This is an advent calendar for techies. In the fully commercialized digital world, almost everything belongs to a large Internet corporation. Their software is neither open nor free. As an alternative, there is this small island of the open source world: software whose code is publicly visible and can be independently checked for possible security gaps and backdoors. Software that can be freely used, distributed and improved. Often the drive for work is simply the joy of providing something useful to society.
Short portraits of open source projects will be published on heise online from December 1st to December 24th. These are about the functions of the respective software, the pitfalls, the history, the background and the financing.
Short portraits of open source projects will be published on heise online from December 1st to December 24th. These are about the functions of the respective software, the pitfalls, the history, the background and the financing. Some projects are backed by an individual, others by a loosely organized community, a tightly managed foundation with full-time employees or a consortium. The work is entirely voluntary, or it is financed through donations, cooperation with Internet companies, government funding or an open source business model. Regardless of whether it is a single application or a complex ecosystem, whether a PC program, app or operating system – the diversity of open source is overwhelming.
December 24th: Android without Google
Using an Android smartphone without Google? It works – sometimes better and sometimes worse. The Android operating system, largely developed by Google, is open source, but numerous background services, APIs and the Play Store with the apps are not. That is why standard Android is almost always Google land – which means that data flows to the IT group. LineageOS, CalyxOS, GrapheneOS, Replicant, / e / OS and iodé are alternatives, some of which have different approaches.
As a replacement for the Play Store, the open source scene offers two options for getting apps without Google or at least more privacy-friendly. The F-Droid marketplace offers only open source software and only contains around 3700 apps. Therefore, alternative Android versions usually also use the Google marketplace – albeit indirectly via the Aurora Store, which can be used to download apps from the Play Store without a Google account. The main developer is the developer Rahul Patel in Bangalore, India.
MicroG replaces Google services
A replacement for Google Play Services comes from Saarbrücken: MicroG. Marvin Wißfeld’s project replaces the Google services that apps can access. “MicroG ensures that apps that normally require Google services still work. The apps don’t even notice that something is different,” explains Wißfeld to heise online. The developer looked at how the respective interfaces communicate and functionally recreated the most important services. Some of the replacement services continue to communicate with Google interfaces, and some of them replace them.
When apps want to locate themselves in the vicinity of a cell phone via WLAN networks, MicroG uses the free Mozilla Location Service instead of the Google database. And if apps want to integrate Google Maps, MicroG simply sends them the relevant map section from the non-commercial OpenStreetMap project. With the Firebase Cloud Messaging service, which Google uses to wake up dormant messenger apps and send them a notification or the entire content of a message, MicroG acts as a middleman. Most recently, Wißfeld had also managed to free the Corona warning app by replicating services.
Alternative operating systems
Various projects offer alternative androids. When banning Google, they go differently. With one exception, however, Google is always somehow involved. Be it in the form of software, selective data flows or hardware. A brief portrait of six approaches, for which Heise spoke online with the teams behind the projects:
LineageOS
Like some other open source projects, Lineage is a product of commercial failure, a fork of CyanogenMod, which was discontinued in 2016. Users can independently install the F-Droid and Aurora Store marketplaces. MicroG does not run on the Lineage standard version, but a Lineage version with an integrated MicroG comes from the MicroG community.
The developer is the US company Lineage OS LLC. According to the founder and owner Thomas Powell, it has no employees and no business model. The company only acts as a necessary legal entity, Lineage works 100 percent on a voluntary basis. There are a total of nine core developers. Lineage runs on all major brands of devices. There is a cooperation with the provider Fxtec, whose Pro-1 X model provides Lineage as one of three operating system options. Numerous other alternative androids are fully or partially lineage forks.
CalyxOS
Calyx comes pre-installed with F-Froid, Aurora and MicroG. The SeedVault app developed in-house for encrypted cloud backups is also included. Another special feature are various VPN applications for anonymization: a self-operated VPN, a VPN from the left IT collective Riseup and the Tor VPN app Orbot. The phone app always offers encrypted telephony via signal or Whatsapp if the respective contacts can be reached via it. Further applications are the privacy browser from Duckduckgo, the Tor browser, the mail app K-9 in a package with the encryption app OpenKeyChain and the messenger signal.
