Friday, March 8, 2013

Why Do They Say Android Phones Run Linux?

Hello World!

Long time no code - exams underway, my apologies to the Plasma Team for the silence. I prefer to stay away from IRC since that gets me engaged into work real easy - I *love* the stuff we're working on :) Next week should be it and back to full-time hacking!

Now one of the courses I've been doing is Android Programming. In order to test the school task software I write in a native environment, I got a real Android PDA (ZTE V985, equal to HTC 1X / LG 4x, if I recall correctly, it is built on a quad core Tegra chip). Well, the hardware is awesome to say the least, especially the high resolution display, however I'd like to elaborate on the software part of the device in this post. So, this thing runs Android, which, from what I understand, is used to refer both to an OS and a set of API's to code against. OK, cool, it runs Linux, sounds awesome. I've been using Linux for years on the desktop (ever since father made me get familiar with it, RedHat 3.0 back then IIRC) and love it, especially the control it gives to the user (as in the PC operator, regardless of the admin privilege level). If you asked we for 1 distinctive feature of Linux that sets it apart form another OS'es, I would for sure say "control".

Then I started to tinker with the box. On a long journey back home from the Uni I decided to check some email, and launched the GMail built-in application. First blow: it logged in automatically, no password required. Where the heck did it manage to sneak peek my password and login from? Ah, yeah, right, I had logged into the application store to install some city navigation software. OK, why don't you ask me if I want to share the password with another application? Not to say that this kind of behavior may teach the kids to care less for the security of their PC's and data (why, it's my phone / PC / $box, why place passes all around the OS?) I admit, this is not the OS' fault, it's Google security policy.

(To be fair: the pass is not stored neither in a shadow nor encrypted, an "authentication token" is used instead.)

So, what was the second blow like? I wanted to remove that application for goodness sake. Not possible!

Of course, there is no package manager, at least in the default distribution. OK, there are Linux'es that lack a package manager IIRC, using a bundle system instead. But the thing won't let me erase an application! That is, not even a library, or a userspace service / component (which I'd understand, but of course not welcome). Nope, you have to "root" it, and that voids the warranty. Third blow! No root access? Voiding the warranty by obtaining that? Nice, that's Linux at its finest.

OK, some of you may say that this is how the HW vendors exploit poor Google and their art. Heh, that's what licenses are for! State it explicitly - no freaking removal of control, or you don't get our code. Simple as that. Examples? IIC (L)GPLv3 (not sure it it's the L or the simple one or maybe both) contains a paragraph forbidding the locking of devices running that code, called "tivoization". (OK, I'm not a lawyer, but that's what Linux Format claim, and I trust them on those matters).

Do not call it Linux if it is locked and its license allows locking! Call it Lockix or Blockix or whatever your "product managers" come up with. Do not fool people please!

Disclaimer: this is my personal opinion and it does not express the opinion of the KDE team, nor is related in any manner. All the responsibility for spreading any flames or such is mine and only mine.

12 comments:

  1. Perhaps you should do some reading into how Android works, before spouting off about how horrible and backward and whatever it is.

    There is no such thing as a "Google Play" account separate from a "Google Mail" account, separate from a "Google Calendar" account, etc. There is just a "Google" account (technically, it's GMail account). The same username password is used for all services starting with Google.

    And, each time you add/use a new Google app in Android, it will ask you which Google account you want to associate with it. For example, install Google Reader, and on first launch it will ask if you want to use the Google Play/Mail account you've already created.

    As for removing apps, you do that via the Play Store. You cannot remove certain Google apps (Play *, Mail) if they are installed into /system (Android OS-level apps). You can remove them if they are installed into /data (Android user-level apps).

    And Android *is* a Linux-based OS. It uses the Linux kernel, comes with Busybox, has all the standard Linux directories and libs and whatnot. However, Linux is just used for drivers and booting. Then the Dalvik VM loads, and everything Android-related runs within that.

    You can install Linux apps outside of the Dalvik VM, though, like OpenSSH server/client, init.d support, kernel governors and schedulers, etc.

    ReplyDelete
  2. Hey, I've been an Android user for a long time.

    If you delete Base OS files, Google proprietary apps, or hardware manufacturer proprietary apps. You *WILL* break your ability to receive OTA updates. This is not *some horrible evil* at work, rather it's because of known limitations of the software update procedures in Android.

    Understanding the why is below:

    1. An Android install is made out of 3 things. The Base OS, Google proprietary apps, and hardware manufacturer proprietary apps.

    2. The hardware manufacturer is responsible for pushing updates to your device. They are required to test the combination of the Base OS, google apps, and their hardware manufacturer proprietary apps all work together seamlessly.

    3. Most Android devices work on Cellular networks where people pay per megabyte and so it's critical to only update things that are required.

    4. As such, when hardware manufacturers push an update to devices OTA (Over-the-air), they only update the files that have **changed** (this is very important to understand).

    5. If you remove a core application and then try to do an update, you will end up with nothing + extra garbage files that are the difference between the last version of some core apps and the new core apps. So the update that gets pushed out to you is going to make a mess of your Android install and possibly leave your device in an inconsistent state. So instead of doing so, the update will fail and roll-back to the previous version.

    6. The application installer in Android is smart enough to deal with user installed applications, but is not smart enough to handle OTA updates in the event that the user uninstalls some of the applications that are to be updated by the OTA update. It's a known limitation of Android and isn't seen as being a problem.

