Les terminaux sont ils le maillon faible de l’ouverture d’internet ?

Les terminaux font aujourd’hui partie de la vie quotidienne de millions d’utilisateurs, au travers d’appareils de différents formats et en particulier d’appareils mobiles de type smartphone, tablette ou d’ordinateurs portables. Ces appareils ont permis de numériser bon nombre d’aspects de la vie, qu’il s’agisse des communications entre les individus ou la capture, le stockage et l’échange d’informations. Ces appareils disposent en effet de nombreuses entrées/sorties permettant de capter et d’interagir avec l’environnement, en récoltant et en stockant une très grande quantité de données tout au long de chaque journée. Ces données sont très largement stockées au sein d’infrastructures de stockage de différentes entreprises, le plus souvent des multinationales Américaines.

Ces appareils se caractérisent donc par une grande capacité à interagir avec les différents aspects du quotidien et une connectivité accrue permettant la communication et le partage de données, mais également par l’accès à de nombreux contenus et services en ligne. En effet, ces terminaux sont les passerelles d’accès pour l’accès rapide au web et à différents types de services, qui génèrent un grand nombre de méta-données et forment en cela une empreinte numérique de l’utilisateur, qui permettra son identification fine. Ces procédés d’identification sont par ailleurs connus pour être mis en œuvre par de nombreuses agences de renseignement.

Les utilisateurs peuvent donc légitimement se poser la question de la confiance qu’ils peuvent accorder à ces terminaux, en particulier du point de vue de leur fonctionnement et agissements réels vis-à-vis des données qu’ils traitent, mais également de leur sécurité, afin de s’assurer que ces données ne sont pas vulnérables et restent effectivement privées. Le contrôle de ces appareils apparaît ainsi comme un élément clef, en ce qu’il permet à l’utilisateur de s’assurer du bon fonctionnement de l’appareil tout au long de son utilisation. Il s’agit pour cela dans un premier temps d’être en mesure d’effectuer des audits du code utilisé sur l’appareil et de pouvoir le modifier et l’exécuter par la suite. Il devient alors possible pour l’utilisateur d’y apporter ses modifications personnelles ou celles de la communauté, de supprimer toute restriction volontaire de fonctionnalité mais aussi d’effectuer des audits de sécurité pour identifier les vulnérabilités et les portes dérobées et d’apporter des corrections indépendamment des constructeurs des appareils qui prennent rarement en charge les appareils de nombreuses années. Il s’agit également par là de garantir l’accès à la connaissance du fonctionnement des appareils, présentant ainsi une opportunité pour étudiants, curieux et passionnés d’étudier et de modifier des logiciels largement utilisés. De plus, la préservation de cette connaissance reste un enjeu pour assurer un certain contrôle à long terme de la technologie, toujours plus présente, de la part de la société toute entière.

Le règlement Européen 2015/2120 prévoit pour les utilisateurs « le droit d’accéder aux informations et aux contenus et de les diffuser, d’utiliser et de fournir des applications et des services et d’utiliser les équipements terminaux de leur choix, ». La question du libre choix du terminal ouvre la porte à la possibilité pour l’utilisateur de pouvoir choisir des terminaux en lesquels ils peuvent avoir confiance, sur lesquels ils ont le contrôle et dont le fonctionnement est connu et largement diffusé. Le projet Replicant s’inscrit tout particulièrement dans cette démarche, en développant un système d’exploitation entièrement composé de logiciels libres, basé sur le code libre d’Android, diffusé par Google. Il s’agit, à partir de cette base libre, de développer les logiciels nécessaires à la prise en charge matérielle de différents appareils mobiles, de manière plus ou moins complète mais avec un minimum de fonctionnalités disponible. Replicant s’inscrit donc au niveau du système d’exploitation, mais les problématiques de la confiance, du contrôle et de la connaissance des appareils concernent plus largement l’ensemble des composants des appareils mobiles. S’il est en général aujourd’hui possible de remplacer le système d’exploitation de ces appareils, la tâche est autrement moins aisée pour d’autres composants critiques tels que les logiciels de démarrage, qui s’exécutent avant le système d’exploitation, mais également les environnements d’exécution de confiance qui s’exécutent pendant toute la durée d’utilisation des appareils avec les privilèges les plus élevés sur l’appareil. Les appareils qui, en plus de présenter une connectivité TCP/IP à l’Internet sont également connectés au réseau GSM disposent d’un composant dédié à cette communication mobile, le baseband ou modem. Tout comme les logiciels cités précédemment, le logiciel qui s’exécute sur ce modem est bien souvent protégé par une signature numérique qui rend impossible sa modification par quiconque ne possède pas la clef privée du fabricant, qu’il ne divulgue pas. Il est ainsi impossible d’exécuter du logiciel libre dans ces cas de figure, n’offrant ainsi jamais à l’utilisateur une véritable confiance, ni de véritable contrôle ou une connaissance complète de son fonctionnement.

