Replicant: The Struggle for Free Mobile
The Struggle for Free MobileBy
Most people are under the impression that Android is free software, so why the need for Replicant, a project that describes itself as a “fully free Android distribution”?
According to Replicant project lead Paul Kocialkowski, the answer is complicated. The version of Android developed internally by Google and released through the Android Open Source Project (AOSP), is “nearly fully free software,” apart from some WiFi firmware. However, to run on the Google Nexus devices it is designed for, it needs additional components that are not part of the project but are distributed separately by Google. These components release the changes they made to free-licensed elements, such as the Linux kernel, but not their complete codebase.
Additionally, some community-based derivatives of Android that are based on AOSP, like CyanogenMod, add non-free drivers to run Android on other devices.
By contrast, Replicant uses CyanogenMod’s code, but without the non-free elements. “The biggest part of our work,” Kocialkowski says, “is about writing free software replacements for these non-free components” – a goal that often has mixed success.
To simplify this work, Replicant chooses not to work on 3D hardware acceleration or to write replacements for non-free firmware that runs in any chip except the CPU, leaving such concerns for other projects. “We declare [that] a device [is] supported once the basic requirements for using it are reached: working sound, graphics not too slow, and telephony working if the device has a modem.”
Personal and Idealistic
Replicant was started in 2010 by Bradley M. Kuhn, Aaron Williamson, Graziano Sorbaioli, and Denis “GNUtoo” Carikli. Originally, the project was intended to be an umbrella organization for projects working on a free version of the HTC Dream, the first Android phone.
After developing replacements for the HTC Dream’s non-free components, Replicant went on to attempt to create a replacement for what is now Google Play that consisted only of free-licensed apps. However this second goal only succeeded when a separate project call F-Droid was created. Today, Replicant ships with F-Droid pre-installed, but the two remain separate projects.
Currently, the project consists of half a dozen developers, including Carikli, although he is less involved than he used to be. Kocialkowski himself is a relative newcomer, having learned both C and Git as he ported Replicant to the Nexus S. Additionally, “on particular projects, such as working on the modem, we also sometimes get help from developers from other projects, to add support for devices both our projects aim to support.”
The project remains both personal and idealistic. “I have strictly no idea about how many times our last batch of images was downloaded,” Kocialkowski admits. “Our goal is not to be as popular as possible, but rather to provide an alternative for people who are interested in it, even if that means that we are the only five users in the whole world. Being a user of Replicant gives me enough motivation to keep going.”
Choosing the Definition of Limits
Today, all Replicant releases support 10 devices, including many of Google’s Nexus and Samsung’s Galaxy lines. Replicant 4.0 0004, the latest release, supports seven devices, two of which are supported in both 3G and WiFi versions for a total of nine. The project will soon move to Android 4.2, the latest stable version in CyanogenMod.
“Porting Replicant to a new version is a big piece of work,” Kocialkowski says. “We first have to find a way to make it run without the need of graphics acceleration, which is supposed to be mandatory since [Android] version 4.0. If we cannot find anything that works, we simply cannot use the new version. Once graphics are known to be usable, we can start moving our changes on top of the CyanogenMod code for the new version. Doing this for seven devices takes a long time, so we usually prefer to work on improving Replicant’s support of the phone’s hardware instead of porting to new versions.”
Nor is hardware acceleration the only challenge. According to Kocialkowski, Replicant is slower than CyanogenMod or Google’s version of Android. He adds, “We are also having tough times with GPS: all the GPS chips found in the Android phones we support implement a secret and non-documented protocol that we just cannot figure out.” For similar reasons, Replicant supports only a few video formats. The situation varies with the manufacturer and device, but Samsung Galaxy devices tend to be most compatible with Replicant.
These problems also mean that the project has to choose carefully any new devices that it considers supporting. Not only is the amount of work needed for support an important consideration, but “we also try to select devices that have good security – that is, where the modem does not have too much power over the CPU and cannot access the main RAM, storage, microphone, or GPS. Some platforms are known to be very bad in that regard, and we try not to use them,” Kocialkowski says.
To some, such challenges might seem like severe limitations for the project that undermine potential support or relevance. However, as a free software advocate, Kocialkowski is quick to turn the description around.
“As for ‘limitations,’ ” he says, “I think that is a poorly chosen word: limitations are what people make them up to be. I believe that non-free software is a bigger limitation than the lack of supported hardware features. From that perspective, Replicant has less limitations than any other Android system out there.”
The Importance of Free Mobile Devices
Free-licensed mobile devices are important for the same reasons as any free-licensed software: They give users, rather than manufacturers, control over their computer. As Kocialkowski puts it, “Unjust power over our computing seems intolerable to us.”
However, even if you have only limited interest in free software, Kocialkowski points out some pragmatic reasons to favor free-licensed software in mobile devices. “Mobile phones are an area of computing that cause particularly big threats for security. There is a threat coming from the component of the phones, such as the modem, that is known to have a backdoor that lets government agencies remotely convert the phone into a listening device, when that is technically possible. Then there is the system running on the phone, that can carry its own share off nastiness, such as CarrierIQ [an advanced form of spyware].”
Not all security problems can be solved by using Replicant – in fact, Kocialkowski says that, “if you need real security, simply don’t use a phone.” Nor can Replicant do anything about backdoor access to devices that can be used by manufacturers or law enforcement agencies. However, Replicant is at least a step in the right direction for those who want greater privacy.
The project is currently fundraising with the help of the Free Software Foundation. Replicant could have hosted the campaign on KickStarter or Indiegogo, of course, but the project members prefer working with an organization that shares their beliefs. At any rate, those likely to support the campaign are more likely to read the Free Software Foundation’s site than the large crowdfunding sites.
Money from the campaign will be used to buy the phones the project supports and to fund two developers, as well as allowing project members to attend more conferences.
In the end, Kocialkowski says, the project “is not so much about the need for a free Android version, but rather about having a fully free mobile system at all. Android just turns out to be an easy-to-free and readily usable system. But one could do the same with Firefox OS, Ubuntu Touch, or maybe Tizen.” What matters to the Replicant team is not the operating system, but user freedom on phones.
Understaffed and facing immense difficulties with reverse-engineering, Replicant has already done more than anyone could expect, fueled largely by personal interest and idealism. It will be interesting to see how even a modest injection of cash will speed the project’s progress.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.