I recently saw a post from GrapheneOS about plans to replace or overhaul the user facing applications. This is great news and I'd like to curate some resources and ideas and start a discussion on this topic.
1. Criteria
The first question I have would be what the criteria is for new applications to be included in GrapheneOS. Here are some things I think to be relevant.
1.1 License
Since one of GrapheneOS's goals is to collaborate with OEMs to offer secure products including locked down devices, certain copyleft licenses that prohibit this, like GPLv3 / LGPLv3 cannot be included in the project. Permissive licenses like MIT / Apache 2.0 are preferred. GrapheneOS uses the MIT license for their own standalone projects.
1.2 Architecture
I assume applications written in Kotlin using Jetpack Compose for the UI are preferred, because of the language advantages and since Compose is the easiest way to build Material Design 3 UI. It's also the preferred toolkit on Android going forward so I expect projects using it to see a higher amount of contributions.
1.3 Privacy & Security
Somebody more knowledgeable on this topic than me might want to comment on this, but here are some things to consider:
- minimal permissions
- no proprietary libraries (obviously)
- additional privacy features (e.g. encryption, screen lock, etc.)
2. Approach
The next question is how to approach this. I see four possible approaches to modernize the user facing applications on GrapheneOS:
(lowest to highest effort)
- Replacing the AOSP apps with existing projects that fit the criteria
- Overhauling the UI of the AOSP apps
- Migrating the AOSP apps to Kotlin and rewriting the UI with Compose
- Rewriting the applications from the ground up
Personally I think the most viable approach is a mix of 1 and 2. Looking out for projects that fulfill the requirements and overhauling the rest of the applications seems like the path of least resistance to me.
3. Interesting projects
I searched every repository and list I could find for applications that fit the criteria. Unfortunately the vast majority of newer open-source android projects are GPLv3 licensed. Here are some exceptions. All of them are written in Kotlin and Jetpack Compose using Material Design 3:
Gallery
Gallery is a light-weight media gallery licensed under the Apache-2.0 license.
The AOSP gallery app has an especially dated and user unfriendly UI and there already exists an issue for replacing it. I think this application is currently the best candidate. It's pretty much feature complete and has a modern, user friendly interface.
Florisboard
Florisboard is a popular privacy focused keyboard licenced under the Apache-2.0 license.
GrapheneOS was planing to replace the AOSP keyboard with Florisboard and even contributed Direct Boot support to the project. Unfortunately Florisboard then added the Nuspell library for spellchecking, which is licensed under LGPLv3 and therefore these plans were abandoned. However Florisboard has since removed Nuspell and is working on native implementations for predictive text, spell checking and glide typing in Rust. When these features are implemented the project would be the best option for GrapheneOS since it has direct boot support, is very reliable, fixes many issues of the AOSP keyboard and offers a modern UI.
I see these projects brought up in related discussions a lot, lets quickly go over why they can't be considered:
Fossify
Fossify, formerly Simple Mobile Tools is a suite of basic open-source applications.
Most of these apps are based on AOSP applications that have been migrated to Kotlin. However they still have a pretty dated, XML based UI. Also they are licensed under GPLv3 and can't be included.
You Apps
You Apps is a suite of modern, privacy focused, open-source applications.
All apps are written from scratch in Kotlin using Jetpack Compose and have Material Design 3 UI. I have contributed and helped to maintain these projects, though I haven't been able to work on them for a while now. These would be a great fit for GrapheneOS but they also use the GPLv3 license and are therefore off the table as well.
Overhauling AOSP apps
LineageOS
LineageOS has gone with option 2 and overhauled the AOSP apps in their latest release. They still have the same Java code base and use XML, but the UI has been redesigned and now supports Material Design 3 and dynamic accent colors. The license has not changed from Apache-2.0.
I think it makes a lot of sense to bring these UI changes over to GrapheneOS either by forking the applications or picking up the UI related patches. Is there anything about LineageOS or their applications that would prevent this? Otherwise this seems like the most pragmatic approach by far.
AOSP Clock
The AOSP Team has migrated a couple of the apps to Kotlin, including the Clock. So if option 3 is preferred, the Clock would be a good starting point since the Kotlin migration is already done.
4. Additional questions / ideas
If anyone knows additional projects that could be interesting let me know and I'll add them to the list. To the GrapheneOS Team, are there already concrete plans on how the proceed with this and if so, how can I contribute towards them?