Third Replicant 6.0 release

A new version (0003) of Replicant 6.0 has been released a few weeks ago.

It fixes an important issue that makes devices end up in a boot loop (the devices were crashing during boot, endlessly) when installing certain applications.

It also fixes a security issue that enables attackers to decrypt and/or modify WiFi traffic.
This can be problematic if your security is relying on the WiFi encryption. This can be the case if you are using WiFi to connect to your device to use applications like Remote Keyboard over telnet. This can also be problematic if you share your Internet connection through WiFi and some services of the phone operator you use are available without authentication.

Because of the above, updating to this new version is strongly recommended.
See the update instructions on the wiki for that.

If your device is affected by the boot loop issue mentioned above, the update instructions won’t work, as they expect you to be able to easily reboot to recovery.
In that case, to reboot to the recovery you have to first boot in safe mode, and then to follow the update instructions to reboot to recovery.

Replicant 6.0 early work, upstream work and F-Droid issue

Replicant 6.0 early work and associated efforts: At Replicant, things are moving again: Replicant is being updated from Android 4.2 to Android 6.0 by Wolfgang Wiedmeyer. The status and feedback takes place in the forums before it is reviewed and integrated in the official Replicant repositories. This work is currently being done for the Galaxy S 3 (I9300).

At the same time, Wolfgang Wiedmeyer is also working on the following for Replicant 6.0:

  • Graphics acceleration with mesa and llvmpipe: while this still uses the CPU, it should be faster and more feature-complete than the default implementation. This will hopefully fix some of the previously non-working applications in F-Droid.
  • Building the toolchains: Replicant has always used some pre-built toolchains and utilities. Building such tools and/or using the ones from GNU/Linux distributions will make Replicant more trustworthy.

Replicant 6.0 should also bring full device encryption and SELinux support.

Future directions: In the future we also want to be able to support the upstream Linux kernel for devices with a minimal amount of effort. This was made possible thanks to:

  • Android becoming more standard: it now requires very few changes to the upstream Linux to work. Linux also received changes that made it possible.
  • The fact that the amount of work required to mainline a device in Linux has drastically been reduced, for some of the devices we target.

Devices such as the GTA04 and the Optimus Black are good targets for upstream Linux kernel support. They also allow running free bootloaders.

In a similar fashion, we also want to be able to support upstream bootloaders, such as U-Boot.

We hope that this will allow us to have longer term support for such devices. Even if Replicant is unable to continue to support such devices in the future, having them supported by upstream software will potentially enable users to use them with other free software distributions.

We have thus started the work to support devices such as the Optimus Black and the Kindle Fire (first generation) in upstream Linux and U-Boot. Other projects and individuals are also very actively adding support for other devices, such as Allwinner tablets, that will benefit Replicant eventually.

Helping Replicant by contributing to F-Droid: Replicant is supported, recommended by the FSF and listed as a fully free software distribution that respects the GNU Free System Distribution Guidelines, along with other GNU/Linux distributions such as Trisquel or Parabola. Replicant
ships the F-Droid package manager in its images.

F-droid is committed to distributing only free software, and it does. However some of it does not comply with the GNU Free System Distribution Guidelines.

Practically speaking some of the applications F-Droid distributes:

While the list of such anti-features is displayed in red when selecting an application in F-Droid, applications with anti-features are still listed aside compliant ones. This is also quite confusing since free software isn’t expected to contain
such anti-features in the first place.

It took Replicant a long time to realize the issue, this is due
to its developers being very busy, to the fact that the anti-feature
display is confusing and that there was no clear smoking gun.

After an investigation, that was delayed due to the lack of time, a
smoking gun was finally found, and a bug report was opened on the Replicant side.

At FOSDEM 2016, the issue was discussed with F-Droid developers in order to find a way to fix it. On their side, F-Droid developers also opened a bug report. Due to various reasons, progress was very slow and we recently learned that efforts to fix this issue came to a stall.

Replicant developers are more dedicated and used to working on system programming than writing or modifying Android applications. They are also really busy doing so. However, some individuals wanting to help Replicant may be able to work on Android applications, with some time to do so. This is exactly the kind of skills required to solve this issue in F-Droid. Getting it fixed is crucially important for Replicant.

If you’re interested to jump-in and help resolve this issue, please get in touch with us or with F-Droid developers directly to get directions on how to get started.

Replicant lacks tracking antifeatures

Recently there was a lot of hype about mobile operating systems spying the users: Apple iOSPalm WebOS, Google Android.

Since Replicant is based on Android someone could be concerned about our operating system too.

According to Magnus Eriksson on github:

The files are named cache.cell & cache.wifi and is located in /data/data/com.google.android.location/files on the Android device.

Well we are proud to confirm that on Replicant (tested both on htc dream and nexus one) those files are missing,  even with "Settings -> Location & Security -> Use wireless networks" enabled.

The directory that should contain those files( /data/data/com.google.android.location/files ) doesn’t even exist  in Replicant.

But beware: even if Replicant itself doesn’t track its users’ position, this doesn’t mean that the phone can’t spy on you.

A smartphone usually has two components that talk to each other: a cpu and a modem. If the modem gets a call, it tells the CPU about it and viceversa for outbound calls, the CPU will order the modem to make a call (if you are curious about how it works there is a paper about how mobile phones work).

The modem and the CPU running Replicant are separated, and while we are trying to do our best to ship a fully free mobile os, the code running on the modem is proprietary software and can’t be changed. Since we don’t know what it does, we have no way to be sure that it doesn’t spy.

Also note that on the HTC Dream and the nexus one mobile phones,  GPS and audio parts are controlled by the modem.

The cellphone network can also spy, in fact in order to work it has to know your location.

This is just to remind you that every mobile phone is a tracking device and if you don’t want to be spied at all you should not use one.

So why do people invest time on Replicant?

Here are some reasons:

  • The modem or the network has no access to the CPU where replicant is running. That opens up some possibilities such as VPN, TOR,SSH, etc…
  • If mobile phones become the computers of the future we want to run free software on them.

Edit: I learned that the Modem’s CPU has access to the memory(the RAM chips) of the CPU running replicant, in other words the modem CPU can spy replicant’s CPU.

That will force us to port replicant to some devices that don’t have this problem, such as the nokia n900 for instance.