It doesn't solve the current issue, but in case we don't manage to push back on this, some people might not know that there are various actual linux OSes for mobile:
- SailfishOS: still linux based and seems fairly community inclusive, but the UI part of the stack is closed source. Is the only one officially allowed to run android apps, via emulation. Has existed for a very long time, it's lightweight and I think the most stable/bug-free in this list.
- Ubuntu Touch: fully open source and community driven, it uses snap packages for security, you might be able to run android apps. Last time I run it also seemed fairly stable/bug-free.
- PureOS: fully open source and privacy focused. I think it's the only one that, released with the Librem 5, can avoid using proprietary blobs for interfacing with the hardware. Seems less stable than SailfishOS and Ubuntu Touch. You would need to buy a fairly expensive-but-old phone(librem 5) to run it.
- PostmarketOS: fully open source, focused on being lightweight and revive old phones, has a huge amount of phones it has been tested on, is based on Alpine.
- Mobian: mobile version of Debian, it's fairly new on this list.
There are many more linux mobile OSes, but as far as I know these are the main ones. There might also be some inaccuracies on this post, I tested some of these a long time ago, and I never actually run the last 2.
> It doesn't solve the current issue
These operating systems aren't compatible with most of the apps and services people want to use. It's going to become much worse. The compatibility layers several provide have extremely poor compatibility combined with disabling the Android security model and app sandbox. Apps running in those compatibility layers are much less contained with less isolation from the Linux kernel, not more.
Aside from that, many people care about privacy and security. Each of those operating systems is far less private and drastically less secure than the Android Open Source Project. None has a truly complete and working app sandbox or permission model. None uses modern exploit protections. None has serious hardware-based encryption features needed to protect against data extraction. They're not serious alternatives to an iPhone from a privacy and security perspective as an AOSP-based OS on decent hardware can be.
> but in case we don't manage to push back on this
It's a warning that's being added to Google Mobile Services operating systems. It doesn't negatively impact other operating systems based on the Android Open Source Project.
> various actual linux OSes for mobile
Linux doesn't mean GNU/Linux or systemd/Linux. It doesn't at all imply using glibc, systemd, GNU coreutils, Bash, GNOME, etc. Distributions using different userspace components including several of the ones you've listed are still Linux Android-based operating systems including AOSP and GrapheneOS are Linux distributions. Alpine doesn't use glibc and SailfishOS has a lot of their own mix of open and closed source software. Using a typical desktop Linux userspace stack isn't what makes it Linux and there's also not a lot of consistency in what's used on desktops regardless. A Linux distribution not using musl, glibc, GNU coreutils, etc. is still Linux.
> There are many more linux mobile OSes, but as far as I know these are the main ones. There might also be some inaccuracies on this post, I tested some of these a long time ago, and I never actually run the last 2.
AOSP-based mobile operating systems are Linux distributions.
I'm using a Librem 5 as my daily phone. PureOS is actively developed and based on Debian. Monthly development updates are published here: https://puri.sm/posts/tag/advanced-readers/
Personally, I do not use Android apps on the Librem 5, but Waydroid is available in the PureOS repository. Waydroid is a container-based approach to boot a full Android system on regular GNU/Linux systems running Wayland based desktop environments (like PureOS).
PureOS also provides convergence via Phosh. Convergence means here that the same app can be used on a phone and on a big screen, the GUI adjusts to the available screen size.
Phosh aims to provide a daily-usable, robust and easy to use graphical user environment for mobile devices running mainline Linux. Phosh was originally initiated by developers from Purism for the Librem 5 phone but is nowadays used on many different devices covering smartphones, tablets and convertibles. It has even been seen on laptops.
> Waydroid is a container-based approach to boot a full Android system on regular GNU/Linux systems running Wayland based desktop environments (like PureOS).
No, it's only a partially working form of Android with the privacy/security model largely disabled and poor app compatibility. Waydroid is based on an ancient release of Android and disables the SELinux-based privacy/security model. It doesn't contain apps from each other and has far less protection for the Linux kernel from the apps. It has poor app compatibility and isn't a good approach to running Android in another OS. ChromeOS made a proper better Android container not losing the privacy/security model but migrated to using hardware accelerated virtual machines. It makes a lot more sense to use a VM since current era smartphone hardware fully supports it.
> PureOS also provides convergence via Phosh. Convergence means here that the same app can be used on a phone and on a big screen, the GUI adjusts to the available screen size.
Android Open Source Project has a desktop mode. It has a hardware-based virtualization layer for running desktop Linux applications too including GPU acceleration support.
> Phosh aims to provide a daily-usable, robust and easy to use graphical user environment for mobile devices running mainline Linux.
Android runs fine on mainline Linux. It doesn't require special kernels. That's tied to specific hardware rather than Android.
