Over the past months, we have been asked a lot whether Replicant is going to be running on the Fairphone. The goal behind Fairphone, as its name suggests, is to build a phone that is “fair”. This covers a lot of different aspects that the Fairphone company took care of: such topics as using fair and conflict-free resources, ensuring that all workers along the supply chain get a fair wage, improving the handling of electronic waste, being transparent about the cost of each part of the device, its technical specifications and encouraging open and flexible designs.
We are really glad to see a company producing electronic devices taking care of such many important aspects as social conditions of workers, ecology and handling of e-waste as well as transparency and being “technically open”.
What we are especially interested in, at the Replicant project, is how good the device will be when it comes to software freedom. Hence, we have spent some time investigating the device, even though it is not out yet. Thanks to the cooperation of Fairphone, we were able to draw a quite complete picture of it.
The Fairphone will ship with a modified Android 4.2 version. An overlay interface was developed for the device and should be released as free software, but what we are really interested in is the parts that deal with the hardware. First, the Linux kernel source code for the device will be released (it is copyleft software so this is an obligation). It will also be possible to build the kernel from source and install it on the device without the need to sign the kernel with the manufacturer’s key. Actually, there should be no signature check on the Fairphone for the kernel or the bootloaders. Some of the bootloaders (maybe all of them; we cannot tell for sure at this point) are free software and it should be able to replace them with a free build. We are a bit worried that the tools to flash the Fairphone may be proprietary, but if the bootloaders are free and/or there is root access out of the box, there will be ways to work around this problem. On the system side, some of the libraries that deal with the hardware have been released as free software for devices that use the same platform (Mediatek 6589), so the basic required features such as audio will likely work. We are also confident we will be able to handle the modem with free software (that means telephony and such will work).
Fairphone is really trying hard to get Mediatek to release as many components as free software as possible, but they don’t have the source in their own hands and nor can they decide to make it free software themselves, so it may take some time to arrive or eventually not succeed.
However, things are not looking so good when it comes to evaluating the platform that was chosen for the Fairphone: the modem is embedded in the System on a Chip (SoC) which leads us to believe that it is poorly isolated from the rest of the platform and could access critical components such as storage, RAM, GPS and audio (microphone) of the device. If this was to be the case (we can only speculate about what the truth actually is), it would mean that the Fairphone is fatally flawed for security as it makes it possible for the phone to be converted to a remote spying device.
In conclusion, we think it will be possible to have Replicant working on the Fairphone and the bootloaders (that are not part of the operating system) may even be free software, but we believe it is seriously compromised security-wise because of the poor modem isolation.
However, Fairphone seems definitely interested in doing things right on the software freedom side and helping us get Replicant running on the device!
I’d be interested to see what that actually leads up to!
For the record: “We can happily say that we have recently obtained a software license from all our major partners and license holders that allows us to modify the Fairphone 1 software and release new versions to our users.”
https://www.fairphone.com/2015/09/16/long-term-software-support-fairphone-1/
> Are there any plans for Replicant on the FP2? I believe the second model of the Fairphone will be much more suitable for custom ROMs.
None at this point. The Fairphone team decided to use a model that is fatally flawed for freedom, despite our suggestions. The Qualcomm platform they chose is a good fit for making custom Android versions, but still requires a lot of proprietary blobs.
Are there any plans for Replicant on the FP2? I believe the second model of the Fairphone will be much more suitable for custom ROMs.
I’m not going to port Replicant to the Fairphone at this point.
Any update on this project?
oiaohm: You’re right, though I haven’t seen a single mobile device that lets the user install their own keys, so we tend to consider “signature check enabled” as an equivalent of Tivo-ized and irreplaceable software. Though I agree there are correct and freedom-respecting ways to have signature checks.
> One of the big issues with devices running replaced android images is the fact the Phone can be breached deeper due to security removed.
If the new Android image is free software, I would say it’s better anyways (proprietary software is a fatal flaw for security). And Replicant shouldn’t come with less security features than the original stock version.
Kernel and OS signature checks should exist on a FairPhone. One of the big issues with devices running replaced android images is the fact the Phone can be breached deeper due to security removed.
