Linux Phones Are More Important Now Than Ever
Key topics
The discussion revolves around the importance of Linux phones as an alternative to Android and iOS, with users sharing their concerns and ideas about the challenges and potential solutions for creating a viable Linux phone ecosystem.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
38m
Peak period
101
0-6h
Avg / period
17.8
Based on 160 loaded comments
Key moments
- 01Story posted
Sep 15, 2025 at 8:33 PM EDT
4 months ago
Step 01 - 02First comment
Sep 15, 2025 at 9:11 PM EDT
38m after posting
Step 02 - 03Peak activity
101 comments in 0-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 19, 2025 at 3:16 AM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
For example. I _want_ to run Linux phones even without all the apps & convenience, except Signal messenger. I am unable to use Signal without first registering through a mobile app. I suspect the desktop version will run fine-ish (proton after all). But at the end of the day, adoption will increase if mobile apps had a compatible desktop version on a Linux phone.
AOSP is open and is a much better starting place than anything else.
The greatest issues facing mobile computing are:
1. The lack of any open firmware
2. Locked bootloaders
3. Obnoxious security "features"
There's no great reason for these to be Android/Apple specific. I'm just offering examples as requested.
Allows you to have a digital copy of your ID and sign in to government sites/services (there are alternative methods).
Wouldn’t well designed mobile web-apps suffice for that use case? I have several web-app site shortcuts linked on my Home Screen which behave just like the native apps. In most cases I don’t see why that would not be sufficient, including most “government apps” use cases
It can't emulate hardware attestation though, which most bank apps now require, so good luck with that.
Microsoft didn't manage to make Windows Phone a viable competitor against Android & iOS, and they're about an order of magnitude bigger than any Linux-focused company. I hope the conditions shift and an open phone OS can take off, but I don't know what would enable it.
People here seem to think this is some sort of Orwellian attempt to control them, but the reasons are more mundane and technical - many of them (mine included, from two countries) use security facilities on the phone to secure your accounts.
For example, my HSBC UK app has replaced the little calculator thing they used to ship, and uses iOS face recognition to secure the generation of log-on codes which you need in order to use the web interface, as well as for secure access to the banking app directly.
With a rooted phone they don't have the guarantees that these aren't being exfiltrated, or the app being subverted in novel ways, so they don't want to support it.
You may not consider this a good enough reason, and I have heard it said on HN that 'the banks shouldn't get to control what I do on my computing device!', and that attitude is absolutely fine, but then you'll most likely end up with either less secure banking (meaning more fraud, higher fees etc) or going back to having to have a dedicated security device.
> I can deposit checks through it on my laptop
American-like banking detected... who uses checks in 2025?! :)
Yeah, fair. :-) I live in a small town, the only check I write is my rent check, which I literally walk across the street to deposit. But I still on rare occasions receive checks as well.
I did receive one check this year, a refund from a company who had screwed up billing on a medical scan. For some reason they couldn't just refund it to my debit card. It was really annoying to have to get to a bank during opening hours to deposit it, but my bank here doesn't offer mobile check scanning. Some do, my old UK bank did ... oh well.
... and ...?
There are ways to implement security without tying it to one of two app stores. Companies might even get creative and figure out hardware standards for secure verification that are portable, open, and give the user control. They figured out sim cards, and are worried about GAI they created taking over the entire world, they could figure this out.
Personally I prefer the device convergence rather than having to have another thing to keep track of. Plus the added factor of biometrics over pure hardware 2FA.
But you do you, as they say, the point is there are tradeoffs.
> There are ways to implement security without tying it to one of two app stores.
It's not just about the app store - people want to be able to run these on rooted devices, which is an end run around the security guarantees these apps currently rely on.
> Companies might even get creative and figure out hardware standards for secure verification that are portable, open, and give the user control.
I wish you the best of luck in this endeavour.
I hope that they already aren't relying on client-side security any more than they have to. I'm afraid I'm not familiar enough with the APIs around biometrics to know if there's a useful way a server can use the onboard devices to verify a user's identity without relying on client-side security in one way or another though.
