What is the advantage of PureOS over a de-googled android phone?

It seems to me that the creation of PureOS (which essentially involves UI debugging GNOME?) would be more work than taking base android (which is still FOSS linux) and removing the google components. In fact I think that has already been done and continues to be done, although there hasn’t been a lot of (any?) open hardware that can support it.

I mean, I understand why someone would prefer a GNU/Linux phone to an android phone, but in terms of making a “privacy phone”, wouldn’t android minus google be just as good? Does is make “privacy hardware” any easier using GNU/linux over android?

1 Like

Welcome @gingergabbai

Google is slowing killing the FOSS part of the phone. LineageOS and /e/ are the two Android versions I know.

Ubuntu Touch is another Linux mobile OS and it would have been easier to fork that or another Linux mobile OS.

Purism wants convergence, so they could have used Plasma mobile KDE with Qt (mostly open-source). The issues they have with all of those options is they already use PureOS and would need to move their codebase or have two OSs. Also no one was working on convergence with Gnome, and GTK is building out a lot of touch functionality.

Gnome is a great community project while Qt (awesome and fully featured toolkit) is a free core company that recently (due to covid) added a year delay to their FOSS version.

All of this plus Purism’s mission means their ‘best’ course of action is to do what they are doing. Others could add about the mission and privacy, but that’s enough from me.

1 Like

There’s also the question as to whether base Android would even boot on the Librem 5 hardware. So a choice of Android then could either require more work than just removing google components or it would influence the choice of hardware in unacceptable ways, noting that Purism’s intention was to limit the hardware to “pure” components (i.e. not requiring blackbox drivers and not requiring blackbox firmware to be loaded by the operating system).

A typical Android phone would not meet the hardware requirements (would be all-in-one SoC with blackbox software of some kind) and so typical out-of-the-box Android has no particular reason to support the hardware that does meet the hardware requirements (although that is not proof that Android doesn’t support that hardware).

If you install LineageOS (or any other AOSP derivative) and then use the F-Droid repository to install all your software (like OsmAnd~ instead of Google Maps), then you get de-googled Android. I’ve been doing that for the last 5 years. You need to search for your model and LineageOS on the xda-developers forum and read the comments to find out if everything works and if there are any tricks to installing/configuring. Every installation I have done has been difficult, but I learned a lot in the process.

If you don’t want the pain of doing the installation yourself, you can buy a phone from the /e/ Foundation, which is what I recommend for most people.

Android has some security advantages over Linux, because it has better sandboxing of apps and better kernel hardening. We will have to see how good PureOS/Phosh will be at sandboxing using flatpack+bubblewrap, but flatpack has been criticized on security grounds. Ubuntu Touch claims to have good sandboxing of apps that matches Android’s sandboxing.

Android has a ton of spyware and malware written for it, whereas with PureOS, you are only going to install free/open source apps in the PureOS Store. Purism says that it will have a badge system to identify good apps in terms of privacy. You can get the same benefits if you read the descriptions in F-Droid, which labels the apps that collect your data. However, most of the apps in the PureOS Store will probably be existing desktop GTK software that has been adapted for mobile, and very little of the existing desktop GTK software found in Linux distros like Debian collects user data.

With the Librem 5, you are getting hardware kill switches, and all the components like the cellular modem, GNSS and WiFi/Bluetooth are communicating over serial protocols (USB, SDIO, I2C, UART) that don’t allow Direct Memory Access. The makers of integrated SoC’s like Qualcomm claim that their IOMMUs are just as good at protecting against DMA, but it is hard to know since nothing is verifiable. With the Librem 5, you can read the schematics to verify that the hardware kill switches actually cut the power to components, so you know the component is turned off, and you will never have a problem like Google servers collecting geolocation data from Android, even when airplane mode is activated.

Purism uses security that is verifiable and controllable by the user. With an Android phone, you might have have verified boot, but it was signed by the manufacturer or Google, so you don’t control it. With the Librem 5, you can read the source code to everything in the root file system.

There are often proprietary drivers in Android phones. Even when Snapdragon is using an open source driver, its code was written by Qualcomm, and it hasn’t gone through the process of being committed to mainline Linux kernel, which requires code review by the Linux maintainers. In contrast, Purism is trying to get everything upstreamed to the mainline Linux kernel, and it will go through code review before being committed.

3 Likes

This point needs to be stated again. Because the Librem 5 is basically going to be using the mainline Linux kernel, this means that you’ll be getting kernel security updates for as long as it’s a supported device.

