Replicant contributors meeting the 27,28 July in France

A Replicant contributors meeting will take place in or near Paris in France the 27 and 28 July 2019.

As we are still looking for a place to host the meeting, we don’t have a definitive address yet.

It will be open to anyone who contributes or wants to contribute to the Replicant project.

The meeting will most likely be in English as not all the Replicant contributors who plan to attend speak French.

More details will be posted on the wiki page dedicated to this event over time.

Last minute information, if any, will also be posted on that wiki page.

The Replicant project will receive a mobile device from Necuno Solutions

The Replicant project has been looking forward to support devices with free software bootloaders. While Replicant is a fully free software Android distribution, many freedom, privacy and security issues are orthogonal to the operating system. The hardware design of each computer (smartphone, tablet, laptop, etc.) people use, and the architecture of the cellular network also have their set of issues. For more information on these issues, the Replicant project has some documentation on the topic.

So far all the devices that are (or have been) supported by Replicant use a nonfree boot software (the bootloader). These devices also use hardware restrictions to deny users the freedom to replace them completely with free software, effectively forcing them to run nonfree software. This is a very serious freedom issue that prevents users from being in control of their devices.

There were several attempts to add support for devices with free software bootloaders in Replicant:

  • The LG Optimus black: this smartphone doesn’t prevent users from replacing the bootloader. Paul Kocialkowsky did a lot of work to add support for this device in upstream u-boot (a free software bootloader) and added minimal support for it in the upstream Linux kernel. However support for some of its most important hardware components like the display are still missing in the Linux kernel. This device can probably still be found second hand
  • The GTA04 smartphone from Golden Delicious: this smartphone has a free software bootloader which is based on u-boot. The smartphone was designed to run GNU/Linux and has almost complete support in upstream Linux. There were attempts to add support for it in Replicant 6.0, however a lot of time was spent to try to make suspend to RAM work with Android. However older Replicant 4.2 images are available. Several hardware revisions of the GTA04 have been made and shipped to customers and developers over the years. However this has stopped due to manufacturing issues. Another issue is that the revisions before A5 only have 512M of RAM and a high DPI display: This combination makes running Android 9 potentially challenging. Fortunately the A5 revision has 1G of RAM, but not a lot of working units were produced.

There is also some ongoing work to specifically add support for smartphones that are currently supported by Replicant like the Galaxy SIII (i9300), the Galaxy Note 2 (n7100) and their 4G versions (i9305 and n7105). The 4G versions could also be supported by Replicant if the work to support their modem (through QMI-RIL) is resumed.

The Replicant project will receive a mobile device, the NC_1 (formerly called Necuno Mobile) from its manufacturer (Necuno Solutions), which will have a free software bootloader

This device has the size of a smartphone, but doesn’t have a broadband modem: while users will not be able to use a built-in modem for phone calls, SMS or to access the Internet, it is still the best way to be completely sure of avoiding any freedom privacy and security issues related to broadband modems and the cellular network. It will also require less work to add support for this device in Replicant.

Even if it’s possible to disable the modem on some of the mobile devices currently supported by Replicant by not loading the modem’s code, some nonfree software still run on these mobile devices. This includes the bootloader and potentially any other nonfree software that it may load. Because of that we cannot be 100% sure that the modem is completely disabled.

The Necuno Mobile will use an I.MX6 Quad system on a chip (which is a chip that contains the main CPU, the microSD card controller, the GPU, etc.). Its free software support is better than for many other system on a chip: the only functionality of the I.MX6 Quad that requires nonfree software is the video decoding acceleration. The article on single board computers has more details on freedom issues affecting various system on a chip and by extension the single board computers that use such components.

A Replicant developer (Joonas Kylmälä) will receive a Necuno Mobile to work on it.

The Necuno Mobile should have a Linux kernel that is very close to upstream: this is a good opportunity for a new attempt to enable Replicant to use upstream kernels. This has many advantages. One of them is that in the long run, it should decrease the amount of work required to maintain the devices and potentially increase their lifetime.

This should also enable the Replicant project to more easily add support for other devices that can use an upstream kernel, like the GTA04, or devices like the Galaxy SIII (i9300) and the Galaxy Note 2 (n7100) that are starting to have good support in upstream Linux.

It is also very interesting in the long run as we could share some of the work with other smartphones projects like postmarketOS who are also trying to support mobile devices with upstream kernels. It could also enable the Replicant project to more easily support future mobile devices that will have free software bootloaders, as some of them will also use kernels that are meant to run GNU/Linux.

Third Replicant 6.0 release

A new version (0003) of Replicant 6.0 has been released a few weeks ago.

It fixes an important issue that makes devices end up in a boot loop (the devices were crashing during boot, endlessly) when installing certain applications.

It also fixes a security issue that enables attackers to decrypt and/or modify WiFi traffic.
This can be problematic if your security is relying on the WiFi encryption. This can be the case if you are using WiFi to connect to your device to use applications like Remote Keyboard over telnet. This can also be problematic if you share your Internet connection through WiFi and some services of the phone operator you use are available without authentication.

Because of the above, updating to this new version is strongly recommended.
See the update instructions on the wiki for that.

If your device is affected by the boot loop issue mentioned above, the update instructions won’t work, as they expect you to be able to easily reboot to recovery.
In that case, to reboot to the recovery you have to first boot in safe mode, and then to follow the update instructions to reboot to recovery.

