Josh talks to Hans-Christoph Steiner about F-Driod, the Free and Open Source Android App Repository. The way F-Driod works looks a lot like a Linux distribution which has some interesting security challenges, but also some great security benefits. Hans walks us through the current state of open app repositories and also what the future currently looks like. There are more open phones than ever before, but there are also more challenges than ever before. Hans breaks it all down in an easy to understand way.
Episode Links
- Hans-Christoph Steiner
- F-Driod
- An experiment in automated building from source, 15 years later
- Why curation and decentralization is better than millions of apps
- Free software and inspection are key to software we can trust
- F-Droid maintains in Debian
- Keep Android Open
This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player.
Episode Transcript
Josh Bressers (00:00) Today, open source security is talking to Hans-Christoph Steiner of F-Driod
Hans reached out and wanted to talk about there’s kind of a lot of wild things going on in the F-Droid and Android and know, mobile ecosystem universe, I don’t know what call it. So Hans, welcome to the show, man.
Hans-Christoph Steiner (00:15) Thank you. Great to be here. Thanks for having me.
Josh Bressers (00:18) Yeah, I’m excited to have this chat. like, let’s just start out, know, tell us a little bit about yourself and tell us what you want to talk about because I’m really excited for this one.
Hans-Christoph Steiner (00:28) Okay, where to begin? I so my first, I started with free software in like 1994, on one hand with computer music software. There’s these funny computer programming languages designed for just making music. It’s like C sound and something. And then also Linux. I saw, you know, my brother showing me Linux and turning it to a Klingon. I thought it was, and then.
Josh Bressers (00:42) guys.
Awesome.
Hans-Christoph Steiner (00:54) Yeah, I’ve
been pushing free software since then in many different forms. mean, sometimes, you know, as like a sys admin in a company being like, hey, we should use Debian. ⁓ But since I got a little involved in mobile stuff, when like Nokia apps, what was that? Symbian and things like this. And once Android came along and made a real open source mobile operating system, then I was like…
you know, at the first floor. I had a girlfriend at the time who got early access and so I was able to, like before they were even released, I started messing with the phones and developing apps and have been working on Android ever since ⁓ and was attracted by its openness. ⁓ Then ⁓ I followed this, so there’s the F-Driod project, which is a free software app store for Android. ⁓
Josh Bressers (01:34) nice
Hans-Christoph Steiner (01:55) I followed it for years and was very happy to see it arise and then I kind of got sucked into it. I started contributing here and there. Based on work I was doing with the organization called Guardian Project, we’re doing grant funded apps for privacy. I found I could get grant funding to work on F-Droid and that’s been about 10 years.
Josh Bressers (02:23) Nice.
Hans-Christoph Steiner (02:24) Like basically my living is, and it’s the funniest thing of all is that, you know, I’ve made a living from grants, like writing for yourself are mostly from funded by grants. And this is like, if you had asked me 15 years ago, if this would, I would have done this. No, I, it’s, guess, yeah. Partially just like.
Josh Bressers (02:27) Wow.
Hans-Christoph Steiner (02:50) I think like a lot of free software people, you’re just like, well, there’s the problem. I want to solve it. And then being in the right place at the right time, I guess.
Josh Bressers (02:57) Yeah, yeah.
Like your hobby gets out of hand.
Hans-Christoph Steiner (03:01) Yeah, then it becomes your day job and then you’re happy and then it becomes your life and you’re like, whoa. I have to like slow down a bit. Yeah.
Josh Bressers (03:08) Yeah, yeah, for sure.
Okay, Hans, so tell us ⁓ what is F-Droid for anyone who doesn’t know.
Hans-Christoph Steiner (03:19) So at the most basic level, F-Driod is an app store, if you’re familiar with Google Play or what’s it the Apple App Store. ⁓ It serves that role. But the key part is that it is ⁓ only free software. So it is itself all the free software you need to run an app store. And ⁓ we are inspired by Debian, how Debian operates. ⁓
We try to ship free software apps to the same standard that Debian does. So we work on, ⁓ it runs on Android and Android compatible operating systems like Calyx OS or Graphene OS. And ⁓ we function, ⁓ our goal is to function like a distro. Like, so not just build source or ship binaries, just get out there.
