Friday, March 8, 2013

Why Do They Say Android Phones Run Linux?

Hello World!

Long time no code - exams underway, my apologies to the Plasma Team for the silence. I prefer to stay away from IRC since that gets me engaged into work real easy - I *love* the stuff we're working on :) Next week should be it and back to full-time hacking!

Now one of the courses I've been doing is Android Programming. In order to test the school task software I write in a native environment, I got a real Android PDA (ZTE V985, equal to HTC 1X / LG 4x, if I recall correctly, it is built on a quad core Tegra chip). Well, the hardware is awesome to say the least, especially the high resolution display, however I'd like to elaborate on the software part of the device in this post. So, this thing runs Android, which, from what I understand, is used to refer both to an OS and a set of API's to code against. OK, cool, it runs Linux, sounds awesome. I've been using Linux for years on the desktop (ever since father made me get familiar with it, RedHat 3.0 back then IIRC) and love it, especially the control it gives to the user (as in the PC operator, regardless of the admin privilege level). If you asked we for 1 distinctive feature of Linux that sets it apart form another OS'es, I would for sure say "control".

Then I started to tinker with the box. On a long journey back home from the Uni I decided to check some email, and launched the GMail built-in application. First blow: it logged in automatically, no password required. Where the heck did it manage to sneak peek my password and login from? Ah, yeah, right, I had logged into the application store to install some city navigation software. OK, why don't you ask me if I want to share the password with another application? Not to say that this kind of behavior may teach the kids to care less for the security of their PC's and data (why, it's my phone / PC / $box, why place passes all around the OS?) I admit, this is not the OS' fault, it's Google security policy.

(To be fair: the pass is not stored neither in a shadow nor encrypted, an "authentication token" is used instead.)

So, what was the second blow like? I wanted to remove that application for goodness sake. Not possible!

Of course, there is no package manager, at least in the default distribution. OK, there are Linux'es that lack a package manager IIRC, using a bundle system instead. But the thing won't let me erase an application! That is, not even a library, or a userspace service / component (which I'd understand, but of course not welcome). Nope, you have to "root" it, and that voids the warranty. Third blow! No root access? Voiding the warranty by obtaining that? Nice, that's Linux at its finest.

OK, some of you may say that this is how the HW vendors exploit poor Google and their art. Heh, that's what licenses are for! State it explicitly - no freaking removal of control, or you don't get our code. Simple as that. Examples? IIC (L)GPLv3 (not sure it it's the L or the simple one or maybe both) contains a paragraph forbidding the locking of devices running that code, called "tivoization". (OK, I'm not a lawyer, but that's what Linux Format claim, and I trust them on those matters).

Do not call it Linux if it is locked and its license allows locking! Call it Lockix or Blockix or whatever your "product managers" come up with. Do not fool people please!

Disclaimer: this is my personal opinion and it does not express the opinion of the KDE team, nor is related in any manner. All the responsibility for spreading any flames or such is mine and only mine.