Kicksecure ™

Download

On Computer USB Installation Intel / AMD64 ARM64 Raspberry Pi PPC64 Windows (VM) Mac (VM) Linux (VM) VirtualBox (VM) Qubes (VM) KVM (VM) Debian morph to Kicksecure More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Forum Best Practices Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Introduction

This mobile operating system comparison focused on either/and/or security, privacy, anonymity, source-available, Freedom Software, de-googled, un-googled mobile operating systems. Also other popular or frequently discussed operating systems might be added.

All statements are either false or incomplete.

Definitions

source-available - better term required

• can be modified and redistributed
• source available to public without registration
• a legal condition preventing the usual blessing of capitalized Open Source, Free Software as blessed by stewards OSI, FSF or Debian DSFG licenses

iPhone and Android

	Most iPhone / Android devices [1]	"Libre Android" [2]	Linux Desktop Distributions	Kicksecure Development Goals
Upgrades do not require vendor	No	Yes	Yes	Yes
User freedom to replace operating system	No	Yes	Yes	Yes
Administrator capabilities (root) not refused	No	Yes	Yes	Yes
Custom operating system (bootloader unlock) not refused	No	Yes	Yes	Yes
No trouble or void device warranty from software changes (rooting or bootloader unlock)	No [3]	No [4]	Yes	Yes
No user freedom restrictions	No [5]	Yes	Yes	Yes
No backdoors included	No [6]	Yes	Yes	Yes
No spyware included in operating system	No [7]	Yes	Yes	Yes
No culture of freemium applications that spy on users in appstores	No [8]	Yes	Yes	Yes
Culture of Freedom Software in appstores	No	Yes	Yes	Yes
Freedom Software	No [9]	Yes	Yes	Yes
Compromised application cannot access data of other applications	Yes [10]	Yes [10]	No	Yes
Malware on a compromised system cannot easily gain root	Yes [11]	Yes [11]	No [12]	Yes
Reasonable resistance against system wide rootkit	Yes [13]	Yes [13]	No	Yes
Verified Boot	Yes	Yes	No	Yes
Hardened Kernel	Yes	Yes	some	Yes
Full System MAC Policy	Yes	Yes	No	Yes
Internal storage can reasonably easily be removed and mounted elsewhere for the purpose of data recovery or hunting malware / rootkits.	No [14]	No [4]	Yes [15]	Yes [16]
Internal storage can reasonably easily be decrypted once transferred to a different device if password is known.	No [17]	No [18]	Yes	Yes [19]
Can reasonably easily boot from external hard drive, ignoring internal harddrive for purpose of data recovery or hunting malware / rootkits.	No	No [4]	Yes	Yes [16]
Can reasonably easily create full data backup.	No [20]	Yes	Yes	Yes [16]
Can reasonably easily create full data backup of any app when device is rooted with Titanium Backup or similar	No [21]	Yes	Yes	Yes [16]
Applications cannot refuse data backup (for purpose of malware, spyware analysis or backup and restore).	No [22]	Yes	Yes [23]	Yes [16]
No culture of users can ask device (code) for permission and device (code) will decide to grant or refuse the request.	No	Yes	Yes [23]	Yes [16]
No culture of applications refusing to run if device is rooted.	No [24]	Yes	Yes	Yes [16]
No culture of applications refusing to run if using a custom operating system (custom ROM).	No [25]	Yes	Yes	Yes [16]
User (privacy) settings are respected.	No [26]	Yes	Yes	Yes [16]
WiFi off indicator means that WiFi is really off.	No [27]	Yes	Yes	Yes [16]
Bluetooth off indicator means that Bluetooth is really off.	No [28]	Yes	Yes	Yes [16]
Prevention of targeted malicious upgrades. [29]	No [30]	? [31]	? [32]	Yes [33]
Vendors do not sometimes introduce mitigations that introduce attack surface.	No [34]	Yes	Yes	Yes [16]
The GNU Project does not state: "Apple's Operating Systems Are Malware" and "Google's Software is Malware".	No	Yes	Yes	Yes [16]

Quote More than a billion hopelessly vulnerable Android gizmos in the wild that no longer receive security updates – research. The operating system of these devices:

• Do not receive security upgrades from the vendor.
• Third parties (such as users or the modding community) cannot provide (security) upgrades either due to locked bootloaders, which cannot be unlocked due to vendor decision and due to unavailability of a security bug which could unlock the bootloader.
• Even if bootloaders can be unlocked there might not be an adequate operating system upgrades available from third parties, such as the modding community. Either due to unpopularity of the devices among modding developers and/or due to technical challenges.

Ability to upgrade (security fixes) devices; replace operating system; bootloader freedom vs bootloader non-freedom:

• iPhones and some Android devices have locked boot loaders that cannot be unlocked. This restricts user freedom and makes replacing the operating system impossible without a verified boot bypass exploit. In case the vendor deprecated security support for the device, the only choices users realistically have is to keep using an insecure device, or to buy a device which still has security support. Similarly, locked bootloaders also prevent gaining administrator (root) access.
• Some Android devices do allow unlocking the bootloader but not with custom verified boot keys, causing a decrease in security.
• Some Android devices (such as the Nexus or Pixel devices) support full verified boot with custom keys that can be used with alternative operating systems.

