A question in regards to privacy in UT

  • Hello,

    I was wondering as I undestood that Android is the Base of UT, how much can we then trust the system?

    From https://redmine.replicant.us/boards/33/topics/5001?r=5013#message-5013
    I got
    Ubuntu Touch and Firefox OS are equally as bad as Android. I suggest you use a community Android version such as CyanogenMod or OmniROM if Replicant is not a possibility for you

    How true is it and if so, what can be done about it?

  • @twinkybot I think it would be very interesting to have comments on this question from the core developers, but i also think the information you link to is probably not relevant anymore because according to the ubports wiki they develop on CyanogenMod 12.1.

  • Hello,

    both CyanogenMod and Ubuntu Touch are using the low-level libraries of Android, so there is no difference to privacy. Actually we are not buildin "on" CyanogenMod, but just leverage their way of removing unnecessary stuff from the Android tree for a certain device.

    BR Florian

  • @Flohack
    And those Low Level Libraries are Open Source?

  • @Flohack Do you know any privacy issues caused by using the low-level Android libraries the CyanogenMod way? If so, what kind of privacy issues are they?

    Removing unnecessary stuff, does that include removing privacy issues? 🙂

  • @twinkybot No, these aren´t. There are no open-source drivers currently on the market for RIL, GPU, sensors etc. Reason among others is that vendors are afraid that the get sued for patent infringement, probably many vendors have stolen their hardware & software design from others 😉


  • @hans1977se Well theoretically the firmware together with the driver and the kernel (which is the only open source part) can do fancy things which we don´t know and cannot see. I don´t know details, but Edward Snowden could tell you more stories 🙂

    And no we cannot remove the essential parts to talk with the hardware. There is no way around this. That´s also why some devices will not be able to be upgraded, they are stuck on a kernel version, because their drivers have been compiled against a certain kernel and libc. We can only remove java addons from the vendor, useless Dalvik stuff, and stuff for higher levels of Android that we dont use in general.

    Mediatek is such an example of a vendor that does not disclose anything to us. We cannot even build the OS for the existing UBuntu 15.04 versions of the BQ devices for example. And we cannot upgrade them to 16.04 except probably the tablets.

    Unfortunately UBuntu Touch is currently bound to this model. The advantage is that we can run it on much more phones (in theory) than if we would rely on custom drivers. I don´t even know if smth like this would be possible.

    The approach of the Librem5 phone is by the way to have these hardware switches to disconnect the parts of the system where open source is not an option. Probably even thme cannot have an open-source baseband processor etc.


  • @Flohack
    Thanks for the explenation.

  • Thanks for interesting info @Flohack . 🙂

    Like you say this model goes together with a "price", but i hope that in the long term it will not have to be just this model. I hope that in the long run there will as well be some open phones that run Ubuntu Touch in addition. I have read that the goal is that Librem5 will be completely open, but of course it is also quite uncertain whether it will be anything at all.

    I think that linked post indicates that the privacy leaks are in the low-level libraries, and i was kind of hoping that someone would know. I'll wait for Snowden to show up. 😉

  • I really do not like IBM but what they did in the 80ies was genius, and a path that many others should have followed: They designed the IBM-PC to be open for 3rd parties, and gave all the specs for hardware manufacturers. Clearly, because they could not do everything alone, but still it was key to the success of the PC.

    If we would have again such a hardware company things would improve in months 😉


  • I agree that IBM have done a lot to allow 3rd parties in, and also Microsoft have done a lot to simplify for us developers. Same there though, i'm not a Microsoft fan either. 🙂

    Nevertheless, i also think that people developing for phones exaggerate how bad it is on phones. There are a lot of similarities between phones as well. Many use the same soc:s and probably also are based on the same development kits. Displays are also many times very similar although different brands, I think probably the baseband is the most difficult part, which is quite essential on a phone of course, but hopefully not all the drivers would have to be closed in one big blob the way it is now. I guess it's fair to say that this is all goes into kind of defacto standards, which makes it essentially different from the PC, but i do think it is possible benefit a lot by focusing on the similarities.

Log in to reply