The Pinephone is "an open source smart phone supported by all major Linux phone projects." I'd been keeping my eye on these things for a few years now and finally got the Pinephone in my hands earlier this week to try it out.
The idea with devices like this (as well as the Librem 5 phone) is that it's a smartphone that runs standard mainline GNU/Linux software instead of Android. This means root passwords (or sudo), SSH servers, full admin control of the device, and ability to run all the familiar Linux software that you get on a desktop PC, server, or Raspberry Pi type of device.
Importantly this means no Google Play Services or built-in spyware and the user is in control of their device. More privacy, but not necessarily more security.
There are many Linux operating systems available for the device already and I've tested out Ubuntu Touch UBports, postmarketOS and Mobian/Phosh and here are some of my impressions so far.
tl;dr.:
See also: I'm maintaining a Linux on Phones page on my site's wiki to collect notes, config tweaks, software I found that works and so on.
I think this needs to be put up front of this post: rocking a Linux phone may give you a bit of privacy from Google, Apple and Facebook because they aren't all up in your device -- but a Linux phone is not necessarily going to be more secure than an Android or an iPhone against malicious applications.
Currently, none of the Pinephone OS's support full disk encryption except for postmarketOS where it's experimental.
Usually, your Linux user password on a mobile phone will be all numbers --
the ~4 digit PIN code that you unlock the device with is your user password.
This would make the sudo
command easy for a malicious program to brute-force
guess your password and gain root privileges. I would probably recommend that
you remove sudo ability for your user account and instead set a proper, strong,
root user password for when you need root privileges.
Even besides that, Linux apps offer very little in the way of sandboxing from one another. Any app can read your $HOME directory and get at the config files of other apps. If you're using X11 as the display driver, X11 doesn't provide any sandboxing between graphical apps -- any app can access the windows that belong to other apps. Some newer display drivers like Wayland offer better isolation at that layer.
This is all true of Linux desktop systems as well. You just have to be careful about not installing random third-party software from sources you don't trust. Usually, sticking with your Linux OS's default software repositories is safest.
I'm a Linux enthusiast and all my devices run Fedora or Debian but this has to be said. Android has a much better security model with the apps sandbox and permission system.
That said, I am looking forward to the day I can rock a Linux phone as my daily driver and leave the Google ecosystem altogether, even despite needing to be extra vigilant to manage my own device security. For the foreseeable future, a Linux phone might not be right for your "average user" and they're better off with an Android or iPhone -- even despite the privacy risks from Google and Apple.
My phone came pre-installed with Ubuntu Touch on it so I tested this distro out first.
Ubuntu Touch is the most polished of the distros and has a nice interface and
an ecosystem of apps already designed to run on it. However, this distro is not
a very "standard" GNU/Linux system and is very locked-down by default and it
doesn't run mainline Linux software: Ubuntu Touch apps are specially designed
for Ubuntu Touch and need to do things their way. You can't apt install firefox
and expect it to run within the UBports interface.
In fact, you can't apt install $anything
by default because the root filesystem
/
is mounted read-only. So no installing openssh-server or other software that
affects the root filesystem.
You can re-mount the filesystem as read-write but then the operating system will not self-upgrade to newer versions. I guess they determined it's too risky to update the OS in case the user had customized some system settings in a way incompatible with the update. So I didn't test this aspect of the OS and kept the filesystem read-only.
For apps support: there's an existing ecosystem in the Open Store for Ubuntu Touch specific apps, which have mobile-friendly UIs and everything. There is one e-mail client available called Dekko 2, but on my phone this app was very buggy and not usable: its screens would "freeze" and not update after the app is focused on-screen. You could touch text boxes and type into them blindly, and switch to another app and back to see the updated view (with what you had typed in)... but I couldn't scroll the settings screen to finish adding an account even with this hacky work-around. Your mileage may vary.
The distros I was most interested in, anyway, were standard GNU/Linux ones like I run on my desktops, servers and raspberry pis so I moved on to see what else is available.
postmarketOS is a Linux distro based on Alpine Linux and has already been available for some smartphones in the past, such as the Google Nexus 5.
I installed it with the Phosh desktop environment, which is like GNOME Shell but optimized for phone-sized displays and is developed by Purism for their Librem 5 smartphone.
pmOS is a proper Linux distro with a read-write root filesystem, access to the root account/sudo command, you can install all the standard Linux software on it, etc.
