The Complete Magazine on Open Source

Replicant: A Truly Free Version of Android

, / 185 0

Replicant main visual

Replicant is a free and open source mobile operating system based on the Android platform. It aims at replacing proprietary Android apps and components with open source alternatives. It is security focused, as it blocks all known Android backdoors.

Smartphones have evolved from being used just for communicating with others to offering a wide range of functions. The fusion between the Internet and smartphones has made these devices very powerful and useful to us. Android had been a grand success in the smartphone business. It’s no exaggeration to say that more than 80 per cent of the smartphone market is now occupied by Android, which has become the preference of most mobile vendors today.

The reason is simple, Android is free and available to public.
But there’s a catch. Have you ever wondered how well Android respects ‘openness’ ? And how much Android respects your freedom? If you haven’t thought about it, please take a moment to do so. When you’re done, you will realise that Android is not completely open to everyone.

That’s why we’re going to explore Replicant –- a truly free version of Android.

Android and openness
Let’s talk about openness first. The problem with a closed source program is that you cannot feel safe with it. There have been many incidents, which suggest that people can easily be spied upon through closed source programs.
On the other hand, since open source code is open and available to everyone, one cannot plant a bug in an open source program because the bug can easily be found. Apart from that aspect, open source programs can be continually improved by people contributing to them—enhancing a feature and writing software patches, also there are many user communities that will help you if you are stuck with a problem.

When Android was first launched in 2007, Google also announced the ‘Open Handset Alliance (OHA)’ to work with other mobile vendors to create an open source mobile operating system, which would allow anyone to work on it. This seemed to be a good deal for the mobile vendors, because Apple’s iPhone practically owned the smartphone market at that time. The mobile vendors needed another player, or ‘game changer’, in the smartphone market and they got Android.

When Google releases the Android source code to the public for free, it is called ‘stock Android’. This comprises only the very basic system. The mobile vendors take this stock Android and tailor it according to their device’s specifications—featuring unique visual aspects such as themes, graphics and so on.

OHA has many terms and conditions, so if you want to use Android in your devices, you have to play by Google’s rules. The following aspects are mandatory for each Android phone:

  • Google setup-wizard
  • Google phone-top search
  • Gmail apps
  • Google calendar
  • Google Talk
  • Google Hangouts
  • YouTube
  • Google maps for mobiles
  • Google StreetView
  • Google Play store
  • Google voice search

These specifications are in Google’s ‘Mobile Application Distribution Agreement- (MADA)’ which was leaked in February 2014.
There are some exceptions in the market such as Amazon’s Kindle Fire, which is based on the Android OS but doesn’t feature the usual Google stuff and has Amazon’s App Store instead of Google Play.
For a while, we were all convinced that Android was free and open to everyone. It may seem so on the surface but under the hood, Android is not so open. We all know that, at its core, Android has a Linux kernel, which is released under the GNU Public License, but that’s only a part of Android. Many other components are licensed under the Apache licence, which allows the source code of Android to be distributed freely and not necessarily to be released to the public. Some mobile vendors make sure that their devices run their very own tailored Android version by preventing users from installing any other custom ROMs. A forcibly installed custom ROM in your Android will nullify the warranty of the device. So, most users are forced to keep the Android version shipped with the device.

Another frustrating aspect for Android users is with respect to the updates. In Android, updates are very complex, because there is no uniformity among the various devices running the Android OS. Even closed OSs support their updates—for example, Apple’s iOS 5 supports iPhone 4, 4s, iPad and iPad 2; and Microsoft allows its users to upgrade to Windows 7 from Windows XP without hassles. As you have probably noticed, only a handful of devices receive the new Android version. The rest of the users are forced to change their phones. Most users are alright with that, because today, the life expectancy of mobiles is a maximum of about two years. People who want to stay updated as much as possible, change their phones within a year. The reason behind this mess is that updates depend mostly on the hardware, the specs of which differ from vendor to vendor. Most vendors upgrade their hardware specs as soon as a new Android version hits the market. So the next time you try to install an app which doesn’t work well on your device, just remember, “It’s time to change your phone!”

Android and freedom
Online privacy is becoming a myth, since security threats pose a constant challenge. No matter how hard we work to make our systems secure, there’s always some kind of threat arising daily. That’s why systems administrators continually evaluate security and take the necessary steps to mitigate threats.

Not long ago, we came to know about PRISM –- an NSA (USA) spy program that can monitor anyone, anywhere in the world, at any time. Thanks to Edward Snowden, who leaked this news, we now realise how vulnerable we are online. Although some may think that worrying about this borders on being paranoid, there’s sufficient proof that all this is happening as you read this article. Many of us use smartphones for almost everything. We keep business contacts, personal details, and confidential data such as bank account numbers, passwords, etc, on it. It’s not an exaggeration to state that our smartphones contain more confidential data than any other secure vault in this world. In today’s world, the easiest way to track people’s whereabouts is via their phones. So you should realise that you are holding a powerful device in your hands, and you are responsible for keeping your data safe.
People use smartphones to stay organised, set reminders or keep notes about ideas. Some of the apps use centralised servers to store the data. What users do not realise is that you lose control of your data when you trust a centralised server that is owned by a corporation you don’t know. You are kept ignorant about how your data is being used and protected. If an attacker can compromise that centralised server, then your data could be at risk. To make things even more complicated, an attacker could erase all that precious data and you wouldn’t even know about it.

