Apologies if this question is naive as I don't have much technical
knowledge.
I am sure that many of you are aware of projects like PostmarketOS
that aim to provide a longer life cycle for devices, among many reasons
to reduce the environmental impact of needlessly creating new devices.
They are doing this by building the everything from scratch and have
just gotten devices to boot, with their goals being to build up support
for features slowly, starting with the most essential.
So my question is are there attempts in the interim to essentially meet
them from the other end. By creating ROMS for older devices keeping only
the essential features updated.
i.e. Keep providing android feature updates and security updates for old
devices. But...
If a feature is not supported by the older hardware, remove it.
If a proprietary blob is not update-able and posses a security risk then
get rid of it.
for e.g. loose the camera blobs and of-course all photo/ video features.
If and when someone creates support for the feature or updates the missing
blob then add the support back in.
Are there still technical challenges with supporting even the most basic features
like calls/ sms / clock/ gmail etc?
Or is it simply that such a ROM has no demand?
Related
I couldn't fit the concept completely in the title, but here it is:
Would it be a good idea for Google to redesign Android in such a way that it allows for OEMs as HTC and Samsung to more easily add their layers Sense and TouchWiz upon it - perhaps even in the form of a single apk?
Considering the fact updates take extremely long because the newly released Android versions, in this case Jelly Bean, need to be altered by HTC and Samsung and others before Jelly Bean can be even released onto the brand devices, not to mention an even longer delay for those who decide to purchase their phone by the major source of destruction of innovation, that is, the carrier. If Key Lime Pie, the next Android version, is designed in such way that the OEM skins and Android itself remain seperate, would it be possible to update to a newer revision of Android without having to be dependent on the OEM and carrier? It would then be the OEMs responsibility to update their skin as soon as possible to maintain a proper experience, as obviously a new Android revision has new elements that could possibly remain unskinned yet at release.
I personally think a strategy in this way forces OEMs more to bring out updates as soon as possible, thereby driving competition up - which is ALWAYS a good thing, while Android updates remain independent of OEM and carrier.
Of course, there will be issues with such strategy, such as required updates to drivers. Skin updates are non-essential, while it would still be nice to at least have a functioning device after an update. How would that work out for devices by HTC automatically receiving updates to Android? Remember, the whole point of this idea is to bypass the need for OEMs and carriers altogether. While I even doubt thát is possible, I'd like to hear a discussion trying to achieve this point as closely as possible.
I even believe this thread, if it does result in great ideas, could be forwarded to Google to look at - but I might just be completely wrong with such idea and as such, I'd also like to hear why.
Discuss away.
They're already working on it.
[Note: This information is ~18 months old, probably. I haven't kept up to date on the projects.]
T-Mobile built a theme engine, which is included in CyanogenMod. However, there are aspects of it that Google does not quite like. Sony-Ericson is also putting forth an alternative approach, which Google likes better. So, T-Mobile is working to merge the best of both worlds.
The "big difference" between the approaches is:
- T-Mobile's themes are user selectable at run-time.
- SE's themes are set by OEM (need to flash a new ROM to change)... but they are more deeply/cleanly/??? integrated with the Android core.
It's both a technical and political matter.
So its about time that Google make a new version of Android which requires OEM's to have a Launcher which is treated more like a 3rd party launcher, so Google can throw out new updates to the OS via a Windows update style updater...
if the OEM's wish to adjust the OS's deeper code, then they lose Google's Auto OS Updater support for that device.
And if the main reason for not implementing this is US carriers, then make it available in the parts of the world where carriers care more about user experience, and just disable it in the states and if any carriers request that Google enables it on their network, then they can go ahead and do so...
and to be honest I think that after so long, most US carriers will have to add their support for this in order to avoid customers from switching to a different carrier for a better experience...
if US carriers ever try to stop innovation, then innovate everywhere else to put pressure on US carriers to implement these innovations... don't let them stop us from moving forward.
Also, if Google don't implement an Auto OS updates system (ie: to update from 4.4 to 4.5, or for security updates) then we may see Ubuntu phone becoming the better platform over time...