That’s decades - plural. You’re not relying on the single maintainer for your particular Cyanogenmod fork, the Linux kernel team will do it for you.

From what I know about Android kernels, they’re all forks of an (several?) older version(s). Sure, you can patch it, but you’ll be applying patches to older and older kernels and it’ll get harder to do as the age difference gets greater.

The same goes for all the libraries and underlying software. Since you won’t be using some weird kernel, you’d be able to either just build the newest versions yourself, or since PureOS is very closely related to Debian, it might well be possible to just point at their arm64 repository and install updated packages directly from there.

2 Likes

you mean they are slowly but surely replacing the parts of the code that are copy-left licensed with more that is non-copy-left. is that correct ?

Plus they outsource more and more parts to the proprietary Play services.

Personally I don’t worry or have much knowledge about the details of it, but I do appreciate the fundamentally different approach taken by Purism. The options are:

  • Do something based on Android, taking a system that was designed to be a spy brick and try to remove the spying components from it.
    or
  • Build something new, not based on spy-brick technology but being built with user freedom in mind all the way from the beginning.

I don’t know which will be more secure, probably that depends on what you mean by security, if your goal is long-term or short-term, threat model and so on, but I do appreciate the approach of building something good from the beginning instead of modifying something that is bad trying to make it better. Instead of a modified spy-brick we get something that was never designed to be a spy-brick to begin with.

Also, being closer to a regular GNU/Linux computer means it will be easier and more fun to play with, which matters a lot to me. :smiley:

1 Like

For the average customer, there is no advantage.

Especially since the de-googled phone benefits from the technology stack that has been getting improved for over a decade. You also are able to take advantage of applications that are specifically designed for the format. /E/ Foundation has many apps that are only on the google play store as well should you need them. (WhatsApp, Signal, etc.)

We are talking about better battery life, better integration, better services.

BUT!!!

The point of the Librem 5 is desktop Linux on a phone, but with UI specific to the format.

Given Apple’s recent move to ARM, this bodes well for ARM based platforms in general. This is because more attention will be given to the processor by developers.

Other points to the phone, that will take sometime to really matter, are that the phone is designed to be modular, meaning you can swap out radios, etc. The phone is also designed to be user repairable.

Let’s also not forget about the kill switches.

Yes, killing FOSS was a lazy way of saying they are replacing parts of the open-source code (not just the kernel) with non-left-licence and proprietary code. One way is what @epinez said with moving parts into Play Services so it’s hard for people to fork Android.

1 Like

Yes, I forgot to mention all the issues of longevity and maintenance, which really are the most important reasons to buy a Linux phone.

The problem is that when you buy an Android phone, you get an integrated SoC which contains everything important (CPU, GPU, VPU, WiFi, Bluetooth, GNSS, cellular baseband, USB controller) and that SoC is only manufactured for 1 - 2 years and only gets firmware and driver updates for 2 - 3.5 years.

In contrast, NXP promises to produce the i.MX 8M Quad till Jan 2018 and produce the i.MX 8M Plus for 15 years, which means that we are guaranteed years of firmware updates, and driver updates, because NXP contributes to the mainline Linux driver. PINE64 promises to manufacture the PinePhone for 5 years, which is longer than any smartphone in history, which means that PINE64 must have gotten promises of 5 years of production from its component suppliers. Therefore, the Librem 5 and PinePhone are going to get more years of proprietary firmware updates from the component manufacturers than Android phones will get.

In addition, some of the FOSS drivers are maintained by the manufacturers themselves, such as NXP and Redpine Signals for the Librem 5 and RealTek for the PinePhone. Because all the drivers in the Librem 5 and PinePhone are FOSS, they can be maintained forever by the community. As long as the community cares about the hardware, there will be Linux drivers. The Linux kernel still contains drivers for the Intel 80486 which was released in 1989.

With the Librem 5, you get a promise of lifetime software updates and Purism can make that promise because so much of its software is maintained by a larger community. Purism has to do a lot of work to use the GTK/GNOME ecosystem and adapt all those desktop GTK apps to run on mobile, but once it is done, it will be very easy to maintain, because it can rely on the larger community and all the companies that contribute to GTK/GNOME, like IBM/Red Hat, SUSE and Canonical, to provide updates to the software. Because Purism’s goal is to upstream its changes to a program like GNOME Contacts, the maintainers of that software will keep providing it with updates. Purism is getting as much of its software as possible to be adopted as official projects of GNOME, such as libhandy, Chatty and Calls, so they will keep getting updates from GNOME. There will be very little that Purism has to maintain alone (Phosh, Phoc, haegtesse, Squeekboard, etc.) and the fact that software is being ported to the PinePhone and every future Linux phone, means the Purism will probably have volunteers to help it.

