The problem is that linux on mobile has shitty security, while android (even better on grapheneos) and ios are really secure devices, which needs to be a priority on the mobile space.
It's just a downside of using a more native linux os, it's very difficult to have proper containerization, verified boot and all those neat features that we can have with grapheneos (which is why they only support pixel devices by the way)
I know privacy is the ultimate goal, but without security, there is no privacy.
I mean yes but actually no.
There’s nothing inherently insecure about Linux on mobile but I believe the problem you’re describing relates more to the lack of fine grained permission granting knobs and underdeveloped UX overall.
None of which can’t be fixed, and to some extent you are probably safer running android apps within the sandboxed android simulator running on top of sailfish than “natively”.
Yeah it's all about how you configure the system (for example a lot of linux distros are insecure by default, how many of them have secure boot support, selinux/apparmor, ACLs out of the box?), but still the base was not designed with security in mind years ago, so the best would always be to design something new (just think about xorg vs wayland), but it's a huge task and really difficult to have something like that be developed in a complete foss manner (I mean in the linux spece there is red hat that is mainly pushing new security standards, selinux and the likes), I am not saying those are the best, but still they are something, but it all feels like a patch on top of something with a lot of holes 😅.
But yeah, android on top of linux could be better than native linux apps, bur at what cost? Batter, performance... It's a difficult world.
I mean if the Linux “foundation” was insecure wouldn’t that also mean the Android foundation is just as insecure? Android is a Linux distro with an extremely specialized userspace but still linux beneath (I remember when Samsung used to brag about setting SELinux to enforcing before every other OEM and stuff like that).
And then performance of Android on top of “real” linux shouldn’t be different, we’re not running any sort of emulator or virtual machine, but even if we did use VMs, hardware assisted virtualization and paravirtualization should make the performance close enough to native that you could go as far as pulling a qubes style distro for mobile, but I don’t know if anybody is that much paranoid.
Fuck I misread the whole point on performance.
No, that’s not the case I’m making here, my point is that Graphene (and any custom android rom for that matter) is not an Android “hardfork”, nor can it ever be, meaning that they can’t compete with android and build anything on top without playing the cat and mouse game of trying to keep up with the AOSP.
Sure you lose on the established ecosystem but that’s part of the cost in being a proper alternative.
If we keep reskinning Android it’s going to end up the same way as the browser market, where webkit only survives because apple pushes safari down iOS users throats, gecko from firefox is dying and every other browser is chrome with some patches on top.
I hope this makes sense.
Yeah you make valid points and I basically have the same concerns.
I don't really like the "let's go with linux native on mobile", but also the "let's fork android" seems limited.
Not every mobile Linux is created equal. I mean, android itself was once “let’s go with linux on mobile”.
PostmarketOS with plasma mobile is a whole different beast compared to SailfishOS (which inherits from Nokia maemo/meego etc).
