Coming soon: Privacy-enabled open source mobile

By | January 2, 2018

The creator of Mandrake Linux is taking a bold step to go up against Google – by building am open-source Android operating system that isn't going to cough up all your data to Google.

'Do no evil.' Or so they once said, at Google.

This definitely looks like an effort worth supporting, in these days of data collection wars!

eelo, a mobile OS and web-services, in the public interest
eelo is creating a desirable, privacy-enabled and open source mobile operating system, and associated web services.

30 thoughts on “Coming soon: Privacy-enabled open source mobile

  1. Jake Weisz

    Things that cannot be successful from a business standpoint are effectively "not possible". Failure is effectively assured.

    The fact that anyone who gets on board with them will be A. running an insecure trash OS, and B. SOL when the company predictably crashes and burns is just extra.

  2. robi b

    I guess. But the point is that it's possible. Whether it can be commercially successful without Google's blessing/core apps can be a different argument.

    And so is the concept of if Android is good or badly designed. It's still a tribute that it even exists, however restricted, for others to modify and use, unlike iOS and Windows.

    And that fact alone can still make it a desirable choice for some enterprising company that wants to try something.

  3. Jake Weisz

    +robi b Amazon had a very hard time finding someone to build the Fire Phone, most manufacturers can't. OnePlus phones have Google's proprietary bits, they're Play Services loaded and all.

    Notice that if Google wants to punish a hardware vendor for not playing ball with them, they can regardless of it being a web app: See the YouTube block on the Echo Show.

    The point is, Google has carefully designed Android to be open source… for marketing purposes. But it's only open enough to allow you to hang yourself. There's plenty of gotchas to ensure that anyone who tries will fail. Eelo will not be an exception to this.

  4. robi b

    Oh, the Fire phone was dead the day it was released. But I think the point you said was that it can't be done because you cant fork Android or that there are some anti competitive deals in place. So that's why I was confused how something like that could exist and produce at least an ecosystem.

    The business savvy of doing that is a different discussion. Same applied to Cyanogen and so on. The shot was there, but the business success was missed. Now perhaps I just don't know enough about what was actually available on that platform to make it work or not work. Afaik, and it's been a really long time since I've messed with ROMs, at least on some custom ROMs, you can or dont have to load in the GApps Suite, which as you said is perhaps a big deal to have and be able to use. So that's where I was a bit confused.

    Finding an OEM that will help you perhaps is that hardest part… but again, people can try. So does that mean Huawei broke the anti competition deal with Google to make the OnePlus phone? I guess that part I still don't quite grasp.

    I wonder if the concept of all these things moving to a web standard PWA are going to change the ability to "load" these utility tools onto any platform? But that's probably another discussion.

  5. Jake Weisz

    +robi b How's the Fire Phone doing again these days?

    The Amazon Appstore has very few of the apps most people use, and many of the versions in the Amazon Appstore are either archaic or outright broken. (If Skype is even still listed, last I checked, it was but didn't work at all. Skype for Android doesn't work without Google Play.)

    Eelo is probably not a hardware manufacturer. Almost all phone companies have a manufacturer who builds the hardware in question. For example, Apple has Foxconn build their phones. OnePlus phones are made by… I think Huawei? I forget for sure.

    Android as a platform is the operating system people have and use, it's proprietary, and includes Google Apps (which is more than just apps now, a lot of the underlying Android platform is now a part of Google Play Services). AOSP, or the Android Open Source Platform, is the stripped down open source fork.

    And again, Windows Mobile failed mostly because it didn't have YouTube and Gmail and Google Maps, not because it didn't have Angry Birds. "Millions" of apps is not enough. You just need about fifty apps, but they're the right fifty apps… The fifty apps that all depend on Google to work.

    Android really isn't fixable, because it's architecturally not secure. In 2009, when it was designed, it made sense. In 2018, it does not, and cannot be fixed. You know, without breaking those "millions of apps".

  6. robi b

    What does… err did Amazon use for their Fire phones? And doesn't Amazon have a whole app store with pretty much all the apps listed there? I guess I'm a bit confused.

    Also I can sideload the Amazon store onto my "normal" Android phone and run the apps from there as well right?

    As for the anti competitive clause, I guess that applies to OEMs. But that's why Eelo is making their own phones aren't they? Or did I mistake that? Isn't that what OnePlus did with Cyanogen and so on?

    Still a little confused about the whole forking business. Was that getting access to Android or to the Google Suite of apps?

    Anyway though, from a company perspective, if you can start with a base OS that allows for compatibility to load on any of the millions of existing Apps, that alone probably is well worth it despite any OS flaws. It's certainly a recipe for better success than pretending like you can get all these apps to support your platform as well as iOS and Android (and once upon a time Windows and Blackberry).

