photos doesn't work but it's fine for a local gallery viewer.

From what I gather no other camera app will even come close as the Pixel series works closely with the Google Camera app to bring software optimizations to the photos that specific camera module takes.


For RSS I use Feeder from f-droid, I mainly use it to subscribe to video content though, check it out.


I wrote a PWA for reading RSS feeds. It works fully offline and should be installable in Chromium based browsers (I develop in Firefox, but Chromium definitely has better PWA support).

https://readr.nz


Sorry, what does Flutter have to do with the rest of your comment?


Sorry, this was a bit out of context. As the other commenter assumed, it is for replacing/extending the functionality of the phone. For example, I wanted to access the heartrate and other mi band data and it's quite easy with gadgetbridge and my own flutter app.

I tried similar apps before with SwiftUI and the Apple Watch and it was pretty much a disaster (although I have working knowledge of objective C ...). Dart came easy and flutter seems super powerful to me ( I just re-implemented my first very simple ios game in just a day. that's the objective c version https://apps.apple.com/us/app/blanks/id286883373 ). Will publish/open-source the other one, when it's polished.


Does GrapheneOS need its own Flutter embedder, or can Android's be used?

Sorry, I'm not very familiar with GrapheneOS but I'm curious how easy it is to build Flutter apps on different platforms.


It uses Android's. It works like a regular Android smartphone, you enable Developer Mode + USB debugging. Android Studio recognizes the phone and complies /runs your application.


GrapheneOS is just Android without google services (so some libraries etc. might not work). For my purposes good enough.


I'm guessing writing their own apps to replace missing functionality


I can recommend "Open Camera" for the Camera app, its very customizable and reliable.


I have used it in the past and its great, sadly it does not support the multiple cameras of my Motorola.


Current OpenCamera versions support multiple cameras if the OS exposes them.


I've found Flym https://f-droid.org/en/packages/net.frju.flym/ to be a decent RSS reader.


My favourite thing about the pixel 5 is the camera. I understand that they do a fair amount of software processing to make it so good. And most other apps don't let me use the wide lens. Is the experience as good on Graphene?


You can use Google's camera application, which is optimized for the Pixels of course. I think it will probably work with the new sandboxed play services implementation, but there is a simpler way: https://github.com/lukaspieper/Gcam-Services-Provider

This is a stub implementation of what gcam needs and it works great. I believe, independent of sandboxed play services, GrapheneOS team plans to implement stub play services like this for all parts, not just those required by gcam.

You can install gcam and just give it no permissions (especially network). It will chug along merrily.


Hi, thanks for the tip. I have a Pixel 4 XL, do you know where could I find Google's camera app (obviously without connecting to the play store)?


APK mirror. Risk is mitigated with no network connection.


I think you can get it via Aurora Store, which you can get via F-Droid



I started using GrapheneOS today and was able to install the official Google Camera app through Aurora store (the only good camera app for pixels imho).

As akc3n suggested in their comment, the installable sandboxed google play services fixes some of the compatibility issues that Graphene has had up till now.

Obviously it's a tradeoff I'm making between privacy and a great camera, but I'm not logged into my google account anywhere and I denied location permissions to the camera.


There is a simpler way: https://github.com/lukaspieper/Gcam-Services-Provider

This is a stub implementation of what gcam needs and it works great. I believe, independent of sandboxed play services, GrapheneOS team plans to implement stub play services like this for all parts, not just those required by gcam.


thanks a lot! ... it's a bit of a compromise. Yet, it works perfectly.


2. a replacement of Reeder as an RSS reader (so far have not found a solution that works for me).

Have you tried Feeder ? I'm having no problems with it so far on my GrapheneOS Pixel 4a.


> AntennaPod is equally amazing as a podcast client (I prefer it to overcast switching from the iPhone).

I tried installing this on an amazon fire tablet i have lying around. It seems nice but the variable speed and better processing of sped up audio on overcast is what makes me prefer it over other podcast players and the sped up audio on this player is awful.


Though not FOSS, Magic Earth is a good OSM based car navigation app that respects privacy. https://play.google.com/store/apps/details?id=com.generalmag...


Why not Osmand? It's FOSS, a bit complex though.


I don't see Mi 6 Band at the device list on https://www.gadgetbridge.org/. Was it difficult to setup?


Not really, as for other mi bands you need to get the pairing key. I followed the info here: https://codeberg.org/Freeyourgadget/Gadgetbridge/wiki/Huami-...

live heartrate, activity + sleep data sync works out of the box. Notifications as well.

Weather Info and media player does not.

I'm mostly interested in the data export and share with other apps. Gadgetbridge is amazing :)


If you selfhost miniflux you can access via the browser, which is a pretty great experience


WayDroid has been making progress on Android emulation for Linux, building upon the code of Anbox.

Demos of WayDroid on a OnePlus 6 running postmarketOS, and a Moto Z2 Force running Ubuntu Touch: https://www.xda-developers.com/waydroid-android-apps-on-linu...

Source code: https://github.com/waydroid


This is awesome! Thanks for sharing this. I didn't know we were this close to viable linux phones. There's those tiny handful of android apps you may need and this pretty much solves it. I wonder if microg is working in waydroid? I'd assume it's possible.


