Since Replicant is based on Android someone could be concerned about our operating system too.
According to Magnus Eriksson on github:
The files are named
cache.wifiand is located in
/data/data/com.google.android.location/fileson the Android device.
Well we are proud to confirm that on Replicant (tested both on htc dream and nexus one) those files are missing, even with
"Settings -> Location & Security -> Use wireless networks" enabled.
The directory that should contain those files( /data/data/com.google.android.location/files ) doesn’t even exist in Replicant.
But beware: even if Replicant itself doesn’t track its users’ position, this doesn’t mean that the phone can’t spy on you.
A smartphone usually has two components that talk to each other: a cpu and a modem. If the modem gets a call, it tells the CPU about it and viceversa for outbound calls, the CPU will order the modem to make a call (if you are curious about how it works there is a paper about how mobile phones work).
The modem and the CPU running Replicant are separated, and while we are trying to do our best to ship a fully free mobile os, the code running on the modem is proprietary software and can’t be changed. Since we don’t know what it does, we have no way to be sure that it doesn’t spy.
Also note that on the HTC Dream and the nexus one mobile phones, GPS and audio parts are controlled by the modem.
The cellphone network can also spy, in fact in order to work it has to know your location.
This is just to remind you that every mobile phone is a tracking device and if you don’t want to be spied at all you should not use one.
So why do people invest time on Replicant?
Here are some reasons:
- The modem or the network has no access to the CPU where replicant is running. That opens up some possibilities such as VPN, TOR,SSH, etc…
- If mobile phones become the computers of the future we want to run free software on them.
Edit: I learned that the Modem’s CPU has access to the memory(the RAM chips) of the CPU running replicant, in other words the modem CPU can spy replicant’s CPU.
That will force us to port replicant to some devices that don’t have this problem, such as the nokia n900 for instance.