In conclusion, when using iPhone/Android devices that still receive security updates, the iPhone/Android approach provides strong protection against malware, meaning those platforms are impacted much less than Windows or Linux desktops. ^[10] Despite the many downsides (Mobile Devices Backdoors in Most Phones Tablets Etc, Data Harvesting by Most Phones, ...), the security model of popular mobile operating systems often affords better protection when attempting to prevent any malicious and unapproved party from establishing a foothold in their ecosystem. In the process, the user's and the security community's ability to audit and control what their devices are actually doing is severely diminished. Due to a Conflict of Interest this comes at the expense of transferring power from the user to the developers, user freedom restrictions, Tyrant Security, War on General Purpose Computing.

Android

This applies to almost all users of Android. ^[35]

• Weak privacy policies: The Google privacy policy applies to all Google services and ecosystems. This includes the right to collect information such as: ^[36]
  • Personal information: Name, email address, and telephone number.
  • Device-specific information: Hardware model, operating system, unique device identifiers, mobile network information.
  • Log information: Search queries, telephony log information (phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls), IP address, browser-specific cookies, and device event information (crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL).
  • Location information: IP address, GPS, and other sensors providing information on nearby services such as Wi-Fi access points and cell towers. It was recently discovered Google continues to track users even after they opt-out of Location History. ^[37]
  • Unique application numbers: Information on application types and version numbers.
  • Local storage: Storing personal information locally with local browser storage (like HTML5) and application data caches.

CalyxOS

• Slogan: "Privacy by Design"
• A project from the Calyx Institute, New York, a "non-profit education and research organization"
• Free and Open Source Software -> https://gitlab.com/calyxos
• Uses microG for implementing Google's proprietary services
• Hardware: Google Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL
• https://calyxos.org

CopperheadOS

• Nonfreedom software, i.e. not Freedom Software ^[38]
• source-available (can be modified and redistributed) (You may not use the source code for commercial purposes.) source only available under specific registration / agreements.
• Security focused Android
• Common ancestry with GrapheneOS.
• (Being discussed by Tor Project as well: https://blog.torproject.org/mission-improbable-hardening-android-security-and-privacy)
  • Using the Tor Project Copperhead version requires patience and technical skills
  • Probably not suitable for average daily usage
• Freedom restricted by software vendor: root access refused!
  • su is only available in user debug builds, so very few users are actually capable of obtaining root on their own devices.
  • detail discussion
• Hardware: Google Pixel Series phones including, Pixel 1, 2, 3, 3a and all XL models.
• https://copperhead.co/
• https://en.wikipedia.org/wiki/CopperheadOS
• Community Initiatives:
  • Coalition Against Stalkerware https://stopstalkerware.org
  • Contract Tracing Awareness and User Empowerment
  • Community Building Initiative

GrapheneOS

• Hardened version of AOSP, with a strong focus on security and privacy. Currently only supported on Pixel devices.
• By Daniel Micay (who previously worked on CopperheadOS).
• Common ancestry with CopperheadOS.
• https://grapheneos.org
• https://github.com/GrapheneOS
• https://www.reddit.com/r/GrapheneOS/
• Freedom Software? -> https://github.com/GrapheneOS/os_issue_tracker/issues/109
• Prioritizes power of developers: Yes.
• Prioritizes power of users: No.
• Implements various changes to harden libc, the Linux kernel, and other OS components.
• Includes Vanadium, a hardened and mostly de-Googled version of Chromium.
• Allows users to disable network and sensor (accelerometer, etc.) access for apps.
• Argues that allowing users to gain root (superuser) access would inevitably break the security model and that there is no conceivable solution that can uphold both user security and freedom.
• Quote GrapheneOS lead developer:

  GrapheneOS is not aimed at power users or hobbyists aiming to tinker with their devices more than they can via the stock OS or AOSP.

• Making efforts to allow users to gain root in a secure way: No.
• Supports DRM (Digital Restrictions Management) / walled garden / anti-freedom / Google SafetyNet where developers can configure their applications to only run on devices on certified firmware. ^[39]
  • Quote GrapheneOS lead developer:

    Users are free to avoid apps using attestation to implement DRM / anti-cheat.

