Graphene is good, though it’s still pretty reliant upon Google not making life even harder for them, which it has been doing consistently.
A safer long-term option that is detached from Google’s whims entirely is PostmarketOS, which isn’t based on Android at all, but is instead a project based on Linux directly.
I’m not entirely sure if that would be better than just adopting PostmarketOS, since forking AOSP would mean maintaining a fork of that entire ecosystem, and I’m unsure how they would deal with all the phone manufacturers dropping support for phones rather quickly, or using outdated kernels to access GPU and hardware drivers for said phones after the manufacturer drops support.
Investing in PostmarketOS instead would bring with it much less stuff to fork, along with access to the mainline linux kernel (instead of outdated Android ones) that use open-source GPU drivers that can be effectively maintained, and it can support Android compatibility with a compatibility layer, Waydroid.
A polished PostmarketOS ecosystem only seems to offer advantages compared to a forked AOSP, so if they’re choosing which to invest in, Postmarket seems like the clear winner.
The kernel update issue on Android is going to be exactly the same for PostmarketOS and for the exact same reason: proprietary firmwares and/or drivers.
There is a huge ecosystem for Android today, including apps for so many EU companies, that they would have to re-develop to port them to Linux, or they’ll just rely on Waydroid, so you still have to follow Google somewhat, and now you need to maintain both a GNU/systemd/Linux AND a compatibility layer with Android. With a fork of AOSP, you need only the last.
From a security and privacy standpoint, Linux was never designed to handle hostile apps designed to aquire as much data as possible. Android has a sandboxing system: an app cannot go and check what other apps you have. A Linux app can pretty much access everything on your system.
GrapheneOS adds on top of that storage and contact scopes: you can define a subset of each per app, and they won’t see anything else.
In an ideal world, it wouldn’t matter: everything would be opensource and developed in good faith. In the real world, you still have tons of malevolent apps that people will want to use anyway, so better take that in account.
Graphene is good, though it’s still pretty reliant upon Google not making life even harder for them, which it has been doing consistently.
A safer long-term option that is detached from Google’s whims entirely is PostmarketOS, which isn’t based on Android at all, but is instead a project based on Linux directly.
If the EU would dare, it could totally fork AOSP. Then each country, company, non-profit can build its own mobile OS on top of it.
I’m not entirely sure if that would be better than just adopting PostmarketOS, since forking AOSP would mean maintaining a fork of that entire ecosystem, and I’m unsure how they would deal with all the phone manufacturers dropping support for phones rather quickly, or using outdated kernels to access GPU and hardware drivers for said phones after the manufacturer drops support.
Investing in PostmarketOS instead would bring with it much less stuff to fork, along with access to the mainline linux kernel (instead of outdated Android ones) that use open-source GPU drivers that can be effectively maintained, and it can support Android compatibility with a compatibility layer, Waydroid.
A polished PostmarketOS ecosystem only seems to offer advantages compared to a forked AOSP, so if they’re choosing which to invest in, Postmarket seems like the clear winner.
The kernel update issue on Android is going to be exactly the same for PostmarketOS and for the exact same reason: proprietary firmwares and/or drivers.
There is a huge ecosystem for Android today, including apps for so many EU companies, that they would have to re-develop to port them to Linux, or they’ll just rely on Waydroid, so you still have to follow Google somewhat, and now you need to maintain both a GNU/systemd/Linux AND a compatibility layer with Android. With a fork of AOSP, you need only the last.
From a security and privacy standpoint, Linux was never designed to handle hostile apps designed to aquire as much data as possible. Android has a sandboxing system: an app cannot go and check what other apps you have. A Linux app can pretty much access everything on your system. GrapheneOS adds on top of that storage and contact scopes: you can define a subset of each per app, and they won’t see anything else.
In an ideal world, it wouldn’t matter: everything would be opensource and developed in good faith. In the real world, you still have tons of malevolent apps that people will want to use anyway, so better take that in account.