it is possible this time or future?
Try using the forums search. You will find many things with the keywords: “Android”, “Anbox” or “Waydroid”. Tldr: Android is possible but not polished - so much is missing right now. iOS is not possible.
The Librem 5 runs GNU+Linux, which is basically desktop Linux with Linux apps that adapt to the small screen.
It is neither iOS, nor Android, but as @epinez said, you may be able to get some Android apps to function by installing Anbox or Waydroid. The experience will not be as smooth or as complete as running Android apps on an Android phone.
I hope it won’t. I do not want to have spy ware and apps phoning “home” on my L5.
OK but sometimes there are apps that just have to be used and those apps are unlikely to be available open source and native for the Librem 5.
At least in my country there is no app or phone “that you have to use” from the point of law. The rest is always your own decision, for example if you have to use “What’s (the matter) Ape”.
A few examples though:
- a bank account that requires 2FA with the second factor being an app that only runs on iOS and Android
- a company VPN ditto
- a government service ditto
It is commendable that all of the above are secured more strongly than just a password. If only they would document what algorithm the 2FA uses and use an open standard.
Only the third is effectively law but in practice I think few people will want to give up internet banking and few people will want to resign (and find an employer with weaker security).
That’s without even getting into
- COVID-related apps
that are also or will soon be law.
At least running Android in a virtual environment, you can exercise a little more oversight and a little more control over what it does.
Anyway, just because it becomes “possible” doesn’t mean you have to use it. So it should become possible and those of us who have no choice will use Android apps sparingly (the bare minimum) and you will remain free not even to install e.g. Anbox much less run any Android apps.
In such case you really should complain to your government, bank etc. that they force the duopoly on citizens…
How much notice do you think they would take? (That’s a rhetorical question.)
It’s a bit chicken-and-egg.
They would no doubt say: Mr Wade, you are the first person ever to complain about this because you are the only person in the country who uses a phone running Linux and accesses this particular government web site. We aren’t going to add support for Linux for one person.
Then other potential customers in this country think: Why would I want to have a phone running Linux when I am going to need to keep my spyphone in order to access this particular government web site anyway?
So, yeah, Anbox is something that I want to run even if I don’t really want to run it.
My government would be lucky to have heard of Linux. They only know Microsoft, Google and Apple. (So their actual first question would be: What’s Linux?) I think the situation in Europe is better.
As for the bank (and some other government web sites too) … they periodically badger me to enable 2FA, and, once you do, it seems there is no going back(!) … so I have so far got away with saying “skip, I don’t have a mobile”. However that might not last forever.
This is the whole point. If everyone expects such answer without doing anything, then such answer will be correct forever. But if someone starts asking, at some point more than one person should ask that and the government may start to think about it.
I expect that people with Linux phones are more politically active and therefore even just ten people in the country could already start questioning their government immediately trying to make a change.
My bank also changed SMS 2FA to app one. I payed 25€(!) to buy a TAN-generator as app-less option. I was very angry since I had no choice for anything else. They removed the cheaper TAN-generator from store because it had no QR-scanner integrated (wouldn’t be a problem for me to type in some numbers in …). My Android is too old to use apps or internet (without security risks) and my new phone should run Linux software only. I bet you also have such options or can change bank. It is also more save then an unsecure proprietary bank app.
And is there really no alternative to your government services like a html website?
If both not, how often do you need it? You have also another option: use your old Android phone just for this purpose. If you want to use Anbox as soon as it works for you, you can do. But that doesn’t mean you have to.
It is my understanding that most Android apps are written in a modified version of Java that Google basically stole from Oracle and the open-source community. Would it be possible for the app developers to simply compile their apps that they have the source code to, in a linux-friendly compiler?
One challenge that I can see is that I wouldn’t want my bank to publish the sourcecode that protects my funds they are holding for me.
I would. It’s the next best thing to publishing a API
Why? GnuPG is also published sourcecode and the encryption isn‘t possible to break.
This is an HTML web site. The app is only used for 2FA. (Well, it may be used for other things but I don’t know what they are - which is part of the problem!) You are right though that I have not looked into whether there are alternative ways of authenticating (e.g. hardware token) - and that I use an old (SIM-less) spyphone to authenticate, until such time as I am up to speed on Anbox. Using an old phone has its limitations though e.g. updated incompatible version of app may eventually be released that requires a more recent version of the operating system than can run on the old phone.
Security through obscurity? If the only protection of your funds is the secrecy of the source code then your funds are not protected. A sophisticated criminal organisation can reverse engineer the source code and if it is truly the case that the secrecy of the source code is the only thing standing between that organisation and the bank’s funds then you can bet that it will be worth their while.
Indeed. Anyone who says that they have a strong encryption algorithm but that the algorithm is secret would get laughed off the internet by cryptographers the world over. An algorithm is only by consensus declared to be strong precisely because it can be and is independently reviewed.