It's true on desktop we have stuff like FIDO2 authentication using hardware tokens, which are supported on open systems like firefox on linux. I'm sure it's not insurmountable or unthinkable to do similar on phones. At the least there would need to be a system of remote attestation for the biometric hardware, and a way for it to provide a verifiable response to a remote server. Far from insurmountable, but someone will need to actually do it.
Goes against FOSS still though if there are processors in the system which can't be user-controlled, and biometric chips which perform remote attestation (see the recent discussions on how passkeys are fundamentally OSS-hostile).
My GrapheneOS phone fully supports such facilities. I trust your app works on it?
here's all you need to do, if not: https://grapheneos.org/articles/attestation-compatibility-gu...
That looks like an interesting and useful capability.
I don't believe this will satisfy the crowd who want complete control over their systems though, as AFAICT graphene is not rooted by default and will likely fail these attestation checks if you root it. This will also not please the "Passkeys and hardware attestation are evil/non-FOSS by nature" crowd.
Definitely provides more freedom wrt. third-party app stores though.
> apparently it needs to be said that I am not suggesting you switch to Linux on your phone today; just that development needs to accelerate. Please don’t be one of the 34 people that replied to tell me Linux is not ready.
Common people don't care about the OS, they care about apps.
My statement is based on 25 year as an IT professional where I migrated people and businesses from Windows to Linux, from iOS to Android, from old Unixes to Windows/Linux and the list goes on.
Just give to people the apps they need or want and the rest is easily managed.
It's a chicken-egg issue. The last 10% of polish won't be done till a critical mass of users adopt the platform, and vice versa.
Remote Attestation and the Play Integrity API will soon make that stop.
OK, but what steps are being made to make it ready? How do you solve the issue of many apps not accepting rooted Androids (and very rightly so)?
I mean, Linux distros even struggle with Secure Boot on a normal PC - which is a far easier problem to solve...
What if all banks require it?
Companies can choose what product to offer and what customers to serve. I can choose what products I'm willing to spend my money and time on.
My problem is when I am compelled to use something despite my opposition to it, such as the immigration app I mentioned being force to use under threat of being kicked out of the country.
1: https://www.belastingdienst.nl/wps/wcm/connect/nl/intermedia...
When I login to my bank on desktop, after passing thru standard flow of login+password (plus silly "pick the avatar you once selected placed at random on this grid") page shows a modal to approve once, approve and add to trusted devices or log out (which never works on dynamic IP). Then I need to approve in app with secondary PIN aka "mobile password" in my bank terminology. Operations on both desktop and within app require that secondary PIN; transactions up to a specified limit do not but mobile payments done with temporary 6-digit codes need a confirm
What government apps do people run? Why do you need to access your bank account on your phone? Is this some payments model that's just not common in my country where we still use physical credit cards for everything?
In some countries they are mandated if not by law then by implementation, a relative or a social worker is tasked to get grandma equipped with a "smart device". She can even borrow it for a few months from municipality services until she can afford to buy it
This is not an argument against web apps, which work on the phones just fine.
Public transport ticket app, government ID app, drivers licence app.
I do believe all of these specific examples run fine on rooted Android without too much hassle (unsure about the second one), so they should be emulatable or whatever on a Linux phone, but that assumes that experience holds up decently well, which I would be surprised if it did for apps like this.
> Why do you need to access your bank account on your phone?
Because the app is a whole lot better than the web interfaces my previous banks had. Plus the added convenience. I'd prefer that the web interface was just as good as the app, but I'd still use the app even if that existed, just due to the convenience.
At present, governments and banks are freeloaders piggybacking on the popularity of the smartphone. If these entities end up mandating access to their services via this route (or making them nigh on impossible to access by other more traditional means) then users should demand they be issued with phones specifically for the purpose, as owning a phone is not prerequisite or mandated requirement to live in society—although if trends continue it likely will be.
Moreover, as phone technology easily lends itself to location tracking any mandatory requirement for phone vehicle licences would soon lead to mandatory location tracking (and easy to implement and impossible to disable with government/bank-issued phones).