Edit:
Also I'd like to mention that as a developer myself, it really does my head in when I'm developing an app which uses all of the latest Android features, but I have to consider work arounds or removing those features all together because of the fact that most users devices wont be updated to the newer version of Android containing these extra features for developers to take advantage of...
I know it sounds like a base question since we're talking about security but I wonder in what instances are security patches really helping.
For example, suppose I only use the device with my data plan and my wifi at home (no public networks). Also suppose that I don't download 3rd party apps except those created by established companies like Microsoft (SwiftKey or Outlook). And suppose I don't visit many websites on my device (and especially no pr0n). In this instance, are security patches really necessary? Unlike most people, I don't do everything on my phone (no browsing the net, banking). I only use it for navigation, WhatsApp, and for calls.
I'm asking this question because I'm thinking about getting an Android phone. I'm currently an iPhone user and I want to break out of the Apple ecosystem. The problem is that some companies like HTC and LG seem to be slow to provide security patches or simply ignore them. https://www.youtube.com/watch?v=eDxUjSfp17E&t=6m35s
I'm interested in buying the LG V35 but the internet is full of comments about LG's horrendous support. I am mainly interested in keeping my emails and personal information safe. The only thing I value in the iPhone is the long-term support Apple provides but I'm willing to switch to Android if this isn't a concern if I use my phone exactly as I described above.
Thanks
Mity85 said:
I know it sounds like a base question since we're talking about security but I wonder in what instances are security patches really helping.
...
I'm interested in buying the LG V35 but the internet is full of comments about LG's horrendous support. I am mainly interested in keeping my emails and personal information safe. The only thing I value in the iPhone is the long-term support Apple provides but I'm willing to switch to Android if this isn't a concern if I use my phone exactly as I described above.
Thanks
Click to expand...
Click to collapse
First of all, welcome to Android ?
To answer your questions, security patches are indeed necessary, because if one day you lose your phone, potential flaws that would be patched with security update would be grand opened to hacker that want your personal data (like photos, videos, emails, contacts,...).
Even though it's very rare, that's more secure to have an updated phone.
Now, if you want long term services (updates from Google with the latest features and security patches) you should definitely go for a Google Pixel. Plus those are powerful and have the best camera on the phone market right now (machine learning helps a lot).
If your price range is around 400 $, then go for the Pixel 3a, if you're around 800 $ then go for a Pixel 3.
If you can wait a bit, wait until the Pixel 4 release, I don't know if it'll be a good phone (probably) but what I know is the more recent your phone is, the longer it'll be updated.
But if you are below that, check out the Android One series, that's not Pixel devices, but they get as well the long term support.
Hope it helps
I'd like to expand on this question a bit.
I have a friend who is experiencing "severe security concerns" at the moment. I'm actually kind of worried about this particular friend. This friend seems to primarily have concerns over "being tracked", so I'm trying to find the best approach to at least putting these concerns in the proper frame so that knowledge and education of the device and what it does, and how to control it would be more attainable to said friend.
I know that the security updates are important, but how do you advise someone who isn't rich, and is looking for a new phone, but is willing to dabble with rooting, even to the extent of removing / not installing Gapps? This friend seems willing to learn, so I'd like to think that taking the big picture of "best security practices" into account is an option (ie. don't open suspicious email attachments, learn how to identify phishing scams, only install apps you trust, etc...).
In my experience, apart from kernel and driver level flaws that leave gaping wide-open back doors, security mostly comes down to "being wise with how the device is used". Is that a fair statement?
Yes, security is a combination and balance of user knowledge & usage, oem hardware security, software security, country laws, etc.
Thanks @galaxys
Is there anything about rooting that makes a typical Android device less secure?
Or more to the point, does the ability to omit Gapps provide any natural security enhancement?
I'm asking from the point of view of a "moderately experienced" individual who knows how to spot suspicious attachments/files and phishing scams, and knows how to do some bare-minimum vetting of where apps are installed from. For the sake of argument, let's say this user has no Gapps, and gets their apps from FDroid or ApkPure, or ApkMirror.