The big important thing is owner with direct access should be able to change a switch to disable the signature check and allow new signatures to be added and old ones removed. Basically how the chromebook does it without requiring you to take the the device apart. As long as the owner is in control of what is approved or not the signature solution is an advantage to the owner to prevent issues.
Yes this is write protect firmware. Section of firmware with a physical write protect switch. This can be used by us wanting to have secure boot to have our protected loader in it or for those not wanting secure boot can inload a firmware into the write protected firmware that does not care.
You could say this is about flexablity in the device. Signing and validation methods are to reduce OS rootkitting and bootloader hacking. To achive this require complete trust from first bootloader right up into the OS. Complete trust does require the source code of every bit in chain to be able to be audited and updated(in a controled way confirming physical user intent).
Of course I don’t agree with case where secure boot solutions have stacks of hidden secrets or the key is not in the owner of the devices control.
No work has been done yet. I didn’t receive an unit yet and I’m not sure I want to do so (I don’t have lots of time and prefer to focus on better devices such as GTA04/Neo900 or Allwinner devices in priority). On the other hand, anyone else is welcome to start the work on it!
Any more news on this at all? Has any work been done on getting replicant to run on the fairphone at all?
I haven’t started the effort on the Fairphone yet. Honestly, I’m overwhelmed with other devices (GTA04, Allwinner and all the Samsung ones) and I don’t have any time in my hands. Perhaps during my next vacation or this summer. Obviously, we’d be more than happy to see developers getting involved for supporting the Fairphone!
I do already have a FairPhone and I’m very happy with it. Now, it would be nice to be able to change the OS to Replicant. At the FairPhone site (1), they say that:
“We are very aware of communities of developers (like Replicant and many others) and have many contacts in these communities so you can expect news on this somewhere in 2014.”
So, in case there is a workgroup working on make Replicant run into a FairPhone, I’d be happy to contribute with it. Maybe as beta tester? Or with documentation? Anyway, count with me if you consisder I can be useful.
(1) – https://fairphone.zendesk.com/hc/en-us/articles/201066988-Why-don-t-you-use-other-open-source-or-free-software-instead-of-Android-
What about Qualcomm Snapdragon 600 APQ8064T ?
Hi! Please don’t use the comment section of the blog for asking questions that are not relevant to the post, we have forums and a mailing list for such general inquiries :)
The situation didn’t evolve much, we are still targeting devices that could have the best modem isolation and still avoid the ones that are known to give the modem a lot of power over the rest of the device.
Your question is not related to the post. Why use the comment section then? Please use appropriate means for discussing this, such as our forums or mailing-list.
I am on iphone user, want an open source hard/soft ware both.
I will buy a Replicat compatible hardward now?
My question is which ones should I look at that are currently in the market.
The following are the two main concerns.
Security,
Price,
Hi and happy new year !
You wrote : “The best device out there is the Goldelico GTA04 and the (older) Openmoko GTA02. The rest are less secure by far because the modem isolation is either incomplete or uncertain.”
Once you said to me that Samsung Exynos or Texas Instruments OMAP were not too bad regarding modem isolation.
What is the current situation ? Thanks !
I have just received my Fairphone, so keep us updated on how you are doing. My aim is to run my phone without any involvement from Google or any other big American companies, so if Replicant will install successfully then I will be a happy chap.
Hi there !
I just recieved the Fairphone. If you need some information that I can provide for the project, I’d love to help ! (Although I’m not an expert on this topics)
Cheers from Barcelona !
Your points are valid and make sense, signature check is not a problem in itself but only becomes one when there is no way for the user to change the key that is used to check the binary. Hence you’re right, there are ways to do this right.
I agree we often make the confusion between signature check and signature check with irreplaceable manufacturer key, the latter being a serious issue, but I don’t think it’s the case on this particular article:
Please do not confuse signature checks with freedom. Signature checks are an excellent tool to improve security and detect corruption. Just make sure the user controls the signature and can update the signatures as they desire.
This allows:
* User to detect corruptions of bootloader and/or kernel caused by hardware problems.
* Greatly helps with support issues. It’s very frustrating to try to help someone with a problem only to find they are not running the environment you think they are, and are causing their own problems. I’m all for letting users run their own kernels, but it should be easy to determine if they are using a given release.
