Send in your ideas. Deadline October 1, 2024
logo
hex
Grant
Theme fund: NGI0 PET
Start: 2019-04
End: 2022-10
More projects like this
Operating Systems

Finish porting Replicant to newer Android version

Alternative, free software version of Android

Replicant is the only fully free operating system for smartphones and tablets. All the other operating systems for smartphones and tablets use nonfree software to make some of the hardware components work (cellular network modem, GPS, graphics, etc). Replicant avoids that, either by writing free software replacement, by tweaking the system not to depend on it, or, as the last resort by not supporting the hardware component that depends on it. However it is based on Android 6, which is not supported anymore, thus it has way too many security issues to fix, so keeping using this version is not sustainable. This project consists in finishing to port Replicant to Android 9, which now has standardised an interface for the code that makes the hardware components work. Once done, it will also make the free software replacement automatically work on future Android versions.

Why does this actually matter to end users?

Consumers that go shopping for a new cell phone or tablet these days, at the surface have quite a choice. Even the cheapest of mobile phones sold today, is surprisingly powerful compared to that of a couple of years ago. All that seems left for consumers to do is to match their own sense of style and of course budget. If they are really eager, they might compare a limited set of technical specifications: How long does the battery last? How big and bright is the screen? And do games and movies run smoothly? Most users tend to not even bother about that, eager to jump straight to the app stores filled with more applications than a human could feasibly install in their life. What more could a mere user want?

Somewhere in the back of our minds there may be lingering some larger, less happy thoughts. What about security and privacy? Who really is in control of our devices? It is not easy to connect the joyous occasion of our (often much anticipated) purchase of a really cool new gadget with societal resilience, our collective future well-being or any other of the larger economic effects of our individual choices...

In the early GSM era, there wasn't a single dominant operating system from a single vendor. The market was competitive and rather straightforward from todays perspective. Major efforts like Symbian (which ran on the very popular phones of erstwhile market leader Nokia, but also on those of Siemens, Alcatel, Bosch, Sharp, Sony Ericsson etc) were the result of a pragmatic collaboration on more or less equal footing of many manufacturers. These had a shared development responsibility, and equal opportunities. None of them knew how their users actually used the phones they created: that was the business of the customer.

The subsequent rise of the smartphone resulted in market disarray, because the dynamics of the new situation were so different. It wasn't so much a difference in technical quality that set the new masters of the universe apart, it was a complete change of the underlying business model and value proposition few people properly understood - if any.

The real-world cost of developing and maintaining the first generation of mobile platforms was non-trivial, and price competition in the devices was heavy. And then suddenly a no-visible-cost and feature-rich smartphone operating system appeared on the market. It wasn't produced by any of the current competitors or by an open consortium. The source was a single company that had heavily invested into this for strategic reasons. In parallel Apple was able to launch its own effort, take its slick iPod music player and its strong media presence and market visibility in the desktop space. Their premium iPhone line addressed the most luxurious part of the market - also with the help of Google. The CEO's of both companies even sat on each others boards, so the strategy was certainly aligned.

It was a perfect coup. Among the two of them they effectively levered the possibilities of the mobile smartphone platforms, media stores and restricted-access platform-owned app stores to take ownership and control of large parts of the software and content ecosystems at global scale. Traditional phone manufacturers (many of which were European due to the success of the pioneering GSM standard) had historically been just selling a phone at competitive margins (with "no strings attached"). The whole economy of their operations and ecosystem of collaboration was effectively pushed aside by this audacious new strategy. The new Android operating system was funded not by the sale of the product itself, but by the promise of future user data gathering without real limits or much oversight - which had elsewhere proven to be able to create giant revenues. And unlike a desktop computer, a phone is nearly always on. It moves wherever the user goes, and thus it is always near. It has a camera, a microphone and lots of sensors. When users search for something, they use the default search bar which you control.

So effectively the new "smart" phone was primarily a vehicle for extensive data gathering about users, which could be resold and monetized later on. The manufacturers could get the operating system for free. The small margins that could be made on selling the software to they were negligible compared to the advantages later on. And of course at the time there was still a generation adoration of these "tech darlings" - press wrote lovingly about the "reality distortion field" around Apple's CEO Steve Jobs.

Right from the start this conceiled play was extremely profitable for both of them, allowing lots of subsequent investment - into their platforms, into the developer tools, into marketing and into legislative lobby. The "mobile first" strategy actually worked out better than anyone would have imagined, especially because the mobile phone operating system produced by Google turned out to be more than just a "loss leader". The market funnel of the free option it provided only became visible at the end. Technically advanced and more fair platforms appeared, but were unable to counter the "winner takes all" development in time. At present the vast majority of the phones are sold using one of only two operating systems: Android and iOS. In the absence of effective policy and legislative efforts to curb this unfortunate situation, that market dominance is a hard problem to solve at a technical level.

In our consumer bubble, we actively contributed and still contribute to this. The software stores of both platforms may offer consumers plenty of options at the application level. This seems quite healthy at first. But when you analyse the situation, it is far from how society should want this to be. This all starts with the fact that users do not have to manually install all applications. Apple has full control and puts its own software in pole position. Google is able to make the manufacturers do the same through contractual obligations. The result is the same: a strategic choice of end user applications is preinstalled alongside the platform, and effortlessly available to all users.

Many of us have meanwhile become used to these omnipresent "free" but closed "blockbuster" applications that ship alongside the dominant platforms. As we know from history, for instance through the famous European anticompetition cases against dominant technology companies taking control over web browsers, media players and portable runtimes (Java/C#), preinstalled applications have a huge competitive advantage. Not all users are as technically competent, and this creates enough inertia with consumers to keep manufacturers on a leash. The huge market share of platform 'defaults' like Android's default browser have a deep impact on the market, leaving little room for web developers to follow pretty much all what Google implements - even if they disagree or would actually like to follow proper web standards as produced by W3C. Who can affort for their website or web application to look worse on an operating system with the majority of market share?

