Well… mixed feelings here. I spent a lot of time dealing with early smartphones and hacking away at Android, Tizen, FirefoxOS (remember that?) and several variations on that theme back when manufacturers were vying for differentiation, and I get that the FSF has a mission, but I don’t see this panning out.
Like many folk who’ve been watching Google’s gradual shutdown of AOSP and alignment with Apple in terms of platform lockdown, I think the days of fully open devices are actually coming to a close. Again, I applaud the FSF’s initiative, but you need to get a lot of buy-in for this kind of thing to work—-manufacturers, developers (both OS and app devs), and, of course, users, who will never accept anything that doesn’t let them do things like banking, shopping, mainstream social apps, etc.
And you can’t do a lot of those on an unlocked boot loader (which I think is going to be the logical consequence of replacing bits of the OS) without more hacking. It’s like XML and violence—-it will only lead to more of the same.
I expect the usual amount of “you can do that with web apps” pushback, but let’s be real. Except in markets like India where simpler and vastly cheaper platforms make sense, you either use iOS, Android, or… nothing but voice calls, and I don’t see enough here to make me think this will be something for everyone.
And this is not even always possible. In Ukraine, government app is released as an app, not a web service. Same goes for banking app. You just can't do these things from other devices, you must have (mainstream) Android or Apple phone.
I've been looking into projects like GrapheneOS for a while now, but it is just impossible to use in Ukraine.
Genuinely curious: why can't you use GrapheneOS in Ukraine? Most Android apps work perfectly. In my case, the only ones that don't are the ones made by lazy developers who rely on location data that I deny. They claim to work without it, but obviously never tested.
Maybe I can after all! I saw on reddit people complaining about banking apps not working, so I just assumed mine would not work as well. But according to this list [1], the biggest Ukrainian banks are supported. Nice
I can't find any info on the government app though. It might not work. But still, I can actually consider GrapheneOS now.
If it's a government app, you can pressure the government in many more way than you can let's say a bank - and FSF has experience in that kind of pressure. I hope their technical initiative also comes with a parallel legal/policy initiative that tries to get governments to stop using things like attestation.
You can't boycott a bank, they all do the same shit and you need to have one.
With a government, however, you can go through your MPs, use administrative procedures to lodge complaints, etc. They also don't have Visa/Mastercard forcing them into attestation, it's usually just because the contractor thought it made things More Secure™.
As an EU citizen the biggest issue for me is that even if I bought a fairphone with grapheneOS, it might as well be a "dumb" phone. This is because all the apps to make our daily lives non-annoying require the Google Play or the Apple App store. So to me it's the lack of digital sovereignty from the EU and our individual countries that is the main issue. Sure it would be nice if big tech didn't close their platforms, but that ship appears to have sailed. If they ever get around to making these apps available through a different store, then I don't see why I wouldn't want a different OS.
We still need open hardware and more companies like fairphone to utilize it, but we primarily need the EU to get it's act together and break the reliance on big tech app stores. I know there are a few companies trying to build app stores with the necessary security compliance and if the EU wants to be serious about digital sovereignty it'll need to support these.
> As an EU citizen the biggest issue for me is that even if I bought a fairphone with grapheneOS, it might as well be a "dumb" phone. This is because all the apps to make our daily lives non-annoying require the Google Play or the Apple App store.
This is a common misconception I see around here, probably because people think Graphene is yet another custom rom like LineageOS, and haven't actually tried it for themselves.
GrapheneOS supports Google Play (it ships with an app that lets you install it in one click), it does NOT give you root access, and it goes through the extra effort of implementing the obscure security features that banking apps require. I won't say 100%, but maybe 99% of apps on Google Play will work on Graphene, including banking apps. This compatibility, along with the added security and privacy features are why it's such a big deal. It's not just hype around the latest shiny custom ROM.
Banking apps will work on Graphene if you have sandboxed Google Play Services installed, and if the banking app requires only a basic level of Play Integrity attestation. I got the same level of support with my previous LineageOS for MicroG phone as I have with my current GrapheneOS phone, it just required a lot more tinkering (and was a lot less secure).
I do appreciate the work the GrapheneOS team puts in toward compatibility, and especially the fact that they just got RCS messaging working. But any time Google or even an app vendor wants to tighten the noose, they can, just by requiring the higher, hardware-backed attestation level.
That page seems to be saying the opposite: hardware attestation would support GrapheneOS, whereas the Play Integrity API would not.
Anecdotally, both of the banking apps I use 'just work', and I haven't encountered any app that doesn't work. The closest thing was the Disney parks app a few years ago which would crash on launch until I disabled the hardened malloc feature for it.