* Makes it harder for an exploit to maliciously change the bootloader or kernel
For this reason I’m all for DRM for binaries, as long as the “Rights” that are protected are of the user. I’d love if hackers that managed to exploit on of my devices and place a binary on my system that on any attempt to run it there would be an error “Warning: binary signature not trusted, exiting”. Preferably said device would send me (the owner of said device) a copy of the warning as well.
Don’t throw out the baby with the bathwater.
Well, the modem is connected to the operator network and can implement backdoors, so we must assume it can be remotely controlled. If it is connected to the rest of the chips of the phone (storage, RAM, camera, microphone), the risk for security and privacy becomes very high, which seems to be the case for the Fairphone (the modem is embedded in the SoC).
What are the attack vectors for the modem/SoC vulnerability?
I already found the answer in the thread “Replicant lacks tracking antifeatures”
“the code running on the modem software is proprietary and can not be changed”.
Thanks, I think I’ll buy a Galaxy S2. The GTA04 is not available in Spain and in mobile OS with Firefox modem details are not known.
Previously I wrote: Sorry for writing. I use a translator and do not know if I understand well.
Mean the modem can spy hardware like RAM. But if there is no installed spy code to order and send data do not, you can not do it without instructions. For example if a Samsung Galaxy S Replicant + applications installed F-Droid is not possible spy. Did I understand right?
Thank you very much for your work, is the seed of change was needed.
Greetings from Spain.
Sorry for writing. I use a translator and do not know if I understand well.
Mean the modem can spy hardware like RAM. But if there is no installed spy code to order and send data do not, you can not do it without instructions. For example if a Samsung Galaxy S Replicant + applications installed F-Droid is not possible spy. Did I understand right?
Thank you very much for your work, is the seed of change was needed.
Greetings from Spain.
The best device out there is the Goldelico GTA04 and the (older) Openmoko GTA02. The rest are less secure by far because the modem isolation is either incomplete or uncertain.
So, whats the most secure phone available right now that does not need to be rooted to install other than default operative systems?
By secure, the components of the phone is isolated so it is very hard for N.S.A etc to take control of the phone and turn it in to a surveillance device.
That depends what security concerns we are talking about. The modem being able to spy on the hardware is independent from the operating system for instance, so installing Replicant won’t change a thing there. On the other hand, having a fully free system guarantees that there is no backdoor or malware part of the system.
If the phone is running Replicant then the security concerns are moot aren’t they? Or phone can still be turned into spying device with Replicant?
Vincent: You are right.
If I understand it correctly, the security concerns are also present when running the default software?
Nikolaus Schaller: I will get back to the GTA04 at some point, but as far as I know, the kernel issues still aren’t resolved (suspend/resume is not stable).
Sadly, I had to give up at some point, I cannot keep trying to get it to work endlessly. I am probably not skilled to the point of being able to fix the issues we were (and are still) facing, so I might as well spend my time being useful freeing other devices.
I would sincerely love to get back to working on GTA04 and having a fully-featured release for it. All we need is a working stable kernel.
Thank you for the comprehensive analysis!
Exactly this dependency from some OEM manufacturer is the reason why we decided to produce the GTA04 device ourselves. This gives us much more control, although they are more expensive.
Unfortunately most people looking for freedom and fairness are more looking onto the price of a device than it’s inherent freedom features and how long they will be able to operate it. So instead of pushing what exists (e.g. GTA04) they always look for something new which must of course be cheap (since in 6 months they again look for something new).
Even the Replicant project has diverted resources from work for the GTA04 so we now run our own Replicant project. Please see: Replicant for GTA04
Pingback: Telefonía móvil basada en software libre | Adrián Perales
Launcher source has already been published: https://github.com/kimhansen/FairPhone. It needs (unknown to me) fairphonelib and mediatek-framework (and AOSP). Uses Root Tools library which indicates root is required, strangely enough.
if runs android 4.3+ is better for streaming activism
encode on new open format webm
http://developer.android.com/guide/appendix/media-formats.html
Haha. Not my fault, sed is to blame :)
I can’t find the FairPhone website, can you post another dozen links so i can get it ? :)
thanks for your work !