De cette façon, on retire du pouvoir aux utilisateurs finaux, qu’il s’agisse d’individus ou d’entreprises intermédiaires qui utilisent et intègrent ces appareils, qui est alors dans les mains du fabricant des appareils. Il s’agit ainsi de consacrer l’union entre le matériel d’une part et le logiciel qui s’exécute sur celui-ci d’autre part. Pour autant, le logiciel se caractérisant comme des instructions pouvant être modifiées, il est une utilisation tout à fait légitime pour l’utilisateur de pouvoir modifier le logiciel s’exécutant sur chacun de ses appareils, qui est par nature dissocié de l’aspect matériel qui permet son exécution. On souhaite donc particulièrement insister sur cette distinction fondamentale, de l’appareil d’une part et du logiciel qu’il exécute d’autre part.

Cette capacité de modifier les logiciels présente par sa nature de nombreuses opportunités d’innovation par la très grande flexibilité qu’elle offre, qui permet l’élaboration d’applications et de services innovants qui sont tout à fait de nature à favoriser l’ouverture d’Internet et le développement de l’activité qui lui est associée.

Third Replicant 6.0 release

A new version (0003) of Replicant 6.0 has been released a few weeks ago.

It fixes an important issue that makes devices end up in a boot loop (the devices were crashing during boot, endlessly) when installing certain applications.

It also fixes a security issue that enables attackers to decrypt and/or modify WiFi traffic.
This can be problematic if your security is relying on the WiFi encryption. This can be the case if you are using WiFi to connect to your device to use applications like Remote Keyboard over telnet. This can also be problematic if you share your Internet connection through WiFi and some services of the phone operator you use are available without authentication.

Because of the above, updating to this new version is strongly recommended.
See the update instructions on the wiki for that.

If your device is affected by the boot loop issue mentioned above, the update instructions won’t work, as they expect you to be able to easily reboot to recovery.
In that case, to reboot to the recovery you have to first boot in safe mode, and then to follow the update instructions to reboot to recovery.

Contributions to ARCEP work on terminal devices and public consultation

While Replicant is mainly backed by Wolfgang in terms of technical contributions nowadays, Denis and Paul are still active in the project, in other ways.

Over the past few months, we have been working with ARCEP, the independent French governmental agency in charge of regulating telecommunications. The agency is working on evaluating the influence of terminal devices in achieving an open Internet, with a particular focus on mobile device. A first report on this topic was issued at the end of may 2017, based on consultations with various members of the industry as well as non-profits such as FFDN, the federation of non-profit ISPs. This first document presents ARCEP’s approach to the application of EU regulation 2015/2120, that gives users specific rights regarding their choice of terminal devices. It provides an analysis of the various actors involved with terminal devices, making clear distinctions between the hardware, operating system, applications and services.

The EU regulation is however less specific and the articles related to terminals can be interpreted with different scopes:

When accessing the internet, end-users should be free to choose between various types of terminal equipment […].

End-users shall have the right to access and distribute information and content, use and provide applications and services, and use terminal equipment of their choice […].

A narrow understanding would associate the choice of the terminal witch choices made available from the industry, while a broader understanding, that ARCEP is pursuing, also takes in account all the actors involved at every level, including actors from the free software community such as Replicant. This lead the authority to get in touch with us, after members of FFDN kindly put-in a word of recommendation for Replicant.

We attended an initial meeting in Paris in September, where we explained our action at Replicant, the problems we are facing and key elements to shape their understanding. We mentioned that not only the operating system should be considered separately in terms of choice, but also other software components such as the boot software, the privileged execution environment and the modem system, that are also crucial parts of a terminal device that can (and often do) restrict the user.