    A much bigger problem is users that root their phones without knowing what they're doing and delete those critical apps which then break their device's ability to update itself. The only way to recover from that is to push the original manufactuer's Android image to the device and then update from there.

    It is *STRONGLY* not recommended to root your phone in order to delete applications that you couldn't delete before. As noted above, it will break your Android equivalent of a package manager.

    ReplyDelete
    Replies
    1. "1. An Android install is made out of 3 things. The Base OS, Google proprietary apps, and hardware manufacturer proprietary apps."

      I hope you mean with that what it is...

      Android is what you call as "AOSP" aka vanilla android. Ie. there is a browser, email client, video player, picture gallery, camera, phone, sms and other applications and so on.

      Then there are third party applications what are from 1) Carrier itself 2) Manufacturer itself 3) Google 4) company/service X.

      As Gmail, Youtube, Gtalk, Google Search, Google Maps etc are third party applications and services and does not belong to Android. Many carrier only require them to be pre-installed by manufacturer as Google pays to carrier and manufacturer the standard fee from ads what are shown to user when user does search with Google Search widget. So carriers and manufacturers get specific amount money from Google ads when users use Google services.

      Android is huge group of software what combined from Linux operating system (aka Linux kernel) (GPLv2 license) to different graphical user interfaces and everything over Linux is Apache licensed in Android but third party software might be differently licensed.

      Delete
  3. As far as rooting your device voiding your warranty. I've never heard that before. I've always found it to be possible to unroot and push the original manufacturer's image to the device. There's no way for the manufactuer to know it was ever rooted.

    Rooting your phone destroys your ability to get customer support, but it doesn't void your warranty.

    Imagine installing Linux on your Buddy's PC and then he calls you saying "Hey, I was messing around as root RM'ing some random files and stuff and now I can't add or remove software at all. What do I do to fix it". That kind of situation is a nightmare in any distro and it's not something that manufacturer's want to have their customer support deal with either.

    It doesn't take much browsing to see the large number of people that root their devices, and then immediately after, break their Android equivalent of a package manager. Then they don't even realize what they've done until they can't update their device's OS anymore. Been there and done that myself in fact.

    ReplyDelete
  4. Well, they run Linux... They are not GNU/linux though...

    No lies here :P

    ReplyDelete
  5. You're trying to overload the word "Linux" with too many meanings. That only leads to confusion. Linux already has a well-defined meaning. It's a registered trademark of Linus Torvalds, and refers to the kernel he started. Not all operating systems that use that kernel have GPL userspaces, though some do. Conversely, not all Free, highly-configurable OSes use the Linux kernel, though some do.

    ReplyDelete
  6. 1. Linux kernel is monolithic
    2. Monolithic kernels are complete/whole operating systems
    3. Operating System in Android is Linux
    4. Android is 100% Linux
    5. "Linux" means only a "Linux Kernel" aka Linux operating system.
    6. "Linux" doesn't mean anything else than the Linux kernel.

    Do not even try to believe that Linux means "Linux kernel + XYZ" as it doesn't. When you want Linux, you go to kernel.org site. When you say "Linux" you mean only Linux kernel, when you talk about Linux operating system you talk only about Linux kernel.

    It should be time that people understand the technology how operating systems has designed and coded rules it, not how marketing people spread their ideas or philosophies what belongs to what (ie. if you ship something in same storage media it automatically "belongs to OS")

    ReplyDelete
  7. "Where the heck did it manage to sneak peek my password and login from? Ah, yeah, right, I had logged into the application store to install some city navigation software. OK, why don't you ask me if I want to share the password with another application?"

    One big fail in logic there.

    Your security is in lock screen if you want so.

    Android is designed for smartphones and tablets.
    Smartphones are far more personal than any laptop or workstation. Tablets are as well far more personal than laptop or workstation.

    But Google has aknoledged the fact that Tablet can be shared in family, thats why they implemented multi-user system in Android and it works perfectly when compared to even other Linux distributions to desktop. Meaning that when device owner creates new profile to Android tablet, it gets clean start, nothing from owner or other users. User needs to install wanted applications separately and every user can even use different security in lock screen if wanted. Photos etc are not shared between accounts and so on. And the system even does it smart way when installing same applications (and versions) what other user has installed, instead re-downloading it, it just install it again from other user side.

    Android security is great, no stupid password questions and other worthless security measurements. Once you log in, you have access to everything right away unless you use application what demands new passwords etc.
    If you want security, then use encryption and lockscreen with password or pin or other way, not just the "swipe" function (IMHO is worthless because touch screens does not activate accidentally in pocket unless you have physical keybuttons so every swipe lock is worthless, just press button and open device right away).

    ReplyDelete
  8. I really hate that once you're logged into one Google service, you're logged into all. I hope they get slammed in the EU court for that.

    ReplyDelete
  9. Hi,I appreciate your insights and the good information you have shared here. All points are significantly important for me and your article have helped me a great deal. Thank you and keep sharing
    Technology news

    ReplyDelete
  10. I'm still hoping you'll fix Bug 292756.

    https://bugs.kde.org/show_bug.cgi?id=292756

    I'm running fc17, with
    KDE - Be Free!
    Platform Version 4.10.1

    For me, I only get the scrollbar if the panel is located at the top of the screen.

    ReplyDelete