This may be stupid, but I couldn't find any resources regarding this. We have custom recoveries for android devices but why isn't there custom bootloaders like there is for PCs ? Like in the PC space we have the likes of reFind and gnu grub.
Thanks
There are some instances of alternate bootloader projects. Just that they are not popular,
[Bootloader] LK for Xperia T
LK for Xperia T LT30p Only - Unlocked Bootloader Required WARNING 1: This modification makes changes to the devices partition table. I (lilstevie) am not responsible for any damage to your device or data loss that may occur. WARNING 2: ICS...
forum.xda-developers.com
EFIDroid
EFIDroid is a easy to use, powerful 2ndstage-bootloader based on EDKII(UEFI). It can be installed one-click with the EFIDroidManager app. You can add/remove/edit multiboot ROM's. There's no special support needed by ROM's or RecoveryTools(no...
forum.xda-developers.com
The developer of EFIdroid stopped developing in 2019.
efidroid on Android 9 and 10 devices ? · Issue #152 · efidroid/projectmanagement
Hi, I just want to know if efidroid supports devices with 6 GB RAM and 64/128 GB Storage devices running Android 9 and Android 10 ? thanks.
github.com
Not to mention you would need OEM's to cooperate....
Thanks @karandpr for that github comment a lot of info there. Thanks @galaxys too. So a quick summary would be that the reason is that for the bootloader to work smoothly there has to be support from the kernel too, which the OEMs should do and probably would not. But I didn't think about the support in the kernel was an issue. That does seem to be a lot of work and I see the reason now.
al_l_en said:
Thanks @karandpr for that github comment a lot of info there. Thanks @galaxys too. So a quick summary would be that the reason is that for the bootloader to work smoothly there has to be support from the kernel too, which the OEMs should do and probably would not. But I didn't think about the support in the kernel was an issue. That does seem to be a lot of work and I see the reason now.
Click to expand...
Click to collapse
I don't think Google intends to open up android anymore. They want restrictions like iOS but pretend to be open source for the "goodwill". What's the use of AOSP if you cant effectively install it on a device or your important apps don't work?
I believe PinePhones are the ones that can have truly open-source compatible hardware. The specs are underwhelming but the community is really good.
You can get spares easily and the battery is removable.
Only thing is they are mostly out of stock.
karandpr said:
I don't think Google intends to open up android anymore. They want restrictions like iOS but pretend to be open source for the "goodwill". What's the use of AOSP if you cant effectively install it on a device or your important apps don't work?
I believe PinePhones are the ones that can have truly open-source compatible hardware. The specs are underwhelming but the community is really good.
You can get spares easily and the battery is removable.
Only thing is they are mostly out of stock.
Click to expand...
Click to collapse
Yeah those are great but the problem is that they are not usable for "normies" which will prevent mass adoption and hence cannot have a sustainable business model.
But I think google is not the only one to blame, like couldn't the OEMs actually provide bootloaders that can boot signed os images. Or is there any technical or security difficuties in doing that.
al_l_en said:
Yeah those are great but the problem is that they are not usable for "normies" which will prevent mass adoption and hence cannot have a sustainable business model.
But I think google is not the only one to blame, like couldn't the OEMs actually provide bootloaders that can boot signed os images. Or is there any technical or security difficuties in doing that.
Click to expand...
Click to collapse
Normies are afraid to change the default browser, so bootloader is really out of their leagues.
Phone tinkering is a hobby, not a necessity. Phone tinkering itself is not a sustainable model.
Google is to blame primarily. Because they have a stringent list of requirements for devices to pass CTS. You can read the bootloader requirement and judge yourself.
Android 11 Compatibility Definition | Android Open Source Project
source.android.com
Without passing CTS, devices cannot use Google apps, they cannot get push notifications and they cannot pass SafetyNet checks used by most banking apps.
At the end of the day do I want to spend 100s of hours to bring a feature to an android phone which will probably be used by 10 users and deprecated by the time I finish doing it?
or do I want to buy a phone which will allow me to tinker freely in a community and ecosystem which allows modification?
For our tinkering pleasures, Pinephone is the way to go for now. They have support from Manjaro, Debian and KDE. Which is a big thing IMO.