In November, we attended a workshop with members of the industry, that included Microsoft and Qualcomm among others. We took the occasion to directly question them regarding deliberate choices that are detrimental to users in terms of freedom. It seemed agreed and understood that the ability to load an alternative operating system is a necessity for users and that mistakes were made in the past in that area. However, many of the perspectives presented by the industry were not satisfactory in terms of freedom and privacy/security for end users, especially when it comes to IoT and ISP-provided routers that keep embedding more functionalities. We did not always get answers to our questions, as the representatives that were sitting at the table did not share our technical background and thus sometimes did not fully grasp the reality of the situations at hand.

ARCEP is now organizing a public consultation on the influence of terminal devices on an open Internet, that is presented in a dedicated document. Anyone is welcome to submit a contribution, to share their understanding of what the free choice of terminal devices should entail, either in French or in English. This is an opportunity to send a strong message in favor of free software at all the levels involved in mobile devices: boot software, privileged execution environment (often called TrustZone), operating system, applications and modem system. ARCEP is now organizing a public consultation on the influence of terminal devices on an open Internet, that is presented in a dedicated document. Anyone is welcome to submit a contribution, to share their understanding of what the free choice of terminal devices should entail, either in French or in English. This is an opportunity to send a strong message in favor of free software at all the levels involved in mobile devices: boot software, privileged execution environment (often called TrustZone), operating system, applications and modem system. Replicant will also submit a contribution in this direction, that will be published on the Replicant blog soon.

The consultation is open until the 10th of January 2018 and submissions can be sent to: terminaux@arcep.fr.

A new Replicant 6.0 release

A few months have passed since the initial Replicant 6.0 release and it’s time for another one. This release more than doubles the number of supported devices and contains a few important fixes and improvements. The latest changes from LineageOS 13.0 are included. They are mostly security fixes, so updating is recommended!

Up to 12 devices now supported by Replicant 6.0

This release makes Replicant 6.0 available to a lot more devices that were already supported by Replicant 4.2. These include the Galaxy Note, Galaxy Nexus, the Galaxy Tab 2 7.0 and Galaxy Tab 2 10.1 models.

There are also two new tablet models that weren’t  yet supported by Replicant: the GSM and Wi-Fi-only version of the Galaxy Note 8.0.  The hardware is very similar to the Galaxy Note 2 and thus it was quite straightforward to add them as new devices. Furthermore, the tablets are not known to have bad modem isolation, as the other supported devices. And the working front and back camera makes them the currently best supported tablets.

Support for the GTA04 was a goal for this release as well. Some work has been done to achieve this goal, but it’s unfortunately not yet ready. It will hopefully be ready when the next release comes around.

Improvements and fixes

USSD

You can now use USSD messages with Replicant (again). USSD messages are the codes you enter to check your available balance, to refill it or to select a certain data plan. Depending on your provider, there may be more codes for other functionality available. Before Paul’s rewrite of Samsung-RIL in 2014, this type of messages could be used, but support for them wasn’t added again after the rewrite, until now. The new implementation features improved decoding, most notably for special characters.

USB Wi-Fi adapters

The initial Replicant 6.0 release already included the RepWifi app that provides a nice interface to use USB Wi-Fi adapters with libre firmware. The app is developed by Fil Bergamo and he added quite a few new features and a graphical restyling for the next version that is shipped with this release. It is now possible to connect to hidden networks, to manually set DNS servers and to auto-connect to a Wi-Fi network, once the adapter is plugged in.

Fil also submitted a patch that provides a fix for a very annoying issue with the Wi-Fi adapters or with reverse tethering. So far, network connections, that were established using a Wi-Fi adapter or reverse tethering, weren’t properly reported to apps. For example, F-Droid wasn’t usable because of this. Thanks to Fil’s patch, this issue is now fixed.

It was possible to make all devices that are supported by Replicant 6.0, including the newly added ones, usable with certain Wi-Fi adapters. Despite the improvements that were made with this release, be advised that connection issues or other instabilities are still possible. Their severity mostly depends on the device you use and the level of battery charge (see the wiki for more details).