Apple holds all the cards closely to its chest, and keeps full control. As long as it has Google as competitor, it feels secure of anti-competition measures. Their main strategy to even increase control is to buy suppliers, or make them sign exclusive contracts keeping others at bay. The defense strategy of Google is publishing most of Android source code. Manufacturers can and have tried to build alternative versions based on that. But in the market real-world control remains tightly with Google through the critical applications which need the "blockbuster" restrictively licensed apps and the larger infrastructure - both of which remain tightly closed. A certain percentage of users will always at some point demand these "free" applications, while others cannot withstand the social lock-in and will actively push vendors to bow down. No small time manufacturer can afford to be out.

The platforms realise this powerful position very well, and are not afraid to lever it. Either a manufacturer is all-in, or all-out: it cannot selectively allow individual users to use blockbuster applications later on. This cut-throat dillema has left the companies that make the actual phones little choice but to accept unattractive licensing conditions that restrict their freedom to innovate. And even if they do comply with all the demands including a non-disclosure agreement to seal their lips, their license can be withdraw at any time. In fact this may even happen due to geo-political pressure, as a very large Chinese manufacturer of Android found out to its great dismay in May 2019 when it was banned from future upgrades to Android. That can happen to any phone vendor using Android at any time.

Thhe rigid control over the platform and the app stores was originally meant as a way to secure access to consumer data. These days, it is actually making an awful lot of money on its own. Consumers are paying a huge and very direct cost for the 'free platform' deal of the manufacturers. The dominant mobile platforms both charge developers up to an incredible 30% of their revenues (more than any VAT rate around the world!).

If your company wants to sell enough apps to make a living, you will want to use the default sales channel with the most users. This of course is the platform app store, which comes preinstalled on the prime spot. In fact, most users would not know how to install apps any other way, or are warned against that with scary messages. Selling through the app store means you have to pay up and at the same time obey all kinds of rules. The companies behind the mobile platforms themselves can at any time see an interesting market emerging. At that point there is a clear unequality of arms: if they want, the next update will put their own applications preinstalled on hundreds of millions of devices. This giving them a clear and unfair business advantage over anyone else in the market. Meanwhile developers ironically pay for the privilege of being allowed to exclusively develop for the platform concerned, and sell the outcome in the default (and most restrictive) app store. The platform almost certainly has a higher more profit margin from the average developer, even if it is a direct competitor. But what can developers do? Their investment into the software they wrote is hard-wired to the initial choice of platform...?

Non-trivial applications that run on one mobile platform do not run on another, and require additional effort to write in a way where they can. This invisible 'cost of diversity' to the larger ecosystem of creators (which is orders of magnitude bigger) contributed significantly to the "winner takes all" scenario at platform level. When the European Commission orders some app to be developed for citizens to access its services, crowdsource data gathering or inform them of passenger rights, it does not care about creating someting for the users of the innovative Finnish mobile platform Sailfish from Jolla - or in fact anyone else. If you look at the apps officially published by the European Commission on the app stores, you will not find any app for any European mobile platform ever published there. The same 'selfish' short term considerations will of course be made even more frequently by smaller actors with less deeper pockets, like independent publishers. As a result the market will make the largest platforms larger, and will completely ignore the rest.

In the new mobile world we live in now, control as a user is limited to the very surface of things. Significant privacy and security issues start directly below that surface. You don't really know what the platform actually does while executing apps, and more importantly, who sees your data - or if you are a business, looks at the data of your customers. When you use one of the hundreds of thousands of existing apps and games, you only see the service they provide. But you can't inspect or even see what more they take. What does an app do exactly when you click on the pretty icon? This is very much unlike for instance interacting with a web page, which is fully transparent. As it turns out, mobile apps do lots of things users do not know about, and would not agree with if they did. In some cases literally hundreds of companies have been known to get access to data on the phone.

A consumer-friendly platform should empower the user to notice and take action, or even make it technically impossible. However, the companies that produce the operating systems seem to have other interests. Have you ever wondered why everyone tells you your desktop computer needs a firewall and you are allowed full control to see everything happen. Now stop and think about why your cell phone does not have the very same level of firewall capabilities, but only very much simplified and less capable?

So what can we as a society do in the face of such a complex situation of market failure, anti-competitive practices, perverse incentives and general confusion? How do we give control back to the users? How do we create equal opportunities for European phone manufacturers? How do we stop the unfair "platform tax" on app developers, stimulating employment and startups?

One reasonable direction is to try and lay the ground work for creating viable alternative platforms. Such a fundamental approach is necessary in order to end these extractive practices and the resulting lack of consumer freedom. Smart phones are really just small computers. This means we can build upon plenty of meanwhile mature building blocks and technical work done over decades. In fact, both Android and iOS followed the same path. They were not created from scratch, but based on existing open source projects for desktop and server operating systems. There is nothing magical, it is just engineering work. This is what this project contributes to: it provides an alternative to stock Android. The Replicant project has been building a variant of Android without any unknown parts, unlike the Android which is preinstalled on most phones: all the source code is available for inspection and collaborative improvement as a matter of principle. As new versions of Android emerge, their software needs to be synchronised to keep up with consumer expectations and remain compatible with new applications emerging. Otherwise the user would pay for regaining control by being locked to outdated functionality - which would not really contribute to more users making the choice for more privacy.

Run by Replicant and the FSF

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.