There are zero OSes that are 1/ open source 2/ appropriate for phones 3/ with good hardware support. There's absolutely nothing. Running Ubuntu Touch isn't a viable option. Neither is postmarket, librem, tizen, they're all terrible. Security wise, for something as critically important in our lives as a smartphone, I am also not trusting any new pet project that won't be stable for 10 years.
Sure, you might be a poweruser that doesn't care about your phone burning its battery in your pocket after 1 hour because you know how to SSH on it from your watch and put it in sleep, but that's not a viable option. Leaving Android is suicide. A large part of its critical underpinnings are already into the kernel anyways, just disabled. (although a distro running binder could be a fun project). APIs are reverse engineerable generally speaking, except for the server part of play services. But then, if your issue is "my bank won't let me access their app without play services attesting me", I have great news, you won't even have an app for it on your new OS anyways, so it will not work by default. There's already not enough people working on GrapheneOS _or_ on mainstream linux OSes, what makes you think the sitation won't be ten times worse for your custom made mobile OS ?
>We should focus our efforts on truly open platforms.
Android is one, and that can never be taken away. Google pulls the plug ? cool, you're stuck on Android 17, which is centuries of work ahead of literally anything else in the open source community. Hell, for all the shit that Google is doing, they're still constrained by having to work with other vendors: the system privileged notification receiver is swappable at build time, the recent app signing/verification system also is, because Samsung wouldn't let them control it all.
About hard-forking Android, no one was brave enough (pun intended) to do that for Chrome, considering the insane complexity and engineering costs (>$1B/y). (Only Apple was able to affort it with Webkit/Safari, but they are in the ad business too.)
(ETA: See also Microsoft's many years of trying to build its own "Google Play Services" competitor. Eventually breaking and making use of Amazon's. Then giving up entirely again on a de-Googled alternative to running Android apps.)
Huawei provides HMS for example, a somewhat close feature wise set of APIs for their phones that are still on Android. They can even shim play services API, the same way microg does. If anything, what would be needed would be a common abstraction library with different backends to not depend directly on play services
The reason amazon and Microsoft gave up is because they had no commitment, and that operating these services is just pure loss.
Yes, the default apps in AOSP suck. Making a proper dialer is a two day job, so is a contacts app. Android's core APIs are good enough, and privileged permissions are only privileged by the manufacturer, and its IPC mechanisms are very well documented. Noone does it because it sucks, it's a thankless job and nobody's going to install your dialer. The very fact that each manufacturer has their own custom software is demonstration of how easy it is.
Windows phone died because of its lack of apps. Same thing with several other mobile OS's. Ubuntu has a really great OS and UI, but no apps for just basic things renders it useless to even the most basic of users like myself. I don't have games, no banking apps, a few email and Microsoft apps and yet I still couldn't find a way to make it work.
One of the other technical limitations is network. Ubuntu has yet to solve the VoLTE (Voice over LTE) riddle. This is a major sticking point for US consumers.
Building and maintainance cost are not linear, especially when you inherit legacy code. The AOSP codebase isn't great, is 4x bigger than the Linux Kernel, and full of "Ship now, patch later" mess.
But I agree that it is a significant endeavor. But the OSS community succeeded in similar projects before, and the current state of the Linux desktop makes me hopeful.
And yet the GrapheneOS devs seem to be managing just fine.
> But I agree that it is a significant endeavor.
Yes, in fact it is orders of magnitude more significant an endeavor that just building upon and improving the existing AOSP stack.
And you're stuck on the current hardware generation. Pretty much the only reason why Android sucks less than other mobile OSes is that hardware vendors have a pressing reason to make it work. The further the Google Android kernel diverges from its last-open version, the harder it will become to backport drivers -- and that's assuming that hardware vendors even bother to comply with the GPL when Google decides not to.
We need tablet computers that don't have hostile hardware like cameras and mics and sensor suites that can be remotely controlled, under proprietary firmware, completely out of owner control.
We need radio hardware and software that is entirely under owner control, with protocols and standards based connection controls; the notion that spectrum and cellular make network connectivity magically necessary to put under the draconian gatekeeping and surveillance of cellular carriers is flaming dumpster garbage.
The carriers are a primary threat vector. The hardware is a primary threat vector. The software is a primary threat vector.
There is absolutely no way to fix the current cellular phone security status quo, every single facet is designed to be leaky and allow "good guys" backdoored access "for the right reasons" and so on, whether it's "user experience telemetry" or "we have a warrant".
Running bog standard linux with sensible security defaults and a good softphone over an internet connection would be fine. There's nothing magical about phones or UX or wtfever this month's marketing rationalization is.
Handheld tablet computers with optional hardware, or even modular hardware, are going to be the future. The current paradigm of parasitic cellular carriers, invasive governmental regulatory bodies working on behalf of all sorts of corrupt interests, and complicit hardware manufacturers are 100% all in on milking consumers for every last unearned penny or intercepted PII they can get their grubby hands on.
It's far ahead, but at the same time, I think we shouldn't over-emphasise how much. Functionality at the beginning of a project's lifetime is way more important than incremental improvements (or just changes) made later, and thus while much more effort has been invested into Android, new projects primarily need to catch up when it comes to e.g. phone call support and stability, and won't have to redo a lot of the effort of e.g. implementing Material You 3 or whatever.
Which is to say that we're still years out from a viable competitor, but at the same time, there could be one five years from now, which is also not that long.
You're also underestimating the amount of fundamental work that goes in Android. The vast majority is hardware integration. It's not all fancy little bells and whistles. It would have the added benefit of not having to relearn the security mistakes like LIST_ALL_PACKAGES or READ_SMS permissions being open to all, at least.
Sailfish?
In addition, its compatibility with android apps is also chains: why would I bother developing for sailfish (especially since it involves Qt / Qt Creator) when I can just develop an Android app, and say it'll run well enough (unless it needs play integrity, which is the same problem, or somehow falls behind in android/androidx compatibility)
Honest question: why are mobile devices more hostile than laptops/desktops?
It's a key to your life. The perfect target for any attacker.
Linux has SELinux as a default option which Android makes good use of, some forks more than others, and setup correctly it is better than user isolation. You could also recreate the protection user isolation provides through policy alone.
World would be better off if they De-Google and De-Apple! You have to pay me to use Google and Apple!
Edit: So apparently they're launching new hardware so maybe it's not as dead as I thought it is.
This is the sad part. I've resisted that slippery slope as much as possible. In part because of ideological reasons, and in part for usability reasons. I have large hands and poor eyesight - using a phone for non-trivial tasks is tedious. I think the only thing I encounter from time to time that requires a smartphone is paying for parking. Everything else I do from a desktop, or don't do at all (doom-scrolling etc.)
I wish society would resist the smartphonification of everything for no reason. A lot of it is marketing- and surveillance-driven.