EEVblog Electronics Community Forum

Electronics => Open Source Hardware => Topic started by: Pensive__Jellyfish on May 24, 2020, 10:23:19 pm

Title: Open source smartphone - is it feasible?
Post by: Pensive__Jellyfish on May 24, 2020, 10:23:19 pm
Hi everyone!

I hope that my question isn't too trivial as I am a physicist and not really knowledgeable in electronics.

Today I was trying to inform myself about privacy protections of the Covid-19 contact tracking apps (the apps to identify potentially dangerous contacts). While they do seem promising to me, since open-source projects seem to be seriously developed, I was wondering: is this really useful when the phone hardware itself can be compromised? Is it possible to check it is not? And could a viable open source hardware phone be developed, so that checking becomes much easier?
I think that with these new tracking needs, these questions have become even more important, if not technically, at least because of the "cultural push" for surveillance.

Hoping that my message was in the right section, I thank you for your patience ;)
Title: Re: Open source smartphone - is it feasible?
Post by: nuclearcat on May 24, 2020, 10:30:03 pm
I think it is not about open source hardware, but more open source software. You can get most from flashing in compatible phone LineageOS.

All mobile phones have big problem - they have to deal with obscure and not very open 3GPP standard, which is implemented mostly by "giants" who are not interested to open baseband stack.
In best case you will hook some SIM800 or similar module, hook raspberry, and get heavy brick that will make everybody around frightened, and which is not really comfortable to use.
There is no really working opensource hardware of baseband, except some obsolete stuff.
So, as i said before, check LineageOS, it will give you much higher degree of privacy without losing all comfort.
Title: Re: Open source smartphone - is it feasible?
Post by: Pensive__Jellyfish on May 26, 2020, 09:30:09 pm
First of all, thanks for the answer. So if I understand well, the main issue is due to the Operating Systems, despite the fact that Android is technically Open Source? I also ask this because apparently for the app they plan here in Switzerland the problem seems to be the permanent control of the Bluetooth devices - which the OSs don't allow but which the tracking apps needs.
Title: Re: Open source smartphone - is it feasible?
Post by: nuclearcat on May 27, 2020, 12:35:56 am
Android is opensource in original form, but each vendor modify it and also bundle with their own software, so result is "blackbox" and doing "god knows what".
If you take LineageOS - you take essence of opensource, and you install additional software on your own choice. But as soon as you install google play bundle or any closed software with significant privileges, you compromise your privacy again.
There is FOSS software market, F-Droid, where all software opensource and functionality is transparent, but choice is quite limited, you will have to decide, if you can live with it.

If you want to avoid tracking (and i think it is a must - unless it is transparent and mandated by government), i have small hint: LineageOS (named that time Cyanogen) had while ago feature that can run software in "sandbox", so software have only illusion that it can control specific peripherals  >:D
I know they did it for GPS and contacts access, not sure about bluetooth. I'm quite sure it's worth to go to their forums and ask if they have same for bluetooth of planning to implement that.

Google and Apple by itself technically can push OTA updates at any moment, that can allow specific apps to control bluetooth or even they can start contact tracking over their software stack (in android - google play "core" can do that).
Already Apple seems did that, and while IMHO nobody authorized them to do so, in small country i live, i noticed in my BLE scanner - tons of beacons. So already they do what they want with people privacy.
Title: Re: Open source smartphone - is it feasible?
Post by: awallin on May 27, 2020, 05:26:31 am
this one should have schematics, PCBs etc available if you're into that  ::) https://en.wikipedia.org/wiki/Purism_(company)
Title: Re: Open source smartphone - is it feasible?
Post by: Mr Evil on May 27, 2020, 01:14:54 pm
There's the PinePhone (https://www.pine64.org/pinephone/). They deal with the non-open hadrware/firmware by isolating it from the rest of the system.