Most of the apps in the Google Play store are closed source. Some apps are malicious in nature, working against the interests of the user. Some apps keep tabs on you, or worse, they can steal the most confidential data from your device without your knowledge. Some apps act as tools for promoting non-free services or software by carrying ads. Several studies reveal that these apps track their users’ locations and store other background information about them.
You may think of this as paranoia, but the thing is that cyber criminals thrive on the ignorance of the public. It may be argued that most users do not have any illegal secrets in the phone, nor are they important people, so why should they worry about being monitored? Thinking along those lines resembles the man who ignores an empty gun at his door step. He may not use that gun, but is completely ignorant of the fact that someone else might use that gun and frame him for murder.

Despite the facts that stack up against Android, it is almost impossible to underestimate its benefits. For a while, Linux was considered a ‘nerdy’ thing, used only by developers, hackers and others in research. Typically, those in the ‘normal’ user community did not know much about Linux. After the arrival of Android, everyone has the Linux kernel in their hands. Android acts as a gateway for Linux to reach all kinds of people. The FOSS community believes in Android, but since Android poses a lot of problems due to the closed nature of its source code, some people thought of creating a mobile operating system without relying on any closed or proprietary code or services. That’s how Replicant was born.

Most of Android’s non-free code deals with hardware such as the camera, GPS, RIL (Radio interface layer), etc. So, Replicant attempts to build a fully functional Android operating system that relies completely on free and open source code.
The project began in 2010—named after the fictional Replicant androids in the movie ‘Blade Runner’. Denis ‘GNUtoo’ Carikli and Paul Kocialkowski are the current lead developers for the Replicant.

In the beginning, they began by writing code for the HTC ‘Dream’ in order to make it a fully functional phone that did not rely on any non-free code. They made a little progress such as getting the audio to work with fully free and open source code, and after that they succeeded in making and receiving calls. You can find a video of Replicant working on the HTC Dream on YouTube.

The earlier versions of Replicant were based on AOSP (Android Open Source Project) but in order to support more devices, the base was changed to Cynogenmod—another custom ROM which is free but still has some proprietary drivers. The Replicant version 4.2 was released on January 22, 2014, which is based on Cynogenmod 10.1.

On January 3, 2014, the Replicant team released its full-libre Replicant SDK. You’ve probably noticed that the Android SDK is no longer open source software. When you try to download it, you will be presented with lengthy ‘terms and conditions’, clearly stating that you must agree to that license’s terms or you are not allowed to use that SDK.

Replicant is all about freedom. As you can see, the Replicant team is labelling it the truly free version of Android. The team didn’t focus much on open source, although the source code for Replicant is open to everyone. When it comes to freedom, from the users’ perspective, the word simply means that they are given complete control over their device, even though they might not know what to do with that control. The Replicant team isn’t making any compromises when it comes to the user’s freedom. Although there may be some trade-offs concerning freedom, the biggest challenge for the Replicant team is to write hardware drivers and firmware that can support various devices. This is a difficult task since one Android device may differ from another. It’s not surprising that they mainly differ in their hardware capabilities. That is why some apps that work well on one device may not necessarily work well on another. This problem could be solved if device manufacturers decide that the drivers and firmware should be given to the public, but we all know that’s not going to happen. That’s why there are some devices running on Replicant that still don’t have 3D graphics, GPS, camera access, etc, but as mentioned earlier, people who value their freedom above all else, find Replicant very appealing.

The Replicant team is gradually making progress in adding support for more devices. For some devices, the conversion from closed source to open source becomes cumbersome, which is why these devices are rejected by the Replicant team.

One of the reasons for the grand success of Android is the wide range of apps that is readily available on the Google Play store for anyone to download.
For Replicant, you cannot use Google Play but you can use an alternative—F-Droid, which has only free and open source software.

The problem with Google Play is that many apps on it are closed source. So since we may not be able to look at their source code, there’s a great possibility of an app that could spy on you or worse, steal your data being installed on it. By installing apps from Google Play, users inadvertently promote non-free software. Some apps also track their users’ whereabouts.

F-Droid, on the other hand, makes sure all apps are built from their source code. When an application is submitted to F-Droid, it is in the form of source code. The F-Droid team builds it into a nice APK package from the source, so the user is assured that no other malicious code is added to that app since you can view the source code.

The F-Droid client app can be downloaded from the F-Droid website. This app is extremely handy for downloading and installing apps without hassle. You don’t need an account but can install various versions of apps provided there. You can choose the one that works best for you and also easily get automatic updates.

If you’re an Android user but want FOSS on your device, F-Droid is available to you. You have to allow your device to install apps from sources other than Google Play (which would be F-Droid). Using the single F-Droid client, you can easily browse through various sections of apps and easily remove the installed apps in your device or update your apps.

Using Replicant doesn’t grant your device complete protection, but it can make your device less vulnerable to threats. It can offer you real control over your device and you can enjoy true freedom. If your device doesn’t support Replicant, you can use Cynogenmod instead, which is officially prescribed as an alternative to Replicant.

As Benjamin Franklin put it, “Those who give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” It’s up to you to choose between liberty and temporary safety.