Google et al pour billions annually into making android a first-class and dominant mobile OS. I think the FOSS community should leverage that and focus on liberating Android instead of trying to reinvent the wheel.
Android Virtualization Framework with pKVM on Pixel 7+ can technically allow unmodified Linux VMs to run in parallel with "official" VMs that pass hardware attestation. This feature is not yet exposed to end-users.
The point is that apps you need to run will only do so in the "official" VMs that pass hardware attestation and will intentionally fail in the unmodified Linux VMs.
If a banking app or DRM-encumbered streaming app can run in the official attested VM, what would be the benefit of running such closed apps in unmodified Linux VMs?
If banks and streaming vendors don't trust unmodified VMs, why would open-source Linux VMs trust closed apps with binary blobs?
One benefit of running open-source Linux VMs is access to the vast corpus of mature open-source software applications packaged by Debian, Fedora, etc.
> what would be the benefit of running such closed apps in unmodified Linux VMs?
That you wouldn't need the official attested VM anymore.
> why would open-source Linux VMs trust closed apps with binary blobs?
The point is that with an open-source Linux VM, the user could decide what to trust instead of some megacorp deciding for everyone.
> vast corpus of mature open-source software applications
The problem is that there's a lot of proprietary apps that are both (1) necessary for a lot of real-world things, e.g., the SeatGeek app for tickets to shows, and (2) not replaceable with FOSS because the company will ban you if you connect to their API with a third-party client.
> That you wouldn't need the official attested VM anymore.
As hardware, sensor and cellular radio standards continue to evolve, someone has to pay for timely development of bare-metal software to drive new hardware. Today, that is the vendor providing the "official attested VM" and drivers. If Arm can reach x86 levels of backward compatibility and stable interfaces, it may be possible to extend the lifetime of mobile devices with OSS bare-metal drivers. It has taken many years to achieve this on relatively open x86 PCs. Even Arm SBCs still struggle, see the efforts of Armbian. Mobile devices are less open and more complex.
> proprietary apps ... not replaceable with FOSS because the company will ban you if you connect to their API with a third-party client.
Regulations and technology are evolving in the direction of more control, not less. Customers will need to find forms of collective and competitive action to influence vendor policy in sensible directions, because it will be increasingly expensive to bypass. Try to support vendors who use technology responsibly in service of their customers. Encourage OSS competition where feasible.
For one show I went to, I needed the app to be able to get in the door, because I had no option to print the tickets, have them mailed to me, or pick them up at will call, and the web site didn't let me see what they needed to scan.
my bank websites work fine on my phone, too. i don’t run anyone's apps any longer as corpos just take the chance to add invasive data harvesting, location tracking, etc.
Your banking app is not going to work on Linux either. If Android is fundamentally broken then fork it. My point is, it seem smarter/easier to take Android and make it more linux-like than to take Linux and make it more Android-like. All the work is already done and paid for. Sailing with the wind vs sailing against the wind.
edit : Unless the goal is also to benefit the linux desktop ecosystem (the whole convergence meme)
This is why it's so worrying that browsers are getting the same treatment. Attestation/WEI will bring this to the desktop (and mobile browser for that matter) and you'll have to use Chrome or an approved Chrome reskin (every other browser, basically) for most things.
That isn't sufficient. You'll also need to use an OS which provides "acceptable" hardware attestation capabilities (as defined by Google) required to verify that the copy of Chrome is legitimate (otherwise this could be spoofed). In practice that most likely means your options are limited to: Windows 11, macOS with System Integrity Protection enabled, Chrome OS, stock Android with Google services installed as system apps, iOS.
Google's first attempt at bringing attestation to the web, WEI, was shot down by hackers, but it won't be the last. Please continue to fight against this.
Honest question - how? I run Linux, Firefox, etc. but I don't know what else I can do to help restore a healthy ecosystem. Run for office with the pirate party?
Crypto, piracy, and anything else you can do to protect yourself from the institutions that caused the these problems in the first place. The actual problem needs a societal/cultural solution though, not a technological one.
> If Android is fundamentally broken then fork it. My point is, it seem smarter/easier to take Android and make it more linux-like than to take Linux and make it more Android-like.
That's what LineageOS (née CyanogenMod) tries to do, and what this leads to in practice is force them to depend on a heap of proprietary code (downstream kernels and userspace blobs). Outside of that, the work that's "done" on the AOSP/LineageOS UI layers and supporting software/"apps" is relatively easy to port over to Desktop Linux - the GNOME Mobile UX is actually making great progress from that POV. So I'm quite skeptical about your proposed approach.
> Your banking app is not going to work on Linux either.
I think the idea is that no amount of forking Android is going to produce something different enough to entice developers to port their apps to it, but maybe if an entirely new Linux-based mobile platform kicks off, there's a chance?
If you have to consult `developer.android.com` (a Google-owned domain) to develop for your "totally not Android" platform, it may be difficult to avoid the temptation to do as the documentation recommends and simply embrace proprietary Google services and hardware attestation and whatnot. After all, 99% of users have those things and it's just these several weird forks that don't?
I think what these people are looking for, really, is an alternative to the Android/iOS duopoly that provides more control and less tracking, not necessarily Linux (yes, I know the title of the post is "we need GNU/Linux"). Companies like Framework prove that there's a nontrivial number of people looking for devices like this.
Windows Phone was around during the time that carrying a smartphone on your person at all times was optional, and we didn't have critical government and banking services being delivered exclusively through apps that only work on Google Android and Apple iOS. I suspect that if Windows Phone had survived, and managed to keep even a tiny fraction of the market share, these apps would nonetheless be forced to support it because they would have to account for at least some of their customers using it.