What is required to keep yourself secure depends on who you are defending against. Just using an open-source OS + apps will keep most commercial actors at bay, which is sufficient for most people. On the other hand, if you attract the attention of someone with enough resources to do things like manufacture custom chips and intercept your phone before it is delivered to you, then there is no way to be sure if the phone is compromised, open-source or not.
Title: Re: Open source smartphone - is it feasible?
Post by: Peter Gamma on June 03, 2020, 08:18:00 am
I will buy a Pinephone, because I love it :-+. I m trying to find find a platform for BLE sports sensors wich is more open. There is the Pyloton open source bike computer from Adafruit, but I would love to have it on an open source smartphone platform like the Pinephone.
Title: Re: Open source smartphone - is it feasible?
Post by: Peter Gamma on June 05, 2020, 09:25:18 pm
There is also the zero phone. But will it ever become reality? You can build it yourself, if you have the necessary time for it :palm:.

https://www.crowdsupply.com/arsenijs/zerophone (https://www.crowdsupply.com/arsenijs/zerophone)

For me personally, the Pinephone is better. It is currently sold as a device for developers. For instance telephone calls are not working. But there are enthousiastic developers giving hours and hours of talks on youtube about the Pinephone and how to develop it:

https://www.youtube.com/watch?v=imlkQVRXUOI&t=438s (https://www.youtube.com/watch?v=imlkQVRXUOI&t=438s)

I think it is only a matter of time until a Pinephone can replace your Android phone.
Title: Re: Open source smartphone - is it feasible?
Post by: Peter Gamma on June 06, 2020, 05:21:46 pm
This review of the Pinephone is a bit shorter  :):

https://www.youtube.com/watch?v=zUttT67rkyM&t=63s (https://www.youtube.com/watch?v=zUttT67rkyM&t=63s)
Title: Re: Open source smartphone - is it feasible?
Post by: wizard69 on June 08, 2020, 08:30:56 am
Hi everyone!

I hope that my question isn't too trivial as I am a physicist and not really knowledgeable in electronics.

Today I was trying to inform myself about privacy protections of the Covid-19 contact tracking apps (the apps to identify potentially dangerous contacts). While they do seem promising to me, since open-source projects seem to be seriously developed, I was wondering: is this really useful when the phone hardware itself can be compromised? I
I really have massive reservations with respect to those tracking apps, in the end I think no good will come from them and their use will probably lead to an innocent person ending up dead.   Some psycho will get a wring and go hunt down the person "THEY THINK" was the contact and do them in.   In other words the idea is ill conceived.

The other problem is this, how do you know if a person is infected?   
Quote
Is it possible to check it is not? And could a viable open source hardware phone be developed, so that checking becomes much easier?
I see no value in "checking" at all.   I mean really even if you have a been in contact what difference does it make, there is no confirmed treatment so you are on your own if you do contract something.   If a viable treatment does develop then why does a contact matter?
Quote
I think that with these new tracking needs, these questions have become even more important, if not technically, at least because of the "cultural push" for surveillance.
People involved in tech should be pushing back as they know more than anybody how evils such technology can become.   The only cultural push is coming from people that don't know any better.
Quote
Hoping that my message was in the right section, I thank you for your patience ;)

Seems right. 

As for open source cell phones there are a number of attempts at such and there are one or two on the market.    The massive lack of success over the years tell me that there is little opportunity for success here.   All previous attempts have failed so that is a bad sign.    Almost every attempt I've seen, was started by people that had no idea about the capital required to get such a project off the ground.

To do it right you would likely need a bundle of money, probably near $250 million.   That is to cover engineering, initial production and marketing to be successful.    Then you need to hope that you sell enough cover all of that investment.   Considering how crappy every open source attempt has been so far I think recovering your investment is a crap shoot.
Title: Re: Open source smartphone - is it feasible?
Post by: wizard69 on June 08, 2020, 08:35:53 am
Imagine what happens with your battery power when the phone is constantly trying to connect to everybody around you.

First of all, thanks for the answer. So if I understand well, the main issue is due to the Operating Systems, despite the fact that Android is technically Open Source? I also ask this because apparently for the app they plan here in Switzerland the problem seems to be the permanent control of the Bluetooth devices - which the OSs don't allow but which the tracking apps needs.

A responsible person would be protesting any such app.   More evil will come from these sorts of apps than anything recently mandated.   Worse they will do nothing to prevent you from contracting Covid 19.
Title: Re: Open source smartphone - is it feasible?
Post by: c64 on June 23, 2020, 04:02:01 am
What about just compiling Android yourself?
Title: Re: Open source smartphone - is it feasible?
Post by: Haenk on July 14, 2020, 01:08:39 pm
I'd say: Completely Open Source? Forget it. There is so much patented stuff even in the baseband alone, that - even if you are able to reverse engineer it and are able to create your own chipset - the patent lawsuits (billions of USD, likely) will hunt you down.
Creating a smartphone using already existing chips? That would be possible, but turning this into a usable, customer-acceptable and legal-of-use hardware is yet another story. Patents still need to be covered, conformity regulations and so on - this requires massive amounts of knowledge, and those in the knowings are rare and certainly not cheap (aka won't work for free).
Title: Re: Open source smartphone - is it feasible?
Post by: Bassman59 on July 14, 2020, 04:04:04 pm
And could a viable open source hardware phone be developed

I'm sure an open-source smartphone could be developed, and run Android.