We want to do all the things that distros do and that is ⁓ curating, know, looking at is this app like high quality? Is this app really free software? ⁓ Is this app, does it include tracking? We also, ⁓ so like we review it, we build everything from source. We also do, I think one of the underappreciated roles of a distro is this kind of, it’s a different.
point of view over the pile of source code that’s out there. And so, you know, we, ⁓ what we will see, ⁓ this CVE just came out and hit this app. Well, we have, you know, the source code of thousands of apps laid out that we can easily just be like, okay, what, which apps are using this vulnerable version? And then we can go and we have, you know, links for the issue trackers for all the apps. Cause we,
And so we can go and say, okay, did you know this CVE is out, it affects your app, please update. And this is something that Distros generally do, Debian, Fedora, Red Hat, all of them provide this kind of other layer of review and oversight and help. On one hand, want to help the upstreams stay up to date.
Josh Bressers (05:47) I didn’t realize you were doing vetting in F-Droid actually on the degree it sounds like you are. And so,
that is very Linux distro. So this is a very timely topic, I think, that you bring this up because anyone in the open source security universe right now, all of the packaging ecosystems are under constant attack, it feels like. It’s just kind of utter madness. And you look at kind of the way the distros work, where it’s less breakneck, we’re gonna go as absolutely fast as possible and screw everything else. And it looks pretty sane these days, right? Where it’s like, this is a little more calm, a little more reasonable.
And it’s also, it’s not a place we’re seeing things getting backdoored constantly or things getting attacked constantly. So it’s definitely one of those instances where doing some work, and it is work, but it totally pays for itself, right?
Hans-Christoph Steiner (06:38) Yeah, definitely. I mean, this is something I’ve been fascinated by because it’s like, on one hand, I think, yeah, so like we, it was a little bit kind of unconscious that we’re like, oh, we should do these things when we ship free software Android apps. We should review them. We should, you know, work in public and let people like request apps and then run.
scanners on them and things like this. ⁓ And it’s only kind of crystallized over the years of work, like about like this idea of a distro, for me at least. ⁓ to me, I’ve kind of, and actually, this is what really led me to your podcast to find ⁓ people discussing some of these issues, because I think it really needs to get out there more. And it’s really not defined. one thing is, I think is really clear.
is that like you say, you look at the track record. And it’s not just like a group of people. You can look at Debian and you can look at Red Hat. You can look at a wide range of Distro or even something like ⁓ FreeBSD. ⁓ They have a much better track record ⁓ of preventing ⁓ malware from getting to the end user.
Josh Bressers (07:52) Yes.
Hans-Christoph Steiner (08:01) I’ve kind of like looked into some of these questions and some of the technical architectures of, so I know that I’m a Debian developer as well and have been for a number of years. And so I know Debian quite well and some of the technical architectures of say Debian, I think most security people would probably like flag that as like, this is an insane thing to do. Basically like, you know, having a thousand people with commit privileges on the, an operating system. Like that’s
Josh Bressers (08:09) guys.
Hans-Christoph Steiner (08:30) not a least authority, best practice kind of thing. But if we look at just, if we just say, this is what Debian is and has been for decades, and we look at the outcome, it seems to be working, I would say. It seems to have a good track record. But why? That’s a really hard question to answer. this is what I think these conversations have really started to help me crystallize. What are the key parts that make that model work?
Josh Bressers (08:47) Yes.
Hans-Christoph Steiner (09:01) ⁓ To me, think one key part is ⁓ working in public. Just the fact that you have to openly submit this and free software, of course. The fact that everything is going to be published and ensure that the source code is available, especially when then you link it to ⁓ the source code. What has been built will be archived and available forever.
So I think we see this something like with the famous XZ case. ⁓ Everyone has to refer to that. ⁓ But anyone can go there and find the whole track record of how did this get in to Debian? Let’s get the source tall balls, go to the original source, get all this stuff, and review it. And it’s one thing to s-
Josh Bressers (09:37) Yes.
Hans-Christoph Steiner (09:56) Like if you’re trying to get malware in via a binary, it’s kind of like there’s like a, or even like a direct attack or something like on a web browser attack, you can just ship that code once and then have it disappear once it’s ⁓ successful. But in getting it into a distro, it’s going to be archived forever. And so that means you have, mean, the XZ thing was amazingly crafted, but even still.