  • More and more businesses communicate over proprietary messengers such as WhatsApp and WhatsApp cannot be used on rooted devices or with custom ROMs. ^[40]
  • More and more government services require the same. For example, an Android or iPhone with Google maps location history enabled and Skype is mandatory for entering Japan. ^[41] Google maps is produced by Google and Skype produced by Microsoft are among the worst privacy-intrusive companies.
  • Many people would loose their job if they decided not to use for example WhatsApp since many companies internally use WhatsApp.
  • Three are still 2 billion unbanked people. ^[42] People who do not even have access to the most basic financial services such as a bank account. For unbanked people it would be unreasonable and should not be expected of them to refuse their first chance to use a mobile banking app with such restrictions.
  • In conclusion, the recommendation to simply not use such applications is impractical and counter the lived reality of many people.
  • Potential Conflict of Interest. If GrapheneOS wouldn't disable easy to use technical ways that most laymen users can use to gain root and/or to keep control over the software running on their devices, then GrapheneOS's chances to be ever get a highly profitable hardware producer partnership would be severely diminished.
• Full verified boot which would be great if the key would be held by users and encouraged through a first start process or similar instead of held by the developer.

Eelo

• New project in development
• Open source as much as possible
• Story: https://www.indidea.org/gael/blog/leaving-apple-google-eelo-odyssey-part1-mobile-os
• Hardware: LeEco Le2, Xiaomi Mi 5S, (LG G6)
• https://www.eelo.io

Fairphone

• Hardware: Fairphone 1, Fairphone 2
• https://www.fairphone.com

Librem 5

• Successfully crowdfunded, will be delivered (stage: pre-order)
• PureOS, based on Debian and others
• Hardware: Librem 5
• Hardware Security: CPU separate from Baseband Processor, Physical Kill Switches for Camera, Microphone, WiFi/Bluetooth, and Baseband, with additional kill switches planned for the cellular (SIM) card slot and the GPS receiver.
  • https://puri.sm/learn/hardware-kill-switches
• https://puri.sm/shop/librem-5
• ARM TrustZone (similar to Intel ME) vs Librem5 Security

LineageOS

• Previously called Cyanogenmod
• No google services installed by default (good for privacy and security).
• Google services can be optionally installed as an add-on
• Hardware: after market firmware for loads of devices, including Fairphone and OnePlus
• https://lineageos.org

Neo900

• Reanimated
• Open platform (OpenPhoenux GTA04) in tradition of Openmoko
• Hardware: Neo900
• https://neo900.org

OnePlus

• Not all Freedom Software by default but software modifications permitted
  • Hardware that grants users the "right to flash"
  • (Root and custom ROM allowed without voiding warranty)
• Hardware: OnePlus 3, 3T, 5, 5T (current models)
• https://oneplus.net

Openmoko

• Dead.
• https://en.wikipedia.org/wiki/Openmoko

PinePhone

• https://www.pine64.org/pinephone/

PiTalk

• Modular smartphone for Raspberry Pi
• Currently crowdfunding, delivery aimed for march 2018
• Open hardware and software; security/privacy focus obscure
• Hardware: Rapsberry Pi zero, Pi 2 and Pi 3; 3.2″ (external antenna), 4″ and 5″ LCDs
• https://www.kickstarter.com/projects/127134527/first-iot-enabled-and-modular-phone-for-raspberry/description

Plasma Mobile

• By KDE
• Not security focused at all at this stage?
• Builds based on Kubuntu and Archlinux
• Hardware: Google Nexus 5, 5X
• https://plasma-mobile.org

PostmarketOS

• Very early stage of development
• Linux distro (based on Alpine Linux) on the phone
• Hardware: many devices, including Google Nexus models and Fairphone 2
• https://postmarketos.org

Replicant

• Strict Freedom Software focus
• No binary blobs
• Hardware: very bad support, mostly older Samsung Galaxy models
  • Since the internal WiFi card requires binary blob, external USB WiFi dongle is required
  • https://redmine.replicant.us/projects/replicant/wiki/ReplicantStatus
• https://www.replicant.us

Ubuntu Touch

• Apart from the drivers, the OS itself is Freedom Software
  • https://askubuntu.com/questions/929879/is-ubuntu-touch-completely-open-source
• Hardware: Fairphone 2, OnePlus One, Nexus 5, BQ Aquaris M10 FHD (tablet)
• https://ubports.com

Quick Mentions

• https://shop.ncryptcellular.com.au/product/sovereign-os/
• https://shop.ncryptcellular.com.au/product/e-os/
• https://github.com/GlassROM
• https://e.foundation/
• https://www.silentcircle.com/products-and-solutions/silent-phone/

Hardware Kill Switches

No phone has a speaker yet that can be disabled but this is just as important as speakers can be turned into microphones. That is because a speaker is technically quite similar to microphones. See SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit.

Next best option is to have a phone that at least has a removable battery to make it's sometimes really powered off and not secretly spying.

Related

• https://fsfe.org/campaigns/android/android.en.html
• https://www.fsf.org/campaigns/priority-projects/free-phone
• https://www.gnu.org/philosophy/android-and-users-freedom.en.html
• https://www.defectivebydesign.org
• https://www.fsf.org/campaigns/drm.html
• https://www.gnu.org/proprietary/proprietary-tyrants.en.html

Forum Discussion

https://forums.whonix.org/t/overview-of-libre-software-related-mobile-projects

See Also

• Account and Mobile Security

Footnotes

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!