PureOS has far worse privacy and drastically worse security compared to iOS or AOSP. It's bringing the traditional atrocious privacy and security of desktops to mobile. Librem 5 also combines that with extraordinarily insecure hardware missing basic firmware updates and security protections. As a whole, these make it drastically easier to exploit devices. That includes going back to disk encryption which doesn't work for the average user due to them not using a strong passphrase and not protecting against data extraction with physical access unless the device is turned off.
Usability-wise, they are no match for Android and iOS—or even versions of them from five years ago.
UI/UX is costly, and most FOSS projects cannot get it right without massive investments from enterprises (e.g., Red Hat's UX designers heavily contributed to GNOME) or startups (e.g., Zed, Element, Bluesky).
Projects without that backing are mostly unusable, at least from a Gen Z perspective.
> Usability-wise, they are no match for Android and iOS—or even versions of them from five years ago.
They're also no match for the privacy or security of iOS or AOSP. They're bringing the lack of privacy/security model and protections on desktop operating systems and hardware to mobile. It's a massive regression for privacy and security despite being marketed in the opposite way.
I agree that the usability is behind, as we would expect. For me mainly is about missing apps and some hardware support. But in terms of UX for example I liked using SailfishOS, although I'll admit the UI needs some getting used to.
But I prefer this to the feeling that I'm being limited on what I can do on Android/Apple, and the worry of being in a duopoly that allows the companies to worsen their products without ever fearing competition(as far as they do it in small chunks).
FWIW, I use my smartphone as an MP3 player, SMS messenger and TOTP auth. iOS and Android did that fine 5 years ago, I don't need Instagram or 8 Ball Pool to survive in life.
And all are useless because you can't use your mandatory bank or gov id app.
Not useless. It is like the missing printer driver for Linux Desktop. It makes the experience ugly, but this is not the fault of the Linux OSes.
Also the bank should not require apps (instead they can offer hardware key support or desktop apps) and in fact some - at least in Germany - offer a different authentication possibility. Also the app for the German ID is published on fdroid and does not rely on Google services.
Good for Germans then. Slovenian banks won't let you use physical 2FA authenticators (for personal accounts and maybe even business ones at this point) anymore and will also require you to constantly update their stupid app (I've had to replace some otherwise good phones because the OS version wasn't supported anymore).
There are plenty of banks in Germany which offer over-the-counter services, if you prefer to do banking as if it's 1999. Most of the time, when people say it's impossible to live without a smartphone, it's actually only impossible to enjoy the conveniences of the internet without a smartphone (at least in Germany). Besides these rentable scooters, I can't think of anything that actually requires a smartphone. Sure, you'll miss out on a lot of conveniences, but I remember a time where that was the norm, so it's not like it's unreasonable.
I recently bought my first smartphone, just went for a refurbished Pixel 8 with GrapeheneOS.
To be honest, life without a smartphone was increasingly becoming a PITA.
For example, Ryanair doesn't accept printed tickets anymore.
A few clubs in Berlin (Tresor, Ohm, Oxi) have recently replaced their cloakroom by automated lockers that require a smartphone to operate.
I've encountered a few gyms (2 in Spain, 1 in USA) that use live-updated QR codes to enter the gym.
I did a project in the US and the client's office required a smartphone to open the door.
In Spain it's common since the pandemic to have restaurants that only offer the menu as QR code.
In fact, the pandemic was rough, as you had this system where you had to register with a QR code in most places. In many places they had a paper-registry that I could use, but often I would have to end up just using a friend's phone.
Plus all 4G dumbphones are crap compared to older 2G models. The few that exist are built really bad, designed for old people, lack features like T9. 2G is out already in great parts of the world.
To be honest, it saddens me deeply that the only way to live in society today involves carrying an internet-connected computer in your pocket. But it was just too much of burden... With GrapeheneOS the experience still feels somewhat acceptable and I get a somewhat similar feeling of control to what I get using NixOS on my laptop. But still...
To add to the sibling comment, you are also ignoring the fact that in 1999 nobody had those conveniences, everybody was on equal ground. In 2026, if you handicap yourself by rejecting those "conveniences", you will be met by friction at every step - lower productivity at work, impatient looks from your family members etc.
The comparison to 1999 is not entirely accurate. It doesn't take into account that most physical banking locations closed down. At least here in Belgium for example, you have to go far to find one, and it's often on appointment only.
SailfishOS can run lots of banking apps with an Android emulation layer.
It's not perfect, but far from useless. Some use it as a daily driver.
Depending on your country, it can be super doable. There are also lots of indie native apps.
The question of how useful or not it is is orthogonal to whether it is the "fault" of Linux. Users who can't use it because something they need just doesn't work won't change their minds because the blame lies elsewhere.
Does the F-Droid version of the app use hardware attestation?