But good luck getting the carriers to approve the use of your phone on their networks.
Title: Re: Open source smartphone - is it feasible?
Post by: c64 on July 15, 2020, 03:45:19 am
But good luck getting the carriers to approve the use of your phone on their networks.
You can use existing 3g/4g/5g module.They are small and easy to work with
Title: Re: Open source smartphone - is it feasible?
Post by: GotZapped on July 18, 2020, 06:05:34 am
For me personally, the Pinephone is better. It is currently sold as a device for developers. For instance telephone calls are not working. But there are enthousiastic developers giving hours and hours of talks on youtube about the Pinephone and how to develop it:

I think it is only a matter of time until a Pinephone can replace your Android phone.

I've been following the PinePhone (https://www.pine64.org/pinephone/ (https://www.pine64.org/pinephone/)) and the Librem 5 (https://puri.sm/products/librem-5/ (https://puri.sm/products/librem-5/)). Looks like the PinePhone is making good progress with a much lower price tag than the Librem 5. Pine64 just made available the 2nd iteration of the "community" version focused on the PostmarketOS community https://store.pine64.org/product-category/pinephone/ (https://store.pine64.org/product-category/pinephone/).

Two packages are available:

PINEPHONE – “Community Edition: PostmarketOS with Convergence Package” Limited Edition Linux SmartPhone
Price: $199.99

PINEPHONE – “Community Edition: PostmarketOS” Limited Edition Linux SmartPhone
Price: $149.99

I'm tempted as it looks like most major functions work, like calls, sms, etc.

The PostmarketOS community are developing a Linux distribution for a wide range of existing phones, including the PinePhone and the Librem 5. It has been making great progress, but held back by the lack open source drivers or adequate technical documentation of the phone SoC's.   |O
https://postmarketos.org/ (https://postmarketos.org/)
https://wiki.postmarketos.org/wiki/Devices (https://wiki.postmarketos.org/wiki/Devices)
https://wiki.postmarketos.org/wiki/PINE64_PinePhone_(pine64-pinephone) (https://wiki.postmarketos.org/wiki/PINE64_PinePhone_(pine64-pinephone))
https://wiki.postmarketos.org/wiki/Purism_Librem5_(purism-librem5) (https://wiki.postmarketos.org/wiki/Purism_Librem5_(purism-librem5))

Apart from the improved privacy and reduced surveillance by Google and Apple with a free and open source based phone. The sooner we have a phone that runs mainline linux, the sooner the end of forced obsolescence (https://en.wikipedia.org/wiki/Planned_obsolescence (https://en.wikipedia.org/wiki/Planned_obsolescence)) and we don't need to buy a new phone every 2 years because the manufactures do not update the OS.  ;D


Title: Re: Open source smartphone - is it feasible?
Post by: janoc on July 18, 2020, 10:12:38 am

Today I was trying to inform myself about privacy protections of the Covid-19 contact tracking apps (the apps to identify potentially dangerous contacts). While they do seem promising to me, since open-source projects seem to be seriously developed, I was wondering: is this really useful when the phone hardware itself can be compromised? Is it possible to check it is not? And could a viable open source hardware phone be developed, so that checking becomes much easier?
I think that with these new tracking needs, these questions have become even more important, if not technically, at least because of the "cultural push" for surveillance.

Hoping that my message was in the right section, I thank you for your patience ;)

Open source phone could be done - and has been done (e.g. OpenMoko, PinePhone and probably others). You may have to live with some binary blobs, though - e.g. the baseband (radio) software. Both for commercial reasons (the manufacturer is not interested in releasing that) and legal ones (most radios these days are software controlled and locking down the software is the easiest way to fulfill the legal requirement that the end-user must not be able to change things such as frequencies or transmit powers).

Can it be viable? Commercially? No. Absolutely not. Something being open source is not a selling point for 99.9% of the people who are buying a phone and the development costs are such that it would never pay for itself in the competition of the existing phone manufacturers.

