An extensive review on /e/ was just published today in the German tech-blog Golem.de.
WTF, Golem isn’t shown the article with adblocker activated.
for all non-German speakers. The article is 6 pages long and goes well beyond a pure presentation of facts. It is pretty favorable on /e/ and its approach but is criticizing clearly things that have been pointed out elsewhere. Two paragraphs in the end summarize the critizizm quite well
"(…) Actually, /e/ would be a great system that nerds and privacy activists could recommend or install to their less tech-savvy parents or friends so that their old devices get security updates and are less monitored by Google. In reality it turns out to be a bit different, because outdated apps, especially messengers and browsers, both in the app store and in the operating system itself, as well as the unknown origin of the apps do not allow for any recommendation.
This is also no excuse for the fact that /e/ is still in beta, because /e/ is already advertising users and selling devices with pre-installed operating systems without any indication of the disastrous security. However, this is not visible at least not for a less tech-savvy target group.(…)"
The article is way more negative than I expected. The main issues are in my understanding:
- Missing transparency in the app store: The apks are obtained from Cleanapk.org which “try their best to provide unmodified apks”.
That is actually something that I myself do not understand so far. How do I know that an app is not modified? Do I have to calculate checksums and compare them with the developer?
- Apps being several versions behind the current release which poses a security threat
- The privacy scores are strange e.g. Signal only obtaining 6 points.
- Missing kernel updates due to older android versions.
This is an issue that I as a user cannot really assess. Could someone comment on this?
- Unlocked bootloader
There is also a lot of praise for your commitment to sustainability, the connectivity to the e-cloud and the de-googling. However, the security is rated “disastrous”.
What do you think?
Golem is absolutely right. The Android ecosystem is totally broken, /e/ is just less broken.
The first point is the worst /e/ thing. At cleanapk, the website once said “/e/-package-manager” or something.
I like the article and I full agree about apps store and and the apk source.
I think and I hope that the apps store will removed complete from eOS and f-droid will be integrated. But that’s I have often written here in forum.
About the kernel, the android kernel, even though being based on linux, is heavily modified and cut to fit a very specific device and chipset which is done by the vendor of the smartphone. To bring up higher versions of kernel for a device requires a huge work and even then it is not granted that the device would fully work with it. Another thing that can work to bring features and stuff from higher to lower kernel versions is called backporting.
I really like the hard-going of the atricle as well.
Saying to exclude the entire ecosystem and the convenience of applications sounds harsh. Do you suggest that developers should self-host their apk’s?
As an android engineer myself, I really appreciate the platform for my potential customers, even though the stores nowadays are bloated with crap, hiding my apps ir decreasing the implied trust on my software.
Let’s assume you cut that crap - throw away the store: How do /e/ users inform themselves about new, trusted and useful apps?
What ad blocker, lists and browser do you use?
I read Golem weekly with an adblocker and never saw a problem.
PureBrowser with buildin blocker on PureOS and allis running thrue my VPN and PI-hole.
I’m just another layman when it comes to security, but here’s my take on
some of this .
Another thing that can work to bring features and stuff from higher to
lower kernel versions is called backporting.
Which, IIUC from the (translated) article, is being done by the Lineage
OS folks, so /e/ benefits from that.
However, the security is rated “disastrous”. What do you think?
I think this is a bold claim to make based on the issues raised in the
article. Sure, for the absolute balls-to-the-wall security person /e/ OS
is not secure enough. Whatever stock OS that comes from major vendors
isn’t either. Just think of the extra attack surface that all that
network-connected google/samsung/vendor cruft (well tested/audited or
not) that comes preinstalled on most phones provides.
5 Unlocked bootloader
As I see it, this security threat is hard to mitigate for /e/. Full-disk
encryption can help here, as no one will be able to tamper with your
installed apps when they are encrypted, but IIUC the OS install is not
encrypted which means that that can probably be tampered with in some
way? I’m not familiar enough with this kind of stuff to say for sure.
I’m new here btw. Do the /e/ developers actively read this forum? I’d be
interested to read their take on this article.
PS: I ran the entire article through the Deepl translator (page by page)
and pasted everything in a text file, you can find it here:
try translation for and back. than you can see if the backwards translated text is the same as before
Just read the translated page using Goolag:
Ad blocker? Just click the first icon (Golem ACT)…
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.