We're moving to a world where it makes sense to have one cheap locked down phone with the society mandated garbage apps on it, and another device that you use for real computing.
How about saying no to these "mandates"?
Android is going to bifurcate between "phones that run proprietary apps from the play store" and "phones that run software from anywhere else." And while maybe you can get by without banking apps, your life is going to get increasingly harder when you want to do many other things.
Ride hail app? Transit fare app? Government ID app? Airline app? Maybe you don't need them yet, but the best way to model this future is to consider what you'd do if you didn't have a phone at all, and the amount of friction this will generate as the expectations are only entrenched and expanded.
I'm glad people are saying no. It's good to do it as long as we can. But the final outcome seems inevitable now and to me it feels very close.
We aren't given the choice, in many cases. For example I remember a poster here who was forced to have an Android or Apple phone because his kids' school required an app to pick up the kids after school. So his options were to get a big tech phone, or get in trouble for not picking up his kids. "Get the school to come to their senses" was, unfortunately, not an option available to him.
I've been using several GNU/Linux smartphones as my only phones for the past 18 years (with a short exception around 10 years ago when I carried an Android phone too as there was a gap on the market) so I can say from first-hand experience that it's really not such a big deal as everyone keeps painting it. For these kinds of odd needs where you have no hope to fight back you just launch Waydroid, use the app and stop the container afterwards. However, when you do fight back it often turns out that this "mandatory app" isn't actually so mandatory and in turn you contribute to making the world around you a bit better.
Yes!
But as a Plan B, why aren’t we emulating Android on these devices (or is it the Secure Enclave that’s the spicy bit that these apps need)?
Fortunately Google thought about this, so government ID and banking apps usually check that they are running on a sufficiently locked down and officially blessed phone through the Play Integrity API.
This makes emulation basically impossible.
In my country, partially due to sanctions, you can access the bank via browser and receive 2FA codes on $15 dumb phone. Also why do you need bank app on your phone? Do you like to give money to random strangers on the street? Only scammers need money urgently. Also it is not secure to use the phone as a single factor to access the bank.
I do not have any bank apps on my phone (it is not even connected to the Internet) and I have no problem.
> Also why do you need bank app on your phone?
Many banks gate features like mobile check deposit behind the native app. The nearest ATM is 20 minutes away from my house, so unfortunately I consider this feature essential.
How often are you still receiving physical cheques that mobile deposit is an essential feature? I could probably count on one hand the number of cheques I've deposited or written in the past ~15 years, nor can I say I've been so desperate to access said money that I feel the need to deposit the cheque within moments of receiving it.
Checks are still common in the good ole USA.
Common? maybe for seniors. I probably handle a physical check once a year.
At least 3 times a month. I have a rental property and my tenant prefers to mail a check instead of paying extra to pay electronically. My spouse gets paid by check for dumb reasons I won't get into. I sometimes get dividends from my insurance company via check. And then several family members still prefer to use checks to pay each other back instead of Venmo or other electronic services.
I blame it on the fact that the US doesn't have a free electronic bank transfer system like the rest of the developed world.
Interesting, I never saw a bank check. The companies typically transfer money directly into the account, and there are P2P transfers by a phone number working between any major banks. So I guess.. I do not need this feature.
Two cases when I've received a bank check without being able to choose an alternative: 1) as payment of proceeds in a class-action lawsuit; 2) when I got a refund from my insurance provider after changing the terms.
These might not be very common, but they're still not really rare in society either.
Carry a second cheap smartphone, like Pixel -a series or iPhone -SE. That one should be used for banking, government apps, for border inspections, etc. On your main GrapheneOS phone your financial app should be a Bitcoin wallet. The main phone should be off or in the BFU state when you are in a vulnerable situation.
In a town nearby me (not really near me but within an hour's driving distance), sometimes I will see old people selling fresh fruit/vegetables in their front yard. They typically take cash, Cashapp, or Venmo. It's super convenient to be able to use Venmo in that situation. These are people I haven't met before.
I usually pay with cash. As a nice bonus, cash works even if there are mobile Internet shutdowns or blackouts and they cannot block the cash in your wallet unlike a bank account.
I can do everything on my bank app from prepaying small amounts of a loan, spend analysis, opening fixed deposits and such.
Some banks require 2FA through their phone app to login to internet banking on the computer.
App can work as digital money without card reader, maybe even free, like bitcoin.
I don't have a mandatory bank or gov id app. Where are you living?
Apparently much of Europe is a strange banking dystopia.
Perhaps the antiquity of the US banking system is finally coming in handy. I’ve still got my checkbook ready to go!
I'm still living in the Netherlands without a bank app. It's occasionally less convenient, but quite doable.
I'm living in Poland and the only thing my bank's application gives me that its website doesn't are mobile TOTP-based payments - and even then it just works in Waydroid, so I can still use it on a GNU/Linux phone if I want to.