Then there is the entire infrastructure - carriers, networks, etc. which isn't open and that has no obligation to let your gadget on their network. Coincidentally, that's also where most of the worst surveillance actually happens - the police will get your location information, all your call information, texts, audio etc. from the carrier, they don't need your phone for that. Carriers are also frequently selling a lot of this information to advertisers, private investigators, researchers, etc. So whether or not the phone is open source really doesn't matter.

On-device surveillance is a problem only when we are talking about applications doing nefarious things (e.g. Facebook or LinkedIn exfiltrating your contact information) - but then that would be pretty much the same even on a open source phone, unless you ban such applications or restrict their data access (which will most likely break them). That will likely make your customers pretty unhappy.

Alternatively it can be an issue when we are talking about spooks hacking into your device for surveillance. However, that's more a subject of spy movies and very targeted attacks on certain individuals, not something that can and is done en-masse. And then that the device is open source likely doesn't matter much unless you develop also your own chips, baseband, etc. - a totally unviable proposition due to costs, patents and lack of market for such a thing. Even worse, if you are targeted by such adversary, having any phone on you is likely the last thing you would want anyway (the phone can be physically bugged, it can still be surveiled remotely through the carrier, etc.)

So if you are worried about surveillance an open source phone is a red herring. Lobby for better privacy laws and their enforcement instead.
Title: Re: Open source smartphone - is it feasible?
Post by: c64 on July 19, 2020, 05:11:12 am
On-device surveillance is a problem only when we are talking about applications doing nefarious things (e.g. Facebook or LinkedIn exfiltrating your contact information) - but then that would be pretty much the same even on a open source phone, unless you ban such applications or restrict their data access (which will most likely break them). That will likely make your customers pretty unhappy.
You don't need to restrict access. You just feed fake data (for example give it fake contacts, fake gps location, etc.). Current Android model is just shit, you have only two options - give requested permission or not.
Title: Re: Open source smartphone - is it feasible?
Post by: janoc on July 19, 2020, 08:13:26 am
You don't need to restrict access. You just feed fake data (for example give it fake contacts, fake gps location, etc.). Current Android model is just shit, you have only two options - give requested permission or not.

Which both makes the applications useless and it is an enormous pain for the user to manage.

And re Android permission model - sure, it is "shit". Design a better one. That the users will actually understand and will be able to effectively use.

90% of users (regardless whether iOS or Android) have no clue what they are giving permissions for, don't read the descriptions and don't understand the consequences of their actions. So yeah, making this even more granular is really going to solve the problem ... not.
Title: Re: Open source smartphone - is it feasible?
Post by: Kalvin on July 19, 2020, 09:03:09 am
It depends what you want to accomplish. If you want something quite basic without all the bells and whistles, you can build a working phone from the readily available modules, and integrate those modules together: A mobile networking module with GPS from u-blox or some other manufacturer. Combine that with a cheap WIFI/BLE-module, you will have the connectivity. Then you would need LCD touch-screen for UI, battery + battery charging circuitry, USB-connectivity for charging/debugging/file transfer, and a CPU module with Flash+RAM etc. Lastly, you need to produce some PCB for interconnecting the modules, and mechanics which will hold your design together. Lots of work, but doable if you have time, motivation and persistence. I would definitely start something simpler, like taking a currently available Android phone, and hack it to suit my purposes before jumping into building my own phone hardware.
Title: Re: Open source smartphone - is it feasible?
Post by: c64 on July 21, 2020, 02:44:13 am
You don't need to restrict access. You just feed fake data (for example give it fake contacts, fake gps location, etc.). Current Android model is just shit, you have only two options - give requested permission or not.
Which both makes the applications useless and it is an enormous pain for the user to manage.

Really? If I give fake phone book or location to my facebook app (hypothetically speaking, I don't use this shit), how  is it going to brake it?

And re Android permission model - sure, it is "shit". Design a better one. That the users will actually understand and will be able to effectively use.

90% of users (regardless whether iOS or Android) have no clue what they are giving permissions for, don't read the descriptions and don't understand the consequences of their actions. So yeah, making this even more granular is really going to solve the problem ... not.
This is exactly why we have this situation. Most of phone users are idiots (by idiots I mean have no technical knowledge, they sure can be geniuses it something else) and don't care about permissions, and manufacturers try to target most of the population. Same with Windows 10 forcing updates - it's designed for idiots who just want their computer to work and don't care what's happening in the background..

Most of the modern electronics is designed to be used by people who have no idea about electronics or software.

I assume the open source smartphone we are talking about is not for average Joe.

