A real Linux distribution on the phone
Creating a sustainable mobile OS
It is 2018. Pick an average PC from 2008 and install a minimal Linux based operating system. You will be able to do basic computing tasks (eg. surfing the web, reading e-mails, listening to music, chatting) just like on an expensive modern PC. You will even get security updates, so your old computer is protected, just like a new one.
On the current mobile landscape you get none of that. Even expensive phones only have few years of support. As time progresses, your phone becomes slower and slower, and the newest features will not work on it anymore. But postmarketOS builds upon a real Linux distribution, which has no reason to drop support for old devices at all and (assuming that you choose the right software) keeps the resource usage at a constant minimum instead of increasing it with every release. There's no reason to restrict features (such as full disk encryption) to newer devices either. We want to be able to use our devices until they break!
Package and run anything you want
postmarketOS is developed in the spirit of regular Linux distributions, so there's no problem in having multiple phone interfaces and let the user choose. We have KDE's Plasma Mobile, LuneOS UI, Hildon, MATE, XFCE4 and i3wm packaged so far.
Furthermore postmarketOS will not impose arbitrary restrictions on you. Use the apps from any ecosystem you want (even desktop software). With Alpine's simple package format, you do not need more than a bit of Linux knowledge to package your favorite programs (assuming that they run on Linux already).
Evaluating options for security holes in firmware
Mobile phones have dedicated chips for the cellular modem and wifi functionality. These chips only run with firmware files, which are little proprietary operating systems, that run alongside of your regular OS (such as Android or postmarketOS). In most cases they even have full access to the device's RAM, GPS and/or microphone.
As with all proprietary software, we can not look at the source code to look for security bugs and backdoors, and we can not update it when such security bugs become public. We are at the mercy of the device manufacturers to get updates, and they refuse to do so after the support of the device runs out.
Nowadays, practically every phone that is a few years old has such an issue - no matter which OS or ROM you install. Exploits are available in public, so everyone with enough IT knowledge (or money to get IT experts) can turn these older phones into surveillance devices.
We are well aware of the situation and exploring our options. On a side note, we are also interested in using the mainline kernel (instead of some outdated Android fork), so we can at least have a safer userspace.