I don’t think that there is much risk of an Android app running in Anbox getting unauthorized access your Linux files. Also everything is free software (LXC, Anbox, AOSP) except for the proprietary Android app you are running, so it is auditable and people who write malware for Android apps aren’t expecting people to be running Android inside a Linux container, so they aren’t writing malware for that.
The greater problem is that most people will give Anbox internet access and the Android app they install will send their personal data to Google, Microsoft, Facebook, Amazon, etc.
The other problem that I see is that we are creating less incentive for people to work on creating a Linux solution to the problem. To use my TTS problem as an example, there is less of a chance that smart programmers are going to work on good TTS support in Linux as long as everyone can use proprietary TTS through Anbox.
My understanding is that the Librem5 runs an adapted version of the Gnome desktop. In Gnome, the default mail and calendar app is Evolution. If Evolution as shipped by PureOS has been or will be adapted for the small screen size, that is what you use if you don’t want to use a webmail UI. No special app should be needed, just documentation and/or an easy method to configure Evolution for librem.one.
Stop lying, this is completely false. The base Android system is open source and if you deny an app permissions to use the camera it is denied, there’s no way around it unless the manufacturer makes patches around that which would be very strange.
The privacy issues with Android is not the permissions system, in fact that’s one of its strongest points. If you want to complain on Android it would be that an incredible amount of apps require an insane amount of permissions which are misused which the consumers don’t care about. Other issues are the closed source drivers, the modems with access to RAM, Google Play Services, the closed source manufacturer ROMs, the locked bootloaders, the inability to uninstall some pre-installed apps, the unmodular design of the Android system as a whole and more. Many of these are solvable with open source ROMs such as LineageOS if you don’t install Google Apps, but even then it’s not really close to being a free as in freedom device software wise and especially not hardware wise.
which is yet another problem of android ecosystem as a whole (not android OS per se) - non-verifyable code. You will never know if the above is true or false. And that’s I persume what @kieran was referring to. On normal OSS system you can normally reproduce the build and compare the checksum to be sure the code which you can audit is actually what was compiled into binary your system uses. On system like microsoft windows you can at least narrow down whom you trust - if MS signed the binary you can trust it was not tampered by the OEM. On the phone - neither first nor second option is available.
Agreed. What I’m trying to say is don’t blame android itself, blame vendors not open sourcing their code and Google putting a non-copyleft license on android. It’s easy to put a custom ROM on it which can be verified.
The A, B and C batches (all small) are out the door. A was probably internal-only.
The D batch (limited size) will be going out the door any day now.
The E batch (Evergreen), which is the bulk of the shipment (is everybody else who has ordered but not received), has not happened yet. Hopefully some time this calendar year e.g. Christmas present for me .
Not an official answer from Purism. Just my observations.