Not sure about WayDroid, but microG is confirmed to be working on Anbox after patching the default device image to enable signature spoofing: https://forum.pine64.org/showthread.php?tid=9815&pid=65378#p...

Anbox can also be used with Google Play Services. The Arch Linux AUR offers a recipe for building an Anbox image with Google apps (see PKGBUILD for code): https://aur.archlinux.org/packages/anbox-image-gapps/

The AUR also has recipes for Anbox images that include Magisk root and Xposed: https://aur.archlinux.org/packages/?K=anbox


Thanks. I knew anbox worked with GApps, good to know microg works too


Speaking of Anbox, development has almost halted after their kernel modules were effectively made worthless so that any "host" system's kernel has to be built with Anbox's required features. I love the fact that it's starting to come back with these Linux phones. :)


Like the author, I've tried a ton of open source handheld platforms, and I've recently moved to CalyxOS for my daily driver. (And about to sell a box o' devices to help cost-justify buying a second Pixel for a backup CalyxOS device.)

As Android devices go, CalyxOS seems a good choice, if you're willing to not have all the Google service conveniences. I actually found some of the UX smoother than on iPhone, and e-mail worked better. Though note that CalyxOS is not as polished for privacy out of the box as users might assume.

One big problem is that Android is massive, and also doesn't seem to have been designed or deployed in practice to be privacy-friendly, nor especially open source-friendly. Even back in the FirefoxOS days, if you built that from source, it was clear there was no way you could audit or maintain all its Android dependencies (my hope was that they'd throw out the Android layer as soon as they could).

I have some hopes for Purism's Librem 5 Phosh running atop a mainlined Linux with open drivers (and ideally firmwares) on many devices at many price points. Though available hardware tends to be fundamentally insecure.

There also seems to be an additional barrier of US carriers imminently requiring VoLTE, and in some cases only allowlisting a small number of models.


Honestly, I don't understand the selling point of CalyxOS over LineageOS. Can you explain the differences? The website just seems to be a little mumble about Privacy without explaining the technological differences.

As a daily driver, I'd recommend a setup of an official LineageOS device, combined with a set of Apps to increase the level of privacy:

- AppWarden to check for trackers and loggers

- RethinkDNS as a VPN firewall and adblocker

- Privay Browser (f-droid build)

- Permission Manager X to remove permissions from Apps via AppOps

- OsmAnd for Navigation

- Oeffi for Public Transport Navigation (in Germany)

- Element or Telegram FOSS for chat, because Signal still requires microG or other Google Services for their auto backup, which I don't agree with.

I would also recommend to bet on LineageOS because the community is vast, and it's more likely to survive (given the past with Cyanogen and its company) than other forks that are maintained by 1-3 people.

Personally, I hope that phosh and plasma mobile can be feasible app alternatives and I hope that Purism and the Pine movement can change the ecosystem.

But, as of now, developing a GTK4 or QT5 app (compared to making an Android app) is still PITA and seriously lacks better development tools and IDEs.


I believe the appeal for CalyxOS is attempting to bring more convenience with privacy, where apps you've mentioned are already installed. A major difference is the inclusion of microG, which means you have more freedom to use apps you have no alternative to (e.g. government apps, banking apps, etc).

I'm aware of the LineageOS for microG project, however apart from the aforementioned preinstalled set of apps, CalyxOS includes many system patches shared by other projects such as GrapheneOS, which include privacy enhancements on default AOSP DNS fallbacks, connectivity checks, NTP, and more.

I would also like to mention that Signal does not require microG or Google Play Services for auto backup (or notifications). The backup files are stored locally on the device and can be easily synced with Syncthing, Nextcloud, etc.


Beware of Signal: it depends on the proprietary Google Play Services library, so even if you don't have the Play Services on your phone, the app is built with the "client-side" code which speaks with it (or with microG) and checks for its presence.

FreeSignal was a project that aimed to remove this dependency completely but was stopped by the main developer of Signal. It is possible to clone Signal's repo and do this work yourself quite easily if you know Java a bit, but it takes time and it is not convenient.


> Beware of Signal: it depends on the proprietary Google Play Services library, so even if you don't have the Play Services on your phone, the app is built with the "client-side" code which speaks with it (or with microG) and checks for its presence.

That exposes client information to Google but not content. Besides, if my understanding is right, The Signal Protocol is non-repudiable, which means there's no way for an external party to conclusively prove if the communication did indeed take place.


It probably exposes nothing at all to anyone if the Play Services are not on the phone or the relevant feature is not enabled on microG. But it is still a chunk of code that is partly run and that you don't control. It probably just does what it says (check if the service is present), but it is a black box.


What's the problem there? If the code is there but not executed, and no data is sent to Google, is there any risk as a user?


It is executed to test the presence of the Google Play Services on the phone when the app is launched.

Then, it's probably not risky, but it is still proprietary code that you can't inspect and verify. You can't easily know if the library will not silently do something. If you are seeking to avoid running any proprietary code, then it's something you want to avoid.


