A few days ago I was thinking about a new smartphone and because my main problem with my current android is the outdated kernel and driver setup, I was searching for smartphone with open source drivers. Wikipedia tells us since the start of the Smartphone era about 22 phones had open source drivers (with the exception of the proprietary baseband firmware):
https://en.wikipedia.org/wiki/List_of_open-source_mobile_pho...
Doesn't look like something where you can select the hardware specifications you prefer. So I feel a little lost.
In general, I like Android but for my taste the Google services are too intrusive. Uploading my data before I had a chance to deactivate it is just unacceptable. Asking me every day to add photos to Maps sucks too. I can accept giving some of my information to Google to improve the product, but lately Google feels like the data mooch on my smartphone...
Hello Google employee here! I suspect we don't all have the same opinion but I can share my own since you asked. Note that I work in Cloud so I work in an area far far away from this stuff and opinions are obviously my own.
Frankly the headline makes me a little bit sad because of course I would like to make things which people are happy about. On the other hand, I also realize that it's not easy to make a product which fits every single person's use case, and in this case I suspect most this level of privacy is overkill for most people, and it's wonderful that there is something for those who want that extra privacy and security.
I also think it's awesome these people contribute security patches to AOSP!
> I mean they probably have no problem giving the personal data to Google, but at the same time many of them are probably open source proponents and would support a world where the Google services would be entirely optional to Android.
I like to think I'm a proponent of open source as I try to contribute but to be honest I don't actually think it really matters for Android to be independent of Google services because as far as I can tell, most people like Android with Google services?
Is there a reason that removing Google services would be better for the users? I can understand from a philosophical or ideological standpoint why it would be better but not really from a product point of view since I think I can confidently say 99% of Android users do not care or even know that it is open source..
People like Google services, but they're less enthusiastic about Google's data collection practices. My father, who is now retired from a career in semiconductor manufacturing and programming, was unaware of Google's practice of monitor users' credit cards [0] and was visibly uncomfortable when he was made aware of it. Google's terms of service were effectively changed in a manner that harmed him, but he has no recourse.
Google services are frequently useful, but let's not pretend that there are other good choices. Google offers their apps for free, and has immediate access to approximately one billion Android devices by mandating an app's inclusion. That's an impossibly high barrier for all but the largest companies.
[0]: http://www.latimes.com/business/technology/la-fi-tn-google-a...
That's exactly why it should be independent of Google services–it makes it too easy to make changes to benefit those who use Google services and harm those who don't in the name of "but it's great for most people…"
Actually, I think removing Google services by default is not what we have in mind here. So we are okay that most users like Android as it is. Well, I think many of them just don't know which information Google collects and if they would learn about, some would not want to share that information either, but that is something everyone has to care for themselfs.
We just want the options to opt-out of every Google service easily and use alternatives (without having to flash custom roms) and to have up-to-date kernels and drivers. So having closed source drivers actually reduces the security (missing updates after a few month) and life time aspects of the product (the device). With the Android market domination Google has, it could easily force the hardware manufacturers to produce devices with open source drivers.
Yeah but what about people who aren't most people? Are you saying they don't matter? That doesn't sound very open source.
Now I'm running UBPorts in my Nexus 5 https://ubports.com/
Edit: if you are downvoting this comment, please explain why at least. It improves the conversation. Thank you.
Also how do I turn off location tracking by Google, constantly asking me to upload pictures, write a review, answer questions ect
This already exists for businesses with Samsung Knox / Android for Business. No it's not a full OS but it fits all of their needs and separates data. Having one OS in a "vm" on a phone sounds horrible UX wise.
[0] https://forum.xda-developers.com/android/apps-games/closed-b...
I had to use a profile for my banking app to isolate it from all my personal apps, instead. But it seems that Google doesn't' even care that much about the multi-profile functionality, as it seems to crash quite often and has other issues. I imagine they don't put it through a lot of Q&A with each new Android release.