Like it has to withstand this kind of test of time of like it can be reviewed whenever and then tracked. So that to me just started to be like, and you actually can see this from like, like bank securities. Like I think like, if you look at bank security, big part of it is just like, we need to have a record of what happened more so than like, we need to prevent it from happening. It’s like it was, we have a record of it and we know who, where all the money went. Then we can.
make things, you we can reverse things that have gone wrong.
Josh Bressers (10:58) Yeah, I mean, that’s how a lot of just good security works in general, right? Is having a record of what happened because while it’s quite often difficult to stop the bad thing from happening, at least once it does happen, you can say, what, let’s figure out what just went down and then we can, you know, clean up the mess that was caused by that. And yes, I agree with you. Like the way Debian works lends itself very well to that. And obviously it sounds like F-Droid works in a similar manner, which is, I mean,
Yeah, as an open source nerd, I’m like, yeah, like that’s the way you do it. Which is now, now let me ask you about that though. Cause when we think of a lot of mobile ecosystems, I feel like closed is the default. Right. And so like, what are, what are your challenges trying to exist in this universe? Right.
Hans-Christoph Steiner (11:50) Yeah, so that’s the hard part. mean, there’s two kind of key things that make it very different operating as F-Driod mean, so the first is that the way Android is designed technically is that the app includes basically all of the dependencies and there is no system libraries really. I mean, there’s some core basic stuff, ⁓ but…
They’ve even over time tried to like shrink that even more and you do more thing more via external libraries. ⁓ So this is, guess you could see a parallel with like the Java jar ecosystem where people just like bundle everything into a jar and that’s the expectation. So that means it’s a little hard to operate as a distro because we can’t just like ship an update to a library and then all of the apps get it like what a new Linux distro like Debian can do. ⁓
So we have to operate on the source code level and say like, okay, here’s all the, we have to scan these apps and coordinate a lot more with, with upstreams to get them to update. I mean, we can patch too, but it’s, it’s, it’s more work than say in Debian where like, okay, this library has a vulnerability. We either, you know, use the newer version or patch that library and then automatically all the, all the things that use it get that fixed. Yeah, that we can’t do. The other one is that ⁓ at the center.
of this distro is an organization that’s different than us. That is Google. Google controls Android. ⁓ And Google could act like a distro. They have Google Play. They have Google Play. They do scanning. They do review to some degree. ⁓ But they don’t really act like a distro. So they’re kind of sitting in the prime distro spot, preventing anyone from doing that.
You know, I’ve asked this question many times, like they do app review, great. I support this, same with Apple. ⁓ They don’t even let you submit the source code, but anyone who knows about app review knows it’s like, if you’re gonna review the app, you want the source code. Like, you know, if you’re gonna ask an auditor, here’s my binary, they’re gonna be like, okay, well, we’ll find something maybe. But.
Josh Bressers (14:10) Well, but they
don’t, right? They suck at this. mean, if you look at the Apple and Google ecosystems, it feels like there’s constant stories coming out of some info stealer or malware thing or whatever because it’s spying on you and it’s doing who knows what. mean, you can yell at me for saying this, but it feels like the review process is more about protecting Apple and or Google, not protecting the user.
Hans-Christoph Steiner (14:38) I mean, yeah, I don’t think I have an argument. I mean, yeah, I think I should be a little more charitable. do think they do. Some of the things they do are helpful for the users. But yeah, it is clear that a lot of these moves, I mean, what we see is a clear pattern in Android. mean, since I’ve been…
Josh Bressers (14:41) Okay, no arguing, that’s cool.
Hans-Christoph Steiner (15:07) are deeply involved in the beginning, know, like of the actual, you know, submitting stuff to the patches to the Android itself, ASP and things like this. And what is clear is that, you know, they’re a business with a certain model and that’s, that’s their central focus. And, and what they’re really good at is finding security issues.
And coming up with reasonable ⁓ fixes that I think they do really good user experience design around security, for example. But there’s a tendency there, I can give you a whole list of examples, where they take a security issue, make a nice design, but that just always seems to fall in the direction of locking people into Google more. And they rarely…
Josh Bressers (15:57) Yes. Yes.