I see "... and permitting our official release signing keys" there, which means you are swapping Google Android for GrapheneOS Android, and you can't use bogwog Android if you wanted to.
There is a list of apps banning GrapheneOS keys here, including govt apps, ticket apps, and McDonalds for some reason:
> you are swapping Google Android for GrapheneOS Android
No? You're adding support for Graphene's keys, not replacing Google's. Obviously, the main barrier is convincing developers of these apps to add support for Graphene's keys. However, this is only a problem for apps that opted to implement the Play Integrity API at all, which doesn't seem to be very common. All the recent monopoly rulings against Google may be deterring devs from implementing this obviously anti-competitive feature, and that's not to mention Google's new responsibility to offer the Play store app catalog to competing stores, thanks to the Epic case.
> The injunction issued last year by U.S. District Judge James Donato requires Google to allow users to download rival app stores within its Play store and make Play's app catalog available to competitors. Those provisions do not take effect until July 2026.
My point was that this situation doesn't allow for Software Freedom, since you the user cannot control the OS, its an unmodifiable blob unless you are either someone with a blessed key (like Google, or GrapheneOS devs), or are willing and able to to go without the apps that use the attestation APIs, or have one locked down device for attestation apps and a separate one that you can actually control. Probably the only way to deal with that is make attestation to third parties illegal, I assume governments and banks would get exempted from such laws though.
Android has a hardware attestation API that is compatible with GrapheneOS (if the app accepts GOS's keys), but nobody uses it. Everyone uses the Play Integrity API; GrapheneOS can't pass the "strong" (hardware-backed) level of Play Integrity, though it passes the weaker ones.
The Dutch electronic identification app, DigiD, uses the Android-native attestation API.
Also good to make a distinction between the different things you can do in an attestation procedure: bootloader/boot integrity checks, attest a specific key, and ID (imei etc) attestation.
However, I still stand by the idea of having options. Many of us in developed Countries are likely to remain on our IPhones or Androids, but there is still a chance for FSF to shine in other areas.
Also, as someone who was a FirefoxOS user (I think around 2011-2016) I am always open to replacing my Android with FREE (as in freedom) alternatives.
As I mentions in previous comments - the main "fight" is convenience vs freedom.
Either we have the convenience of being able to do things on our devices with little effort of all (with variations of lockdowns and/or less control)... or we run something that respects your freedoms but some things require a few more seconds/minutes to do.
Personally, I would choose the latter. However, I know I am the minority in the world of phones.
Don't get me wrong. I am not some freedom(software) fighter. I accept that there is a convenience I need on phones today. In the workplace, I need MS Teams. If I don't have this, my Company will have to offer me a Work phone. Other than this, I do use it for banking, map navigation, etc. However, these are not deal breakers for me.
Also, we have the convenience with AI, which more and more will adapt like a special friend, will make things ever harder in the freedom world. Be interesting to see how this evolves.
At the end of the day - things change. It's hard to think like this but we don't know what we will be using in the next 10 years. Maybe in this universe, Microsoft Windows might still be king in the OS world. However, in another Universe Microsoft ends up making too many poor decisions even businesses are open to alternatives.
It's the same thing for smart devices. Apple might make a STUPID decision in the next 10 years. Although we still have Android variants on the market, the Librephone might get a big push by ex-Apple users.
We shall see. If this project does well and can do certain types of "convenience" then I would be willing to try it!
It is always a pleasure to have something with convenience but does not cost my freedom.
> ..users, who will never accept anything that doesn’t let them do things like banking, shopping, mainstream social apps, etc.
Plenty of users are now buying feature phones that don't come with these features. Think of a libre phone as a uniquely user-focused, distraction-free device that still allows for a core smartphone/PDA compute featureset.
Like many folk who’ve been watching Google’s gradual shutdown of AOSP and alignment with Apple in terms of platform lockdown, I think the days of fully open devices are actually coming to a close. Again, I applaud the FSF’s initiative, but you need to get a lot of buy-in for this kind of thing to work—-manufacturers, developers (both OS and app devs), and, of course, users, who will never accept anything that doesn’t let them do things like banking, shopping, mainstream social apps, etc.
And you can’t do a lot of those on an unlocked boot loader (which I think is going to be the logical consequence of replacing bits of the OS) without more hacking. It’s like XML and violence—-it will only lead to more of the same.
I expect the usual amount of “you can do that with web apps” pushback, but let’s be real. Except in markets like India where simpler and vastly cheaper platforms make sense, you either use iOS, Android, or… nothing but voice calls, and I don’t see enough here to make me think this will be something for everyone.