What is so complicated with my permission model? Similar to the current Android, but instead for each permission you have options "give, not give, give fake".
Title: Re: Open source smartphone - is it feasible?
Post by: Magnificent Bastard on July 27, 2020, 12:57:02 am
In the USA, the government likes to be able to spy on their own citizens, so they did two things:  They purposefully changed the cellular transport protocols (GSM, etc.) by filling the encryption key with mostly zeros.  This flaw is worldwide (because MOST governments love to spy on their own people).

The second thing they did in the USA is to make a law that you cannot encrypt your conversation if you are on the public switched telephone system (including the cellular system).  However, this does NOT apply to VoIP, if both sides of the connection are using the same encryption-- this is because a VoIP conversation looks (externally) just like any other Internet connection-- and encryption is allowed for banking, etc.

So, here's my idea-- you choose instead a cellular DATA module (with NO voice capability).  Then you connect this to a small but capable MCU (Like an ARM Cortex-M7).  The small computer implements a VoIP phone, and there must be some kind of external server that helps to establish the initial connection.  If two phones using the ZRTP protocol are connected, you now have a connection that cannot be tapped.  For additional fun, each phone could also connect through a VPN, and the server (for initial IP discovery, so you can call people) could be an 'onion' address on the Tor network.  So, now you are also hard to trace physically as well.  This could all be built in a very small package like a small flip-phone (or similar).
Title: Re: Open source smartphone - is it feasible?
Post by: boniek on August 28, 2020, 12:10:29 am
If you want privacy and security get Google Pixel 3 (I recommend to get XL version for better battery life) and flash GrapheneOS (they are ATM testing Pixel 4 support so you may want to check if that is ready and get newer device if so). If you want simple just get any modern iPhone that has guaranteed software updates from Apple. Everything else is simply a joke and not worth bothering about if you care about opsec at all. Open Source doesn't always mean better security or better privacy, but it is true that it would be better to have it, all else being equal. Pine Phone and such will be a security nightmare compared to modern and mature mobile platforms from Apple and AOSP. Truly Open Source mobile is impossible due to proliferation of proprietary firmware (including CPU microcode, ME firmware which is running on embedded Minix OS, BIOS/UEFI - even coreboot usually isn't fully Open Source, bootloaders, embedded OS in LTE modems and lots more). Operating system is just one piece of the puzzle and firmware attacks usually are much more dangerous (firmware is usually more privileged than OS), more persistent and harder to detect.

Title: Re: Open source smartphone - is it feasible?
Post by: c64 on August 29, 2020, 03:20:23 am
ME firmware which is running on embedded Minix OS, BIOS/UEFI
These exist in mobile phones?
Title: Re: Open source smartphone - is it feasible?
Post by: Peter Gamma on September 17, 2020, 03:01:27 pm
Is there an OpenSource phone which is more convincing than the PinePhone? I could not find a device.
Title: Re: Open source smartphone - is it feasible?
Post by: gevali7 on September 30, 2020, 01:55:59 pm
A good way would be to root your phone and customize it for yourself! But the main thing is that the phone can be rooted. For example, Honor phones cannot be rooted.
Title: Re: Open source smartphone - is it feasible?
Post by: RenThraysk on September 30, 2020, 02:54:11 pm
So, here's my idea-- you choose instead a cellular DATA module (with NO voice capability).  Then you connect this to a small but capable MCU (Like an ARM Cortex-M7).  The small computer implements a VoIP phone, and there must be some kind of external server that helps to establish the initial connection.  If two phones using the ZRTP protocol are connected, you now have a connection that cannot be tapped.  For additional fun, each phone could also connect through a VPN, and the server (for initial IP discovery, so you can call people) could be an 'onion' address on the Tor network.  So, now you are also hard to trace physically as well.  This could all be built in a very small package like a small flip-phone (or similar).

bunnie Huang ( https://www.bunniestudios.com/ (https://www.bunniestudios.com/) ) is current making a mobile device.

https://www.crowdsupply.com/sutajio-kosagi/precursor (https://www.crowdsupply.com/sutajio-kosagi/precursor)
Title: Re: Open source smartphone - is it feasible?
Post by: Peter Gamma on February 19, 2021, 09:26:08 am
Does it have to be a completely open source phone? There are so many great Linux phones available:

https://petergamma.org/linux-phones/

and there also many great Linux watches available these days:

https://petergamma.org/page-2/

and there is a growing community for these devices.