Purism chose to adapt existing desktop software that already has maintainers, so it has little of its own software to maintain in the future. Because of that strategy, I think that GTK/Phosh will be more maintainable than KDE Plasma Mobile which has a lot of its own mobile apps to maintain, and KDE has less corporate support than GNOME. Ubuntu Touch by UBports, LuneOS, Sailfish OS and Firefox OS/KaiOS have a lot of siloed code which will require huge amounts of work to maintain. Basically Purism chose to invest a huge amount in the present in software development, in order to have the most maintainable system in the long-term.

Now let’s compare what happens, with a de-googled Android phone. First of all, just figuring out how to unlock the bootloader on many Android phones is a nightmare. Only ASUS, BQ, Essential, Fairphone, LeEco, Google, OnePlus, Razer and WileyFox allow the bootloader to be unlocked without requiring authorization from the manufacturer, and Huawei and Apple literally make it impossible. If you have the bad fortune to buy a phone sold by a cellular provider like Verizon, then it probably is also impossible if the phone can’t be cracked. To see how evil phone makers can be, read my article, “Why we don’t own our mobile phones”.

Once you figure out how to unlock the bootloader, and you install an AOSP derivative like LineageOS, then it is a total crap shoot how well it is going to be maintained in the future. You are depending on volunteers (often just one or two for many phone models), who are trying to figure out how to make the latest AOSP version work with an ancient kernel, firmware and drivers that haven’t been updated in years, and they don’t have NDA’s with the component suppliers to get any code updates or component information.

If you buy a OnePlus, then you are pretty much guaranteed to always have a good LineageOS port that you can use, because there are a ton of LineageOS volunteers and OnePlus actually works with the community, and always uses a Snapdragon processor (which is the best supported of the mobile SoC’s). If you buy anything else, well you have no idea what you will get. Google and Sony are a little better than the other manufacturers, but their models don’t have as many volunteers working on them as OnePlus. Everything else is highly sketchy. You might get LineageOS ports, but something always seems to not work right. Whenever something doesn’t work, you will waste hours trying random fixes that you read on the xda-developers forums, and maybe you will get lucky, but probably not.

The volunteers at the AOSP-derivative projects are often working in the dark after the phone makers stop releasing firmware and driver updates for a phone model. Many mobile SoC’s like Qualcomm Snapdragon, MediaTek Helio, UNISOC, Samsung Exynos, HiSilicon Kirin and Xiaomi Surge don’t release their documentation without an NDA. Virtually all WiFi/Bluetooth and cellular modem manufacturers require NDA’s just to access the documentation on their chips. The only SoC manufacturer who can really be relied upon is Qualcomm, because it publishes all its commits in Code Aurora, whereas MediaTek and Samsung only occasionally give extra info, but mostly just do the bare minimum code dump required by the GPL.

When using an AOSP-derivative, you get a very outdated kernel. It takes Google a while to apply its changes to mainline Linux for Android, and then it takes phone manufacturers a while to release a phone model for an Android version, and then it takes volunteers a while to port LineageOS to that phone model.

By the time, a good LineageOS port is ready and fully debugged, you are probably buying a phone that is already 1 year old. For example, if you buy a new phone today, you are probably going to get AOSP 9 (released on 2018-08-06), which supports Linux kernels 4.4 (from 2016-01-10), 4.9 (from 2016-12-11) and 4.14 (from 2017-11-12), so you are using a Linux kernel that is 2.5 - 4 years out-of-date.

Google doesn’t require Android phone makers to upgrade their Linux kernels when upgrading Android, and most of the LineageOS ports just use the last kernel provided by phone manufacturer, because it is black magic to try and understand how everything works at that level, since there is no way to get any info/firmware/drivers from the component manufacturers. So if you have a LineageOS phone that is 3 years old, you are probably using a Linux kernel that is 5-6 years old.

Let’s say that you won the lottery and bought a phone model that is still getting good LineageOS ports with recent versions of AOSP. With PureOS/Phosh, you just type sudo apt dist-upgrade and it all upgrades automatically. With LineageOS, you copy all the essential info over to your PC. Then do a clean install and then copy all your essential data back over to the phone, and it takes you hours to get everything back to the way you want it. You get a new version of AOSP, but you still have that same ancient kernel as before.