Recovery

Another goal for this release was to make the usage of the recovery less error-prone and more intuitive. Devices with touch keys (like the Galaxy S 2 and Galaxy S 3) now have the key backlight enabled at all times which makes it easier to identify the back key. And the buttons are generally bigger to allow better navigation via the touchscreen. Some previously failing installations from internal or external storage (e.g. due to the file system used on the SD card) should now work.

A new Setup Wizard based on the Setup Wizard from LineageOS was added, too. When the device is started for the first time, the Setup Wizard helps with the configuration.

See the changelog for a complete list of all the notable changes and detailed support status of newly added devices.

Replicant 6.0 released

Over the last one and a half years, a lot of work has been done to move Replicant to a new version and to add new features. Everything started with a (now archived) forum post in January 2016 that documented the initial efforts to get Replicant 6.0 somehow working on a Galaxy S3. Development continued through the first half of 2016, however by far most of the work was done from September 2016 onwards.

Replicant 4.2, the last release, was based on CyanogenMod 10.1 and Android 4.2 respectively. Replicant 6.0 is based on LineageOS 13.0 which is based on Android 6.0. Replicant 6.0 includes all the improvements that were made since CyanogenMod 10.1. Have a look at the changelog for an overview of the new features and changes that were additionally made on our side.

This initial release supports the Galaxy S2, Galaxy S3 and Galaxy Note 2. The Galaxy S3 4G was added as an incomplete device for now as support for telephony and mobile data is missing. The status page shows which functionalities are supported on the individual devices. The previous blog post details the reasons why no SDK is provided as part of the release.

Unfortunately, this release only supports a subset of the devices that were previously supported by Replicant 4.2. So adding support for more devices has the highest priority for the next update. Thanks to device donations from the community, it will be possible to get Replicant 6.0 working on the GTA04, Galaxy Nexus, Galaxy Tab 2 7.0, Galaxy Tab 2 10.1 and Galaxy Note. Please consider donating to Replicant to help development.

As an additional release goal, a complete wiki overhaul was completed over the last two months. Besides updating outdated pages and a general cleanup, a lot of new documentation is now available for users and developers alike. We hope the new release will attract more developers, so that we can tackle some of the tasks we have been facing for a long time.

There won’t be a Replicant 6.0 SDK because there is already something better

And you can help making it accessible to more GNU/Linux users!

We have decided not to create a Replicant 6.0 SDK as part of the upcoming Replicant 6.0 release. For three previous Replicant versions (2.2, 4.0 and 4.2), a SDK was provided.

Replicant offered its own SDK because the Android SDK released by Google is distributed under a non-free license and suggests installing non-free plug-ins such as the Google APIs. For a long time, Replicant has provided the only Android SDK that is available under a free license and that doesn’t offer to install non-free software.

Android SDK in Debian

However, for some time, the Android SDK is available in Debian and it will be possible to build Android apps in Debian Stretch, the upcoming release. The Debian packages suffice to build an app that only has a minimal set of dependencies. Not all libraries that might be needed for building an app are already packaged, but it seems that nothing is missing that would otherwise be available in a Replicant SDK. The packaged Android SDK in Stretch even has the same target API as a Replicant 6.0 SDK would have.

The packaged Android SDK in Debian has many advantages over a Replicant SDK. Build tools should be installable from the package manager of the distribution you are using and not be distributed in a binary archive outside of it. Android SDK packages are provided in Debian alongside other Android build tools like Gradle. The packages can be built reproducibly. We only have very limited time and resources to work on the SDK. Debian has its own team, the Debian Android Tools team, that focuses on packaging more libraries and target APIs, among other things.

Packaging for more distributions

For these reasons, rather than spending time and development efforts on a Replicant 6.0 SDK, we encourage you to work with maintainers to get the Debian Android packages included in more distributions. As Replicant itself is  a fully free software distribution, we would be especially happy to see the packages included in fully-free GNU/Linux distributions, like Parabola or Trisquel.

The Debian Android Tools team is available to answer questions and they are interested in having cross-distro collaboration to solve remaining issues. They can be reached via their mailing list or in the IRC channel #debian-mobile. Their wiki page provides useful documentation.

Of course, we are available as well to answer questions and to coordinate these efforts.

