A few weeks back, I invited Brian from the iodé, a de-googled Android project, to have a quick discussion on the project, its achievements and the futuree challenges. I was meant to be in video/audio format but part of discussion suffered from poor audio quality and hence I switch it to nour usual text format.
I hope you enjoy this conversation.
It's FOSS: iodé sits at an interesting crossroads of privacy and sustainability. For those who haven't come across the project before, what is it and what is it trying to accomplish?
Brian: iodé is a project that is interested in making sure that there's a privacy-based Android distribution that is also very easy to use. Very easy for normal users to feel they can use it conveniently.
We also feature a tool which is a tracker blocker, so both your apps and your browser when you're browsing the internet have a sort of firewall that allows you to know exactly which connections your device is making, which connections the apps are making, the browser is making when you're visiting websites, and it prevents ads and trackers from following you around the internet.
That's the main goal and while it's not a Linux device in the classic sense of a Linux mobile device, it's an Android device, it gives you all the usability of an Android device.
It's FOSS: App compatibility is usually the first thing that worries someone considering a de-Googled phone, especially banking apps and anything they'd normally get from the Play Store. Since iodé doesn't ship with Google Play, how do you handle that?
Brian: We have two app stores. We have F-Droid, which is a free software app store that comes by default. And we also have Aurora Store, which is basically a front end for the Google Play Store.
So you can install any app that's on Google Play without Google knowing which apps you're installing it doesn't track you the same way Google Play does, but still gives you all the usability of Google Play.
And the difference is you can also spoof different devices. So if something is not available for your device, you don't have to go to some random APK store and risk downloading something that maybe is a dangerous file. You can just simply change the device settings and spoof another device and download that.
So it gives you all the usability of Google Play, maybe even more so. And like all of our pre-installed apps, you can uninstall any of them and install another app store if you want. You can even install the official Google Play if you want.
It's FOSS: If a non-technical person, someone who just wants their phone to work, switched to iodé tomorrow, what would their day-to-day experience actually look like?
Brian: There may be issues with some banking apps because Google has this integrity API, it's more about monopoly than it is about security.
So there are a few issues users may find with some apps not playing well with Play Integrity API. What we have is called MicroG. It's a Google Play Services emulator, and that usually works for almost any app. All the common apps that you would expect,Instagram, TikTok, all these things, they still work on iodé as you would expect.
So for the average user, unless you have problems with a banking app, and that's not that common, most banking apps continue to work. The only occasional thing I've seen is some apps that are from OEMs, like Samsung Watches, may not work. But in general, most users won't notice a big difference moving over from Android.
The difference you will notice is you don't get a lot of notifications and advertisements and just junk you get in a standard Android distribution, there's an incredible amount of bloatware and ads, especially if you're on something like Xiaomi or OPPO.
It's FOSS: Sustainability is something that sets iodé apart from a lot of other privacy-focused Android projects. You offer refurbished devices alongside new ones. Can you walk us through your thinking on that?
Brian: We're very interested in sustainability and so we encourage people to use refurbished devices when possible. Even some of the Fairphones we offer are refurbished. When you're using a very minimalistic image like iodé, it doesn't have a lot of the bloat and unnecessary software, things that you can't uninstall on a regular stock Android device, which is just running in the background and using up your CPU and using up your RAM.
The system itself is much bigger on stock because of Google Play Services and any other add-ons that OPPO or Xiaomi or any other manufacturer puts in. Because iodé is more minimal, it can run on older hardware, on hardware with lower specifications. So that's why we encourage people to use refurbished devices.
But people are asking, saying, "hey, we want new devices as well." So we have begun to add more new devices to our shop. Initially, we only wanted to work with Shift and Fairphone because they're sort of ethical manufacturers. They look at the entire supply chain, the conflict minerals that are involved in building the phones, and make sure that workers get paid well and that the materials are fairly sourced, and try to make a more sustainable model. Because obviously the best device you can always use is a device that's already been built, in terms of sustainability and ecology. So this is why we focused on refurbished.
It's FOSS: The privacy Android space isn't exactly crowded, but there are notable players like /e/OS, LineageOS, GrapheneOS. Do you see them as part of the same broader community, or more as competitors?
Brian: Honestly, I think anything that's good for any of these projects is going to help the other projects. Of all the Android hardware that's out there, there are very few devices to choose from, probably less than 1% of all Android devices can be de-Googled. There was more interest in custom ROMs back in the day when Android wasn't as useful and when people wanted to customize it. With Play Integrity and the Google Play APIs coming out that made it more difficult to use banking apps and things like that, there was a loss of interest. And also people began to see it as a security problem with unlocked bootloaders.