    Seeing that you cant run iOS on your device, and making your own is too isolating, Android is left as the only choice. Now whether that's a good OS or bad is somewhat related, but tangential.

    And at minimum, even if 90% of Android is bad, the fact it's available at all is a huge thing (and fixing it is even bigger) just for the ecosystem. And code is always fixable (to a certain extent).

  7. Jake Weisz

    +robi b It's not "pick what you like", it's "pick what meets even a minimum baseline of security". And right now, no Android fits that bill.

    The issue is that you can't succeed with a fork OS, because 90% of all manufacturers have signed the anticompetition clause that prohibits them from building or shipping Android forks. So most OEMs can't use your OS even if they wanted to, and you will even have a hard time finding a company who is legally allowed to manufacture it for you.

    Amazon does use a fork for Kindles, but almost no apps run on it. It's not just Google Apps that don't work (though that's a big one, and why Android forks are almost guaranteed to fail to make a profit), but things like Uber, Skype, Snapchat, etc. won't work either. They're all dependent on the proprietary parts of Android that you can't fork and can't include in forks.

    Basically, forking Android is not significantly easier than starting from scratch, and in a lot of ways, it's harder. Which mitigates any benefits that it might have. And on the downsides, building off Android means you're starting with a broken, outdated OS that's been intentionally had holes cut in it meant for Google's proprietary code to fill in.

    This is not a good business idea, and I can't fathom why anyone would expect it to succeed.

  8. robi b

    +Sophie Wrobel Which feels different than what +Jake Weisz mentioned in terms of some sort of anti competitive clause then. So I'm a bit confused.

    It sounds like you are legitimately allowed to fork Android and "compete" with google. Actually, isn't that what Amazon does with their own devices, even so much as excluding any Google products and services they don't want?

  9. Sophie Wrobel

    +Jake Weisz I may have misread, but my understanding is that they wanted to move those components (e.g. Google Location Service) into the eelo cloud instead to create a usable ecosystem. Assuming Google doesn't cut them off for regutting their proprietary components (i.e. the risk).

  10. robi b

    I was thinking more in terms of a company that wants to build something.

    Personal use, sure, I just pick what I like. I'm already assuming my data is consumed by whatever entity I have to use. In that sense I trust no one, but have to trust everyone…

  11. Jake Weisz

    +robi b The problem is Android isn't secure, and nobody should be trying to use an Android fork. "Something is better than nothing", but vastly worse than existing options like… buying an iPhone.

  12. robi b

    Is it still the case of something is better than nothing (Cyanogen, Eelo, etc)… cause it looks like starting with nothing and trying to build it up from there hasn't exactly been a success either unfortunately.

    Maybe at least a half hearted donation to the Open Source community is better than not letting anyone use their OS and closing source?

    I haven't heard much about Fuscia other than it exists, it landed on the Pixel Chromebooks… but no clue how it'll work into the future. Atonement for Android? 🙂

  13. Jake Weisz

    +robi b The main issue is twofold:

    – Manufacturers are legally prohibited from distributing forked Android versions due to an anticompetitive contract with Google.

    – Most apps will only run on phones with Google's proprietary Android components included.

    So, while there is a crippled version of Android you can technically download and build software based on, it is both effectively useless, and nearly impossible to build a business around.

  14. robi b

    Ah, ok. Looks like I misread. Eelo is built from an open source project that is Android app compatible… though looks like that came from Cyanogen which is based on the Android mobile platform. So that's maybe where I get lost. Is it or isn't it a fork of Android? Which would imply that there an Open Source forkable version of Android?

    Anyway, researchers can get access, but I guess the discussion was about how a company can build something substantial without having to start from scratch. Ubuntu tried, and others are out there, but it's hard to get traction when you have to abandon your ecosystem for another new one.

    That seems to limit options severely if you want to do what eelo wants to try to do.

  15. Jake Weisz

    +robi b Android isn't effectively open source or forkable. That's a huge misconception Google likes to roll out when it suits them. And as I stated above, there's no established app ecosystem an Android fork can really use.

    Security researchers can actually get access to Microsoft closed source code pretty easily. Likely with Apple as well. The primary thing about closed source products is that nobody's licensed to modify or distribute the code.

  16. robi b

    And since Android is opensource and forkable, if Eelo does manage to make things "better", that could then potentially be pushed back into the original code making that better.

    I'm not sure how I see that happening in iOS or Windows. Isn't then just as bad to have to rely solely on Apple or Microsoft's word about what this month's security fixes are? Especially if you don't have open access to the code?

    That makes the security assumption of the other OS's being better just that… an assumption that you can't really verify if you really wanted to.