In sweden it's not "mandatory" in the sense that it's illegal not to have it. It's just really really complicated to live without.
Many services won't work at all.
Online banking is a thing. A heck of a lot more secure than an app on a certified android device passing play integrity but having last received security updates years ago and with a ton of privilege escalation exploits. Gov id? Just say no.
Might be worth trying to get your gov to pin down the number of users or process to get gov id supported on any new platform.
They likely wont specify 100k people or 10% of population or whatever email/petition but it at least records the requirement that other OSes exist and requires a process to support
I oppose appdwang (although that can be hard, but until now I managed). Learn more about appdwang at https://appdwang.nl/ (in Dutch).
This bogus "justification" for not considering any alternative, non-corporate mobile OS on any phone makes no sense
HN commenters will not let it go
Most HN readers have multiple computers, including multiple phones
There is no requirement that one has to run a closed-source banking or government ID app on the same phone as open-source apps, e.g., apps from F-Droid
And it ignores countless people who do not and will never use banking or government ID apps
I tested a banking app for depositing a paper cheque and it was incredibly convenient. At the same time, the app tried to make a plain, unencrypted HTTP connection to www.google.com
I blocked these connection attempts and the app still worked, with plenty of phoney error warnings. I would not be comfortable leaving one of these apps installed on a phone that's charged, powered on and has a cinnection to the internet
Every user is different but it makes no sense to argue on HN of all places that these closed-source banking apps are essential for everyone. Many HN users are never going to use these apps, and rightfully so
I switched banks and made sure it doesn't require Android/iOS. Many banks propose FIDO2 + SMS, even bank of america does.
I mean gov id app really doesn't matter (for now) you can just use you id card which is credit card sized. (For now has things might change wrt. age verification.)
But banking apps are a problem.
It's not even about the main online banking (you can use a web portal) or storing a EC digitally in you phone (convenient but really unneeded).
The problem is dump, misguided 2FA apps. E.g. credit card 2FA which already mostly required Android/iOS to work or even online banking login 2FA, transaction 2FA etc. with same requirement.
Currently for the later I can still use other methods but for a huge amount of Banks where I live you can't use a credit card (reliably) without Android or iOS as "carrier" for an 2FA app.
I don't use bank or gov id apps, why are these mandatory? Country-specific?
Except they're not useless because a lot of people aren't mandated to use any such apps. (And I feel sorry for those that are.)
Weird definition of useless.
There's also FuriOS with the FuriPhone.
That's debian based with gnome and seems to be built by capable people. Also, it can run android apps.
I really wish SailfishOS supported more hardware. I love sony phones, but the sony phone I love the most isn't supported despite being nearly identical to a supported one
All of which have beyond horrific security. GrapheneOS is the only acceptable alternative from mainstream Android.
Don’t they have standard Linux security? Does my phone need to be more secure than my production web server?
There isn't a standard Linux distribution. Those operating systems have drastically worse security than a decent server distribution or the mainstream mobile Linux. They don't have a proper privacy/security model for running applications. AOSP is a Linux distribution with drastically improved privacy and security compared to a traditional desktop Linux traditional. GrapheneOS starts from there and improves privacy and security much further.
Linux security is quite bad. Android tries to improve this and GrapheneOS improves it even farther than that.
Which device you need to be more secure depends on your needs and which device you put sensitive data on, but a mobile device is going to provide far better privacy and security than any desktop hardware or OS is currently capable of.
[dead]
It's a pity DivestOS has stopped.
Which phones are supported by which of these operating systems? And can you provide some relevant links?
- https://sailfishos.org - https://docs.sailfishos.org/Support/Supported_Devices
They have few devices of their own (new one coming out this October) and they officially support many Sony Xperia devices. There are also many community ports.
- https://ubuntu-touch.io - https://devices.ubuntu-touch.io
They have 33 supported devices, some are being shipped directly with the OS or have an official agreement with the phone maker, while others are community ports. Even if community ports, they all seem to have high hardware support, and is all very clearly documented.
- https://puri.sm/products/librem-5 / https://pureos.net
They focus just on the Librem 5, and not everything is fully working but as I said they prioritised privacy and FOSS. The phone is old but the OS is still in active development.
- https://postmarketos.org - https://wiki.postmarketos.org/wiki/Devices
They focus on supporting as many devices as possible, currently they don't have "main" devices they support, but they plan to. They too have a very clear documentation on features available for each device.
- https://mobian.org - https://wiki.debian.org/Mobian/Devices
They target devices made with the intent of running linux, but also have a few ports to android devices.
---
You'll notice that there are a few devices that are more "linux-friendly" and that are supported by many of these OSes. Phones from Pinephone and Fairphone being the main ones.