Hans-Christoph Steiner (16:04) I really, yeah, they really rarely make changes that are just blatantly like, no, this is for us. They’re really good at saying, okay, here’s a real user thing that we can address, but look, just happens to like, lock Google in a little more on the ecosystem.
Josh Bressers (16:16) Sure, sure.
okay, so I wanna kind of ask about that openness aspect because you have a website now, it’s called what KeepAndroidOpen.org, and I’ll put a link in the show notes, of course.
But it sounds like later this year, like Google’s going to make it much, much harder for, you know, F-Droid to exist in this ecosystem.
Hans-Christoph Steiner (16:37) Yeah, so keep Android open is kind of a sister effort. It was initiated by Mark Pardomi, who is an F-Driod board member, but it’s not exactly like an F-Driod project. To me, really… It affects free software on all of Android, so it’s bigger than just F-Driod. ⁓ And yeah, so Google, speaking of…
Security features that lock people into Google. Google has introduced what they call Android Developer Verification. is basically, they are requiring developers to register themselves in order to have what Android would consider a valid signing key. then in Android, that gives them the power to…
turn off any developer, basically. ⁓ That’s not how they’re talking about it, but that is the point of the feature. The point of the feature is that if a developer does something that ⁓ Google doesn’t like, they will turn off that, know, they’ll delist or whatever they’re gonna do, ⁓ that developer’s signing keys and those apps will not run on Android. ⁓ So they haven’t explicitly, they’ve asked F-Driod and others to…
register for the system. ⁓ But there’s a lot of issues with it. We see a pattern ⁓ with ⁓ the way Google has run Android where they kind of lock things down over time. And so right now they’re saying, we need this for bank fraud in these handful of countries.
probably a real problem and that should be addressed. have no idea. That’s great. ⁓ But we have a clear analogy with how they ran Google Play. ⁓ Things like ad blockers used to be allowed in Google Play. Now they were kicked out a long time ago. ⁓ Things ⁓ like the game emulators, like even like Termux which I still don’t get why it’s not allowed. Termux is this.
app that lets you have a terminal on your thing and install packages. And some reason, it’s not allowed in Google Play. I don’t get it. ⁓ And so what seems really clear, what will happen with Android Developer Verification is that they’ll start with, OK, look, there’s this burning need. This gives us a tool to stop ⁓ this bank fraud.
which is legitimate problem, but then over time, once people kind of, fluffles died down, then they could be like, but you know, these ad blockers are like interfering with, you know, whatever excuse they used last time, they can just repurpose it, ⁓ et cetera, et cetera, until they’ve locked it totally down again. ⁓ And so this is, you know, really similar to what iOS always had, like Apple from the beginning.
Josh Bressers (19:42) Yeah, right.
Hans-Christoph Steiner (19:57) had this kind of feature and really tightly controlled the ecosystem. And people chose that. It was always there, that was part of the platform. With Android, it’s really different. Like Android was designed open and Android was so successful because it was open and lots and lots of free software developers jumped on board and contributed. Like we, like I’m one of them. We got involved, you know, beyond it, you know, there wasn’t massive
contributions to the operating system itself, but there were some, was a lot of, and even, you know, there was like ROM projects, third party projects rebuilding it. And that led to code flowing into the official Android. But on top of that, what it did do is it inspired lots of free software developers to write free software apps for Android and other apps. And this built Android to the biggest computer platform in the world. And now they, so, know,
I think it’s right that free software developers who built this platform should feel some ownership over it. ⁓ We helped build the platform. Unfortunately, Android is owned by Google. ⁓ And they have changed their opinion on that. now this, to me, this Android developer verification is them just saying, OK, we control this. It’s ours. We’re making tons of money with it. We don’t need all these people who helped build it anymore. And we’re just going to take control.
Josh Bressers (21:26) Okay, so let me ask about that because obviously this significantly affects F-Droid. So what is F-Droid’s plan in assuming this all goes down?