Behind it is the organization Calyx Institute of the US activist Nicholas Merril. According to Merril, there are currently six full-time paid developers. The operating system runs almost exclusively on Google Pixel as well as on a single Xiaomi model. The organization sells finished devices through a membership model. Anyone who pays a one-off fee of $ 600 or $ 700 a year instead of the usual $ 100 will receive a pixel with CalyxOS. This is currently only possible in the USA and in Puerto Rico. But Calyx wants to deliver all over the world soon.
Isn’t it a contradiction that Calyx wants to avoid Google, but almost exclusively supports Google smartphones? So far there is no indication of security problems with pixels, says Merril when asked by heise online. The Google mobile phone is simply practical, since every new version of Android runs immediately on Pixel phones without any additional adjustments. In addition, IT security is best with the Pixel, for example protection against malware at the operating system level.
GrapheneOS
GrapheneOS is a spin-off from the commercial Copperhead OS. Its two founders had split apart, the technical director Daniel Micay continued with Graphene. Graphene does not include any of the Google alternatives. Users can install the Aurora Store and F-Droid themselves. If apps need Google Play Services, Graphene uses its own approach instead of MicroG: Users install the Google services with the help of OpenGApps, but Graphene packs them in a container. Then they have no access to the entire operating system; according to Micay, they can only do as much as any normal app. The operating system sparsely adds its own applications, including the Vanadium browser (a Chromium version developed in-house) and the SeedVault backup program.
There is no legal entity behind Graphene OS, but Micay would like to found a non-profit organization in Canada in the future, he tells heise online. The project is financed exclusively through donations, from which he lives in part, as well as five paid developers: inside countries in the global south. Graphene only runs on pixel smartphones. Several companies sell finished devices with GrapheneOS; Micay cites the Nitrokey webshop, which is located near Berlin, as an example.
Replicant
Replicant takes the strictest approach and tries to ban all non-free software and firmware. For example, F-Droid is not included by default because some of the apps listed there have non-free features. However, users can install the store themselves. He doesn’t even know whether MicroG runs on Replicant, says Denis ‘GNUtoo’ Carikli from Replicant. The strict approach ensures that some functions do not work or do not simply work. This applies to WLAN: you either have to connect an external adapter or manually install non-free firmware. And the satellite-based positioning with GPS does not work at all. Replicant is a pure community project.
The community core consists of eight people, the highest body is a three-person “Steering Committee”. The Free Software Foundation in the USA acts as a legal entity in the background and accepts donations for replicants. Replicant runs on Samsung Galaxy. The Romanian hacker webshop Technoethical sells finished smartphones, but these are currently not available.
/ e / OS
E / OS is based on a classic open source business model: the / e / Foundation in Paris develops the operating system, the company Esolutions Sas of founder Gaël Duval sells devices in its own shop. A total of 30 people work full-time at / e /, says Duval. The operating system includes MicroG as standard. Other pre-installed programs are K-9 with OpenKeyChain for encrypted e-mails and the Chromium-Fork Bromite.
/ e / offers a cloud service with its own email address. Backups of up to 1 GB are possible free of charge. / e / also has its own installer that can be used to install 70,000 apps. The app files are from F-Droid and Cleanapk.org. However, no information is available about this project, which is causing confusion. When asked, Duval only says that Cleanpk is an independent initiative. In 2022, however, he is likely to offer a different solution, and the Aurora and F-Droid stores could be installed without any problems. / e / runs on devices from all major manufacturers. The Duval company sells finished devices from the manufacturers Fairphone, Samsung and Gigaset under the Murena brand.
Iodé OS
The unique selling point of the French operating system iodé is a built-in tracking and advertising blocker based on around 170 filter lists, which prevents unwanted data flows across the device. Aurora, F-Droid and MicroG are installed by default. Additional apps supplied include: QKSMS for SMS, a separate Firefox fork and the p≡p app for e-mails.
Behind the young project is the entrepreneur Antoine Maurino with his company iodé technologies SAS in a small town near Toulouse in southern France. Iodè runs on smartphones from five device manufacturers. Iodè sells pre-installed devices from Samsung, Sony, Fairphone and the small US provider Teracube in its own shop.
The work on the series of articles is based in part on a “Neustart Kultur” grant from the Federal Government Commissioner for Culture and the Media, awarded by VG Wort.
(vbr)