Right, but you were talking about "even if you don't have the Play Services on your phone", which is what I'm worried about - but OK, if it's just because there's a chance it might be running, then I'm not too afraid of that.


At the risk of laboring the point, I'm talking about the piece of code embedded in the Signal application, that tries to talk to the Play Services. Not the Play Services themselves. This piece of code is definitely running whenever Signal is launched, "even if you don't have the Play Services on your phone". It probably does nothing significant when the Play Services are not present but still, it's there and (a small) part of it runs.

Now you have several options:

- you trust Google and trust this code not to do anything when the Play Services are not running

- you don't trust Google on this, but you don't care neither

- you don't trust Google and care, but you are willing to take the risk

- you don't trust Google and care, and are worried, or are not willing to run any proprietary code out of principle: you need to adapt Signal's code or dish the app entirely


> It probably does nothing significant when the Play Services are not present

Right, that's the part I care about. I think there are two possible situations:

- Signal's own open source code can detect the absence of Play Services and not call out to Google's proprietary code in the first place. Great, no problem there.

- Google's proprietary code attempts to use Play Services and doesn't do anything when it's not present. In that case I do indeed trust Google enough that I wouldn't expect it to actually do anything else, i.e. the first option you mention.


CalyxOS doesn't change the default connectivity checks and NTP. GrapheneOS does (NTP isn't used though [1]).

[1] https://grapheneos.org/faq#default-connections


Ah, okay, makes sense.

The network connectivity, NTP issues and others are the reason why I have Termux installed (to be able to modify the /system/etc/hosts file, as the network core library ignores VPN settings).

Granted, streamlining these apps makes more sense to the end user. I wish Android would have a package manager that would allow creating a meta package for this kind of stuff.


> because Signal still requires microG or other Google Services for their auto backup, which I don't agree with.

I never used Signal with GServices, so I don't know what you mean with auto backup, nevertheless I simply use the backup function and sync the backup folder with my cloud and it works fine for several years now. For me it seems like a hard constrain to use Telegram which is obviously less secure over Signal only because of an auto backup function. Using Android without GServices always has a compromise part.


Signal auto-backup works fine without Google services. Just point it to some local folder.


I too was wondering why LineageOS's forks were being discussed but not LineageOS itself, I assumed the author had made some remarks on it but after reading the article it seems the author made no attempts to explain why forks of LineageOS were chosen over itself.

I'm all in for android forks, I strongly believe improvements in such forks can be up-streamed for the benefit of the entire ecosystem but I'm yet to see a valid justification for recommending something other than LineageOS for someone new to aftermarket android scene.


By far the most important difference is that with CalyxOS, you can relock the bootloader. This means that probably one of the most important security features, verified boot, works on CalyxOS, but not on Lineage.


> There also seems to be an additional barrier of US carriers imminently requiring VoLTE, and in some cases only allowlisting a small number of models.

Is this all carriers, or just some? I know that AT&T is the main one since I'm affected by it (their whitelist arbitrarily removes my OnePlus 6 from being supported this February despite the phone supporting VoLTE), but I heard that other carriers such as T-Mobile are still working without VoLTE. Either way, the whole "requiring VoLTE" thing could even be a problem for some custom ROMs (not even GNU/Linux phones) since I believe VoLTE support is something that ROMs sometimes miss, which will be pretty bad. While I'm not a full "privacy" user (yet), I use custom ROMs for extending the lifetime of my phone and getting newer updates than I would on the stock ROM, and carrier limitations could seriously threaten a lot of things.


As I understand it, US carriers already turned off 2G and are turning 3G off real soon now. If your phone doesn't do VoLTE and wants to do a voice call, that won't work when 3G is turned off.


AT&T takes it a step further. Only if my phone does do VoLTE and AT&T puts it on their magic whitelist (which you can bet, for example, is not going to have the PinePhone on it) am I going to be able to use my phone at all on AT&T's network (well, at least that's my understanding). Other carriers might not have a whitelist though—but I'm not sure.


I recall T-Mobile used to be pretty uptight about using band X for LTE only for VoLTE phones because they wouldn't be able to go from data to dialing 911 if they only had band X coverage (it was better for TMo if the user had no coverage in that case for regulatory reasons), but I think TMo is less strict about what phones they'll provision for VoLTE. I only remember trouble getting my first LTE phone to work, but LTE was newish; once I got a TMo firmware on it, it would provision and unlock whatever band it was I was trying to use, even though the IMEI would have been for an ATT model.


I want to say T-Mobile is requiring VoLTE (I recall discussion about this because it effectively mean the Nokia N900 cannot be used on T-Mobile or its NVMOs anymore).

I will comment that the Pinephone works with VoLTE on many carriers (I know it works with T-Mobile), and Purism is actively working on VoLTE for the Librem 5 (I remember seeing them actively working it a few months ago, so I guess they have it working now?).


How are cross-distro Linux app packages looking these days? Not so much the packaging aspect but the sandbox environment they set up to run third-party apps in peace. Is this something librem is working on?


I would expect lots of mobile apps to ship via Flatpak these days.


Does flatpak create a sandbox comparable to iOS?