Or else there you can roll your thing in RaspberryPi?
While going through related details I found an article about google probably switching to hardware based safetynet checks which could be ending google play compatibility on custom roms.
It really seems like google is using security as an excuse to make sure that there are no competitors in their business space.
Maybe this is because I have been only doing web development and only started learning app dev, but the reasons google use for CTS like for enforcing DRM, is also handled on websites while allowing openness and being neutral (or maybe the web is not as secure as something like this, so forgive me if I am wrong). Android could really take pages off the web ecosystem for being a neutral platform.
I really appreciate the patience for hearing out and also the references(and the rabbit holes that it was followed by) really taught me a lot about general android architecture.
al_l_en said:
While going through related details I found an article about google probably switching to hardware based safetynet checks which could be ending google play compatibility on custom roms.
It really seems like google is using security as an excuse to make sure that there are no competitors in their business space.
Maybe this is because I have been only doing web development and only started learning app dev, but the reasons google use for CTS like for enforcing DRM, is also handled on websites while allowing openness and being neutral (or maybe the web is not as secure as something like this, so forgive me if I am wrong). Android could really take pages off the web ecosystem for being a neutral platform.
I really appreciate the patience for hearing out and also the references(and the rabbit holes that it was followed by) really taught me a lot about general android architecture.
Click to expand...
Click to collapse
Theoretically, Google can end GPlay compatibility on Custom ROMs anytime they wish. It's just that lot of App Developers don't use SafetyNet the way it is intended and Google doesn't roll out its strict check. They do it once in a while.
They don't have any competitors in their business space. It's a very well-thought monopoly.
CTS restricts Google Play API access to vendor operating systems. So vendors like Samsung, OnePlus and others have to play by their rules. IIRC, the cost of Play API is around 15$ per device but it is subsidized for large quantities.
End users don't really care about Play API. But App Developers do.
Without Play services, there is no easy way to integrate push notifications, ads, maps, analytics, metrics, and so on. Rolling your own thing will take years to develop and won't work as seamlessly as the play service counterparts.
I don't think Google will ever cede their monetary interests for open collaboration.
karandpr said:
I don't think Google will ever cede their monetary interests for open collaboration.
Click to expand...
Click to collapse
Yeah that's for sure. The only way this monopoly can break is when an opensource alternative to google play services and other apis exist and while doing that it must be compatible with the existing google apis. And that is probably not going to happen in a long time. Although microg does solve this to some extent, but still it is a second citizen.
Some of the functionality is already there, like most of the google apps like docs and drive could replaced by nextcloud and then maps could be replaced by osmand. If some company, preferably an OEM, comes and integrates all of these into a package maybe there's hope. I think /e/ os tries to do this to some extent.
You might find this resource useful. As they have gone over a comprehensive set of bootloader software and tried to outline their primary features in detail. Hopefully, you’ll be able to determine the best one for your use case. https://www.ubuntupit.com/best-linux-bootloader-for-home-and-embedded-systems/
Hi, as some will obviously know, google is forcing a change in android development to be more like ios. Some developers and users wont even notice or care. Others may find the changes fundamental and devastating.
Some of the changes have come about in version 11 but will be fully implemented by 12-13. These changes are going to limit access to android file system. The way apps work and limit what you can install, copy, write to external usb etc. Others will mean total lockdown of security from installing apps and google spyware controlling what you can change.
Over the years we have all seen many versions of android in countless devices with as many custom iterations and mods. In a way. Us users and the developers have shown what's possible with imagination skill & ingenuity and happily let google lead us down the garden path making billions in revenue from our devoted support. Not everyone could see the control manipulation, development and exploitation. Not everyone even cared.
But it seems now that free reign google has given us in ability for hacks & mods and and the devices android can can be used on is coming to an end. Google is yanking its chain and reeling us in.
If you think scoped storage, or more play store control will just be an inconvenience think again.
Developers and genuine android experts will know this and will probably already be aware of some solutions. I hope so. As the thread count and discussions on this balloon maybe some will consider a fork of huawei's stripped down versions of android might be an option, however we feel about china. Let's hope some options will come to light soon.