Replicant 6.0 development updates

Replicant 6.0 is moving forward and quite some work has been done over the last months.

Galaxy S2

Only the Galaxy S3 was supported for a very long time. Recently, support for the Galaxy S2 was added. This was made possible because two community members, Grim Kriegor and dllud, sent me a device. The initial work on the device by another community member, Jookia, also gave me a head start for the port.

GTA04

In December, I attended the 8th Open Hard- and Software Workshop which was a great opportunity to discuss and work on various topics related to the GTA04. I assisted Lukas Märdian from Goldelico with porting Replicant 6.0 to the GTA04 and at the end of the workshop, we were able to boot Replicant 6.0 and had basic functionality working. Lukas continues to work on the port and I’m planning to integrate his changes and get Replicant 6.0 ready for the GTA04.

Support for external WiFi dongles with the AR9271 chipset

After you have installed Replicant on one of the supported devices, you will notice that WiFi doesn’t work. The reason is that the WiFi chips on all supported devices need a proprietary firmware to be loaded onto the chip. As Replicant only ships free software, this firmware is not included in an image.
An alternative is to use an external WiFi dongle with an USB OTG cable. A free firmware exists for the AR9271 chipset and various WiFi adapters use this chipset. Tehnoetic provided patches for initial support in Replicant 4.2. For Replicant 6.0, I went a different way and backported the necessary changes from the 3.4 Linux kernel to the kernel for the Galaxy S2 and S3. Such dongles are now operable with these two devices. Fil Bergamo is working on scripts to make it easy to use WiFi adapters. You can find more information in this forum thread.

Graphics rendering

The previous blog post already metioned that I’m working on the graphics acceleration. Mesa llvmpipe can now be used as an alternative to the Android software renderer. Unfortunately, llvmpipe is still too slow and the Android software renderer stays the default graphics renderer for now. But it’s possible to use some more apps like Firefox-based browsers with llvmpipe that wouldn’t work with the Android software renderer. Llvmpipe also makes it possible to use a recent webview. For now, Replicant 6.0 is stuck with the last webview version that worked with the Android software renderer. Optimizing llvmpipe for ARM likely would make it fast enough. Any help in this regard would be greatly appreciated!
Another long-standing issue is related to the software rendering: QR code scanning or in general barcode scanning didn’t work with Replicant because the software renderer requires a camera preview format that is incompatible with barcode scanner apps. I was able to fix it by doing the neccessary conversions of preview frames that are requested by barcode scanner apps.

Toolchain

I moved the build system from Debian Jessie to the upcoming Debian release with the codename Stretch. The Debian Android Tools team has packaged quite a few more build tools in Stretch which can now be used instead of prebuilt binaries from the default Android toolchain. The whole effort makes the Replicant build process more trustworthy and ensures that all build tools are verifiable and built using only free software.

Security/privacy enhancements

Besides fixing various bugs, I’m especially committed to making Replicant more secure. Originally, I started contributing to Replicant by submitting patches for known security issues in Replicant 4.2. Security updates for the kernel and the Android system are included in Replicant 6.0 as quickly as possible, but delays can always happen due to various reasons. Furthermore, I started to include some security/privacy enhancements from CopperheadOS.

Current work and future plans

Porting Replicant 6.0 to more devices is a priority right now. Besides devices that are already supported by Replicant 4.2, some new targets are evaluated. An interesting target is the LTE variant of the Galaxy S3 (GT-I9305). Currently, only the non-LTE variant (GT-I9300) is supported by Replicant and Replicant doesn’t support any 4G-enabled phone yet. It’s possible to build a Replicant 6.0 image for the LTE variant, but it lacks support for the modem. The main task of the port will be to write a free implementation of the modem interface for telephony, SMS and mobile data.
I also played with the mainline kernel on the Galaxy S3 and I was able to boot Replicant 6.0 on top of the Linux 4.8 kernel with a few patches so that it was usable with very limited functionality. I will share more results from this endeavor in the future.
Replicant is based on CyanogenMod 13.0. As the CyanogenMod project was discontinued, future Replicant 6.0 versions will be based on its successor, LineageOS 13.0.