Might want to check out GrapheneOS's latest developments regarding it's Sandboxed Play Services https://grapheneos.org/usage#sandboxed-play-services

GrapheneOS has support for installing the official releases of com.android.vending (Google Play Store), com.google.android.gms (Google Play services), com.google.android.gsf (Google Services Framework) as regular sandboxed apps in a specific profile. These receive no special privileges and the OS itself doesn't use them for anything. They run as unprivileged, sandboxed apps like any others. GrapheneOS simply provides fallback code teaching them how to run without any of the special privileged permissions and SELinux policy they depend on having. Even within the same profile, apps not explicitly choosing to use Google services won't use them because the OS doesn't integrate support for it or use it as the backend for APIs in the OS like the stock OS.

Also, this was tweeted recently explaining the up and coming improvements, how they were made and an insightful look at how the sandboxed play services compatibility layer works.

https://twitter.com/GrapheneOS/status/1430362107875401732


The more people, especially geeks and programmers, use and improve completely free systems, even if they have deficiencies now, the sooner we as a society are free. There is a responsibility for knowledgeable and competent people that goes far beyond the selfish need. It also makes fun and appreciation to do the right thing, more than any convenience can ever give.


This is a difference of opinion, but I've been using and promoting Free Software since 1997. I've used entirely 100% Free operating systems.

There's nothing wrong with taking this position for oneself. You can certainly restrict yourself to a 100% Free stack, but there are two big problems with this position:

1. We have an existing threat right now that is not theoretical but entirely practical and immediate, and that is the surveillance system built into every smart phone that runs a proprietary OS- or roughly 3.5 billion devices. In 2020, 2.8 billion phones ran Google's Android operating system and thus were subject to the ways that Google surveils them.

The ultimate goal should be Freedom, complete Freedom, but the position of "Wait until it's 100% Free" isn't going to work for many people. If we can get even 1% of people to de-Google their device and run a Free OS with Free apps, even if there are some binary blobs, just 1%, we'd be at 35 million people. That's almost the entire population of Canada (38 million).

I'd rather move 38 million people into the FLOSS world, using Free Software, understanding our ethos and supporting our community- and most importantly, out of the hands of companies who harm them, rather than tell them "Wait until we can give you a 100% Free experience." These people need our help now.

2. If you take this position to its logical conclusion, you will demand a 100% Free physical computer as well. This is possible now, or at least partially possible though not yet 100% practical.

With phones, the radio itself is proprietary, and that's by design. There are requirements of the device by the FCC (in the US) that allow the phone to take over the functions of the primary CPU and memory, even.

Using a mobile phone is a compromise on its own and thus we return to the first problem- do we tell people "Don't use a mobile phone?" because at that point we're simply seen as Luddites in the eyes of most people and we lose the opportunity to help others.

The threat of surveillance is real, and I'd rather take a measured approach than tell people to just get rid of their devices altogether.

When I started using Free Software in 1997, it started out as a pragmatism thing. It's only later that I learned about the ethics. Let's give people real alternatives today!


> do we tell people "Don't use a mobile phone?" because at that point we're simply seen as Luddites in the eyes of most people and we lose the opportunity to help others.

That's what I always tell people when they ask me how to do x in a secure and/or private manner on their phone and after some discussion most of them get it. Of course it's not practical but imo people need to be sensitized to how shitty almost all software actually is and that you can only have compromises. Also you can't just get someone to use FLOSS for tactical reasons, they have to know about the why and how or some of them will poison the community. I've seen way too many people acting entitled to have some feature they think is missing build immediately when they don't intend to pay the developers or do the slightest bit of work themselves. FLOSS isn't about being an alternative to commercial software but about enabling users to do whatever they want with their machines and this has to be communicated to new users that aren't familiar.


I wonder about SailfishOS, has anyone tried it recently? I used to own a Nokia N9 and it was the best mobile OS I've ever used, but unfortunately the N9 just stopped charging one day. I've always been thinking about trying Sailfish out again, but have not had a phone that was compatible for a while, so am wondering if I should just get a compatible device just to try.


I have been using Saifish as my daily driver and only phone since 2014. I bought a Nokia N9 secondhand in 2013, but the battery was not great anymore and I could not use Whatsapp on it. The choice for Sailfish was then easy. For 5 years I used the Jolla 1, which has received updates from 2013 to 2020. Since 2019 I am on a Sony XA2. I bought it secondhand and after a commercial license for Android app support it still felt very affordable to me. I you would want to start now, the Sony Xperia 10II might be the best choice with Oled screen and Aarch64 support.

Sailfish is being made by a small company with not that many developers, which means there are rough edges compared to Apple and Google. They can spend many millions on their software. I am very happy with Sailfish updates though and also very happy with using it.

The only Android apps I use are Firefox in its last v68 incarnation, and also Whatsapp. I'm lucky not to be tied in too much with all kinds of services :) For many services there are native apps.

And yes, it is not fully open source, which is a pity. The current investor sees no business opportunity in that, but to be real, without that investor, Jolla and Sailfish would not exist anymore. They are mostly a B2B company now, B2C has commercially failed around 2015. I do hear sometimes that more people are using Sailfish, but I haven't seen real statistics. There is also the Nemo project, which started with reimplementing the closed bits in Sailfish, and later deviated somewhat. If Sailfish gets more succesful, that is always still an option to force their hand, but I do feel the time is not right. I do have to say that the Linux community can be very critical towards its own community, sometimes getting to be toxic.