Now let’s compare what happens when your hardware breaks. If you bought a Fairphone or a ShiftPhone, then you are in luck. Otherwise, hope that iFixit has parts for you, because the Android phone manufacturer wants you to buy a new phone and sees no reason to help you fix your phone. We will see how well Purism will do on providing parts, but PINE64 is already selling parts for the PinePhone.

Let’s say that you are paranoid that big brother is spying on you. The community can review all the source code for everything in the root file system for the Librem 5 (and everything but 3 Realtek firmware files for the PinePhone) to make sure that nothing evil got slipped into the code. When you decide that you want to go hunting for spy chips from the Chinese government, you can go look at the schematics for your Linux phone, but no Android phone provides schematics because they are based on copyrighted reference designs from Qualcomm, MediaTek or UNISOC which the phone makers aren’t allowed to publish. If you are really paranoid, you can look at Purism’s x-rays of the PCB’s, and x-ray your own PCB to make sure that they match, since the Chinese government was reportedly slipping spy chips inside the laminate layers in the PCB in Supermicro servers.

1 Like

I’m pretty sure the Fairphone 2 was produced for 5 years. On top of this it was released in 2015 and is still being supported by Fairphone, as there is a Android 9 beta for the phone that was just released.

What is more important here is not that Fairphone promised longevity in support, because they did, but that they have ACTUALLY done it and are continuing to do it.

This is software support long after Qualcomm support for the SoC in the FP2. Fairphone here is doing all of the heavy lifting in making Android 7 and Android 9 available for the phone.

I don’t say any of this to take away from what Pinephone is saying they will do.

1 Like

You made me go and look it up, because I wasn’t sure.

The Fairphone 2 was released in December 2015 and discontinued in March 2019, so 3 years and 4 months of production. The longest produced smartphone that I can find is the iPhone 4, which was sold from June 2010 to early 2015 (in some developing countries), so ~4.7 years, but it was probably selling old stock, because Wikipedia says it was produced for almost 4 years.

If we aren’t counting smartphones, the longest-produced portable mobile phone was the Benefon Forte NMT 450, produced from 1989 to 2000. The NMT 450 network kept being used by boats and in remote parts of Scandinavia for years, so Benefon kept producing a small number every year. The longest-produced handheld mobile phone that I can find is the Nokia 1100, produced for almost 6 years from Q3 2003 to Q2 2009.

Fairphone is pretty admirable, but it hard for a tiny company to overcome all the bad practices in the industry. The Fairphone 2 is a perfect illustration of why it is so hard to update an Android phone. None of the Android phones with the Snapdragon 800/801 that were released 2013-4 got upgraded to Android 7 (Nougat) in 2016-7, because Qualcomm decided that it wouldn’t release updated graphics drivers for the Snapdragon 800/801 because it was too old. Others say that the reason the Snapdragon 800/801 couldn’t be officially upgraded to Nougat is because it lacked hardware AES encryption and full disk encryption was mandated by Nougat’s Android Compatibility Definition Document (CDD) and it couldn’t pass the encryption speed requirements of the Android Compatibility Test Suite (CTS).

Because LineageOS didn’t have to obey Google’s onerous CDD rules and pass its CTS, LineageOS provided Snapdragon 800/801 phones with upgrades to AOSP 7, and a lot of Fairphone 2 users switched to LineageOS. Fairphone then spent €500,000 to switch from Qualcomm’s unsupported Snapdragon 801 drivers to the community-developed drivers. (It isn’t clear to me whether the community drivers were able to pass the Nougat CTS or Google relaxed its rules to let the Fairphone 2 pass.)

In November 2018, the Fairphone 2 became the only Snapdragon 800/801 phone to officially receive a Nougat upgrade, but it has never officially been upgraded since. Meanwhile, LineageOS 17.1 (AOSP 10) is available for the Fairphone 2, so the community is 3 years ahead of official Android.

Obviously, Fairphone should just switch to an AOSP derivative if it wants to make an environmental phone that lasts a long time, but it won’t because too many people want access to Google Web Services and the Play Store, so Fairphone can’t switch. Fairphone’s 2 troubles with Qualcomm’s unsupported drivers and the Android CCD/CTS convinces me that there are only two sustainable solutions:

  • If you want up-to-date performance, produce a Snapdragon phone with AOSP or Linux. After 3 years when the mainline Linux drivers get good enough, switch to them. The Snapdragon is the only integrated SoC that ever gets decent mainline Linux drivers, which is why I think that Volla Phone and Planet Computers Cosmo made the wrong choice in selecting MediaTek, because in a couple years they will be stuck with unsupported firmware/drivers.

