@jcs Librem 5 has atrocious privacy and security due to using a bunch of low security and outdated components, which are not open and do not have open firmware. Many components including the radios lack proper security updates. Purism does not provide the firmware updates through their OS and has set up a bunch of it in a way where it can't be updated. They even went out of the way to move things to a locked down secondary processor to block updates. They claim if you can't update it, it's open.
GrapheneOS
joined 2 years ago
@jcs Librem 5 has a fully closed source SoC, which means System on a Chip as opposed to a traditional desktop where the components would be part of a motherboard. The board schematics are for a basic PCB. It's a nearly entirely closed source device in terms of where the actual complexity is. The SoC is the core component providing nearly all the base functionality. The SSD, memory, touchscreen, battery, Wi-Fi, Bluetooth, cellular, etc. are all closed source, as are various other chips, etc.
@informapirata @informatica It would not be the end of F-Droid, it would only require them to stop incorrectly using package names (application ids) not belonging to them. F-Droid doing that already causes issues and we've reported it as an issue many times for several years. Simply doing domain-based verification without ID verification similar to Let's Encrypt would have caused problems for them too unless developers authorized the usage explicitly.
See our post at https://discuss.grapheneos.org/d/26966-f-droids-delevoper-statements-about-googles-registration/3.
@andreabont @informapirata @morrolinux @gnulinuxitalia We only recommend that apps already using the Play Integrity API and unwilling to remove it move to using this instead. This enables them to support arbitrary other devices and operating systems. Other attestation roots can be supported along with arbitrary alternate operating systems via allowing their verified boot keys. That's much better than the Play Integrity API. We'd prefer if apps didn't check the device/OS but they insist on it.
@pietro395 @tecnologia It won't impact GrapheneOS negatively. The restrictions don't apply to it and we've already dealt with the relevant aspects for sandboxed Google Play. Google Play already has Play Protect scanning and blocking app installs so we expect this to simply be an extension of it. It's a total non-issue for GrapheneOS users. Google Play is not part of GrapheneOS. For people who install Sandboxed Google Play, they're regular sandboxed apps and can't block installing anything.
@shiva @informatica @informapirata We don't think these are good recommendations for users who care about privacy and security. There's a lot more to privacy than simply avoiding Google apps/services.
We recommend https://eylenburg.github.io/android/_comparison.htm for a high quality comparison between Android-based operating systems. The other OSes listed there do not keep up with privacy/security patches which is the bare minimum. CalyxOS updates have also recently been discontinued as a whole (https://calyxos.org/news/2025/08/01/a-letter-to-our-community/).
@_Riccardo_ @sposadelvento @tecnologia They don't want to define security standards and through that rule out using 50% of devices due to blatant security flaws. Instead, they want to provide the semblance of security through outsourcing everything to Apple and Google.
@_Riccardo_ @sposadelvento @simonestalfieri @tecnologia It's not surprising for Samsung to lock the rest of their devices instead of only many of them. They were already not providing any serious alternate OS support. They made it difficult to support their devices and prevented doing it securely. They were only enabling hobbyist tier support for their devices due to how they crippled them.
We don't expect any actual issues for GrapheneOS due to this radio-related regulation in the EU.
@_Riccardo_ @sposadelvento @simonestalfieri @tecnologia GrapheneOS does not cause any issues with respecting radio regulations. This directive applies equally to devices like desktops and laptops. It does not force blocking installing another operating systems. News media is reporting this inaccurately. Samsung never allowed installing GrapheneOS on their devices due to either fully locking them or crippling them when another OS is installed including not allowing using basic security features.
@sposadelvento @_Riccardo_ @tecnologia Practically, they're going to give an inherent advantage to devices licensing Google Mobile Services by permitting them as a default. It would still be possible to permit other devices and operating systems. They're choosing to do things in an extraordinarily anti-competitive way where alternatives are completely locked out of using the relevant apps rather than just a mildly anti-competitive approach where non-Google options need to deal with more.
view more: next ›
@jcs The definition of openness used by Librem 5 is that a fully closed source device with closed source firmware and software would be open and freedom respecting as long as none of the firmware/software can be updated.
Purism prevents updating firmware for the SoC and calls it open even though the SoC is fully closed source hardware and does have closed source firmware, which just can't be updated. They don't count secondary components like radios. 99.999% closed source hardware isn't open.