The issue is that the banking app is often the only way to get 2 factor authentication. The other way is to use SMS but that can be hijacked by social engineering attacks so it cannot be considered secure.

I worded my comment badly. I was not talking about supply chain attacks, rather the ability to tinker on “proper” Linux which you don’t get on Android.

The “know it better” is, I think, a big argument, that’s imo often a bit overlooked. Android does not have that much “tinkers” as “proper” Linux has. For the average Gnome DE @ Ubuntu user, Android forks are fine. But if you’re the kind of person, who optimizes their Arch system with cool scripts from Github, you won’t get the same experience on LineageOS. I know Termux is a thing but that feels more like a workaround.

Edit: Had to reword the comment, because people thought I was talking about malware and supply chain attacks.

Edit2 to clarify my point: I think big downside of Android is that if you want to tinker with it, you basically have to be an android developer. With “proper” Linux the barrier to entry is smaller and the learning experience is more granular. Hence why we think “we know ‘proper’ Linux better”.

But their principles are bs to begin with. They decided what’s good and what’s bad based on completely arbitrary metric. It does not matter whether code is baked into hardware or is flashed in it during boot process. Proprietary is still proprietary.

They should fight for 100% free software and choose the lesser evil from there instead of fighting for the lesser evil (or imo the bigger evil) from the beginning.

Edit: Imo they are violating their own principles spiritually. They are just avoiding violating their own principles bureaucratically.

It exists because FSF. (watch Linus’s opinion on FSF) Unfortunately the FSF is full of obsessive people, who want politics to be an if-else problem. But that’s not how politics work, you always have to compromise somewhere. You cannot have hardware that uses open-source firmware, has schematics available, doesn’t use slave labor, is usable, is secure etc. You always have to choose between different evils.

But that’s not what the FSF does. They decided to draw a thick line through this blurry mess, so that these obsessive coders can have a digital high/low solution to this analog problem.

hm how do I continue…? It’s hard to explain because it does really make sense but I will try. So if some software runs on your computer and you can modify it from the OS, it has to be Open Source otherwise it’s not FSF big wholesum chungus certified. But if it runs on your PC and you cannot modify it from the OS, it can be closed source and still get the Chungus certification. What you end up with is that FSF recommends some old crap wifi cards running proprietary firmware because you cannot modify the firmware without external flashing. But it rules out new wifi cards that load the firmware during boot because the linux kernel cannot have proprietary software in it reeee. Obviously the latter situation is better for freedom because it’s at least easier to replace with Free firmware but they don’t care about that.

In other words Linux Libre exists only because of some stupid bureaucratic rule that actually harms Free Software instead of helping it.

Wait I haven’t told you about microcode updates! Microcode is proprietary software controlling your x86-64 CPU. Linux Libre does not include updates to this firmware even though the microcode is proprietary regardless. So with Linux Libre your CPU is controlled by code that is proprietary, broken and vulnerable to stuff like Spectre or Meltdown. This part is so stupid that it’s almost funny. (but it’s actually sad)