Even so, having to change between profiles often just to get that kind of isolation is quite frustrating.
Without strong controls about what they can do, we are always at the whim of what they might do. Google feels like a fairly bipolar company from the outside, because they present two faces depending on who they are dealing with, end-users or companies looking to advertise.
As an end-user, Google knowing all the little details about everything I do and many places I go (because analytics JS, G+ button inclusion, etc) is disconcerting. For a company looking to advertise, them not doing this all of a sudden would be disconcerting, and they would probably look to some other company that is doing so. It isn't just Google. Facebook knows a startlingly large amount about you too.
I'm increasingly convinced this is one of those places where the market is failing us because the negative externalities are mostly hidden. Those are good places for targeted regulation. I wouldn't be entirely appeased, but a law about the ability to review all information collected about you from a company and strong controls about the access, sale and use of this information would go a long way towards making me less worried about Google (or whoever) changing quite a bit in the next decade and selling off the information.[1]
Because think about it, how far away are Google, Facebook and the umpteen other ad agencies with complex profiles of you from usurping the credit bureaus?
1: Maybe what we need is an interesting billionaire to buy a lot of personal information on all the U.S. politicians from one of the less public agencies and publish it. I'm sure we would get a law passed in record time.
Well, it's a question of what one is willing to pay. Me, I'm willing to pay actual U. S. dollars to Apple to get that same functionality without giving up (and perhaps I'm naive here) privacy. Personally, I like that well-defined transaction. The transaction that has taken place between yourself (and to some degree, me) and Google is much more fuzzy. Today Google does this with your data, but tomorrow? You call it "adjusting the service", I call it "getting more creepy". No right or wrong, you're happy, I'm happy, but from my POV there is a vast gulf in the price paid for the two competing services.
The instant Apple starts doing Googly stuff, I'll dump them for the real thing. But I'll betcha Apple is quite aware of this.
Instead of having companies own data (Google/Facebook), all data resides in public databases. This would work for services that do not need sensitive data and can be anonymized, such as what videos do I watch, what words I type/search, etc.
This would help both privacy (I know what data is being recorded) and help small competitors thrive.
I believe most android people are doing this with users.
Since Android is now up to the task of docker (kernel 3.10+), it would be very nice to see apps sandboxed with permissions exposed via networked APIs.
Then it is impossible for an app (sans exploit) to access private data, and simple for the OS to route certain apps to certain data sets (ie, fake contacts for apps that shouldn't need your damn contact to begin with).
CyanogenMod accomplished some of this through various methods, but they were detectable. If you build it this way, it should be entirely undetectable.
Personally I use CopperheadOS as my daily driver because it stays continually ahead of Google (and groups like AOKP, LineageOS etc) in terms of Android hardening. It goes well beyond just not having Google Play services.
See their details on their approach and design: https://copperhead.co/android/docs/technical_overview
They make continued patches to Android as part of a security and privacy first approach. Many of their patches get upstreamed by google months later (if at all) but CopperheadOS users get them right away.
Google has their engineering efforts focused mostly on new features and compatibility. They are happy to let firms like CopperheadOS be further ahead in security research and take their patches where it does not break compatibility.
It really depends on what you want to optimize for. Security/privacy or being able to run all the latest games and social media apps and the consequences that come with them.
(1) https://www.theregister.co.uk/2017/12/22/grsecurity_defamati...
1. They're a surveillance company that has more actual and potential earnings the more they know about their customers. They get good margins when their customers lack privacy with devices locked into Google by default.
2. They don't care about users' safety since make billions off Android platform but wont even patch vulnerabilities quickly. They have enough money to design a server UNIX from scratch plus a full-custom CPU plus mitigations from code injection at CPU level with all that leaving them with a few billion in revenue left out of Android alone. They just don't care since they're a public company about squeezing out every ounce of profit.