That's the logical endgame, and it'd be showdown time. The question is does the citizenry have the guts and resilience to resist such authoritarian impositions.
Frankly, I'm horrified at how easily users of these essential services have been bought off by online conveniences, they've not only become careless and blasé but by default they've also conceded to the withdrawing—and in many cases—actual withdrawal of traditional services in favour of ones that both governments and banks have more control over—and in the bargain they've chucked privacy to the wind.
https://www.usnews.com/insurance/auto/how-do-those-car-insur...
Only a question of time until it becomes mandatory
My bank requires me to authenticate all online transactions via the phone app. Without it, it's not possible to make online payments.
Many banks require you use their app to do anything, e.g., make transfers, approve debit card transactions, register your biometrics to unfreeze your account, etc.
And no, choosing a bank without these requirements isn't possible in some countries.
There are a bunch of them here in Australia, and there were several in the UK.
Here there's a secure ID app for government services which is used as 2FA on the web interface, and various apps to access state and national government services directly. There's a tax one that allows you to scan receipts to collect them up for your annual tax return. In the UK I had an NHS app, can't remember what else.
They aren't mandatory, you can live without them, but they are often convenient.
> Why do you need to access your bank account on your phone?
Because it's many people's primary computing device? Why would you not want to access your bank accounts on your phone?
And because if you want to log on to some banks websites you need to have a 2FA security code which can either be generated by a dedicated security device, which has become less common now, or by an app on the phone which is then usually biometrically protected. There is sometimes a second code-generation method for higher value transfers.
So it is convenient to be able to send payments in the bank app, though less common than using my phone instead of the physical card through apple/google pay (those don't require the bank app to be installed).
So no, my everyday interactions don't require the phone app. But any interaction that is novel enough to require direct communication with the bank has been rendered annoying without the phone app.
I'm someone for whom I'd probably be willing to deal with all these inconveniences to make my statement about ownership over my hardware and software, but I doubt that very many average consumers would.
The major banks in that country also required apps from official app stores, though I don't think I was technically required to have a bank account. I was in the country under a program based on owning my own consulting business. I did have to prove financials to the government as part of that, but maybe there was a way I could have technically done that without a bank account which required a mobile app.
I had to enable secure auth to access some features. This works only with the mobile app, even when logging on the web I need the mobile app.
Some functions are available only in the app as well. Now I’m stuck with the app because I need those and needed secure auth to access those functions.
It’s evil but I has no choice (no choice of other banks either for reasons I won’t go into here, just accept it and don’t tell me to change banks. Other banks are no better anyway. )
I also think just not using a phone as much is a viable solution. People are addicted to their phones so it would feel like intercision at first. But freedom is worth it. Never sacrifice freedom for convenience. You actually don't need to look up stuff on Wikipedia at any time while you're outside. Just be outside. Be offline. It's fine. It's better even.
I'd be happy just going back to a dumbphone for the phone bit and having a portable GNU/Linux device for travelling. I still have a 15 year old Dell netbook but sadly the battery is shot and it's no good for the wonderful "modern" web. But something like that would be fine.
Most European banks force you to use your phone for 2FA if you want to pay your bills, no matter if you're sending the transaction from your computer or your phone.
This is about being able to pay your bills at all.
That will never happen. Governments are invested in people depending on surveillance technology. Black mirrors are a tool for controlling the masses.
https://grapheneos.org/articles/attestation-compatibility-gu...
Google likes Android ROMs because they pacify the developer community from working on real competitors, while not presenting any meaningful threat to their control of the majority of Android devices. The MADA that prevented OEMs from shipping AOSP is probably dead but what hardware manufacturer is going to risk Google's ire by shipping something.
As it stands, and the way things are devoloping, accurate. But as the relevant systems are an integration of hard- and software, significant work needs to be done on the former as well. And I've yet to come across a Linux phone (or phone-like pocket computer) that ticks most of the neccessary boxes.
