True, Android itself doesn't have to be horrible, but most distributions are full of adware.
Wouldn't want to minimize the work going into the core of the OS, I meant the critique to be directed against Android + gapps. I love Lineage, but you are dependent on other maintainers for your device or you have serious work ahead of you. It is quite simple to install for experienced users, but way too complicated for most people. Kudos to those that actually do maintain images for numerous devices. Granted, the problem are the hardware manufacturers here and lacking openness of viable drivers, also not the fault of Android developers.
Smartphone could have been really awesome tools. Instead we have toys that spy on you by default. I get that techies tend to make it hard for casual users to use modern devices, but I feel like I am scamming people when fixing their devices and not waste countless hours by making sure at least some privacy is protected.
I don't like closed ecosystems like Apple, but functions such as these actually do offer more worth. While I wouldn't buy Apple for myself, I started to recommend it to others for this reason.
It is meaningless if you install firewalls, if you compile android on your own, only to have to turn around and use proprietary, closed source libs to access proprotary, closed source radio firmwares.
Radio firmwares which often have full RAM access, parallel CPU control, GPS and full hardware access, and make intel's management engine, and closed source bioses look sane in comparison.
On my samsung phone, I often wonder what the radio firmware might be phoning home about.
Radio firmwares having full RAM access is an urban legend, at least on phones from the last 10 years. The baseband interface is actually done through a USB like protocol. The legend ticks all the boxes of privacy minded/distrusting people and so remains popular, but it's not substantiated by any facts, at least not facts that pertain to modern smartphones from the past 10 years.
This isn't the elephant in the room. This is a fringe problem of dedicated attackers. This is the fox hiding behind the elephant. The elephant in the room is that nobody needs to hack your phone to spy on you because all of that data is already being exfiltrated through the front door.
When I last deep dived to the cellular hardware, Radio always had its sealed off processor with a postbox firmware upload port. After initializing it, you left it alone and just used the comm-ports to talk with it.
As far as I understand, in the name of efficiency and compactness, they are on the same silicon now.
Are they still a different CPU core or just run on the main processor block?
The baseband is essentially ring -1, it has its own processor but it has access to the main memory, and often also the cache lines.
Wether or not all of the main memory is and even can be mapped I don’t know, I have no idea what CPU each baseband is running however in some designs it has direct access to the SoC MMU which means it could dump the entire memory over the wire to anyone.
The interfaces with the BB are also “virtual” this is done for various reasons including ease of integration with various operating systems so even if you on the OS level talk to it via the legacy serial COM interface using AT commands the hardware itself doesn’t actually have an isolated COM interface (that could be turned off) the SoC just emulates it.
Of SoC basebands have USB/Serial interfaces directly which could potentially be isolated and turned off when the BB isn’t in use, however the cost of that is usually very poor performance and limited capabilities at which point you might as well carry a portable cellular hotspot which you can physically turn off when you don’t need data or voice.
Also keep in mind that taking out the SIM card doesn’t prevent the baseband from talking to towers, it can still technically make calls the towers just usually don’t allow anyone to register without a subscriber ID which is stored on the SIM, and with eSIM you basically even lose the ability to control that.
Get a device with a separate baseband processor which connects to the main SoC through a serial connection. Both the PinePhone [1] and the Librem 5 [2] come so equipped, both also feature hardware kill switches with which the baseband can be disabled.
Both devices are aimed at the hacker and enthusiast markets but once you're at the level of 'paranoia' which makes you suspect the radio baseband processor is being (ab)used in nefarious ways to track you this should not dissuade you from taking the leap. The more esoteric the hard- and software, the less chance there is for some cookie-cutter exploit to catch you.
If I was paranoid, I'd say those devices are developed just to get the most paranoid to use them. :P
But in truth, I'm not paranoid.. merely a realist. Regardless, I was thinking of buying a Librem, but can you even get one yet? It always says "6 months to delivery".
The design seems to work in favour of the paranoid, it takes an extra-double-ultra-plus paranoid who takes the board through an X-ray machine to find those hidden traces or sandwiched secret baseband processors to uncover this nefarious plot.
Alternatively these devices deliver on this front, i.e. the user gets to control whether the baseband is active or not. I'm not paranoid enough for the former scenario so I'll keep it at the latter and am considering to get a Pinephone for fun and, well, fun I guess - I already have plenty of devices running different iterations of AOSP, some of them running headless Linux without zygote (i.e. without the Android user space). A truly modular multi-vendor architecture with pluggable SoC, baseband, storage, audio, camera, sensor package, power supply and display would be the preferred solution - something like the original PC clone market with vendors competing on price and features - but I'm not going to hold my breath waiting for it. Not that long, anyway.
Do you really think the adtech industry is using radio firmware backdoors to track users? It's theoretically possible I suppose, but several steps too far into conspiracy theory territory for me to worry about. Governments spying on dissidents is another story.
I know Samsung snarfs everything it can from my phone. I know it wants more. I know money is key, and even pulling some info... GPS, sensors, etc is helpful.
And with full control of the OS, of where kernel modules memory space is assigned, you'd only have to scan certain buffer regions of memory, to snarf contents of buffers, etc.
The problem is, I don't know, and can't. It's not open source. It is not under my control. I personally don't care about paying, but I do about seeing.
Wouldn't want to minimize the work going into the core of the OS, I meant the critique to be directed against Android + gapps. I love Lineage, but you are dependent on other maintainers for your device or you have serious work ahead of you. It is quite simple to install for experienced users, but way too complicated for most people. Kudos to those that actually do maintain images for numerous devices. Granted, the problem are the hardware manufacturers here and lacking openness of viable drivers, also not the fault of Android developers.
Smartphone could have been really awesome tools. Instead we have toys that spy on you by default. I get that techies tend to make it hard for casual users to use modern devices, but I feel like I am scamming people when fixing their devices and not waste countless hours by making sure at least some privacy is protected.
I don't like closed ecosystems like Apple, but functions such as these actually do offer more worth. While I wouldn't buy Apple for myself, I started to recommend it to others for this reason.