Do you like writing software for Android, perhaps even sideload the occasional APK onto your Android device? In that case some big changes are heading your way, with Google announcing that they will soon require developer verification for all applications installed on certified Android devices – meaning basically every mainstream device. Those of us who have distributed Android apps via the Google app store will have noticed this change already, with developer verification in the form of sending in a scan of your government ID now mandatory, along with providing your contact information.
What this latest change thus effectively seems to imply is that workarounds like sideloading or using alternative app stores, like F-Droid, will no longer suffice to escape these verification demands. According to the Google blog post, these changes will be trialed starting in October of 2025, with developer verification becoming ‘available’ to all developers in March of 2026, followed by Google-blessed Android devices in Brazil, Indonesia, Thailand and Singapore becoming the first to require this verification starting in September of 2026.
Google expects that this system will be rolled out globally starting in 2027, meaning that every Google-blessed Android device will maintain a whitelist of ‘verified developers’, not unlike the locked-down Apple mobile ecosystem. Although Google’s claim is that this is for ‘security’, it does not prevent the regular practice of scammers buying up existing – verified – developer accounts, nor does it harden Android against unscrupulous apps. More likely is that this will wipe out Android as an actual alternative to Apple’s mobile OS offerings, especially for the hobbyist and open source developer.
Boycott all proprietary software and centralized services. Open source de-googled Android ROMs will continue to exist so everyone should make an effort to use those. Alternative frontends like invidious, newpipe, nitter, redlib are shaky but useful services if you want to stick to your guns. Use linux and open source software and try to use decentralized protocols like email, matrix, mastodon etc.
So, Linux distributions.
Same problem: the distro is a gatekeeper. Not through malice but through incompetence – insisting that all software should be distributed from a central “warehouse” puts enormous requirements on the logistics, which the maintainers simply don’t have and the service becomes poor.
This is the cousin to “Enshittification” known as “Chokepoint Capitalism”
Except in this case it’s “Chokepoint socialism” of some sort, because you can’t just automatically get your stuff in the repository of a Linux distribution. You have to be somebody and know somebody, which requires social capital instead of simply paying for admission.
That makes the system covertly exclusive, while pretending to be open and inclusive.
And, if there actually were a million independent software vendors all trying to get their applications included in the distribution repository, the requirement to make an appeal in the distro developers’ mailing list to get your package in for review would basically spam the heck out of the system and block it completely. There wouldn’t be enough developers to handle the cases.
In other words, the system only works because the platform is so unpopular that practically nobody’s trying to get their software in.
Compare and contrast, there’s 1.57 million apps available for Android on Google Play, and nobody knows how many for Windows because there’s no way to count.
Ubuntu/Debian, by most estimates found online, less than 5,000 – 10,000 unique end-user application packages.
This is why it’s so important that the delivery mechanism for your application packages is standardized and a simple automatic pass-through operation without humans and politics in the middle. When the volume goes up by a factor of 1000x, you can’t hire 1000x more developers to handle the load.
@Dude
You do realise that you can make and install your own packages, right?
Yes, and I could also rub two sticks together to make fire to cook my breakfast. Your point?
No it really doesn’t, if you want to get your stuff available to the users of any Linux distro all you need is a website so the potential users can find it!
You need to know nobody at any distro at all, simply put your software into an app image type concept or make your own little repository for all your software with one tiny guide on the website that people use to find or even buy your programs on how to enable this repository.
And best bit of your own supplemental repo is you can still leave 90% of the work on the distro maintainers and package manager – any library your program needs isn’t your problem unless you are patching it out of spec, all your program needs is to tell the package manger version of library x must be 0.9<x<1.2 or whatever it happens to be which will almost always just be greater than whichever version you used.
Not necessary; you can always compile from source
Likewise; you can always get developer verification for Android.
It’s only a minor inconvenience, so there shouldn’t be any complaints. Right?
No. there is critical difference. Developer verification goes through chokepoint. And it can be revoked.
No one can stop you from building the app.
Here’s me holding a mirror to you: “Not my problem. Don’t care.”
I’ve been though developer verification and trying to compile a kernel.
Developer verification is vastly simpler.
“Compile your own Linux” is barely more an answer than write your own OS for your own hand-built discrete CPU.
There is no gatekeeping at all in the Linux distro package manager system – all it does it make it easy and reliable for the normal user to get the software they need working.
So really not Linux at all – the distro out of the goodness and determination of their community to provide a good experience have created a fairly automatic and secure way to let you load software they have done all the work for you. But in no way does it restrict you from using a source install, pulling in a package in the right format (as you’d still want to use the package manager) they didn’t create, using app images etc.
You’re right. The situation is actually worse. The package management system and the repository are a gate that you have to pass through to get your applications distributed effectively, but there’s no regular gatekeepers which means there’s nobody to open the gate for you in particular. If the software you want isn’t in the repository, and you’re a regular user like me and not a software developer or somehow affiliated with the “community”, and in high-enough status that other people would trust me to muck around and make changes, the gate remains closed.
For every piece of software, someone has to maintain the packages in the repository, multiplied by however many different repositories for different distros, versions, etc. there are. For an independent software vendor looking to target Linux as a platform, that is practically impossible. They would have to convince everybody to carry their application and keep it up-to-date and tested for compatibility N times over. That is why very few companies even bother to target Linux as a platform, and only for one or two officially “supported” versions, which sucks from a user’s perspective.
Of course it doesn’t restrict you from doing whatever you want – you can even become the gatekeeper for your favorite application for your favorite distro! Let the casual lusers enjoy the fact that you’re too lazy to keep updating it, because you don’t need any of the new features or bug fixes (“works for me!”).
This isn’t a novel criticism. Other people have pointed out that the distribution based model is trying to “own” all the software it lets in, which means it stops scaling beyond some small number of software packages because the effort to maintain them balloons out of control. As long as there’s no automatic and standard pass-through to distribution, it’s just a worse version of Google Play.
i often find it easier to get windows software to run via wine/proton than it is to get linux software to run on the wrong distro. the amount of trouble i went through to natively compile dxx for the steam deck for it to not work and ultimately end up using the pre-compiled windows version. ive compiled it before on the raspberry pi and thats not even the same architecture.
Except you don’t have to pass through that gate at all.
All you have to do to get your software to run and be distributable is put in much the same work you’d need to do in distributing any software.
For the most vanilla like experience for your users host your own repository of whatever you want – in effect you could create your personal F-droid style alternative repo containing everything the distro’s don’t bother with, or a single package. A tiny little script or line of instructions on how to add your repository onto the list the package manager uses and whatever you create can be installed by anybody, with all the dependency checking, and all the other library etc still done by the distrobution for you!
Or package it up as an app image/snap/flatpack, again you just have to distribute it and it can just be used, this time with no interaction with the package manager at all (beyond the user maybe having to install the prerequisites to actually use the appimage type concept of your choice).
I’m willing to bet that over 90% of the software that does get added to and maintained on the repositories of popular Linux distributions only exists because (some of) the distro developers themselves use it.
The regular users, or other software developers outside of the “inner circle”, won’t really get a word in edgewise. If you’re not in the good old boys’ club, who cares about you?
Which is work that I shouldn’t have to do as a user of the system!
Anyhow, the point is the irony of complaining about Google closing up their system, while using a system that is effectively the same from a user’s perspective. At least Google doesn’t actively piss on their users, because that’s what makes them money.
I mean – how hard is it in the end to get the developer certificate?
Yeah it is work the developer, which is what we are talking about here always has to do and already does if they are distributing their software on other platforms. It doesn’t matter at all what the “inner circle” want they can’t stop you hosting your software, in a repository that supports their package management system – I have for instance at times used a nice German guys repository for convince on codec installs – he already did the work and hosted it – all I had to do was use the internet for find this software and add a line to repositories the package manager uses for a completely normal install afterwards (Or do it all via the GUI if you want – same end effect).
And its no more work than these developers are already doing for whichever other distribution methods they use (if any beyond the git). The fragmentation of Linux means they may not feel like packaging it up for everyone’s package management of choice, but the small developer actively hated by the “inner circle” DOES HAVE THAT CHOICE! And if they want to support Linux the lazier way for them they can just use the flatpack/appimage type concept of their choosing, and it will work anywhere, just with a bigger storage footprint for their users.
The only way this work ends up on a user is if THEY CHOOSE to be like that nice German in my example and do that little bit of extra work to then share it themselves. And the user isn’t gatekept from installing anything they like from source, with app images etc except by their own ability to use the internet to find software they want that isn’t pre-packaged by the distro and then actually install it.
On Linux, you can always build from source.
Which limits you to software vendors that give you the source.
Which excludes pretty much all commercial software and most of the more interesting and useful options out there. Not that there’s much interest in Linux with those anyways.
Are you on Google’s payroll?
I can still run apps from ~15 years ago. On linux. Proprietary. And they still work with minimal modifications.
So? I still use a copy of Photoshop form 2003 (22 years ago) and it’s still better than GIMP.
… and I can just buy an up to date copy of photoshop, because the annual licence costs me a few hours’ work, which means that it pays for itself easily. And that’s nice, because that means the devs who wrote it get paid money. Which is nice for them because Walmart doesn’t accept “number of commits to OSS projects” in exchange for food.
Which is a very different problem to the one here, were even if the developer WANTS you to be able to use their software you can’t unless Google says yes! If it really does make f-droid unworkable nearly all the applications I actually use on my phone go away.
That is genuine gatekeeping, and to my mind entirely unacceptable – Where the developer not wishing to support their works on your platform of choice is a choice both of you the actually required participants have made – it wasn’t enforced on either of you from above!
There is always the traditional solution on Linux/Unix: download source and compile. If you’re lucky, somebody else is already figured out how to configure for your platform and that just works. If you aren’t lucky, you get to figure out what the appropriate parameters are.
You young whippersnappers are just plain spoiled in expecting somebody else to do the builds for you. If you want to claim you’re a software geek, be prepared to do more work.
As far as Android goes: for the most part, I have never treated Android as an open platform. If I need to do more than the basic Android tooling will do, I either use something off the shelf, or fire up termux and do it there. I might be interested in side loading some of the phones that I no longer use as phones, but for my daily carry I really do not need a very complicated or fine-tuned set of apps. I am perfectly willing for my phone and tablet to be constrained environments.
Yes, I can see that if you want to jailbreak a device which is using Android under the covers and replace or extend its firmware, side loading is desirable. I haven’t had a need to do that yet.
good for you. But as so many folks are either poor enough having another system of any performance is tricky, as these days you can’t exist without a phone so that isn’t an optional cost, but a laptop etc is. Or they are so often on the move and lack the space for even a laptop setup that they try to do everything on their smartphone… So to me, even though I don’t really fall into either category this is a terrible thing, as I do like many of the sideloaded apps I’ve used so so much better than the Google version…
In the early days Android was actually pretty good for those that wanted to put in some effort to stray off the curated experience (though you did need to know a fair bit it was very possible). Now its probably worse than Apple if only because it has become just as awful but folks still expect better of Android devices!
you can totally exist without a phone. i do it every day.
I know plenty of folks that couldn’t because essential services or their job require them to have one. It is becoming a requirement.
Technically I have one, but you could argue I exist without it every day as I don’t really use the darn thing unless it demands attention much. But I’m well aware that is a somewhat unusual state.
Under windows, the developer has to package the program for windows.
Under Linux, most programs a user will use have been packaged by the distribution. This makes almost everything I want to do very easy to install. However, this is by no means a gate.
If the developer wants to package for Linux outside of permission from the distribution, all the package managers I’m familiar with allow adding additional repositories, or installing packages separately. Some of them (I’m thinking mainly of AUR for Arch here) allow users to share recipes for installing packages easily.
And these days almost all distributions have flatpack support. So if a developer wants to package it for Linux in general, that is an option, same as they can for Windows.
No one is insisting that all software should be distributed from a central warehouse. It is advised for beginner users, because from a users perspective it’s almost always the easiest option.
That’s good and shiny… in theory. But as soon as you have a social life, you’ve to use the tools other are using. Sure you can still use email for your pro life, but you have to use Whatsapp for communication because it’s the defacto standard (until EU succeed in forcing Meta to interconnect with other comm app). Matrix / Mastodon, I wonder you can have it too, but it’s very likely other people will (still) use X very Musk. Maybe bluesky might work a bit in the future, but it’s still US based (and controlled) technology. People will just avoid the hassle to move their data and maintain another server install elsewhere (because, well, it’s too complex to do). Even mail, you’ll communicate with gmail users (that’s what, 70% of the email users in US?), so whatever you do will still be pumped, sucked and digested by Google. Even SMS is being deprecated to Google controlled RCS, so your SMS will also be sucked by Google octopus. That’s because, RCS is a standard that’s so complex that only a large corporation can implement and maintain, and phone operators simply sideload on Google’s RCS servers. And since EU force communication app compatibility, I’m 90% sure it’ll happen on the RCS standard, thus via Google spying on the data.
So it’s already game over. To have any kind of privacy in the next 2 years, you’ll have to be illegal, you’ll have to use tools no one use (because people are too dumb to understand what is their own interest), so you’ll be forced to use tools to communicate with others, where you’ll be monitored, spied and classified/sorted. You’ll have to drop any hope of anonymity. Forget about cash (it’s now way easier to pay “non-contact” with your phone, thanks Google, it’s withing their data sucking tool), forget about going anywhere without being tracked (I’m not even speaking of sharing location with Google 24/7, but on the Bluetooth beacon your phone is sending every second that are being recorded by other phone and transmitted to Google and Apple’s servers for their “Find my” network). Forget about call metadata privacy (they don’t care about the call data itself, it’s dumb anyway) since the default contact app on your Android phone, phones home “to prevent spam”.
Can’t speak for Google, but Apple’s “find my” network is e2e encrypted. Only your Apple devices have the key to decrypt the locations. Apple don’t know where your devices are from “find my” beacons.
Oh sweet child, Apple has no trouble at all knowing where all devices are. They e2e to prevent one user knowing another user’s position. But they definitely run the panopticon.
We are decades past boycotts at this point, anything with even half a chance to bringing corporate bullshit to an end has a min prison sentence attached to it. Although that will increase more and more as the years pass. Could also try asking congress really nicely
Does banking and square work on degoogled images?
I’ve used a fairphone 4 with e/os for over 2 years now as a daily driver in the US (tmobile) (my gf uses a Pixel 7 with e/os) & I wouldn’t have it any other way. Chase, discover & Amx work fine for us. I don’t even use the microG services it has built in. Idk about square. But if you have issues with apps, thats what microG is for. I hope that helps.
All the more reason to move to an OS not in the palm of google. I moved to a phone with no google anything years ago. I’m not going to lie, it was difficult, and my phone does not work as well as a normie phone, but the feeling of not being under google’s thumb is priceless.
I worry about how this will effect the app ecosystem outside of the google play.
They don’t want us fiddling with our personal tracking devices. Simple as.
Time to start rooting again.
hell yeah I was totally lost at the thought of losing sideloading but supposedly as long as my phone isn’t certified (which it isn’t already) I’ll be totally fine
Does this prevent pirating apk files to get installations of apps you have not purchased? If it does it would also then block installation of old apps which run but have no recent support.
Interesting. There is a mechanism to allow another app store, even via one click agreement (allow install from unknown sources). I suspect that was part of an EU requirement.
But this new change, would imply that even 3rd party app stores would have to carry “approved developer” content only.
so then what good is android if you cant run your own damn code on it?
It’s useless if you can’t run your own code. Might as well go back to a flip phone if there’s no way to bypass it.
No problem. I use phone as a phone/text device. Use my Linux desktops for development and applications. I can see this more as more phone vendors worry about security and lock ’em down more and more … Remember, if anything bad happens the finger always points back to them. This world is all about security and more security. And people being sue happy … and companies don’t like to pay out money… Well, this is the result.
Hmmm, I don’t feel any safer…
I don’t know about you but I would feel pretty silly walking around with pants that have pockets big enough to hold my Linux Desktop.
[smile] . But the phone comes with all the functionality you need to talk/text/take pictures. Just use. [sigh] But I know people use them for more than now for whatever reason. We confine our browsing/development/email/intertainment to the home systems.
Yeah, but your GPD Win Mini or that new Ayaneo flip series (and perhaps others I don’t know of) gets you a potent and practical enough Linux machine that would fit in fairly regular pocket so you don’t need to feel too silly…
(in theory anyway – I don’t know of any hardware in either that won’t play nice with only M$ drivers available etc, but I’ve not looked hard or had hands on with either to know – really would like to though, as that does seem like the perfect portable for me (other than the price, which isn’t unreasonable considering but more than I can justify now) – I’d finally retire the core2duo toughbook as the portable with a keyboard, and not really need the steamdeck that is now my go-to portable either – as that can be annoying every time I wish I had a keyboard and don’t – the valve/steam controller keyboard is good for what it is, way better than any touchscreen keyboard, but still nothing on real keys.
Heck if all you need is a phone/text device in your phone you might even be able to integrate that and make your pocket PC a suitable smartphone too, as at least in theory both of those options should be very functional in Linux if you can slot a modem in somewhere (something I keep meaning to try but never get round to). All you wouldn’t get is the Google/Apple ecosystem, which honestly sounds like a hugely net positive thing these days.
Another L take from R clark.
Just because you exclusively use it for talk/text doesn’t mean that’s universal and the security of those can be questioned.
If it’s a smart phone, those apps can often be controlled by the phone maker so the security from them is questionable.
If it’s a dumb phone, maybe no problems with the apps will occur but texting isn’t secure and I don’t know enough about how phone conversations are handled to say anything there.
If you can install your own apps then at least you can replace texting with Signal.
On point. They are shutting down 2G and 3G networks and ALL 4G VoLTE phones have internet, making them massively more of a security risk due to hugely-expanded, rarely-if-ever updated attack surface. Not FOSS and buggy as made to a budget. Those are the NON-smartphones. Smartphones are a dystopian nightmare. Foretold by Zach De La Rocha of Rage Against The Machine in the song ‘Bullet In The Head’ “Cellular phone, sounding the death tone, corporations cold turned ya to stone – BEFORE YA REALIZED”. Look at the mess we’re in today where people trust their phones intimately when they are proven abusive. Yet are severely suspicious of innocent strangers. Also especially the way young women have been groomed to hate men and be overly-supicious of male potential partners. Look at the Tea app, they blindly trusted including shamelessly abusing men’s private data. Too selfish and lazy to learn even the most cursory security and privacy audit of an app or platform. Brainwashed and beyond help. Nowhere near enough empathy to go around and in that regard, “turned to stone” is a reality.
Well. I’d been considering switching to Graphene, I definitely will when f-droid isn’t trivial to use.
My issue is that I’d lose two things:
1. tap to pay, which has got me out of sticky situations in the past when I forgot my bank card.
2. My banking app won’t work on a rooted phone and it’s heavily locked down, so I doubt any workarounds will work.
It works. (Well depending on your banks implementation but ANDROID NFC payment implementation works as intended (do not confuse with GOOGLE WALLET)
It works. GrapheneOS does not provide root access.
Oh, this is interesting. I thought any of these third party OS versions needed root…
not at all. LineageOS isn’t routed by default either. GrapheneOS is an excellent alternative, runs five without Google services (with some compromises) and so far most bank I use in EU have a working App.
Yeah I’d love try a Linux distro if any of them supportedy Pixel 7a, but they don’t. I think the tensor chip’s user space driver APIs are a blob written for the Java android runtime or something.
I’m very happy to have some level of inconvenience in my technology, but I spent too long digging around android forks to try and figure out the driver stuff without making any headway.
Wuhuuuu.. an with the plans EU (and especially my government) has for age verification apps, we’re on a helical curve wrapped around an inclined path…
Proving your age to access (online) resources doesn’t have to be bad, als long as it’s done in a privacy preserving way. To prove that you are over a certain age is literally 1 bit of information (yes or no). Apps like yivi ( https://yivi.app/en/yivi_ecosystem/ ) can do that in a secure way and even the app does not know where it’s used.
sure… privacy is not the case for government. Not in the end.
“1 bit of information”
You realize it includes uploading your passport, right? That’s the entire point, to remove anonymization, so you can’t post the wrong opinion anymore. The EU wants to do the same thing to their netizens just like Russia, China and England are already doing on a mass scale. It’s the end of the internet, the end of free speech which will lead to the end of democracy as you can’t have democracy without speech. The EU already demands speech control for reasonably large platforms, by forcing moderation on speech through the DSA, but this goes a step further and gives the EU the option to identify the users saying things they disagree with.
I’m from the Netherlands and I’m scared of what the EU is turning into. It’s a trade agreement that’s gotten totally out of control. I already applied for US citizenship. I hope to be allowed to leave this place before it’s too late. I’m also considering Argentina as an alternative now that that country is getting back to normal after decades of decline.
The industrial revolution…
Unpopular opinion: why should complete anonimity or even designed lack of transparency be a universal right? Anonimity online should, in my opinion, be of the same level as anonimity in real life. You can post pamphlets, but people might see you post them. You can step up on a soapbox, you are free to express what you want to express, but you may at some point get recognized. Pre-internet, there was no similar guarantee of anonimity, and I’m hard-pressed to find any pain in that.
Now, if your non-public information from your private life gets exposed, that’s different. But that’s not a question of anonimity, it’s a question of privacy. You can be non-anonimous and have private details, and the right to privacy is a great one. The right to anonimity, in my opinion, is a weird new thing that often gets tacked onto privacy issues when it’s at least a mostly separate ticket.
you could do those in the night and in camouflaging clothing , the internet is always lit up, always watching, never forgeting
and i probably don’t care as long as THEY are also refused ANY privacy.
but no it’s always “rule for thy but not for me”with those politiciens.
(if you can see everyone polishing things while watch C0rn grow, it’s not shamefull or blackmail material anymore. )
total transparancy would bring a reduction of peer pressure effectiveness, the opposite of what they want.
no they only want themselves to have the all seeing eyes.
you have to pretend we are not all animals attracted to the same things, and they got power over your reputation (or worse but we are assuming no formal banning of complaining about the governement like in UK)
Animals under constant stress don’t behave the same, that’s what they want.
a man that think he is under surveillance follow the rules more.
The difference is people can see you handing out leaflets etc, but unless you let them follow you home it is only in the act of exercising your rights to free expression in that public setting you can be dealt with by those who disagree. Then because you and your message are seen by many so persecuting you for your opinion is trickier for a dictator to do unless the population actually agrees – can’t erase peoples memory of their interactions with you, or their expectation to see you on that corner again tomorrow like you said you’d be by dragging you off to the gulag.
So that lack of transparency as you are expressing yourself works both ways and lets you in theory be fairly secure at home without needing celebrity/dictator level wealth and security arrangements to keep that.
That is not necessarily a choice you can make.
True @Dude, but it is easy to make it tricky on them. Certainly way way harder than requiring them to hand you their full legal ID upfront before they can post that leaflet, and if its going to cost money and effort probably won’t bother unless you really really push them hard.
With surveillance cameras everywhere, do you really think you can slip away unnoticed? You underestimate how far people will go to harass you even for petty disagreements.
Not to mention when you have a proper Stasi situation going on, where the actual establishment, or just the police, is out to get you.
This isn’t just unpopular, this is nuclear bad.
You do realize that name and address are frequently considered public information. Would you like to post your full name and address right here? Probably not.
There are massive issues to lack of anonymity online, not the least of which how much easier it becomes to suppress free speech. Maybe you live in a country where you won’t be immediately shot and killed for handing anti-government pamphlets but that isn’t universal and not always permanent.
No I really don’t, but even with an SS unit actively hunting for folks they disapprove of it isn’t hard to get lost in the crowd, even now. Unless you really really really make that effort above and beyond so stand out – something like making yourself the public spokesman for a banned organisation which makes nabbing you worth the cost – there is only so many man hours and CPU cycles to burn and so many people to monitor!
Can you be tracked physically yes, but will you actually be tracked all the way with the amount of effort that would require if you make even minimal effort not to be, probably not.
You are leaving the EU to move to the US? You mean El Salvador, right?
And Argentina is a basket case.
What are you on about? USA is doing the same exact thing.
A lot of this rolls into the late stage capitalism vice grip. If people think there’s a pushback on protesting now, wait until the masses ACTUALLY organize at a scale that threatens the big boys.
Unfortunately we are likely not even getting that, it’ll just recycle each generation or two.
Well it’s been pretty clear for a while that Google is working towards turning Android into an iOS-style walled-garden toy OS, but this is a big step, sooner than I expected…with the way they’re making the basic architecture of Android increasingly hostile to the concept of rooting over time, it’s looking increasingly likely that I’ll be going back to GNU/Linux on my next phone, I wish I’d never had to move off of it after Nokia dropped it…
Still have my N900 in a drawer!
Bit of a spanner in the works. Think you can stop us, Google?
On top of this, it seems that as of today, you can’t watch any youtube video without signing in first.
Hmm, worrying. That’s not the case for me here (UK) and now. Although I won’t be surprised if it comes to pass.
i still can… (belgium)
It seemed to last for only a short time. I have set up my web browser to delete all cookies and other cached stuff when it is closed, and I assume this somehow interfered with whatever youtube attempts to do while serving video’s for “free”.
About half an hour after I started up my web browser this morning and watched some other sites youtube also started “working” again.
Well that’s even more alarming as it suggests one of two things.
One – the verifier in Youtube gives up and allows anonymous users eventually
Two – the rest of your other internet use provided enough profiling data for the verifier to assume a tokenised profile , releasing the anonymous lock
refresh the window ;-) and it works
Notice how installing software on a device that you purchased is called “side loading” by them. Pure 1984
Exactly this. There I was, believing that I’d spent that money to own the device, not a licence to use it.
I will only buy a device where thic can be turned off or with factory free OS. I want to keep F-droid and apps like Grayjay.
I want a F-droid phone.
So how is a nascent developer to test a proof-of-concept software package without the hardware without a test article? Emulators are hit-or-miss. I’m sure there’s a bunch of hoops and perhaps fees associated with this “certification”. That expense of time, effort, and money might not be worth it if one doesn’t even have the ability to know if their product works in the first place.
Detailed feedback has already been made available to Google via the GitHub issues for “Web Environment Integrity”.
How do they make money off of this?
And before saying something about data collection and selling… they already have that mastered for the masses. What tiny percentage of people side-load anything and who is paying more for a database containing those few people’s information vs not when either way it gets everyone else?
I would think that Google would do better for themselves leaving the door open a little for us so as to keep the wheels not-squeaking while monetizing everyone else just like Apple.
Evasion of liability/government hegemony via security theater.
It’s another step to shut down ad-blockers and things like ReVanced Manager that help you to patch YouTube and other apps to remove ads. “Oh sorry, we’ve revoked your developer account because you published something we don’t like”.
Thanks for bringing ReVanced to my attention. Just what I was looking for! “In before the lock” lol
“More likely is that this will wipe out Android as an actual alternative to Apple’s mobile OS offerings, especially for the hobbyist and open source developer.”
So what useful alternative/workaround/group-validation-to-evade-the-enshittification will emerge? The answer isn’t always “Hurr Durr Linux”.
There was Ubuntu Phone OS. I think it could be adapted to run Android apps either live or in emulator (like qemu).
is there another lord nothing on here because i sure as hell didnt post this.
The answer IS Linux. I can install any APK via Aurora Store, F-Droid, from a file or via any other means on my Furilabs FLX1.
this won’t happen. it’s fake news distributed by google for some dunderheaded reason.
they’ll either allow an easy work around, an easy work around will be forced by the community, an easy work around will be mandated by government regulators, or vendors will rebel.
I doubt it for those ones, at least with the current state of the world looking ever more 1984 – having something like complete control of your device between them sounds like exactly what those groups want, and as Google is talking about it…
Seems they might well not offer a solution either, which would be inkeeping with how Google have treated Android in recent times. The community might find a way, but the more locked down the devices become the harder it is work around those locks, and with OTA updates the locks are probably going to be an ever moving target, so not worth the effort to break.
I hope its fake news, but I rather doubt it is.
i think you’re ignoring the … oh i just saw your name … now i know you’re ignoring the actual history of jailbreaking android.
vendor lockdown, OTA moving target, google antagonism, none of these have slowed down the unlocking. and all this hacking has happened in the context of a large pool of phones intentionally unlocked by non-samsung vendors — people are bothering to unlock the locked ones even though it’s far easier to simply buy an unlocked phone.
every vendor has a choice whether to lock the bootloader, and also whether to lock the android that runs under it, and many vendors are now chosing to unlock both as a matter of policy. and google specifically has reliably for years (moto, nexus, pixel) chosen to have an unlocked bootloader.
google also has this same tradition they’re demonstrating yesterday, of announcing something draconian and then backing off of it, or revealing it was a smokescreen: a user-facing but not hacker-facing roadblock. for example, the play store has become ever more restrictive but hackers have always been sideloading so it hasn’t affected us. in fact, it’s made our population swell as more people turn to side loading / f-droid sort of solutions. they’re not going to create this population and then extinguish it overnight.
even if google wanted to shoot their own foot so badly, the vendors that want to ship unlocked will have more incentive than ever, and the hackers who want to break the lock will also have more incentive than ever. to support this non-play-store community that is growing.
i forget sometimes that most people aren’t android devs who have watched google’s now decade-long battle against /sdcard. they have indeed made a nuissance for me! i don’t appreciate it and i hate google because of it. but they have not succeeded in destroying /sdcard. “google announces the end of /sdcard next year” is an ancient headline, long-falsified.
i do think android and google are both on the way out but sideloading abruptly ending in 2027 is not plausible. if you’ve lost faith in google’s non-evilness then you need to — at the same time and in proportion — gain faith in their evilness. if google is lying liars then you shouldn’t be surprised that this announcement is a lie. a boast. misinformation.
this reminds me of the scare tactics at the beginning of UEFI. in practice, UEFI was the easiest transition for me, and is better in every way than the MBR bootloader that preceeded it. but when it was first gaining the public’s awareness i saw a bunch of alarmist garbage selling it as the final ultimate victory by microsoft against OS choice.
Not ignoring at all, simply making my guess based on the direction the world seems to be hurtling NOW, past performances mostly of the community not the vendors anyway is no certainty of the future.
Which just means you assume the worst/best depending on pessimistic you are feeling today. Or how much you think the companies will be allowed to get away with as the regulators and governments have gone spineless.
Also the big one for me is the community that cares to jailbreak stuff for whatever reason is important to them is surely going to be slowly becoming the community driving the PinePhone and Librem type phones further instead.
The more difficulty Google’n’co make actually using your phone, distributing your software etc… As now those sort of open, privacy respecting, hacker friendly options exist and are in an ever improving state, rather than actively getting worse – so surely more and more of the community will gravitate that way!
For those wondering why, it’s all about Google bow down to dictatorship-like governments, in an useless effort to identify everyone online.
Brazil is a great example, as there is a president who made his way from jail (for corruption) right into presidential chair.
Eventually you’ll be forced to show your face to a camera even to buy food, if we keep just giving power to them like we are now.
And for those who believe USA is different, now you can’t burn a flag there… And freedom of expression start in the little things, like that.
We will very soon need to fight for the basic rights all over again.
i find it absolutely inconceivable that locked samsung flagship phones are the major contenders in brazil. doesn’t everyone in south america use a cheap ‘knock off’ chinesium android phone that is conspicuously unlocked and already barely able to integrate with google’s ecosystem?
You can still take a dump into Paczkomat. There’s no law against that.
Solution: Only buy apple untill someone actually tries to compete.
I don’t actually like the Apple ecosystem. Of the two, I prefer Android even if this occurs.
There are non-Apple, non-Android palmtop devices. They tend to be inferior as phones, but perfectly reasonable as portable computing. Of course, developing for those means you don’t get to sell into either of those commercial markets. Then again, if you are selling, buying the necessary certification seems a minor investment. It is a nuisance for folks who want to play with development without knowing whether they are going to try to sell the product, admittedly.
You do have the option of both carrying a phone that is a better phone and a device that is a better computing device; I know folks who do. But again, that doesn’t get you into the wider markets of folks who just want to a device that works.
Yes, the change is a nuisance, especially for hackers writing one -off apps. Of which there are an unusually high percentage here on Hackaday. But I suspect many more of us are going to vent about that then are actually going to do anything about it.
I’d also point out that there seems to be nothing keeping someone from defining themselves as a publishing house, obtaining this certification, and using it to publish apps by all their friends. The downside is that everyone’s reputation stands and falls by the quality of everyone else’s code, and if somebody does release malware the publisher of record may be legally liable for not having prevented that.
So this is something a user’s group could do, but I would highly recommend that they incorporate first so any liability stops with the group rather than its officers.
fwiw i am a hobbyist developer who decided to publish (free/open source) a few of the apps i made for myself and i found the play store to be delightfully easy to use and a great way to reach a large audience (tens of thousands of people) with my niche apps. now, 11 years later, i hate the play store because google is trying very hard to remove “low quality” apps but their filtering strategy is moronic…they’ve made a list of attributes that they associate with low quality, but they manually fudged that list so that extremely low quality software from extremely large vendors like facebook and twitter wouldn’t get flagged as such. but then they compounded that by not even a vague attempt to identify high-quality software (probably because there’s not a single example of it in the top 1,000 apps). small (in bytes), ad-free, few crashes, low-permissions, highly reviewed, stable UI, none of those things mean anything to them. so they’ve banned or shadow-banned every one of my apps by now.
the worst thing about their filtering is that they’ve tried a kind of darwinian winnowing using by throwing up trivial nuissance roadblocks. which isn’t going to work, obviously. nefarious actors and spam factories are specifically willing to tolerate nuissance. giant vendors of awful software will assign a whole team of interns to deal with nuissance. open source developers — the cream of the cream — of course have very little tolerance for nuissance. absolutely boneheaded policy.
but one of the many nuissances they threw at me was this verification requirement, and it was the most trivial and non-frustrating of all of the random nuissances they’ve thrown at me. ymmv, especially if you’re paranoid about your privacy. but it really is easy.
(i’ll still be side-loading unverified apps though)
Another solution mught be to do the same sort of thing Termux does: write an app that acts as a sandbox under which less controlled software can run, but which has broader access to the hardware then Termux. Or work with Termux’s author to expand its capabilities. (Does termux have the ability to define launcher buttons that will start it and run scripts? That, plus supporting GUI through the browser if necessary, would hide much of the difference between running under termux and native.)
For what it’s worth, termux does have a widget which let’s you select from a user-defined a list of apps to be launched. Not as pretty as individual widgets, but a decent 90/10 solution.
Eh I actually prefer Termomix because it’s cheaper, healthier food than dining out. Maybe in the future when government introduces a ban on fast foods I will go to restaurants again but for now Thermomix rulez.
a word of caution about going down this road…
if everything lives under a single app that reinvents everything, then you can bypass a lot of bs as long as that one app isn’t banned.
but i made one app that answers provides a shell in response to ssh connections (i.e., an ssh server). and i made a separate app that just bundles busybox for android. and they worked well together, you would just one-time cut and paste a long path from the busybox app to the ssh session, and from thence forth you would have all of busybox at your disposal from the ssh shell. and i made a third app that plays mp3s with a minimalist android gui, which also supported a primitive commandline interface behind the scenes. and you could cut-and-paste a path from that app to the ssh session and again you were off to the races. for example:
but each of those two hacks were the first to fall to a slowly-tightening android security policy. they each still work on some phones, but a lot of new phones use an selinux configuration that forbids an app from effectively marking its private files world-executable (like mode 755).
there’s work arounds that are possible but that’s where i got off that particular train. if i cared that much, i’d just root my phone instead
Corporate hegemony plain and simple!
So, Huawei it is then?
Or are they also WEF’ed?
Any chance this is a way to stem the tide on AI authoring of SW for the droid?