Replicant 6.0 early work, upstream work and F-Droid issue

Replicant 6.0 early work and associated efforts: At Replicant, things are moving again: Replicant is being updated from Android 4.2 to Android 6.0 by Wolfgang Wiedmeyer. The status and feedback takes place in the forums before it is reviewed and integrated in the official Replicant repositories. This work is currently being done for the Galaxy S 3 (I9300).

At the same time, Wolfgang Wiedmeyer is also working on the following for Replicant 6.0:

  • Graphics acceleration with mesa and llvmpipe: while this still uses the CPU, it should be faster and more feature-complete than the default implementation. This will hopefully fix some of the previously non-working applications in F-Droid.
  • Building the toolchains: Replicant has always used some pre-built toolchains and utilities. Building such tools and/or using the ones from GNU/Linux distributions will make Replicant more trustworthy.

Replicant 6.0 should also bring full device encryption and SELinux support.

Future directions: In the future we also want to be able to support the upstream Linux kernel for devices with a minimal amount of effort. This was made possible thanks to:

  • Android becoming more standard: it now requires very few changes to the upstream Linux to work. Linux also received changes that made it possible.
  • The fact that the amount of work required to mainline a device in Linux has drastically been reduced, for some of the devices we target.

Devices such as the GTA04 and the Optimus Black are good targets for upstream Linux kernel support. They also allow running free bootloaders.

In a similar fashion, we also want to be able to support upstream bootloaders, such as U-Boot.

We hope that this will allow us to have longer term support for such devices. Even if Replicant is unable to continue to support such devices in the future, having them supported by upstream software will potentially enable users to use them with other free software distributions.

We have thus started the work to support devices such as the Optimus Black and the Kindle Fire (first generation) in upstream Linux and U-Boot. Other projects and individuals are also very actively adding support for other devices, such as Allwinner tablets, that will benefit Replicant eventually.

Helping Replicant by contributing to F-Droid: Replicant is supported, recommended by the FSF and listed as a fully free software distribution that respects the GNU Free System Distribution Guidelines, along with other GNU/Linux distributions such as Trisquel or Parabola. Replicant
ships the F-Droid package manager in its images.

F-droid is committed to distributing only free software, and it does. However some of it does not comply with the GNU Free System Distribution Guidelines.

Practically speaking some of the applications F-Droid distributes:

While the list of such anti-features is displayed in red when selecting an application in F-Droid, applications with anti-features are still listed aside compliant ones. This is also quite confusing since free software isn’t expected to contain
such anti-features in the first place.

It took Replicant a long time to realize the issue, this is due
to its developers being very busy, to the fact that the anti-feature
display is confusing and that there was no clear smoking gun.

After an investigation, that was delayed due to the lack of time, a
smoking gun was finally found, and a bug report was opened on the Replicant side.

At FOSDEM 2016, the issue was discussed with F-Droid developers in order to find a way to fix it. On their side, F-Droid developers also opened a bug report. Due to various reasons, progress was very slow and we recently learned that efforts to fix this issue came to a stall.

Replicant developers are more dedicated and used to working on system programming than writing or modifying Android applications. They are also really busy doing so. However, some individuals wanting to help Replicant may be able to work on Android applications, with some time to do so. This is exactly the kind of skills required to solve this issue in F-Droid. Getting it fixed is crucially important for Replicant.

If you’re interested to jump-in and help resolve this issue, please get in touch with us or with F-Droid developers directly to get directions on how to get started.

Replicant lacks tracking antifeatures

Recently there was a lot of hype about mobile operating systems spying the users: Apple iOSPalm WebOS, Google Android.

Since Replicant is based on Android someone could be concerned about our operating system too.

According to Magnus Eriksson on github:

The files are named cache.cell & cache.wifi and is located in /data/data/com.google.android.location/files on the Android device.

Well we are proud to confirm that on Replicant (tested both on htc dream and nexus one) those files are missing,  even with "Settings -> Location & Security -> Use wireless networks" enabled.

The directory that should contain those files( /data/data/com.google.android.location/files ) doesn’t even exist  in Replicant.

But beware: even if Replicant itself doesn’t track its users’ position, this doesn’t mean that the phone can’t spy on you.

A smartphone usually has two components that talk to each other: a cpu and a modem. If the modem gets a call, it tells the CPU about it and viceversa for outbound calls, the CPU will order the modem to make a call (if you are curious about how it works there is a paper about how mobile phones work).

The modem and the CPU running Replicant are separated, and while we are trying to do our best to ship a fully free mobile os, the code running on the modem is proprietary software and can’t be changed. Since we don’t know what it does, we have no way to be sure that it doesn’t spy.

Also note that on the HTC Dream and the nexus one mobile phones,  GPS and audio parts are controlled by the modem.

The cellphone network can also spy, in fact in order to work it has to know your location.

This is just to remind you that every mobile phone is a tracking device and if you don’t want to be spied at all you should not use one.

So why do people invest time on Replicant?

Here are some reasons:

  • The modem or the network has no access to the CPU where replicant is running. That opens up some possibilities such as VPN, TOR,SSH, etc…
  • If mobile phones become the computers of the future we want to run free software on them.

Edit: I learned that the Modem’s CPU has access to the memory(the RAM chips) of the CPU running replicant, in other words the modem CPU can spy replicant’s CPU.

That will force us to port replicant to some devices that don’t have this problem, such as the nokia n900 for instance.