Hans-Christoph Steiner (21:38) I mean that’s a good question. I mean so from the beginning when they announced that they put out materials, I mean it’s always very vague which and the people that are communicating this are not the AOSP team as it has been in the past. These are like develop, you know like it’s clearly a PR campaign with a lot of PR people carefully managing how it’s going out.
Josh Bressers (22:04) shock.
Hans-Christoph Steiner (22:07) ⁓ And at the beginning, they made vague promises. we’re not, we’re not, ⁓ what did they say? Side loading is not going away. Side loading their term for installing apps outside of Google Play. ⁓ But everyone understood that side loading is just installing any app. So yeah, side loading is going away, but let’s see. So they didn’t have any…
exceptions in their original ⁓ communications around this. They were just saying sideloading is not a good going away hand waving, but no actually clear thing, clear path to let you install apps outside of like to actually sideload. ⁓ I think we seem to have gotten, I mean, this, this issue seems to have gotten a lot of attention, which is great. Like I spend a lot of media, a lot of people talk about it and in general, like the feedback we get.
I hear very little support for it. ⁓ Maybe that’s my bubble, but it does seem that even in tech media and various languages, mean, yeah.
Josh Bressers (23:15) Yeah. Well, I
mean, look, this feels like one of those things you’re either gonna, you don’t know or understand, or you hate it. Like the number of people who would be like, yeah, this is a great idea. I mean, they all work at Google. Like, let’s face it, right? It’s just, it’s not something anyone who understands what this is is gonna say, yes, this is great.
Hans-Christoph Steiner (23:22) You
you
Right. I would say that like, there’s like, again, in Google, there’s like this core idea, which I think could be generally useful and good, but that’s not exactly what they’re doing. And what I mean is like, okay, you want to have like a ⁓ notary on the apps that you allow. So you say, trust this organization to notarize ⁓ the apps and ⁓ kind of like, then I only can get apps from…
the notaries I trust. So I think that on its own could be useful. The question is, why is it only Google or only Apple that can notarize? Like there isn’t a good technical reason for that. So if they rolled out this feature and they said, well, look, you can trust a different notary. You could trust Free Software Foundation. You could trust ⁓ your local church. I don’t know, like whatever. ⁓ Then I would think, okay, that’s a pure win. And then, you know, trust
Google by default on Google devices, yeah, I would have no complaints about that. But yeah, that’s not how they, they have now backed off a bit and they’ve announced this other, I forget what they call it, but you have to like turn on developer mode and wait 24 hours.
Josh Bressers (24:55) Yeah. Yeah.
Hans-Christoph Steiner (24:58) And you know, we have a lot of data from the Epic versus Google. They did a lot of research on this and they showed I think the drop off rates of something like 24 hour wait time were like 90%, 80%. I forget, don’t quote me on that, but yeah.
Josh Bressers (25:10) ⁓ easily. Yeah,
easily, easily. Okay, okay Hans, this feels, this doesn’t fill me with joy, we’ll say, right? Everything you just said. mean, F-Droid is cool, maybe the future of it, but tell me about the future, because I know you mentioned before we hit record, like there are some other things happening out in the universe that will say,
Hans-Christoph Steiner (25:23) Yeah.
Mm-hmm.
Josh Bressers (25:36) I don’t know how to, I guess we’ll fill in some of these gaps, like some community projects. So I’m curious, like educate us.
Hans-Christoph Steiner (25:44) Yeah. Okay. So what we’re talking about, this is Android and Android is, you know, officially defined as the version of AOSP that Google blesses. It’s a whole legal process. ⁓ There are lots of Android compatible operating systems like Calyx OS or LineageOS or GrapheneOS and many, many others. These are Android compatible. They’re based on the same AOSP project.
They’re not Android. They can’t be called Android under Google’s rules. ⁓ So they can decide on their own ⁓ what they do with Android Developer Verification. in that sense, ⁓ as a user, even if Google shipped their most restrictive version of this, you…
I think Graphene has already said, for example, and Calyx have already said that not going to implement this. ⁓ So as a user, yeah, you would be able to still have the software freedom we’re used to on Android. ⁓ But as a developer, well, you know, it’s a kind of more limited audience where you say, like, I’m making Android apps, but I’m not going to ship them on Android. ⁓
Josh Bressers (27:06) Yes.