I would be open for a Pinephone, but it is mostly regarded as a developer phone right now. I will wait for Pinephone2 and hope things improve to make it more a daily driver. The Librem 5 is priced out of my league, though I do admire what they are doing.


To add something, I very much adore the Ambience system. I very much prefer a 100% white on black system, and Sailfish Ambiences can do just that. Some Android apps don't really follow, but they sometimes have a darkmode setting.

I just want my phone to stay out of my way, and not jumping up and down :)


The website indicates there isn't a legal way to purchase Sailfish OS outside of the EU.

Is this something they enforce, or can I bypass this with a VPN because they don't actually care but have to say that for legal/economic reasons?


It's totally artificial limitations, solely for buying the Sailfish X license. Likely due to support obligations and/or due to software patent situation outside of EU.

In practice you just need to buy the license from a EU IP (so via VPN, europen VPS, etc.) and then you are good to go from anywhere in the world. This can be seen on these global stats for the Sailfish OS community software repository:

https://openrepos.net/statistics/global

Lots of traffic from outside the EU. Also I took my Sailfish OS device for a trip across Japan twice, and everything worked fine for me as well. :)

So in general I recommend getting a EU based VPN and then buying the Sailfish X license for the device of your choice (I would personally recommend xperia 10 II). If you succeed, then I would get the device, just in case. :)


Thanks for sharing. I've been eyeing a fairphone 3+ for a while, and I remembered discussions around sailfish on the FP2, but it seems the FP3+ is not compatible. I'll have a look at the Sony Xperia.


For the FP2 and FP3 there are community ports. I think the FP3 port is in relatively good condition. Main drawback currently is that there is no Android layer available for community ports. There are plans at Jolla to bring Android support to community devices, but you can imagine that the expectations by users are hard to manage here :) Community ports are not supported by Jolla itself.


I've just switched over from iPhone to SailfishOS running on Xperia 10ii (the most powerful device to run SailfishOS officially and the only 64-bit one). Reflashing firmware took about 20 minutes in total, no issues since except for the need to figure out how to install OpenRepos.net on it.

It has a nice OLED screen (N9 vibe) and the on-screen keyboard makes it feel like typing on an N900; the camera works fine. I didn't install Android support so I am running pure SailfishOS.


I can also recommend Xperia 10 II with Sailfish OS, it works very well! :)

The installation took longer for me, but that was because I decided to change the default rootfs and home LV ratio, which included shrinking the LUKS container home lives on, which was a bit stricky, but I was successful in the end. :) Definitely not something 99.9% users would need to do but its still cool its possible. :)

As for Android support, I've installed that and it seems to work fine for the Android apps I've tried so far. Its apparently even possible to install MicroG or even full Google Play Services, if you have apps that need it.

Agreed, its a bit of a compromise if you want to use a non Google/Apple device in the first place, but still given that the Android emulation layer effectively lives in an isolated container, which you can also turn off at any time, its already quite a bit less intrusive than on an actual Android phone where it effectively permeates everything on the device like mycelium.


I tried it on the PinePhone and instantly loved the UX. Unfortunately, like boudin said, it's not fully FOSS which is sad cause I really wished the "future" mobile alternative to Android/iOS would be something like this.

Sailfish should open up their code fully, it would probably benefit them in the long rum


Yeah, I still personally think they got zero benefit from keeping the source closed. But as already mentioned up thread, some of their current investors might be a bit more conservative in these regards and they still need them to survive.

So oh well - at least we have something usable before some of the distros started on the PinePhone come off age. :)


I use it as a daily driver for about 2 years now. I've never used any other mobile OS so I can't make any comparisons. I run it on Sony Xperia XA2 with android app support. Its been stable, no issues so far. Updates are regular with UI improvements and new features.


I use it. You can feel their severe development resource constraints everwhere. The browser is years behind. Native apps are rather limited. I bought the newest supported hardware 3.5 years ago. It is stuck at Android 4.4, which is supported by fewer and fewer apps.

Whenever they support new HW, it takes quite a while to stabilize. Not sure what is the situation right now. My guess would be the newest supported HW is getting obsolete already and nothing new has been announced.


Latest supported hardware is Xperia 10 II, which is still quite recently and pretty fast (I got it myself).

Also, you can get the previously supported Xperia devices cheaply second hand. Just make sure it has an unlockable bootloader or else you won't be able to install Sailfish OS on it.


> Also, you can get the previously supported Xperia devices cheaply second hand

While they are still decent hardware that advice is useful only for purists that don't intend to use Android at all. As I wrote, you get only Android 4.4 on those devices.


Android 4.4 support is only an issue for the Xperia X. The Xperia XA2, 10 and 10II have updated support, first at Android 8, I think it is now at Android 9.