Replicant 6.0 early work, upstream work and F-Droid issue

Replicant 6.0 early work and associated efforts: At Replicant, things are moving again: Replicant is being updated from Android 4.2 to Android 6.0 by Wolfgang Wiedmeyer. The status and feedback takes place in the forums before it is reviewed and integrated in the official Replicant repositories. This work is currently being done for the Galaxy S 3 (I9300).

At the same time, Wolfgang Wiedmeyer is also working on the following for Replicant 6.0:

  • Graphics acceleration with mesa and llvmpipe: while this still uses the CPU, it should be faster and more feature-complete than the default implementation. This will hopefully fix some of the previously non-working applications in F-Droid.
  • Building the toolchains: Replicant has always used some pre-built toolchains and utilities. Building such tools and/or using the ones from GNU/Linux distributions will make Replicant more trustworthy.

Replicant 6.0 should also bring full device encryption and SELinux support.

Future directions: In the future we also want to be able to support the upstream Linux kernel for devices with a minimal amount of effort. This was made possible thanks to:

  • Android becoming more standard: it now requires very few changes to the upstream Linux to work. Linux also received changes that made it possible.
  • The fact that the amount of work required to mainline a device in Linux has drastically been reduced, for some of the devices we target.

Devices such as the GTA04 and the Optimus Black are good targets for upstream Linux kernel support. They also allow running free bootloaders.

In a similar fashion, we also want to be able to support upstream bootloaders, such as U-Boot.

We hope that this will allow us to have longer term support for such devices. Even if Replicant is unable to continue to support such devices in the future, having them supported by upstream software will potentially enable users to use them with other free software distributions.

We have thus started the work to support devices such as the Optimus Black and the Kindle Fire (first generation) in upstream Linux and U-Boot. Other projects and individuals are also very actively adding support for other devices, such as Allwinner tablets, that will benefit Replicant eventually.

Helping Replicant by contributing to F-Droid: Replicant is supported, recommended by the FSF and listed as a fully free software distribution that respects the GNU Free System Distribution Guidelines, along with other GNU/Linux distributions such as Trisquel or Parabola. Replicant
ships the F-Droid package manager in its images.

F-droid is committed to distributing only free software, and it does. However some of it does not comply with the GNU Free System Distribution Guidelines.

Practically speaking some of the applications F-Droid distributes:

While the list of such anti-features is displayed in red when selecting an application in F-Droid, applications with anti-features are still listed aside compliant ones. This is also quite confusing since free software isn’t expected to contain
such anti-features in the first place.

It took Replicant a long time to realize the issue, this is due
to its developers being very busy, to the fact that the anti-feature
display is confusing and that there was no clear smoking gun.

After an investigation, that was delayed due to the lack of time, a
smoking gun was finally found, and a bug report was opened on the Replicant side.

At FOSDEM 2016, the issue was discussed with F-Droid developers in order to find a way to fix it. On their side, F-Droid developers also opened a bug report. Due to various reasons, progress was very slow and we recently learned that efforts to fix this issue came to a stall.

Replicant developers are more dedicated and used to working on system programming than writing or modifying Android applications. They are also really busy doing so. However, some individuals wanting to help Replicant may be able to work on Android applications, with some time to do so. This is exactly the kind of skills required to solve this issue in F-Droid. Getting it fixed is crucially important for Replicant.

If you’re interested to jump-in and help resolve this issue, please get in touch with us or with F-Droid developers directly to get directions on how to get started.

Media from 2016 Replicant talks

Various media, including slides and video recordings, from recent talks about Replicant are available on the Replicant wiki Conferences page, including :

Some of these presentations are great ways to get an overview of the freedom and privacy/security issues associated with mobile devices, either in English or French. They also offer an introduction to Replicant within that context. Other presentations cover specific technical aspects related to liberating devices at the lower levels.

Replicant at PSESHSF 2016

Replicant will take part in PSESHSF on Saturday July 2 near Paris, France for both a talk (in French), entitled Replicant : appareils mobiles, logiciels libres et vie privée and a workshop focused on Replicant (but possibly other aspects related to freedom at the lower levels).

The talk will be a great opportunity to learn about freedom and privacy/security in mobile devices. The Replicant workshop will showcase devices running Replicant and will be the occasion to get help installing Replicant, verify the project’s release key or just come by and have a chat!

As usual, we are looking forward to meeting you there!