Hans-Christoph Steiner (27:11) That’s a big caveat. So that’s one piece of it. And for me, the other thing is like this thing that Google says you have to turn on developer mode. mean, F-Driod is for anyone. They did all this great work that made it totally possible to write a third-party app store that anyone on the platform can install and use.
safely. Not all of the third-party app stores are safe. But I think F-Driod has a reputation. History can show that we have a good reputation. ⁓
Josh Bressers (27:54) Yeah, yeah.
Now let me ask you about that though. So you live
in the EU and wasn’t there, I don’t know all the details, I didn’t pay that close of attention, but didn’t the EU tell Apple they have to support alternative app stores? Or I don’t know all the details to that, but like, that apply to Android as well?
Hans-Christoph Steiner (28:16) Yes, so this is the Digital Markets Act. Yeah, this has been… So I’m a free software hacker first and foremost, I have been sucked into this stuff. It’s been very interesting going to meetings in Brussels about where there’s Google and Apple VPs and the regulators from the European Commission. People were telling me I had to go to these meetings, and was like, what am I doing here?
Josh Bressers (28:20) Okay.
Hans-Christoph Steiner (28:47) But it’s been quite fascinating because in order to implement this regulation, the Digital Markets Act, the regulators, the European Commission, have to understand the technical details. so then, you know, through the just showing up and trying things out, I’ve started to figure out, OK, yeah, we have a role to play because actually a lot of these free software people, with especially with Android, but also with iOS, like understand it.
understand the platform really well and often better than the technical people they have involved in these regulating procedures. ⁓ And so, I mean, yeah, we’ve been able to really greatly like just point to source code and be like, this is how it actually works, regardless of what they say. And then the European Commission says, yeah, right. Okay. So then it to change. That’s been gratifying. ⁓ So in the case of…
Josh Bressers (29:22) yeah.
Peace.
Hans-Christoph Steiner (29:45) ⁓ Apple App Store on iOS, there is now third party app stores, so they have opened it up to some degree, but the conditions that they’ve set are onerous. so one ⁓ of F-Driod’s board members is Mark Pernod, who has his own project called App Fair, which is trying to be something like
Josh Bressers (30:04) ⁓
Hans-Christoph Steiner (30:15) It was just trying to be something like F-Droid on iOS and Mac, like a free software build from source distro for those platforms. ⁓ And they’re locked out because you have to get a million dollar or million euro ⁓ letter of credit in order to be able to ship. Which I’m trying to think like which distro would have started if they had to put up a million gets a million euro letter of credit like.
It just, and then, so this is why I think, this is unfortunately why I think that Apple thinks that they can get away with Android developer verification is that so far the European commission has not forced Apple to drop their notary requirement. So even though there are third party app stores, all of those apps have to be notarized by Apple in order to be installable.
⁓ Yes. So Apple opened up a bit. ⁓ Google, at the beginning of this process, they seemed pretty legitimately engaged, I guess, because they were closer to compliance. There already was the ability to run third-party app stores. ⁓
Josh Bressers (31:14) That sucked.
Hans-Christoph Steiner (31:37) But yeah, it’s hard. I can only speculate about why they’re ⁓ locking things down. My guess is just based on what I see. ⁓ I used to see a lot of these kind of features coming out from the AOSP team, the technical people who work very publicly, ⁓ really, yeah, speak at conferences and…
operate somewhat publicly. They’re being locked down. And what we’re seeing is that more and more of the competition lawyers are making these calls at Google. And if you worked at a big corporation, think people know these dynamics. yeah, this team was given, AOSP was this, I don’t know, Golden Child, maybe, where they were given a lot of power over what they did. And now they’ve lost that, ⁓ I guess, because the…
They need to defend their monopoly. Like they’re making too much money.
Josh Bressers (32:38) Defend their monopoly like that just ah anyway No, it’s like ah, I know it’s it’s totally true though. Um, all right Hans So we’ve come to the end. Let’s land this plane. Tell us what do we need to know? What should we pay attention to? What are next steps for anyone to take who’s interested in any of these things like fill us in?
Hans-Christoph Steiner (32:42) That’s what I see.