Now, we try to respect the locked bootloader, which makes us different from other projects like Lineage. Whenever we can relock the bootloader, we do. We have relocked bootloaders on four or five manufacturers. The rest of the manufacturers simply don't allow it. We're trying to work with these other operating systems. We have an agreement through the unified attestation to try to come up with an alternative to Google Play Integrity.
I think there's a big market for these devices. A lot of people just don't know that they can get a device that isn't spying on them, that isn't constantly sending data back to Google or to Apple. And just the fact that these devices exist and work out of the box, many people don't even know or realize this, or they think that it's going to be a huge amount of work to install it. That's why we have a shop, that's why we sell our devices. And if we can help these other projects, I think that's great.
I'd like to see more collaboration, and it would be really good if these groups didn't see each other as competitors. I think the same thing is true of Linux distributions. It would be very absurd for Fedora to be attacking SUSE Linux or Linux Mint. People often distro-hop, and I think the same will be true of privacy-based Android distributions.
It's FOSS: GrapheneOS has at times been quite critical of other projects in this space, including iodé, particularly on security grounds. How do you view that?
Brian: Graphene has been very vocal about saying that we've been attacking them. Actually, I don't think we have. This is probably the first time we'll ever say anything about Graphene. And I think the only thing I will say is that they have a great project, and that it's only available on Pixels. There are some people who want other devices. It is important to have a locked bootloader, but not all hardware manufacturers permit it. While we do lock bootloaders when possible on every system that allows bootloader re-locking, we also want to offer other hardware. And that can lead to security issues on those people's devices.
As for whether we also support end-of-life devices — we do. There's a billion people in the world who are running end-of-life devices, and those devices are vulnerable to attacks that have been found in the code base and aren't getting fixed by manufacturers. We continue to support those devices. I think people should know that if they are worried about security, they shouldn't be running end-of-life devices. But we also don't want people to throw them in the bin. They may have other uses for the device and they may not want that device to be constantly sending data back to Google. So there's a balance here.
There's also the question of the firmware. The firmware is updated by the manufacturer and a lot of those device drivers are actually closed source. We don't have access to be able to change it even if we wanted to. This is kind of one of the problems with the Android ecosystem. It's the same problem that the Linux mobile space is also facing.
We do want to support 60 devices; we don't just want to support Google Pixels. All power to them. I hope that Graphene can also make an agreement with Motorola to allow re-locking bootloaders on their devices. We've already begun to support Motorola devices. We do provide monthly security updates, and we're much more up to date than some of the other custom Android distributions out there. All of these projects are working with very limited resources, and it would be wise if we didn't do any sort of infighting. There's no custom ROM developer that has 30 developers. We're all working with very limited resources.
It's FOSS: Without tracking your users, getting a real picture of adoption must be tricky. What do you actually know about how many people are running iodé?
Brian: We do not really get any information on our user base. We don't keep any information. We just know what happens on the forum. We do know that in the last two years there's been a quarter of a million downloads. There's probably well over 10,000 people running iodé as a daily driver. It's almost doubled in the last year, we think, because there's been a great increase of users, including in the United States. We don't actually sell our devices in the US, so this is a bit of a surprise.
Basically the only thing we can see is the IP of the person downloading the file, and we log this in the sense that we just keep some statistics on which countries are downloading. We have people in the United States, in Germany, and France. And we wipe out these IPs. We just know which country it's coming from.
It's FOSS: To close, if someone is weighing iodé against other privacy-focused Android options, what's your pitch? What makes it worth choosing?
Brian: Aside from monthly security updates and the fact that you can install it on many different devices, we have over 60 devices supported now. I think one of the big things that's really going to interest people, like why to choose iodé over something like Lineage, is that you get an iodé blocker. So you get an integrated tracker blocker, and it's also not going to fill up your VPN slot. On most operating systems, if you install a DNS blocker or an ad blocker, those will usually take up your VPN slot and the VPN slot is also useful for your privacy. So you get kind of the best of both worlds.
One of the things we also focus on is we want there to be a complete suite of apps that's pre-installed, and we want all of those apps to be uninstallable. If you don't like our music player, you just uninstall it. If you don't like the default map app, we use Comaps as a default map app, you can install Google Maps if you want, you can have them both. And you still get all of the privacy advantages of Lineage, because our base is Lineage, with some more improvements. The standard Firefox browser doesn't have any connections back to Google, for instance. But if you wanted to use a different web view, you can also do that.
So you have a lot of choice. But for the average user who doesn't know anything about configuring a device besides "I want to install these four apps," it will still give you much better privacy than a standard stock Android, privacy by default, and the choice to do whatever you want to do with the phone.
I would like to thank Brian for sharing interesting insights about the iodé project. I strongly recommending checking it out, who knows perhaps your next smartphone is powered by iodé.
And if it interests you, you may checkout:
- List of Linux-based smartphons
- Other de-googled Android distros
- and choice of open source smartphone OS