The Xperia X is somewhat tricky in this regard. It uses the "old" way of Android support. Android 8 and 9 is supported with an LXC container. Bringing that to the Xperia X would mean reflashing. Then you end up in the situation where some users reflash, and some stay on the old flash-image. Which needs another choice; support both groups, or drop all users of the old 4.4 image.

I do understand the disappointment if you have an Xperia X and see all other devices get updated Android support. But Jolla here is between a rock and a hard place.


The problem is not reflashing, we all have flashed the first time, we could do it again. The problem is kernel support. There is no new enough kernel for Xperia X hardware. For obvious reasons Sailfish does not have resources to port a kernel for a 3-4 year old device. Not sure whether source is even available from Sony for all drivers.

https://source.android.com/devices/architecture/kernel/core-... A 4.4 kernel would be required, but there is only 3.10.


That's incorrect - Sailfish OS uses the Sony Open Device program kermel and blobs as a base and there is up to kernel 4.9 available for the Xperia X:

https://developer.sony.com/develop/open-devices/get-started/...


Thanks for correcting me. I wish all vendors would provide such clear and easy to read information. I was just repeating what I had heard elsewhere.

So is it just one of those management decisions that we don't put any work into an old device? It annoys me mostly because the X is the last device of a reasonable size. I would not even pay for a new one because I am entitled to a new work phone. But I don't like the huge devices you get these days.


Yep, IMHO it's a management/resource decision - the choose to only support one base port stream, not two.

Still if you manly use native Sailfish OS apps, you will be getting all support and updates on Xperia X for years to come.

It's unfortunate but at least the newer devices should hopefully be in better shape. And as for size, Xperia10 II does not feel so much bigger than X as its the same width, just a bit longer. Feels quite subtleactually.


Latest Sailfish OS has Android 10 support.


The latest Sailfish OS release is supported on all HW generations except the first Jolla phone. But the Android version you get depends on your HW. Only the newest HW generation gets a newer Android. All previous HW generations stay at version 4.4 despite the Sailfish OS upgrade.


Another ex-N9 user here (I still have mine in a drawer) and I really wish there was a replacement for it.


Just as a side note, Sailfish is not fully open source.


Where /e/ shines in terms of easy of use, and Graphene shines in terms of security, Calyx has made wonderful choices in terms of privacy.

"GrapheneOS is focused on substance rather than branding and marketing. It doesn't take the typical approach of piling on a bunch of insecure features depending on the adversaries not knowing about them and regressing actual privacy/security. It's a very technical project building privacy and security into the OS rather than including assorted unhelpful frills or bundling subjective third party apps choices."

More info: https://grapheneos.org/features


It appears the /e/ phones are indeed available in Canada and the US, https://esolutions.shop/shop/e-os-teracube-2e/ Just make sure to select your language and country at the top. No support for Verizon however.


Because many important apps (banking and other financial services, major shopping sites, most Authenticators ) don’t provide open source versions, I don’t see how this thing can end up be practical for daily usage. Maybe it can be useful for criminals, underground hackers, but not a normal person.


Many of us don't want banks or shopping sites on our phones.

AndOTP authenticator works great for me. I also wrote one that I use on an offline computer (TOTP is rfc6238) in case my phone dies or is unavailable for some reason.

My only gripe with my current usage of GrapheneOS is that sometimes when the notification bell goes off and I open the phone, the SMS was sent many minutes ago (up to an hour or so). I'm only presuming it's due to a lack of google services or something about GrapheneOS; but it might be the network operator.


We should also consider how many apps are usefully available as websites through a FOSS browser (on phone).


Using a FOSS OS does not require the user to exclusively use FOSS apps on the OS. Compatibility layers, emulation, and virtualization improve the selection of apps on FOSS platforms before native alternatives become available.


Would you still go through Google store for the apps I mentioned, or used apk files from 3rd party stores?


Yes, the most convenient way to install most proprietary apps on Android using a FOSS client is through Aurora Store, a frontend for the Google Play Store: https://auroraoss.com/download/AuroraStore/

Other sources I trust include:

- APKMirror (operated by Android Police): https://www.apkmirror.com

- Aptoide (only trust signature-verified "Trusted Apps", including all apps in the main "apps" store/repository): https://aptoide.com

- Direct downloads, when offered by the developer


The utility of these platforms depends upon what you use your phone for rather than some amateurish classification of people.

Personally, I have never tied myself down to particular apps. What I use tends to be fairly generic and doesn't compel me to use a particular implementation by a particular company. I suspect a great number of people are like that. While my case is due to a lack of interest in the latest fads and an interest in open technologies, someone else may do so for security and privacy, while others may be interested in investing their energy in pursuits other than gadgets.

As important as technology is to the functioning of modern society, I think there is a tendency to forget that some technologies have very little lasting impact.


No but they have web sites that work fine.

Authenticators usually are open source.


Bitwarden is great for OTP, I have no need for a separate application.


Banking apps &c. work fine on CalyxOS


I’m bummed to hear about a bad experience with the Librem phone- I was hoping that would be a better experience than I had with the PinePhone which was slow and essentially broken for calling and camera usage. It may have improved since last year but at the time calls would rarely work properly, either by not connecting, failing to interrupt the session properly, or have latent echo of one or both sides of the call. They provide several distros which is nice so your results may vary.


