It is complicated. He says true. And maybe your need to use GrapheneOS is relevant. If you have a smartphone without cellular connection, for a daily usage, FMPOV it is a non-sense in case of emergency. It is a risk you will have to take, I can’t disagree your dad. And what about your solution but with a SIM card with very few data and SMS available, through a SIM card you can keep aside your phone and insert when needed?

Did you have a look on ethical licenses? For example, Coraline Ada Hemke who created the Contributor Covenant (famous code of conduct) started few years ago the Organisation for Ethical Source promoting “ethical” licenses defined by seven principles.

So in fact this third family of licenses is not open source nor free (as defined by OSI and FSF), nevertheless I feel some needs or willings in your side to go, let’s say, “one step further”.

In ethical licenses you can find for example 999 ICU, ACAB, Anti-Capitalist, Peer Production, Hippocratic or some BSD 3-Clause variants about nuclear topics.

You can also have a look on that slidedeck (in French, sorry).

Anticipate technical debt and follow what Google recommends. In few words, use Kotlin and Compose.

However you should really have a look on Google guidelines. In more worlds:

• by default Kotlin and Compose
• if some logic to share between other projects in other environments: Kotlin Multi Platform (KMP)
• if shared UI: Flutter (but Google reduced Flutter teams and KMP is being better and better, so we can suppose Flutter will join the Google Graveyard

An app? Nope. For notifications, there is open source alternatives to Google and Apple services but it is used in the apps side, not users side. Have a look on microG and Open GApps to flash in your Android device; it might help you.

It seems the “radical” organisations like the FSF or the OES were right and more legitimate in the end.

If you are worried about your privacy, yes, you must get rid of Google Play Services. However a majors part of your apps may be broken as too much rely on this services and only in those services.

If you want apps to based on this layer of Google mess, have a look on some open spruce alternatives of your favorite apps. Maybe some of them won’t embed Google Play Services. But keep in mind you may lose some features like notifications from Google devices or fine tunes location.

You can have a look on microG or Open GApps for alternatives. However you may need to hack your device to flash them.

What you can do, for example:

• check if you can flash alternatives (possible to root and before unlock the boot loader)
• maybe check if you can flash another ROM ; projects list the compatible devices. Have a look on LineageOS, GrapheneOS or also /e/OS

Yep, it seems it is, but it can manage KDBX files. Just wanted to share 😄

Edit: sorry, didn’t see this thread is in Android community, my comment is not relevant for this platform.

You can use also for example Strongbox (https://github.com/strongbox-password-safe)

Edit: sorry, didn’t see this thread is in Android community, my comment is not relevant for this platform. For Android I am used to Keepass2Android (https://github.com/PhilippC/keepass2android). Simple, still maintained, under libre licence GPL 3.0.

It is always the same issues in fact. You should consider your threat model before all. Then, consider the Signal app, then your iPhone supposed to be updated, trusted, with ADP enabled, biometric lock with erasure after 10 failures, etc. Then consider your ISP, then your country. Etc, etc. You should also compare the contexts. Is an iPhone “better” than a low or middle ranges Android-powered smartphones? For sure, yes. Is it better than high-range expansive smartphones with Android ? Or Pixel ones? Not that sure. And compared to GrapheneOS or /e/? Pretty sure not that much. You can also compare messaging solutions. Is Signal better than WhatApp? Of course yes. But what about XMPP and Matrix for example?

And what are your use cases? Remember your threat model. If you are an activist, a journalist or a whistleblower your needs may be different than a “commons citizen worried about its privacy.

In few words, the only pain point I see is the fact than iOS is proprietary and runs non libre source code and Apple devices than APN. But Android devices are not so much different. It does not mean the solution is not private or efficient, if we succeed in defining a definition of “private or efficient”.

In a nutshell, it could be considered as good. But not perfect.

Any ideas for E2E encrypted storage alternatives?

Not sure of that, maybe we need some case law or update on existing copyleft licenses. Source code generated with GenAI tool, even if their model have been trained with corpora of copyleft sources, are not (yet) considered as derivative works. What a pitty.

Could be interesting. Non-free and current GenAI tools violate copyright, we may consider some evolutions of copyfarleft licenses to forbid such use of source code in these types of tools.

And nice comment spotted there: https://fosstodon.org/@geraldew/113849843708286036

Just wanted to share for the common knowledge and the debate as I already saw here some “post open source” and content about rubbish licenses like SSPL or BSL 😉

Enshitification made third-party apps disappeared. Prefer true open source project instead like Pixelfed for example.

Be sure also the issues you have in your project have the suitable labels to help future contributors to pick easily some of them, i.e. labels like “help wanted” or “good first issue”.

You can also refer to best practices listed and explained for example in Advent of Open Source so as to have a nice and user-friendly repo: https://adventofopensource.com/

Have a look on Organic Maps (https://organicmaps.app) or OSMAnd for example (https://osmand.net/).

Wow, you mean that Flock 😅

https://en.m.wikipedia.org/wiki/Flock_(web_browser)

BTW I hope any project won’t increase the Z version only by including Dependabot commits, it would be insane. Release must be documented, tested, with CHANGELOG updated. If some maintainers just accept Dependabot commits without checking, move away. That’s just simple crappy auto-merge.

Nice idea 👍