So, their incentives ensure they will leave the devices insecure. Someone will have to make their own versions that are secure like Copperhead and separation kernels before them (eg OK Labs) did. Alternatively, convince Google to offer a paid, secure option for their own internal use if nothing else with them recovering costs by eating up the cryptophone market's revenues.
[1] https://android.googlesource.com/platform/packages/apps/Laun...
F-droid link: https://f-droid.org/en/packages/com.benny.openlauncher/ Google play: https://play.google.com/store/apps/details?id=com.benny.open...
That, coupled with the fact that Pixel devices are way more expensive than Nexus used to be limits its usefulness.
There's a project now to include anbox to run Android apps http://news.softpedia.com/news/ubuntu-phones-will-soon-run-a...
I do use lineageOS myself and am generally very content with it but I am always a bit concerned when I see that the data usage of OS components (which are thrown together as one "app" in the settings) is more than a few MB. The system must do more than just checking for updates. Unfortunately, you can't prevent system components from accessing the internet if you don't intend rooting your phone.
https://www.merriam-webster.com/dictionary/copperhead
The first known use of the word "copperhead" was in 1775, well before the US civil war.
Turn it back on, sure, until the next time you want an APK that's not listed in F-Droid. Seems like a bad idea. How about writing to your favorite app developers and asking them to list on F-Droid instead of sideloading?
I believe Google finally introduced a way to deem other app stores as trusted on your phone, but given this is just a block on the manual installation feature, I would consider the trusted sources checkbox to be more "anticompetition focused" than "security focused".
Thank you, I'm staying with default Android and continuing to read what I am prompted for. He could've just opted out of most data collection, no, he had to skip it without even reading it like a 60 year old office worker at a insurance company.
The Copperhead guys should get a copy of http://www.dummies.com/education/economics/how-to-determine-...
[1] https://github.com/yeriomin/YalpStore
[2] https://f-droid.org/packages/com.github.yeriomin.yalpstore/
[1] https://copperhead.co/android/docs/install#supported-devices
I have one issue however that I thought I'd put out there from a customer service standpoint. If you buy a phone from them, you pay what seems to me like a nice premium (Pixel XL $1,269.00; though it's hard to find a good comparison point), and it comes with a service plan. Copperhead (as I understand) takes stock AOSP and (among other things) swaps out some of the default applications. Notably, the SMS application is something called Silence (silence.im).
Here's the issue. I've had a problem or two with Silence, and I contacted their customer support. They suggested trying other SMS apps to see if that solved my problem, which is in itself fine. However, at that point they closed the issue, because they claim that they're not responsible for 3rd party apps, even ones that they bundle and (I presume) update with system upgrades. The reason given is that they don't control the source for those, unlike the OS. I don't accept this at all. I paid a good premium (unless I'm mistaken) for the phone, I expect a _working phone_. This, these days, includes a functioning SMS client. How they go about making that happen is _their_ responsibility. They can work with me to find a suitable replacement, they can submit a pull request or a bug report, etc. But I argue they should consider the issue open until it's fixed or I decide it doesn't matter.
Anyway, not a big deal, I worked around it. Perhaps if I pressed enough they would have been okay with me returning the thing on these grounds, but it's nowhere near worth it. I just disagree with their philosophy on this issue. I understand it must be _really_ hard to deal with all this as such a small operation. But then they should put this point in big bold letters when you buy it, or something. ¯\_(ツ)_/¯
They show a Nexus 5 on the landing page for CopperheadOS. Why not show a supported device?
I mean, come on! Ship a patch/update, already!
1) That replaced a bootlooped ~1.4 year old Nexus 5X. Wasn't going to spend big bucks after that burn and while waiting for the Pixel 2 or Samsung whatever, or Apple's new line, to drop in a month or two.
And now, with all the crap going on with all those various new models...
I've griped about this, before, but damn it, they deserve the criticism. And the only time they make positive changes seems to be when the public image and pressure get bad enough. (And things get worse again, as soon as that pressure relents -- or gets distracted.)
(I'm not affiliated with the project, I just use it as my primary phone OS.)