  • If you want the most sustainable phone with the longest support from chip manufacturers and costs the least to keep upgrading, then make a Linux phone with a separated CPU/GPU/VPU, cellular modem/GNSS and WiFi/Bluetooth that has subpar CPU/GPU/VPU performance and poor battery life.

My prediction is that Linux phones will never go mainstream, until they get closer to the performance of Android phones. NXP with its focus on the automotive market doesn’t care much about performance, and Broadcom also isn’t focused on it. The only options are nVidia, Rockchip, Allwinner and Amlogic, which make SoC’s for tablets. Allwinner and Amlogic don’t cooperate with the community. Now that nVidia is sharing info on its GPUs with the community, that might be a possibility in the future, but nVidia’s Tegra chips consume way too much power for a phone. The best hope we have is the upcoming Rockchip RK3588 and pray that the Lima drivers can be updated to support ARM’s “Natt” GPU. If not, the NXP i.MX 8M Plus or an underclocked Broadcom BCM2711 is what we are stuck with.

1 Like

Sure if we are talking solely about hardware that is correct. However, as you broke down, FP has been doing some heavy lifting making newer editions of Android available on a chipset Qualcomm no longer supports.

To me this is longevity. Software has much large effect on product longevity than hardware.

I mean it is great what NXP is being promising, but the realities of business and that market might make it all just talk.

If Purism didn’t exist, FP would be a solid option for European customers.

Honestly, I just hope the L5 can be finsihed sooner rather than later, so that Purism can focus again on desktop computing.

I agree for Android phones. Hardware is becoming less important than it used to be, because the hardware has reached a level, that most people don’t perceive much difference in increased CPU and GPU performance. The benchmarks may tell me otherwise, but I don’t perceive any real difference in the performance of my Xiaomi Redmi Note 7 (Snapdragon 660) from 2019 over my Moto X Pure Edition (Snapdragon 808) from 2015. The only real difference I notice is that the Note 8 is more energy efficient and has a longer 19:8 screen, so it is easier to view wider web pages when turned horizontally.

The critical difference in longevity in my opinion are software updates. The hardware only makes a difference in the ability to change the battery when it wears out, the ability to replace the screen if it gets cracked, and the ability to insert a microSD card when the internal memory fills up.

However, the PinePhone and Librem 5 have the performance of a mid-range phone from 2013 or a low-end phone from 2015. I don’t think the weak hardware is going to hurt them that much, except when it comes to camera performance. The PinePhone is frankly garbage in the camera department, and without an ISP or DSP, the Librem 5 is going to be slow in processing images/video. The reviews are going to really knock the two phones for their poor battery life, and there isn’t much that they can do with separated components and older chips using 28-40 nm process nodes. Both phones are aiming to be able to last 24 hours in standby mode, and they will probably get there eventually, but my Note 8 lasts almost 3 days in standby mode, which shows how energy efficient integrated SoC’s have become.

Until Linux phones have decent battery life and camera performance, most people are going to strongly prefer a de-googled Android phone over a Linux phone. Of course, you can always use Linux on a Volla Phone, Planet Computer Cosmo, or Xperia 10, which solves this problems, because they contain a modern integrated SoC.

7 years ago, they actually made a smartphone SoC (the Tegra 4i) which was apparently quite competitive https://www.androidpolice.com/2013/02/24/eyes-on-tegra-4-tegra-4i-and-the-phoenix-reference-phone-at-mwc-with-benchmarks-and-stats/, see also https://www.anandtech.com/show/6787/nvidia-tegra-4-architecture-deep-dive-plus-tegra-4i-phoenix-hands-on for a more in-depth overview).

Unfortunately, it never got much use - only a very few devices were made with it and they were nowhere near popular enough to get a CyanogenMod fork (so there’s very little that you can do with them nowadays).

It’s a real shame, because they had a very interesting modem architecture - almost entirely software-defined radio from the bottom up (which meant that you could upgrade to a new radio standard without needing new hardware). Unfortunately, Qualcomm saw that, got scared and killed them early with a hefty dose of monopoly abuse and now we’re stuck with the current situation of having almost no choice of modem vendors.

3 Likes