The below recent event is what prompted me to get off backside and finally install GOS or whatever the best mobile distro is for privacy/security that results in a device that is still usable for more than a walkie-talkie. Keep in mind that I have my own personal ISP and mobile service, all from different providers than all other household members, traffic is strictly segregated, and I have zero tolerance that noone but myself ever touches any of my devices.
A couple weeks ago a family member had an old friend over that happens to be a retired pastor, and they of course discussed religious things during their visit, talking in front of that family member's alexa and/or other devices. I am not personally religious and there should be no leaked information online that would attribute "religious" to any of my accounts. Now I have religious content popping up as suggestions on youtube, as well as content suggestions similar to other household members interests that have nothing to do with any of my own trackable web surfing/etc. And this kindof thing happens waaay too much even with the digital separation from the rest of the house, and that is just based on information that has presented visible signs of information being used in ways I don't want, and says nothing about information used behind the scenes that I am 100% unaware of. Tip of iceberg. There are a million ways data could have been crossreferenced in grossly undesireable ways, but, yea.
The point is that even if I have absolute perfect security (does not exist) for my own devices and accounts, I and everyone else is still victim to every other person's devices, your neighbor's and public and privately located IoT, bluetooth tracking, etc etc etc. None of these ubiquitous problems are going to get solved in any satisfactory way, but it would be really really really good if personal security tech like GOS was much more easily accessible, adoptable, and (hopefully sooner than later) OEM supported in a meaningful way. Every convert is one less device spying on you AND everyone around you.
Which brings us to my OP. If a fork of GOS was able to reasonably support one or more cheap aliexpress devices, then a small company or even just a single dev could import for cheap, install psuedo-GOS, mark up the price to cover the work plus basic tech support, and still sell it at a pricepoint that is competitive enough for people to take a chance on a no-name company/person selling devices running a virtually unknown-to-normal-folk niche OS. Get enough adopters (no technical ability needed to click "buy") and real OEMs might get interested enough to take it mainstream. I am not personally trying to start a company, I just don't see another way to worry a little less about OTHER people's devices.
So, that is where I am coming from for this thread. Honestly, I am not really itching for a new major project since I have tons of small projects kicking around here and there. But at the moment I am still pretty pissed off from my recent reminder on how bad data collection is. Always known it, but it's convenient to insert head into sand or the age-old BS of "assess your threat model" which NEVER takes into consideration OTHER people's threat models. Still trying to separate out my actual interest in the extreme dev project of bringing up a new device, and just being pissed off and disgusted.
kenmacd the community generally seemed happy to pay for pixels
That's part of why I'm wondering about the cheap aliexpress phones. Bran new top end ones are on par or cheaper than a used pixel 6A, and a fraction of the price of a 7. The temptation is significant, but they could be straight out of North Korea. Hah. Theoretically replacing OS would wipe most/all malware, but would still have all the other big problems of an unsupported platform. The jury for purchase decision not sure.
dgzeij And buy a cheap Pixel with GOS for reference (and daily driver).
If you dive deep enough you will become of value to others aswell.
Yea, that is what I've been thinking, and it's also why I started looking at alternate platforms as it is something with basically zero support, thus even token contribution is infinite. Hah!
flawedworld Only Pixels have AOSP support, you will have to create device trees and integrate any non-AOSP components from SoC vendors etc yourself. Oh and there's basically scarce to no documentation for most of AOSP.
This is the kind of big picture issue I was wondering about. Thanks!
de0u Other phones do not have verified boot for third-party OSs.
Another important big picture issue. Is it reasonable to equate "verified boot" with x86/64 efi secure boot, or is that a gross mischaracterization? Certs exist in mobo firmware, firmware checks efi executable's signatures prior to executing, signed executables are required to check signatures for any chainloaded execs/kernels, etc?
So:
I will be buying a pixel for daily driver as soon as I find a listing worth gambling on. Not sure what hardware I will end up trying for purely dev purposes.
Many thanks for all the great feedback, and hope the discussion progresses.