What I found, however, is that pmOS starts with a very barebones set of default software: just a terminal emulator, phone/SMS app, web browser. You can install any Linux apps you want via the terminal, but most graphical Linux apps aren't well optimized to fit on a small display. Firefox works okay, but the default GNOME Web browser has a more mobile-friendly interface and built-in support to install web apps as launcher icons.
I played with postmarketOS for a day and then tried out Debian.
Mobian is a Debian-based distro with some phone-oriented tweaks on it. Again I was using the Phosh shell like postmarketOS, but Mobian came pre-installed with a lot of additional software and they have patched several of the apps to fit a mobile screen better. (Many of the patches came from Purism for the Librem 5 phone).
For example, Geary is an e-mail client that fits on a small screen. You can install it on postmarketOS, but without some of Purism's patches, some parts of the app UI won't fit well on-screen.
Overall Mobian is very comparable to postmarketOS in the way that any GNU/Linux distro is comparable to others (on desktops this means Fedora vs. Ubuntu vs. OpenSUSE vs. Manjaro vs. Arch vs. Gentoo and so on). The software is the same, the desktop environments are the same, you can do all the same things in the terminal emulator.
Most Linux apps are not suitable to run on the tiny screen that a smartphone has.
Ubuntu Touch has an entire ecosystem of its own with apps specifically designed for it -- in a way they're similar to Android in that they went their own direction with their own apps, and the operating system is relatively locked-down with a security model similar to Android's. You can browse the Open Store and get an idea what's available there.
The other operating systems run mainline Linux apps and this is the part I'm more interested in, personally.
Update (2020-11-09): apps are rapidly improving and this section will get out-of-date in a quick hurry. See the following links for up-to-date status of app development for mobile Linux phones:
And: the apps are not there yet. The phone won't be "daily driver" status yet until some more critical apps are supported. For me, the following apps would be necessary at minimum for daily driver status:
scale-to-fit
on Phosh you can
get KeePassXC to work in a pinch. The latter is what I run on my desktops.
Before these apps work, I found some luck running KeeWeb
on the phone's localhost (static site running on apache2 or nginx).Most hardware features on the phone are working: WiFi, Bluetooth, cell radio, phone calls and SMS texting -- the latter few I've heard about from others, but I haven't put a SIM card in the phone yet to test it out.
The cameras don't work yet on any operating system, but I hear they're coming with time.
Battery life could be better, but has already come a long way since January 2020 when it would only last a couple of hours. I haven't run a deliberate test on battery life but you can Google for the latest news about that.
Besides using it as a phone (which still has a lot of work to do), the device otherwise is as capable as anything else I've installed Linux on before.
If you SSH into the phone from your computer, you can apt install
any of the
usual Linux software: programming languages (python, golang, node, ruby),
web servers (apache2, nginx, php), you'd be able to install WordPress or
Nextcloud or Gitea onto the thing, set up cron jobs, all the usual things.
I even managed to compile and run the videogame I'm working on, Project: Doodle:
It's an interesting device but isn't daily driver ready, and there's a lot more operating systems and desktop shells left to check out. So far I've only seen Ubuntu Touch and the Phosh shell, but others are out there such as the KDE Plasma desktop environment and some weirder systems like Sailfish OS.
There are 2 comments on this page. Add yours.
Thanks for sharing your thoughts on the PinePhone! You may have a look at PureMaps which is mobile (touch) friendly and can be used with offline maps (by running OSMScoutServer in the background). Both PureMaps and OSMScoutServer can be installed via flatpak!
Did you find a way to use KeePass on your mobile in the meantime?
Greetings, langfingaz
@langfingaz:
I did find a couple of solutions for KeePass recently on mobile Linux:
scale-to-fit
hack in Phosh. I had this app working well enough on Mobian for the times I got fed up with GNOME Password Safe.Before these two options became available, I was able to use a KeeWeb app installed on my Nextcloud server (until a Nextcloud update was incompatible with the app), and I also had installed KeeWeb directly on the phone's localhost (it's a simple static website you can host on nginx or apache2 and access at the phone's http://localhost ).
I updated the blog post with this information + the shout-out to PureMaps.
App development is greatly accelerating so I also just added links to third-party app listing sites since that part of my blog post will be the quickest to become out-of-date.
0.0113s
.