The LibreM phone is just too darn chunky and heavy.

I didn't get into details in the article, but I do on the Fediverse:

https://emacsen.net/@emacsen/106811743118755156


Why do you spell it “LibreM”?

In the article, you simply say it’s “I find the hardware too clumsy and heavy”, and your fediverse text only complains about its thickness. However, it’s thinner than both the Nokia N990 and the older Nokia 9000.


*Nokia N900


What about some other projects beyond Android and Linux? Sailfish OS? Tizen? KaiOS?

Technically even WebOS was open-sourced and still around as LuneOS, but its last update was Halloween 2019, so it's likely defunct.


> Sailfish OS? Tizen?

Those projects were a bizarre affair. There was I think Maemo, Moblin, LImo, SLP, Bada, Leste, MeeGo, Mer, Tizen, Sailfish, Nemo... all forks, merges, reforks of the same thing. They seemed to spend all their time and energy continually rebranding, forming and disbanding consortiums, creating new websites and logos. They never just got on with it. Ridiculous wasted effort when the market was possibly still just about open to them.


Well, Nokia finally got it together with MeeGo, but then Elop had to sell the farm and hitch their horse to Windows.

Tizen is reputedly of bad code quality, especially security-wise.

Sailfish is still out there as Jolla scraps away.

It’s a pity, as those projects did attract some powerful backers, who just weren’t very committed to them.


My favorite Daily WTF thread is about Samsung's adventures with the Enlightenment toolkit in Tizen: https://what.thedailywtf.com/topic/15001/enlightened


It's essentially a perfect description of a clash between a rather hardcore technical community with some academic/student background and a typical Korean Corporate conglomerate, with the expected end result.


You seem to be talking from a position of ignorance at least when it comes to Jolla and Sailfish OS. The former is probably the best non-mainstream mobile OS that can be used today.


Not sure which bit you think is ignorant.

> The OS is an evolved continuation of the Linux MeeGo OS previously developed by alliance of Nokia and Intel which itself relies on combined Maemo and Moblin.

https://en.wikipedia.org/wiki/Sailfish_OS#History_and_develo...

https://en.wikipedia.org/wiki/MeeGo#/media/File:Mer_and_mobi...

Ridiculous series of merges and forks.

Sailfish's market share is so low it doesn't seem to be measurable.

When these projects were at their peak there was just about a way for them into the market. There isn't now. If they spent their time working on just one branding of these projects instead of creating yet another new name, website, and icon they might have gotten somewhere.


Eh, I used my Jolla phone for 5 years and I still regret it to this day


Ha, why?


the native apps were so fast, everything happened instantly. Also the UI looked gorgeous. In contrast my current oneplus 8 pro feels like a complete regression on the software side.


Sadly it seems that everything is based on linux beyond Android. Wish there were more choices kernel-wise.


Truly, someone should try out NetBSD here...


iOS is BSD based.


Mach based with some components from BSD


Fear not fuchsia is coming along nicely.


I only evaluated Free/Libre OSes, even if they have binary blob drivers.

LuneOS is defunct as far as I can tell.

It would have been great if the whole Firefox OS thing had worked out, but it didn't :(


I believe KaiOS is meant to succeed Firefox OS, but admittedly it is aimed at a less-than-smartphone category.


I am wondering about a KaiOS phone with physical keyboard. This would be the crack for my use case.


>It does come with a catch... Using Aurora Store could be considered a violation of the Google Terms of Service and Google could terminate your account for it.

Aurora has the option of logging in using an anonymous profile instead of your 'true' account. Why not use that and avoid any risk?


What if you have a paid application?


You're right, Aurora doesn't allow that with an anonymous profile (not sure if it allows that even with a true profile).

However, an anonymous profile is enough to download banking apps which are a major blocker to switching to Free OSs.


According to other users, if you previously purchased an app through the Play Store, you can log in to Aurora Store with the Google account that you used to purchase the app, and then download it through Aurora Store. However, in-app purchases don't work.

https://www.reddit.com/r/CalyxOS/comments/jtq1xc/can_you_get...


Author here. Feel free to ask any questions.


Why do you spell Purism’s phone “LibreM”, when they spell it “Librem”?

(It’s common for people to heedlessly miscapitalise, spelling ProductName as Productname or vice versa, which I can’t really get my head around as it’s not the way my mind ticks, but you’re in the much more interesting category of people consistently applying a more esoteric miscapitalisation, and I’m curious what leads to it. I’m trying to understand all this partly from simple curiosity and partly to help me with naming products.)


I thought it was the LibreM. shrug


Interesting. I’m curious if you can guess what led you think that, since I don’t think I’ve ever seen that spelling anywhere.


Hi, thank you for this article :)

I would have enjoyed a more thorough write-up of Pinephone and a few popular Linux-distro's and how far they get in regards to a daily driver for you. What I do miss is that both phones are still mostly labeled as developer phones. I read another comment where you made a point about urgency, but I still think you might be expecting too much here :)

Also, I would be interested in a good review of Sailfish and Ubuntu Ports. Sailfish on a recent Sony Xperia, like the 10II, and Ubuntu on a device that is listed as good support for a daily driver.