    As far as a new company that wants to get a head start, there doesn't seem to be many realistic options out there that can be built upon and not alienate itself from any of the established app ecosystems.

  17. Jake Weisz

    +Tim Box I'm not "suggesting it as an option for eelo". I'm suggesting it as one of the only options for the user.

    +Sophie Wrobel iOS doesn't collect anywhere near the realm of data that an Android device does, and Apple generally cannot read or access data from your device. You may note several cases where the FBI has compelled Apple to hand over data on users or unlock phones, only to get a response of "sorry, we can't". This is completely the opposite of Android, where all data is transparently available to Google, and Google is regularly legally compelled to hand it over.

    As far as securing Android, you simply can't. It needs to be rebuilt from the ground up. Fuchsia shows promise, though that's because Google's business side team hasn't gotten involved in ruining it yet.

    The problems using an Android fork are the same reason Windows Mobile hasn't done well: No apps. You could fork the horribly bad Android OS in order to make a 'privacy-respecting OS' but the problem is nothing would run on it. Google has invested millions of dollars into promoting the use of Google Play Services over open source APIs. Despite Android having a Location API, no location-enabled apps will function without Google Location Services, a proprietary version which sends data to Google constantly.

    Even Google's direct competitors, like Microsoft, only offer apps dependent on Google's proprietary APIs. Imagine my surprise when I found out Skype and Outlook wouldn't run on an Android device unless Google Location Services was running.

  18. Sophie Wrobel

    +Jake Weisz iOS is more secure, but not an option for me as it really only works if I'm okay with sending my data off to Cupertino. And without support for mainstream apps, any secure OS won't find mainstream acceptance. So yeah, there isn't any perfect solution.

    Personally I think that eelo is one of the more promising compromises. Duval himself mentions under 'risks' the difficulties that might come up as they're forking from a Google-maintained Android base. Assuming Google doesn't intentionally (or non-intentionally) trigger problems there, I'd expect a secure fork to branch off sometime after Duval manages to get eelo onto the market map. And I'd expect someone to gut out Android by then.

  19. Jake Weisz

    +Tim Box No. If you want iOS, you need an iPhone. But as it's one of the only well-managed mobile OS options out there, we're stuck with that. I don't allow Android phones in my environment at work, and I can't fathom the sanity of anyone who would.

    Windows 10 Mobile uses the exact same kernel as Windows 10, and receives security updates on the same schedule. In fact, I can tell you I'll receive my next security update at 1 PM or so my time on January 9th. My last security update was on December 12th, at around 1 PM or so.

    Most bugs in Windows 10 Mobile, therefore, are discovered because they are common with Windows 10. However, Windows 10 Mobile has a significantly reduced attack surface (since it can't run Win32 apps and users can't elevate to admin/root as part of normal platform operation). It basically has all the security benefits of being Windows 10 with none of the security downsides of being Windows 10.

  20. Tim Box

    +Jake Weisz So let me get this right someone like eelo can go to apple and use there OS?

    How much real life testing has windows mobile had? How often are the security patches?

  21. Jake Weisz

    +Tim Box The HP Elite x3 Verizon model was released two months ago. (The unlocked model is about a year old, but essentially identical.) It's pretty great and will get security updates to 2019. The iPhone is obviously much more popular, and has a lot more apps.

    There are, unfortunately, no other viable options. The fact that there aren't is mostly because Google operates very anticompetitively, and unfortunately, there is no solution outside of legal action.

    Using Android is not an answer, because Android is not fixable.

  22. Tim Box

    +Jake Weisz So everything but nothing?

    What new phones are using Windows? Is it an option?

    Give me one just one non apple phone running ios?

    Where is the support for Tizen of sailfish?
    What new phones are running either?

  23. Jake Weisz

    +Tim Box Literally anything else. I'm on a Windows Mobile device until support drops, but iOS is also a safer and better option.

    Google does not have a security-focused approach to Android, and it shows painfully. There is nothing that even ranks on the same order of magnitude of how insecure Android is. Maybe still using Windows XP?

    I'd love a great open source OS on a phone. I'm bummed Ubuntu Phone got scrapped, that Firefox OS got scrapped. I'd love to hear good news from Sailfish or Tizen but am not holding my breath.

    But Android isn't even an option anymore. It's design worked in 2009. It could maybe work today if managed to people with a security focus, but unfortunately that isn't the case. It's a dated platform that performs poorly, that has no hope of ever being secure.

  24. Jake Weisz

    As long as it's still Android-based, it's not worth my time. Android is the problem, long as people are building on top of Google code, they're doing it wrong.


Leave a Reply

Your email address will not be published.