January 30, 2014

Fully Free Android ROM Replicant Advances to Jelly Bean

The Replicant project, which builds open source Android ROMs, has reached a major milestone in releasing its first Android 4.2 ("Jelly Bean") version. Replicant 4.2 adds support for the Samsung Galaxy Note 2 and improves security, among other enhancements. Replicant is part of a larger movement to develop more open source smartphones, including the SHR mobile Linux OS project and the Fairphone and Neo900 hardware/software projects.

Replicant logoReplicant developer Paul Kocialkowski, who runs the 4-year-old project with co-founder Denis Carikli, prefers to describe Replicant as "free software" rather than "open source." The distribution is based on CyanogenMod 10.1.3, which like other Android ROMs is built on code released by the Android Open Source Project (AOSP). Yet, none of these Android variants is fully open source, said Kocialkowski in an email interview.

"Most community Android versions ship with proprietary blobs for the Hardware Abstraction Layers," explained Kocialkowski. "Replicant is a fully free Android version that doesn't ship anything proprietary. We replace non-free software with free alternatives we either write or adapt from existing code."

For many, it's enough to have a more open phone with stock builds that lack vendor skins and bloatware. Replicant, however, is like a raw vegan in comparison to the vegetarians and pescatarians of the Android ROM world. Software freedom requires sacrifices, including in most Replicant scenarios, a lack of 3D graphics acceleration, GPS, and in many cases, camera access.

Replicant 4.2 supports 11 devices, and Replicant 2.2 and 2.3 are available for the Nexus One, HTC Dream/Magic and the OpenMoko-oriented Goldelico GTA04. Most of the other devices are Samsung Galaxy and Nexus smartphones and tablets.

Functionality differs depending on the device. None of the builds support 3D graphics acceleration, and a few older models come with the caveat of slow 2D graphics. None support NFC radios when available, and only the Nexus One and the older HTC Dream/Magic phones, which use GPS instead of AGPS, offer location support. Less than half the versions support cameras, or only support the rear-facing camera.

The good news is that all nine Replicant 4.2 versions support sound, telephony, mobile data, and sensors. In addition, Replicant only replaces the system, so external proprietary components such as WiFi, Bluetooth, and cellular modem firmware remain on the phone, as long as they are judged to be well-isolated from the system. Instead of linking to Google Play, Replicant uses F-Droid, which features free and open source Android apps.

Security enhancements

Replicant 4.2 adds several security improvements, with an eye toward limiting NSA or corporate snooping. It now implements the "userdebug" approach to debugging, and system applications are signed with in-house private keys, which Replicant supplies with certificates. The releases are signed with Replicant's GPG release key.

"Replicant wasn't intended to be the most secure mobile operating system out there, but it's better than proprietary software," said Kocialkowski. "Proprietary software is designed to control the user instead of having the user control the software. Free software lets you ensure the phone is not doing malicious operations behind your back, or offer remote access for spying. Userdebug offers a more secure way to provide debugging and root access. Before accessing a shell on the device from a host computer, the user has to accept the computer's fingerprint, and then the shell doesn't run as root directly, but as an unprivileged user."

Q&A with Paul Kockialkowski

Here's an edited version of our interview with Kocialkowski as he explained the daunting challenges of building a fully free mobile OS:

What are some key obstacles in supporting new Android smartphones?

Kocialkowski: We lack the developers and time to add a lot more devices. However, it's quite easy to find a phone that works with Replicant. Our project accepts donations, which are mostly used to buy developers new devices to work on. The Free Software Foundation helped us raise those funds.

We obviously don't port to devices that use non-replaceable numeric signatures that forbid us to build our own kernel. We also select devices that have a safe and easy means of installing a community OS. For instance, the Nexus 4 requires far too many blobs and loaded firmware. We also try to select devices that have good modem isolation. Otherwise, the modem, which runs its own, remotely controllable proprietary OS, has access to critical components of the device.

What were some of the challenges in moving from Android 4.0 to 4.2?

Kocialkowski: Every time we move to a new Android version, the biggest challenge is graphics. Android has an increasing dependency on OpenGL and graphics acceleration, which are unavailable with Replicant. We fall back on software-only graphics, which are considerably slower. Sometimes, old devices can't keep up and are hardly fast enough to be usable, and new devices have increasingly big screen resolutions, which are problematic.

We looked at Mesa as a fallback software graphics alternative, but found that the assembly-optimized Android fallback EGL implementations work considerably better, even though they're not complete. The first Replicant 4.2 images are running with EGL, but some devices are slower than ever, so we're looking for ways to speed things up.

Replicant primarily supports Samsung Exynos based products. What are the obstacles posed by other processors such as the Tegra or Snapdragon?

Kocialkowski: We tried to port Replicant to a Tegra 2 tablet, and it was too slow to be usable, perhaps because of the lack of NEON ARM instructions. Newer versions do include NEON and might be a fit for Replicant, but the Tegra products are not otherwise particularly freedom-friendly, while other platforms are considerably easier.

The Snapdragon's Adreno GPUs can run Freedreno, which is integrated in Mesa. Yet, Qualcomm SoCs are not good candidates for freedom in other regards.

The Samsung Exynos and Allwinner SoCs are freedom-friendly. They use ARM Mali GPUs, which are targeted by the Lima free graphics drivers project. Yet, Lima isn't currently as advanced as Freedreno and cannot yet be used by Replicant. Other platforms, especially those using PowerVR, are not likely to receive free software support anytime soon.

Is there any activity going on that would open source GPS?

Kocialkowski: The fact that Replicant has yet to support GPS is just bad luck. While some well-known GPS protocols such as NMEA exist, the GPS chips in the currently-supported devices use unknown and undocumented protocols that we have so far not been able to understand and implement. Free software implementations for numerous GPS protocols exist with GPSD, so GPS is not particularly hopeless.

How do you see the various mobile Linux OS newcomers addressing the issue of proprietary blobs?

Kocialkowski: Operating systems like Firefox OS, Ubuntu Touch, Open WebOS, and Sailfish all rely on proprietary blobs, just like Android, so they really don't bring any improvement. Most rewrite the parts of Android that were free in a different way, but they're not much more interesting than Android from a freedom point of view. Android is quite mature and has a huge community of developers and supported devices.

Android is a considerable improvement over proprietary systems like iOS. It's not a free software project, but it still enables us to build a free system, while iOS is nowhere near that. We acknowledge Android's contribution to a free mobile OS.


Click Here!