My Android phone prevents me from recording phone calls at the request of my carrier, even though it's totally legal for me to do so in my jurisdiction.
I'm not loving where this is all going.
FWIW the default phone app on GrapheneOS supports recording phone calls.
In short, a state is about turf, and a nation is a people, and you need them both to look similar on a map to make a nation-state.
I've never heard Belgium as a stand-in-for-Brussels-as-a-stand-in for EU.
This is mostly a language confusion for non-native English speakers. Nation, country, state, a people, nationality, ethnicity, citizenship etc. are used in confusing ways for speakers of other languages.
For many, "nation state" just means an independent state (roughly speaking, a UN member, note also that the UN is called United Nations), because just saying "state" could mean a subdivision, such as a US state. And "country" can be confused with the subdivision of the UK (they call, e.g. Scotland a "country").
In more precise contexts of political history, "nation state" mostly refers to modern (post-World War I) countries that more or less correspond to a people speaking the same language and having the same ethnic identity. It delineates nation states from the previously more common multi-ethnic empires and kingdoms, such as Austria-Hungary or the Holy Roman Empire etc.
Similarly, in English, nationality is often an exact synonym for citizenship, while speakers of other languages expect it to mean ethnicity, e.g. an ethnic Hungarian in Romania with Romanian citizenship would be considered a "Romanian national" in English-language news. This often makes people confused/angry. Also, in some contexts in English, "ethnicity" is more like a euphemism for something like "race", but not quite (e.g. in the US "Latino" is considered an "ethnicity" but not a race). In that sense "Hungarian" would not count as an "ethnicity" at all, but still phrases like "ethnic Slovak" refer to a minority group in a different country than Slovakia. But also "ethnic" can also just mean with "exotic foreign origin", e.g. "ethnic food" or "an ethnic woman" (this was really weird when I first read it). But I digress.
> ... because just saying "state" could mean a subdivision, such as a US state ...
Note that this doesn't mean that a state with multiple ethnicities/languages can't be a nation state. Indians, for example, generally have a clear national identity, despite being citizens of a huge federal republic with dozens if not hundreds of languages spoken, some of which don't even share a common language family. So, India is a nation state, unlike Belgium.
However Walloon people definitely feel Belgian and have a Belgian pride.
Also, i don't know if a nation state is defined by having a national identity?
I would very much like to record phone calls made by me.
When the company on the other end denies what we agreed a recording would be useful.
Edit: apparently the /s is obligatory on this one
I also live in a one party consent state.
I don't know if it is geolocked somehow, I wouldn't be surprised if it was. for example, Japanese iphones always make a shutter sound in japan or in airplane mode
There is a waveform thing in the corner you can press during a call. It will say "this call is being recorded" and waits 5 seconds, then records the call.
strangely... the recording doesn't end up in voice memos, it ends up in notes.
The most frustrating part about this "feature" is that you don't know it's enabled until the screenshot is taken and you're left with a picture of nothing.
That and some app authors thinking they're protecting you with this (referring to banking apps in particular)
The problem is that certain actions should only be acceptable if initiated by the user, physically. Think of the way Ctrl+Alt+Del works in Windows. This, of course, is not possible if you don't have enough fingers for the action, or something; here comes the loophole of assistive technologies, widely (ab)used for that on most platforms.
The Penny supermarkt app on android disables both screenshots and text selection with the error that it is disabled by admin.
These seems a bit like a scam. Why can't they ask the recevier?
It is fine for historical documents, but doing today means you really want to piss people off. And by the way, PDF files support signatures, both handwritten and digital. There are ways other than printing a 100+ page document and scanning it just so that your signature shows up on a single one of these pages.
User hostile UI in the name of security is particularly bad: we are supposed to type unique and complicated passwords in text fields without being able to see what we type, and if we get it wrong, we are put in timeout for two seconds. Citrix Netscaler nowadays apparently wants to be extra secure and shows you the most generic error message if you have a typo in either your password or user name and just tells you to "try again later", so you do until you lock yourself out. It's madness.
337 more comments available on Hacker News