ARTICLE on /e/ in a German IT-security blog - /e/: Eine datenschutzfreundliche Android-Alternative?

A well-recognized German security expert - Mike Kuketz - today published a quick opinion about /e/ on his blog. To summarize his critical opinion he puts forward 2 arguments that should not be new to us:

• the unknown origin of apps (cleanapk.org)
• Android Nougat devices that do not receive official Updates anymore (he is explaining that 53 out of the 92 supported devices are based on Nougat). He said: “I do not believe that e.foundation is backporting the security updates for Android Nougat - this in fact reduces the selection of (usable) devices to 39.” Seems he is wrong on this point. Could be worth clarifying this issue with him.
  And after all, that could be an issue - in my opinion - that should be communicated better on e.foundations’s website.

Please find here his conclusions translated into English and further below a link to the entire blog article (in German):

"Conclusion: /e/ wants to be the all-round carefree solution for Android users who like to simply work without Google - which is absolutely understandable. Whether this can succeed, however, is questionable. Even an evaluation based on paper does not really allow a recommendation for /e/. Android Nougat (7.x) does not receive security updates anymore, so it is more than questionable to offer or advertise /e/ support for these devices. But also the unknown origin for apps (cleanapk.org) leaves a queasy feeling. Are they unmodified apps or who is behind this offer? And also the mistakes in “de-googling” Android and LineageOS don’t exactly make me jump for joy.

Tip: Technically experienced users should rather install a LineageOS or implement the article series “Take back control” That is perhaps more complex, but you learn a lot and get more control over the system and its data."
(translation is based on a DeepL translation with some personal refinements)

Absolutely agreed, the only thing that I find more important than getting rid of Google is be left out without security updates. It’s funny because this is the exact reason why I switched from LineageOS to /e/ in the first place, I had a device that was suddenly left unsupported and was forced to either go back to the stock ROM or buy a new device. When I started searching for alternatives I liked the way /e/ was doing it.

I hope this situation improves, I’m glad there are many supported devices but not at the cost of security vulnerabilities. I’d rather have fewer devices well supported, even if that means dropping a lot suddenly like it happened to me… but prioritizing this from now on.

Danke für den Hinweis! Dann schauen wir mal wie es im Herbst bewertet wird.
Darf ja auch nicht vergessen, es ist immer noch eine Beta-Version. Da kann schon mal was im argen liegen.

That article is right. Android Nougat (7.x) does not receive security updates anymore, so it is more than questionable to offer or advertise /e/ support for these devices. Right now the project has phones in the “supported” section, which are actually not secure due to missing security updates.

Hey @ralxx thanks for the personalized translation.
Seems to me that nothing changes - do they all copy and paste each from standard hymn sheet?
It is though they all sing the same tune golem InfoSec Techlore etc even going back to the start …

I am not allowed to tell you my solution on this forum but can tell you that my custom OS updates automatically and the base Android is version 10 with very latest security patches!
Investigating CNEService at moment which enables this update on my Pixel 3a - so much to learn.

I guess the flags weren’t about the pure mentioning of GrapheneOS, there are some references, even from you … https://community.e.foundation/search?q=graphene%20order%3Alatest.

I agree with you, let’s wait more time and we’ll see how /e/ will grow.

I think that this is a young project that need support in many ways: feedbacks, money, and trust;

and we must not forget that it is actually fighting against a mega giant that is google, which is also the richest IT company on the planet, and above all it is also fighting against the mental laziness of people who, consciously or unconsciously, give up their privacy to have services that are induced to think that are necessary for their existence.

In a few months Nougat won’t be supported anymore by /e/ and devices that can be upgraded easily will be (it has already started).

Now, the author of the IT-security blog is writing in English on Mastodon - apparently to find out if /e/ is currently backporting security updates to Nougat. @gael, I think it could be useful if someone from the side of e.foundation is answering.

Where the security patches are being backported we are including them …we had responded to this query some time back

All my apps are downloaded from f-Droid, even Mail and Contacts. Therfore, my question is: Are there any standard-apps from cleanapk included which cannot be deleted and I have to use?

For me the question is very important because I will not accept any software we do not know who created it. Frankly speaking it is a question whether I will stop using /e/ and return to stock ROM or not.
What info Goog** sucks up we know but from software with unknown origin the danger could be much greater.

Yes, absolutely true!

If you don’t feel confortable with this (and I already explained we had no other realistic choices at the moment), you can easily use other APK services. Freedom!

To sum it up. most recommend APK services as following:

• f-droid: FOSS. High level of trust
• Aurora: Google Play + privacy exodus level of trust
• Apps by /e/: your + in part privacy exodus level of trust
• github/gitlab/vendor: your level of trust
• the others: no risc no fun!?

Just a little hint for those not speaking german: The “expert” is giving comments about /e/ by viewing documents. He is mentionining that he had no time to test /e/ in real life. This should be considered as well.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.