If you look at CVEs in Android a lot of them are tied to proprietary Qualcomm binaries. Its crazy how your GPU driver can be exploited to get root access.

If Qualcomm wasn’t so dependent on their vendor kernel that ships with tons of binary blobs it would be lot more secure.

  • breadsmasher@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    1 month ago

    “free” proprietary software bundled with your device? Its not technically free - its paid for as part of buying the device.

    Does an actually free alternative to any qualcomm blob exist?

    • Possibly linuxOPM
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      Proprietary software is not free (libre) software. Qualcomm is they only one who can actually patch there proprietary software and because the system is a black box. It is impossible to know how flawed the system could be.

        • Possibly linuxOPM
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 month ago

          My post says that Qualcomm proprietary binaries are bad for security.

          I did edit it for clarity

            • Possibly linuxOPM
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 month ago

              You are right

              I meant this as reasons to use free software but it got lost in translation

              • breadsmasher@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                edit-2
                1 month ago

                Yeah what you posted is literally the opposite of what I guess you were trying to say

                Its still worded as if libre software is the problem.

                “Closed source proprietary software is bad for security” or something - its the fact the code is unauditable is the issue

    • SpikesOtherDog@ani.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      *Free with purchase

      You are correct. The software is an integral part of the device and cannot be unbundled.

      Maybe I’m missing something, but there don’t appear to be FOSS alternatives to Qualcomm binaries. At least, not with a quick search. I might be able to get better information with a more narrow search.

      Here is a decent conversation from 2021. I doubt that things have changed much.

      https://news.ycombinator.com/item?id=26596721

    • slazer2au@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 month ago

      Na, OP sounds wrong in general.

      An unsecure binary is 100% the fault of the company creating it not the underlying kernel.

      Do you blame the Linux kernel for heartbleed? No, you blame openssl. Do you blame Java for Log4Shell? No you blame Apache

      • Possibly linuxOPM
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        Maybe I did a bad job of phrasing this?

        I’m saying that the bulk of Android security issues come from Qualcomm binaries

        • slazer2au@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 month ago

          If Android wasn’t so dependent on Qualcomm binary blobs it would be lot more secure.

          might be more accurate?