Yeah, okay. One of the things I think to give is hope over over this is, ⁓ is that there’s a lot more free software on phones specifically, yeah, getting more organized in like community free software ways. And when Project Ed call out is post market OS, ⁓ it is a basically an Alpine Linux distro for phones, but they’ve done this amazing job of,
building a community that takes all of the random patches and stuff like that for all these mobile devices and get it upstream into the Linux kernel and they’re building this foundation of Linux and an OS that can run on so many mobile devices. And I think that’s super exciting and a key part of it. So this, of course, is not an option on
iPhone but ironically you know I’ll praise Google when they do good it like their Google Pixel devices are quite nice and they you can unlock them and install other devices OS is on it and that’s a great thing and ⁓ not a lot of like other phone companies don’t do that they do it somewhat but hopefully Google will stick with that because it’s it’s a little scary because the same company that’s locking things down is the one that
Everyone is relying on for good, good mobile devices for free software, but so far so good. Yeah. So as while we’re kind of seeing that we might be locked out of Android, there is a big upswallowed activity and getting organized and coordinated of saying, well, okay, know, phones, phones are just computers. We know how to do distros.
Let’s do this. We don’t need a big company in the middle anymore. That’s my big hope, I guess.
Josh Bressers (35:04) I need to look at this again, because it’s been many years. And the last time I looked, the running Linux on a phone was in terrible shape. that is my dream, is I want a phone that’s just literally running a distro, and I can do anything I want with it. That is my nerd dream for a phone.
Hans-Christoph Steiner (35:12) Mm-hmm.
Well, I have some suggestions for you then. This is also my dream. I had like Maemo and all these back then, if you know these, like the Nokia N810 and things like this was a version of that dream. ⁓ So what is really cool is that we’re starting to see hardware manufacturers like OEMs ⁓ opening up and ⁓ making it possible to ship easily other alternative.
Josh Bressers (35:34) Yep. Yep.
Hans-Christoph Steiner (35:55) OS is on mobile devices and two that I really like to highlight are Fairphone and Shiftphone. So Fairphone is in the Netherlands and Shiftphone is in Germany. both, not sure, I think they unfortunately might really only be available in Europe, in the EU. But they both work with like community projects to make it really, make it so that alternative OS’s can run on their devices.
Josh Bressers (36:05) Okay.
Hans-Christoph Steiner (36:25) Because they have both ⁓ given a pledge for long-term support, ⁓ that means, so you can put all these pieces together, like the post-market people are taking patches and upstreaming it, and it’s all the same Linux kernel. And then you have projects like Ubuntu Touch, which is Ubuntu. It is just Ubuntu to run on these phones. ⁓ Or…
⁓ other OS’s. That’s what we need. If we have hardware manufacturers committed to long-term support and committing to supporting free software systems ⁓ on phones, then people integrating, we really… This is starting to see what we expect from a laptop, where I can just buy my laptop and maybe it comes with…
Maybe I can get it from like system 76 with Linux pre-installed or maybe I just get it ⁓ with Windows and pay the Windows tax and uninstall it. But I expect that I can install whatever I want on it. ⁓ We’re starting to see that happen in the mobile ecosystem and that makes me really happy. So hopefully maybe it’s enough for you to check out again.
Josh Bressers (37:35) Nice. I
definitely, I need to for sure, 100%. That’s, well, I also took Hans before we hit record and I will shamefully admit this is I have an iPhone because I rage bought it when the Pixel, I bought a Pixel phone and it ended of life on the third year and I was so mad. I was like, I’m buying an iPhone and I’m keeping it forever. Cause like having to buy new devices every three years is like just, it fills me with hate and fire and rage.
Hans-Christoph Steiner (38:04) Yeah.
Josh Bressers (38:06) I, anyway, okay, Hans, this has been a ton of fun. I have learned so much from you. I wanna thank you. This has been amazing.
Hans-Christoph Steiner (38:15) Thank you so much for having me this opportunity. I mean, it’s good to get out there out of my little bubble and try to see how we can work with other people out there in open source. I that’s really what it’s all about is finding all the people that work together.
Josh Bressers (38:32) Absolutely.
Amazing. Amazing. All right. Until next time, my friend.
Hans-Christoph Steiner (38:38) All right. Thank you.