The future of selfhosted services is going to be… Android?
Wait, what?
Think about it. At some point everyone has had an old phone lying around. They are designed to be constantly connected, constantly on… and even have a battery and potentially still a SIM card to survive power outages.
We just need to make it easy to create APK packaged servers that can avoid battery-optimization kills and automatically configure an outbound tunnel like ngrok, zerotrust, etc…
The goal: hosting services like #nextcloud, #syncthing, #mastodon!? should be as easy as installing an APK and leaving an old phone connected to a spare charger / outlet.
It would be tempting to have an optimized ROM, but if self-hosting is meant to become more commonplace, installing an APK should be all that’s needed. #Android can do SSH, VPN and other tunnels without the need for root, so there should be no problem in using tunnels to publicly expose a phone/server in a secure manner.
In regards to the suitability of home-grade broadband, I believe that it should not be a huge problem at least in Europe where home connections are most often unmetered: “At the end of June 2021, 70.2% of EU homes were passed by either FTTP or cable DOCSIS
3.1 networks, i.e. those technologies currently capable of supporting gigabit speeds.”
Source: https://digital-strategy.ec.europa.eu/en/library/broadband-coverage-europe-2021
PS. syncthing actually already has an APK and is easy to use. Although I had to sort out some battery optimization stuff, it’s a good example of what should become much more commonplace.
Running web services on a device that hasn’t seen a security patch in 3 years seems like a bad idea.
Also, unless you can mount a real hard drive, you are going to very quickly run into I/O bandwidth issues and flash longevity limits
I’d also be worried about battery issues
Don’t want to find it having overheated / turned into a pufferfish
@RegalPotoo Maybe I should have been more specific in the wording of my title.
No one planning on hosting public multi-user service that would see some serious traffic would probably benefit from hosting on a phone.
Someone who wants to simply run a single-user instance or their personal nextcloud? I think that’s a real possibility.
@Wander @selfhosted also, don’t forget that it’s easy enough to run Linux on Android: https://f-droid.org/en/packages/tech.ula/
@ahoyboyhoy @selfhosted Nice. I remember trying it out once. Actually I might use that to follow my own advice and self-host at home once I retire my current phone.
True, I haven’t had the need because I know how to run stuff on a server, but for personal files it’s probably better to host things at home.
@Wander @selfhosted This sort of setup is very attractive IMO because of the low power usage. Android phones use much less power than old PCs.
The main con I see is not having ethernet (maybe there’s some sort of MicroUSB/USB-C to ethernet adapter, but I didn’t look into it yet). That, and there being only one port.
@Wander @selfhosted I in fact already use android for syncthing.
@AMS @selfhosted yes, hopefully we’ll see an explosion in self-hostable alternatives that can be installed as easily as syncthing.
The future of selfhosted services might includes phones yes, Android most likely not.
Think about it, those phones might work right now but in 10 years their Android versions will not support anything, they wont even have root certificate updates breaking SSL, the kernel will be missing support for whatever people need and whatnot. Maybe the phones won’t even boot because some key will expire somewhere… let alone security vulnerabilities.
People selfhost on 10-year old hardware right now, but they do install modern Linux distros that are well supported and up to date. I believe the most likely scenario is that at some point the “security” of most of that hardware will be broken and you’ll be able to run some version of AOSP for older hardware and/or a generic Linux.
But that might not ever happen, those phones are built like hell and we’ve another category of hardware with similar characteristics that was never repurposed for anything after a decade - routers. It’s common to see older routers that are now too slow when it comes to wifi or even CPU and although they’re way more open and primitive than modern smartphones when it comes to software we usually can’t even repurpose them as dumb switches with alternative / open software. OpenWRT and DD-WRT might work in some case but those are exceptions and usually those models were already supported by those firmwares. For instance there are enough Thomson / Technicolor TG784n ISP provided routers to create a second moon and the effort to break their security and create a usual firmware is so much that nobody did it. It’s just easier to pay 30€ for a cheap router/switch and move on.
@TCB13 I’m not an expert in the matter but I wonder how large the attack surface actually is for a web service that has a single port exposed via a tunnel which can even contribute to doing some security filtering.
The application / server component can actually be updated since it’s just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.
Basically, while flashing a new ROM would be ideal, I think there’s likely a way in which a sandboxed and possibly even updated environment with updated TLS cyphers, CA stores, etc… can be run in a secure manner on top of a stock Android ROM.
Furthermore, developers packaging their apps into APKs could run security checks and by the time it says “your OS is insecure” you’re already on your third phone and can host stuff on your second. I mean… Android phones are in their prime for two/three years at most in my experience :P