I hear different things of Ubuntu ports, but I think testing it on a Pinephone might do it short. I wonder what device people use for UB when using it as a daily driver. That might give a more usable device than the Pinephone. Though it will have its limits as well.


Amazing reading! I working on the Animation CPU mobile OS toolkit for creating custom secure OSes and apps from scratch. t has everything geek and non-geek development needs, a minimalistic core and api, builtin ide with realtime reverse debugger, code and nocode, powerful graphics, runs on linux, ios, webasm or pure hardware, etc. But here is an issue, it's not public and not open-source. Сan you advise me where to start the FOSS way, build community etc?

Here a little bit details: https://animationcpu.herokuapp.com/


My only suggestion right now mitght be to read my friend Karl's book. "Producing Open Source Software", which has a bunch on community.

Or Jono Bacon's book "The Art of Community" is also good.

One thing you may find, sadly, is that with SOO many projects out there, yours might not get a lot of fellow developers.

But this sounds like a wonderful idea for a project!


I don't know if you're keeping track of this thread, but here's a top level comment I left https://news.ycombinator.com/item?id=28306150

I'm pretty heavy into this stuff, been using exclusively unlocked and rooted AOSP for over a decade, 100% FOSS degoogled (minus hardware drivers of course) for 6 or so, and contributed anonymously to the community pretty significantly over the years. At this point I think the days of FOSS Android are numbered, I still use it for now, but I don't see our community having the leeway we currently are barely holding onto in 10 years. If Libre mobile computing has a future it is in the currently in development Linux mobile ecosystem.


I just want to address 2 gripes I have with the article.

1) AOSP, not ASOP, you even spelled out the acronym and made this mistake twice,

2) OSM is phenomenal. OSM maps are not bad. IMO the accuracy, even in the US, is better than Google, particularly in rural areas. There's this project https://github.com/pnoll1/osmand_map_creation also that bundles in address data from OpenAddresses, plugging what is the biggest gap that gave Google a de facto monopoly. IMO it is a very, very important project. The only things I can see being a problem for some people at this point is traffic data, which is not a problem for me, and POI which to me is a non feature, it's basically advertising. And you can do much more with it than with google, I have overlay maps for example that show me all public lands in the US and which department controls them, as well as a light pollution overlay map. I would recommend OSM for navigation over Google any day of the week even beyond the fact that it is FOSS.


I find OSM pretty good for POI actually. I'm using OSMAnd~ (the F-Droid version), and more often than not I can find directly a shop or restaurant by name without Internet activated. It's also great to find practical things like water point, transport station, etc. In some rare cases though, I can't find something, in which case I'm looking elsewhere and use coordinates which is easy to do with the sharing system of Android.

Speaking of transports, OSMAnd has a beta transport mapping for a while which is working quite well by my experience (use in combination of Transportr which is also really good, depending on the city where I am, one may be better than the other).

The only important missing thing is indeed traffic information, but depending on where you're living, it may not be such a big deal.


What do you use for maps, OsmAnd ?


Yep.


One thing I have yet to understand and maybe I am missing something is that why is there no web-only OS for mobile? Something which literally is based on websites only and there's no concept of apps. Is there something like this which can be installed on an Android phone?


Like a web browser?


My primary pain point, last time I did the research, was that UBPorts for example, doesn't support full-disk encryption.

That might have changed by now, and I'm not sure about the others. But I'd say encryption-at-rest is a basic requirement for a privacy-enhancing OS.


Full disk encryption is insufficient even, iOS and Android have since moved to file-based encryption for increased security.


I know at least pmOS and Mobian have FDE.


Thanks for the Aurora rec. It works great. I needed few proprietary apps and was looking for a way to get google play apps without installing any google services or downloading apks from untrustworthy sites.


Android does not require an account. It only requires an account to use the play store.


Yes, and with Aurora Store, you can use the anonymous login feature to avoid needing your own Google account to get apps from the Play Store.

https://auroraoss.com/guides/anonymous-logins/


Something I'd like to have an explainer for: What is Halium, are there any compromises involved in relying on it?


A linux-esq ecosystem for mobile would be sick


The author fails to note that the Pixel devices Calyx/Graphene run on also include proprietary binary blobs for vendor.


I specifically addressed that Calyx and Graphene require binary blob drivers:

> ...especially the Android-based OSes, which use non-Free binary blob drivers.

I then explain why someone may choose to use a binary blob driver OS anyway, which is essentially that the current threats we face as individuals by surveillance in the form of large companies (specifically Google and Apple) personally outweigh the freedoms of Free Software for me at this time.

I'm making this choice consciously, knowing it's a compromise. I personally believe it's a compromise we need to make right now since the alternative is either a non-functional phone or to wait until there's a 100% Free phone and be subject to surveillance in the meantime.


Missed that, my apologies. I will note that it is the device (Pixel), not the OS, that has the blob requirement. Projects like Replicant demonstrate how Android can be completely Free and Open.


What is this about how there’s no UI to target?

Target X11 and make sure your app works on small screens with a single button mouse. That’s it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: