A few days ago we brought you word that Google was looking to crack down on “sideloaded” Android applications. That is, software packages installed from outside of the mobile operating system’s official repository. Unsurprisingly, a number of readers were outraged at the proposed changes. Android’s open nature, at least in comparison to other mobile operating systems, is what attracted many users to it in the first place. Seeing the platform slowly move towards its own walled garden approach is concerning, especially as it leaves the fate of popular services such as the F-Droid free and open source software (FOSS) repository in question.
But for those who’ve been keeping and eye out for such things, this latest move by Google to throw their weight around isn’t exactly unexpected. They had the goodwill of the community when they decided to develop an open source browser engine to keep the likes of Microsoft from taking over the Internet and dictating the rules, but now Google has arguably become exactly what they once set out to destroy.
Today they essentially control the Internet, at least as the average person sees it, they control 72% of the mobile phone OS market, and now they want to firm up their already outsized control which apps get installed on your phone. The only question is whether or not we let them get away with it.
Must be This High to Ride
First, “sideloading”. The way you’re supposed to install apps on your Android device is through the Google Play store, and maybe your phone manufacturer’s equivalent. All other sources are, by default, untrusted. What used to be refreshing about the Android ecosystem, at least in comparison, was how easy it was to sideload an application that didn’t come directly from, and profit, Big G. That is what’s changing.
Of course, the apologists will be quick to point out that Google isn’t taking away the ability to sideload applications on Android. At least, not on paper. What they’re actually doing is making it so sideloaded applications need to be from a verified developer. According to their blog post on the subject, they have no interest in the actual content of the apps in question, they just want to confirm a malicious actor didn’t develop it.
The blog post attempts to make a somewhat ill-conceived comparison between verifying developer identities with having your ID checked at the airport. They go on to say that they’re only interested in verifying each “passenger” is who they say they are for security purposes, and won’t be checking their “bags” to make sure there’s nothing troubling within. But in making this analogy Google surely realizes — though perhaps they hope the audience doesn’t pick up on — the fact that the people checking ID at the airport happen to wear the same uniforms as the ones who x-ray your bags and run you through the metal detector. The implication being that they believe checking the contents of each sideloaded package is within their authority, they have simply decided not to exercise that right. For now.
Conceptually, this initiative is not unlike another program Google announced this summer: OSS Rebuild. Citing the growing risk of supply chain attacks, where malicious code sneaks into a system thanks to the relatively lax security of online library repositories, the search giant offers a solution. They propose setting up a system by which they not only verify the authors of these open source libraries, but scan them to make sure the versions being installed match the published source code. In this way, you can tell that not only are you installing the authentic library, but that no rogue code has been added to your specific copy.
Google the Gatekeeper
Much like verifying the developer of sideloaded applications, OSS Rebuild might seem like something that would benefit users at first glance. Indeed, there’s a case to be made that both programs will likely identify some low-hanging digital fruit before it has the chance to cause problems. An event that you can be sure Google will publicize for all it’s worth.
But in both cases, the real concern is that of authority. If Google gets to decide who a verified developer is for Android, then they ultimately have the power to block whatever packages they don’t like. To go back to their own airport security comparison, it would be like if the people doing the ID checks weren’t an independent security force, but instead representatives of a rival airline. Sure they would do their duty most of the time, but could they be trusted to do the right thing when it might be in their financial interests not to? Will Google be able to avoid the temptation to say that the developers of alternative software repositories are persona non grata?
Even more concerning, who do you appeal to if Google has decided they don’t want you in their ecosystem? We’ve seen how they treat YouTube users that have earned their ire for some reason or another. Can developers expect the same treatment should they make some operational faux pas?
Let us further imagine that verification through OSS Rebuild becomes a necessary “Seal of Approval” to be taken seriously in the open source world — at least in the eyes of the bean counters and decision makers. Given Google’s clout, it’s not hard to picture such an eventuality. All Google would have to do to keep a particular service or library down is elect not to include them in the verification process.
Life Finds a Way
If we’ve learned anything about Google over the years, it’s that they can be exceptionally mercurial. They’re quick to drop a project and change course if it seems like it isn’t taking them where they want to go. Even projects that at one time seemed like they were going to be a pivotal part of the company’s future — such as Google+ — can be kicked to the curb unceremoniously if the math doesn’t look right to them. Indeed, the graveyard of failed Google initiatives has far more headstones than the company’s current roster of offerings.
Which is so say, that there’s every possibility that user reaction to this news might be enough to get Google to take a different tack. Verified sideloading isn’t slated to go live until 2027 for most of the world, although some territories will get it earlier, and a lot can happen between now and then.
Even if Google goes through with it, they’ve already offered something of an olive branch. The blog post mentions that they intend to develop a carve out in the system that will allow students and hobbyists to install their own self-developed applications. Depending on what that looks like, this whole debate could be moot, at least for folks like us.
In either event, the path would seem clear. If we want to make sure there’s choice when it comes to Android software, the community needs to make noise about the issue and keep the pressure on. Google’s big, but we’re bigger.
Consumer hostile corporations deserve hostile consumers.
Again, there’s the irony of having exactly the same system for adding software packages to any Linux distro repository. If the devs don’t like who you are, you don’t get in, and your users have to hop through burning hoops to get the software or use clunky workarounds like snaps with hit and miss success rate.
Hate the player, not the game, eh?
Big difference, sideloading. You can sideload any app on linux. This google plan also restricts that
Not really.
Google has done their work properly so “sideloading” actually works: you can take an application apk and it will probably work on most Android devices and versions directly as-is. That is why they’re looking to restrict sideloading to gain more control of the market.
Linux devs haven’t done their work properly, so getting software from “unofficial” sources is often difficult and rife with problems, which is a political choice to “nudge” users and software vendors towards open source software maintained and distributed by the developers and the community – since anything else would be markedly more difficult and fragile.
This is effectively a block on “sideloading” to maintain control of the “market” of software under Linux – just the definition of “side” differs.
Same game, different players.
Can’t I install any software I want from the dev’s repo (or from source) on linux? I assume this would be “unofficial”, as it’s not through a package manager. With google’s authorised developer requirement, you can’t install anything, unless the dev is authorised.
The comparison isn’t really correct. Your average Joe Bloggs uses only the Google Play store and has never even heard of side loading.
On Linux, Joe similarly would be satisfied with the distro’s packages.
Tinkerer Tim likes getting APKs from random places to get things done that apps in the Play store can’t achieve.
On Linux he likes downloading random debs or rpms for needs not covered in the distro’s repos.
Joe Bloggs is unaffected by these changes whilst Tinkerer Tim loses his ability to sideload random apps on Android yet is still free to do the same on Linux.
Except they wouldn’t, because the distro’s packages are usually quite limited and lacking, or outdated. Sooner or later they have to go looking elsewhere, and the first things they find is that A) packages from different distros and sources often fail to function correctly or at all, B) flatpaks, snaps, appimages, etc. suck eggs, and C) there’s virtually no paid software so you can’t get service even if you were willing to pay for it.
This forces users to become pseudo-developers to solve problems that shouldn’t exist in the first place if the actual developers did their jobs properly, and it costs them the availability of millions of software titles that would exist if the community and the developers made the political choice to support it as a platform.
They don’t, because they want to keep Linux as their own playground where people play by their rules, instead of turning it into a system that everybody can use.
Mind, a typical Linux distribution has like 4,000 software titles, and for any user most of those are going to be completely irrelevant. For any need, they’re going to find maybe one, or none, that works for them, and even that’s probably going to be three versions out of date.
Google play has 1.57 million software titles, so even if the vast majority of them are irrelevant, there’s probably going to be at least one app that is perfect for any one user’s need. This is because Google isn’t trying to restrict what kind of software there are – only that the software should be distributed through Google.
Meanwhile, Linux devs and maintainers have the ulterior motive of only supporting software vendors that give them the source code to play with – open source – which means they’re closing off the other 99.99% of the market for software from their users.
And from a user’s perspective, that sucks way way worse than Google limiting sideloading apps.
Isn’t that what appimages are for?
Yes, that’s one of the workarounds.
Point being, the system should be built and standardized in such a way that third party software vendors and their users wouldn’t need “support” from the system (of people) to distribute software between themselves. No gates, no keepers. No centralized repositories.
Because any time you introduce such a bottleneck, it becomes either a logistical, or a political pinch point that inconveniences everyone. The example of what Google is doing is exactly the same thing that the open source community is doing – the only difference being that you believe the unpaid open source developers maintaining all your software repositories are on your side and doing your bidding instead of going “Huh, who are you and why should I care?”.
It’s absolutely not the same thing. It sounds like you have an axe to grind and are grasping at straws.
Sure, but that doesn’t take away from the fact that Linux developers and community are refusing to standardize the OS for binary compatibility intentionally to make it more difficult to distribute anything but open source software. That’s not exactly a conspiracy – it’s often stated directly as a reason to why the platform is what it is.
And that is the same game that Google is playing. Just different goalposts.
git clone https://
cd
make
sudo make install
My, how inconvenienced I’ve been. These commands are so arcane that I might have to read the second page of the documentation.
Installing from source only supports software with the source available. That’s one of the political pinch points: exclusion of commercial paid software from the system. This is still playing the same game that we’re accusing Google for.
The people behind the OS should have no leverage or involvement over what software I choose to run and what software is available to me, which includes whether I choose open or closed source.
yeah i thought you were being overblown but now i agree with you and i think it highlights what a big deal this isn’t.
from the perspective of a commercial developer, the things that google officially controls matter a great deal. i am not commercial, i write for my own use, and i happily continue to use my apps even after the play store turned against me. but to a commercial user, the play store has an enormous power over them.
from the perspective of a commercial user, verification is a complete non-issue. i’m a verified android developer and it only cost me about an hour of my time. but other choices by google have absolutely destroyed my ability to publish on the play store. the commercial users will not care about verification, but some of them will fight to the death over the other issues (see epic vs apple lawsuit).
anyways, precious few commercial developers rely on sideloading to distribute! the vast majority of app money is made by institutions that kowtow to the whims of the play store.
wget “https://commercialsoftware.co/compiled-installers/closedsourcejunk-x86_64.deb” # or download in your browser
sudo dpkg -i closedsourcejunk-x86_64.deb # or double-click in your GUI
No harder than in any of the other desktop OSes or current Android.
Now were getting down to brass tax. The real issue is it’s not open, open source perhaps, but in the worst way possible. Not feasible to opt out of your carriers eco system. Hard to root a device any longer and have a chance to remove all the pre loaded garbage. Face it we don’t own our devices they own us and it’s been that way for a long time. We have always been the product. We like to let a little whimper when they step a little closer to total control, but we have already given up so much and until there is a reasonably capable option were stuck with two evils. We know what is right, now we just need a solution. My next phone will suck because I’m going to try to not use Android. Wish me luck.
You do realise you can build a static binary that just works on any Linux? The only condition is that it’s not guaranteed to work with kernels older than what it was built with, so essentially forward compatability guaranteed, backwards may or may not work. Of course this ends up potentially with a bloated binary but it’s a tradeoff for compatibility.
No. Not in any way.
they don’t give a flying f what you run or don’t. and since it’s unlikely that you want to pay them, you can’t really complain. go spin your own distro and see how many companies agree to let you distribute their closed source payware. few will when they are not able to control the underlying system in any way.
what google does is giving you as little control as they can get away with. which is also a selling point to all the malware devs on their playstore. the less control you have, the more data they can collect and sell without you interfering.
and with all the crap you posted here, you even deserve that.
btw, linux isn’t an os.
its fine and dandy when that source resolves its dependencies properly, doesn’t throw any errors, likes your kernel version and window manager. expecting end users to know how to debug build scripts does not make people flock to your distro.
Again Dude that isn’t how it works – the distro maintainers ACTIVELY PUT IN THE WORK to compile and provide a big list of FOSS software in easy to install ready to run packages for multiple architectures too! But anybody at all can do that work for their own programs and distribute it, create the ‘f-droid’ style giant bonus repo of the the distro won’t – THE DISTRO DOESN’T CARE OR DO ANYTHING TO PREVENT YOU SHARING YOUR PROGRAMS, even using their package manager and repos for all the common library etc – you get to use lots of their work for free if you want to!
The only thing the distro maintainers might not do is actually do that distribution work for you – which is how it should be! You can’t force them to do work on your behalf for no pay, but they are in no way preventing you from doing it for yourself!
Where here Google IS gatekeeping – if they choose to blacklist you or refuse to grant you a certification in the first place your stuff goes nowhere, nobody can use it, and you have no recourse as they effectively can enforce it with how much they own the hardware, OS, and software platforms.
Maybe the community will find ways around, as they have with rooting phones etc in the past, but the more locked down stuff gets the harder it is to do so. Plus even if they do you also have to find a way that the OS won’t notice and suddenly decide to lock your users out of all play store services, banking apps etc because the phone ‘isn’t trustworthy’.
If you don’t like Google Android you can always buy a Raspberry-Pi, Waveshare LCD and some chinese 3G GSM modem. It’s not going to be perfect but it will work good enough as a feature phone or a tablet.
haha i’m a broken record on this issue which is a complete side story in this context. but
raspberry pi will NOT work good enough in ANY mobile situation. it is not a mobile processor, the raspberry pi boards do not have power management features, and the raspberry pi closed source ecosystem gets directly in the way of any attempt to overcome these problems. to get a 12 hour battery life, you will be carrying around a huge battery, the thing will be hot literally burning your leg even when idle, and you will absolutely have to recharge every time you pull the thing out of your pocket.
your general point still stands — it’s never been easier to make a cellphone from discrete components :)
Bit of an exaggeration there, these things do idle down at a respectably low power draw and run relative cool (also do have thermal monitoring so even at full tilt it shouldn’t be burning your leg if you care to configure it). Yes they are not a mobile processor, but if you wanted to use one it wouldn’t be that bad (especially as the phone in theory should have the modem in control when its in your pocket with the Pi in its suspended-off state)
Far as I’m aware right now 3G is slated to be terminated in huge areas of the world, so probably not a good choice. And the 4 and 5G modems are much harder to find and trickier to run.
Though I do also agree with the point it is possible – though in this case I think you just buy the Pinephone (etc) that actually is a Linux phone with relatively mainline and open hardware by design – building your own is a fun project I’m sure, but if its meant to actually be roughly comparable in use to a smartphone making it that compact, powerful, etc is going to be a real challenge to build that single one of with the more off the shelf modular small order number bits.
Foldi – you are literally spreading misinformation that i have repeatedly debunked here. years ago, you made up power consumption figures for various raspberry pi boards in idle states that were off by more than 4x from reality. it’s only relatively cool compared to a desktop-class intel cpu, or a 10+ year old intel laptop cpu. and it will literally burn your leg, because you can’t use air cooling when something’s in your pocket, so it will get even hotter than it does sitting naked on my workbench!
No Greg I either quoted from the data sheet or my personal experience from undervolting and downclocking specific pi models! Which for some reason you can never understand, as you seem to think I’m talking like its shutting down 3 cores etc into extra low powerstates or something…
Plus in this case as I said the Pi isn’t even really on when its in your pocket – the modem the only thing that should be awake!
Foldi – no, you’re wrong. in the past, you posted wrong operating current numbers that were wrong. i refuted them using both the datasheet and websites of people who had tried games like undervolting it.
and the pi doesn’t have a suspend mode! full stop! it has to complete cold reboot every time it wakes up. yeah it “boots fast”, but that’s a way bigger compromise in a cellphone than clicking the hidden menu button that says ‘allow sideloading’ or shopping for one with a factory-unlocked bootloader in the first place.
Again Greg I posted facts from the F’ing data sheet or personal experience of pushing for lower power consumption!
I don’t disagree the limited power saving options on the Pi make it somewhat poorly suited for this smartphone pocket sized role, as they are so tiny you can’t easily fit batteries of a size to get a runtime you’d like. But reporting personal factual experience or from the data sheet is exactly what I did! You just refuse to accept that as you want to only consider lower power states of the type you want, which the pi does lack.
That Pi in question was a 3 or 4 IIRC and does have something that at least in the past the documentation called something like along the lines of suspend state – and for valid reasoning really, as its the state where the Pi is still continuously powered, darn nearly entirely off but not quite as it will still turn back on when prompted rather than only with a full external power cycle as it would be if you turned it off. I agree that isn’t exactly the same functionally as the more usual ‘suspended’ state, but then there are also so many of those too in the electronics world. The word doesn’t have a strictly defined meaning beyond the broadest overview of it was in some non functional at the moment lower power state that can be recovered from!
Also Pi depending on the model anyway at idle but definitively on isn’t going putting out enough heat to matter to a smartphone sized heat sink in your pocket, even if your pocket is rather well insulated its going to be tough to get that hot – rather warm yes, I’d certainly not want it in my pocket, except maybe in arctic conditions but still it isn’t going into burning territory while doing no work easily.
Yes, but the third party software vendors won’t do that because there’s N different distros and versions around and it’s just too much effort for too little gain. If there was only one standard base Linux to target, it would be practically feasible, but there isn’t. Then again, if there was one standard base Linux to target, you wouldn’t need repositories because you could write static packages and install from a local copy that you could just download. You know, setup.exe?
Also, the idea of the users adding other repositories into their package management, that can technically override and “update” the entire OS if taken over by malicious parties, is a security nightmare. The static installer of an application package cannot make an arbitrary switcheroo and you can check that it hasn’t been modified from a known good state.
Yes they do: by not providing and maintaining standard binary/library/etc. compatibility so third party vendors could have a target to aim for. In failing to provide proper support and stability for distributing third party applications, they are making the political choice to favor vendors and apps that go through the official channels (i.e themselves) OR distribute the source code directly so the users can compile it locally.
…or use appimages, snaps, etc. kludges and workarounds that only exist because the distro developers and the community in general choose not to do their job right.
In other words, the Linux community WANTS to keep all the threads in hand, to keep political control over how software is most easily distributed and most reachable by users. They’re doing exactly the same thing that Google is doing by its attempts to discourage sideloading, for similar motivations.
That isn’t how Linux updates work – it might check and notify you there are updates on its own but nothing ever happens without the users consent, and it is in every package manager I’ve ever seen VERY VERY VERY clear where the packages are coming from, especially should you ever being changing that source where it will definitely ask something like “Do you really want to move x away from “OpenSuse” to “Bob’s Discount Junk”?”
That malicious party taking over the third party repo can achieve nothing but breaking the software specifically installed from that repo in the very worst case without active user stupidity.
Again not really how it works, though this time with a grain of truth – the software developer doesn’t target a specific distro they simply mark their packages with a ‘Requires x version y or greater’ and the package mangers will resolve all those dependencies for the user from that distro’s repository. So in theory the developer doesn’t need to target a specific distro at all, simply state which versions of whatever common library are acceptable. The grain of truth being that the package manager may not be able to satisfy all the existing dependencies and this developers specific software from that distro’s repo, or might right now but cause the user trouble upgrading later.
Oh so basically the exact thing flatpak and appimages are… Which are not really kludges at all, but a way to have the best of both worlds, allowing your lazy or closed source developer to simply ship everything their app needs with it as a simple executable that runs in its sandbox, at the cost of more disk space consumed for the user. And unlike windoze where it probably needs admin privileges to run the first time and will almost certainly make changes to the OS without the user having a clue what it has done the Linux versions are in theory bottled up safely (in practice a bit less so, and the bottles can occasionally be annoying for working well – but still massively better than giving your less trusted application the full keys to the kingdom!).
don’t feed it
That’s not even close to what’s happening.
I run Debian on most of my devices. If I write an app that I want to distribute via Debian’s apt repos, Debian requires that someone maintain the packaging for that app – whether that be myself, or someone else. This is roughly the equivalent of Google’s Play Store, for an Android analogy.
If I want to set up my own apt repo to distribute my app to Debian users, I can do so. This is roughly the equivalent of what F-Droid does in Android land.
But here is where the analogies end: if I, as an end user, want to clone someone’s github repo, compile their app from source, and install it, Debian won’t know, nor care. After all, it’s my device. Why should they? What’s happening here with Android is that Google is going to start requiring that I, as an end user, only install apps from a whitelisted set of app developers, regardless of whether I obtain that app from Google Play or someone’s github repo, something that no other distro does.
It’s all in the name of ‘security’, of course – I can’t possibly see how Google would benefit from this policy.
If you’re going to make an analogy, please keep it relevant – saying ‘but all other app repos do this!’ isn’t remotely relevant to ‘OS vendor wants to control what you can install on your device, no matter where you obtain it from’.
The goal of Debian is to release a stable, successful, and secure Debian OS.
Everything they do SHOULD be in it’s users best interest, because there is no pressure to do otherwise.
Google is a for-profit corporation.
Their goal is to maximize shareholder profits.
End user interest are not only irrelevant, their goal is openly hostile to them.
You have brought up the Google ~= distro software repository comparison in multiple threads here. And you are just wrong. They are not the same thing, because the core motivations are directly opposed.
A peanut butter sandwich and a cyanide sandwich share the same form, but have the opposite goal.
When we argue against a company forcing people to eat cyanide sandwiches, constantly pointing out that Joe’s Sandwich house also makes sandwiches does nothing but confuse the discussion.
Have I accidentally landed on another planet? On my Linux computer (LMDE in my case, but I’m sure this also applies to other distributions), I have packages from apt repositories from three different sources, software installed from the GUI with Flatpak and others from the command line with Nix, and in addition, I have the Steam client with mostly proprietary software. Without even getting into things I could install from source or others because the software manufacturer has made the effort to create a decent installer for Linux.
I don’t recognize myself at all in what is implied; all these sources have cost me no effort whatsoever, and apt and Flatpack are also configured by default.
Flatpacks aren’t usually that outdated if at all. Anyway there’s a HUGE difference between making something harder to do and blocking it outright, if the announcment was something like “ok to avoid people scamming grannies to install unsigned APK you need to enable dev mode, open a terminal and do this and that fisrt” I’m sure the response would have been like “ok”.
There is also the REASON why something is done… there’s also a difference between “you still can do it, but we won’t put efforts to support something like close source code that we do not support as an ideology, but feel free to install it anyway on your own” and “we plan to lock down our system to maintain a monopoly on control for the apps and to decide what you can and cannot do with your phone, here’s your token excuse, feel free to pick bad hackers, people scamming grandma or… THE KIDS”
I am popcorning this but wait until some threat actor shits the repo hot tub. It is important to have other options and the walled garden is infinitely more hostile than old droid land lol. Blurb feels more like a foregone conclusion than any rational why piece.
As a Samsung user, i couldnt care less. As long as the phone works as intended and i get what i want installed on the company phone, google can freeze the whole ecology. I do my playing on laptops.
I prefer to be able to side load apps. I have a few old games I like to play, they are no longer on the store but still works on my phone. I had to side load those when I got the new one a year ago. Snowflake Sudoku (1-6 in a single hexagon of 6 triangles, multiple hexigons and partial hexigons to form snowflake like shape) aren’t common and only obsolete version exists, not on any store.
yeah i have a few games in this situation, mostly from humble bundle back in the day. i’m far more upset that android API drift has actually in real life already broken full-screen mode in crimsonland than i am by this rumor about some hypothetical future phone will throw up some minor and easily-surmountable roadblock to side loading.
Sure, just like the easily surmountable roadblock of bricking the device if it’s tied to a now non-existent Google account.
It’s always easily surmountable right until all the people with enough insight into the devices are legally prevented from helping you do what you’d like. With the device you ostensibly own.
i don’t know your exact scenario but unless the device was disabled by anti-theft protection, you can generally restore to factory by holding down one of the volume buttons along with the power button, and then using the fastboot / recovery menu that appears to wipe the device
Dear Greg. When you do this method, upon resetting the phone it will require the previous account to be logged into, otherwise the device will remain locked. Something remains in a persistant partition on the phone.
You need to remove the account before reset, or otherwise have a way to get around this ‘feature’ that ‘reduces cellphone theft’ …
We have to fight back when they tighten their, already crushing, grip.
Stop simping for corporations by trying to play this off. If it doesn’t matter to you then it shouldn’t matter if everyone fights it and gets it taken back.
hello friend
i said that i’m a lot more upset about a harm that google has really and already done to me than i am about a hypothetical future harm that which will not come to pass
that’s the opposite of simping for google. i’m saying that google’s regular bad acting is the forest, which people miss when they focus on this irrelevancy that isn’t even really one of the trees. you can protest all you want — this thing won’t happen whether you protest or not. but no matter how much you protest, they’re not going to abandon breaking compatibility going forward. you aren’t even protesting that!
Hardly, making noise and pushing back about future caltrops they are announcing doesn’t mean you actually like the already minefield like floor. But the existing forest of caltrop would be much easier to clean up eventually if you can stop them adding ever more as well!
Given Googles track record across its entire history it is about as likely to happen as not, given their more recent track record…
For experienced techies like us I prefer the ability to sideload. BUT understand that the masses, who have no F’n clue about anything go to pirate sites, then download APKs that are injected with viruses and then you get biased media reports that Android is insecure. Which is BS.
That is a crap argument really – if they have no F’n clue they are unlikely to actually manage to follow the guide to install the malware and F their devices anyway…
Its that dangerous knows just enough folks that will perhaps get caught out – and most them are just techies like us but with the clock rolled back (perhaps by quite a few decades of life experience and understanding) to the point we didn’t know better. These folks kinda need to be caught out so they can actually learn something!
Idiots are fairly good at following instructions. Being clueless doesn’t mean you’re lazy as well.
In fact, never underestimate the tenacity of a fool for digging their own grave.
There are grades of idiots.
In German parlance, the ‘Full Idiot’ can’t follow simple instructions.
I know a really smart engineer who shifted into ‘final distribution package prototype’ consultant.
He could think like an idiot of all grades simultaneously, in an inexplicable way.
Companies hired him because he would sometimes save them millions.
Word got around.
But you have to be somewhat less of an idiot to actually know enough to go looking for the instructions in the first place – it takes the full throttle savant level of idiot to blindly try and follow the Nigerian prince email scam level of malware install path, and those folks probably can’t actually follow the necessarily quite technical instructions successfully.
The ones that know enough to go looking for those instructions on their own but lack the depth of understand beyond that are the ones in the real danger zone with something like this.
It is nobodies job to protect idiots from themselves. It smacks of “Baby can’t eat steak so daddy can’t have steak”.
There is always a better middle ground.
And your analogy is wrong.
Baby doesn’t order, cook, or choose to have the steak. That is already a Daddy problem.
Further, baby having steak doesn’t potentially endanger Bob and Sally who live 3 towns over.
IMO Joe Rando probably shouldn’t be allowed to sideload from a random developer without there being substantial roadblocks.
On the other hand, an informed consumer SHOULD be able to make that choice.
The problem is a system implementation one.
As long as those ‘substantial roadblocks’ are nothing more than a problem THEY can solve alone – so a message like ‘Are you sure?’ maybe with a warning or even that EULA type scroll thing so its entirely on Joe if they are stupid enough to accept the consequences without reading it…
With the informed user able to turn that ask every time annoying question off…
To be fair we should probably just invent a Sandbox app that can run any app virtualized.
This would have side benefits that we can run regular apps in an environment where they don’t have full access to our phone. It is pretty common for me to have an app requesting stupid permissions and refusing to work full stop even though I was not planning to use any of the features that require those permissions.
This is what the web browser is. It’s an open runtime. Google and Apple just need to make the rest of the hardware able to access it.
No…
A web browser is for…browsing web pages.
Anything else it can do strays from this purpose, and contributes to the gradual enshitification of our internet and computers.
most the things they make apps for can be better handled by a web page. they dont like this because your browser can run an ad blocker. and they want to push those ads that make android a completely unusable ecosystem, so its an app.
i had to find my mom a solitare app. you know the kind of thing that used to come stock with the os and ran on the local machine. every last one of them was a front to push senior scam ads.
C’mon. Inventions grow beyond their original purpose all the time. Just because something grows doesn’t mean it grows in a negative direction.
The modern web browser has grown beyond its original intent. It started out as a simple protocol parser and display. You could read documents sent in html over http. Then Input controls were supported. Images, Video, Audio, Drawing, Animation, interactivity, and now a powerful compiled language.
If you don’t want to use your browser as an app engine, that’s fine. But it’s there today. It can be used right now to do a lot of what people are going to be otherwise blocked.
You can take the middleman out of the equation. As an aside, it’s worth saying that nothing about the browser specifically requires a network connection.
The problem is app developers with a attitude towards personal privacy and agency that’s pretty much like Google itself IS the ones causing all the problems.
If Google was serious and sincere about it and not just trying to gain more control over end-users devices, they’d both clamp down hard on malicious app devs and also provide more effective and fine-grained permissions control to the end-users.
But as always, a good chunk of those app developers also uses Google’s ad slinging and user tracking systems, so doing anything against that also harms Google’s bottom line.
And with Google being your stereotypical profits-at-almost-any-costs company, yeah, that’s not happening.
Normalize bullying corporations. Use legislation to give users and developers everything, and offer corpos little to no recourse.
Yeah, that’ll teach those evil innovators to provide us with goods and services and hire people so they can afford to buy said goods and services! How dare they! /s
If you don’t like how company X does things, start your own. That’s the beauty of free-market capitalism. Top-down bureaucratic control never improved anything.
Ideally you would be correct. Here in the real world though you couldn’t even get access to the latest processors with which to build your open phone without billions to invest. How would you suggest one start such a project? Collecting sand on the beach to melt into wafers?
I’m confused… Did Google not start in “the real world”? Did I say it would be easy or done overnight?
Google got rich off search and advertising business first, then invested in phones when they already were a multi-billion dollar company.
Or if you want other examples, Nokia made rubber boots and car tires before they got enough money to branch into televisions and radios, then into personal computers, then into cellphones. Going into cutting edge high-tech takes either massive amounts of money, or decades of time.
So the proposed solution of “start your own” will probably see you in retirement before you finally get what you wanted.
Tech companies have made no useful innovations in 20 years and I have no interest in creating a company: there are too many already. Can I create negative companies instead? Can I disband google and amazon?
Oh those poor defenseless companies that got to where they are purely through the sweat of their own hard labor.
We need to restrict the actual humans using their products more to keep those savages in line with the company values.
There is a balance to be had in protecting companies so they can effectively do business and benefit actual people. It’s way over the line on their side at the moment.
Also most of them at this point either started rich from investors or are a hollowed out and parasitized corpse of a former good business. If this was “don’t be evil” Google that made money just from ads and business licenses, trying to make things better for everyone, you might have even the faintest of a leg to stand on. However we are dealing with the all encompassing megalith that just likes to weasel in crush competition and suck up all you life, while also letting its services waste away and get worse.
except what we have is not free market capitalism, what we have is somewhere on the gamut between cronyism and socialism for me, capitalism for thee. he who controls the lobby controls the universe. make antitrust enforceable again.
This guy gets it
free market capitalism doesn’t work in general but it definitely doesn’t work when google is too big to fail and hasn’t been anti-trusted. They are not innovators, FOSS folks are. Google are opportunists that stifle more innovation than they create with systems like this. bad hill to die on chief.
Wouldn’t that be nice. Alas, with capitalism, money means everything. Us users can go pound sand.
I’ve endured google’s BS for too much time now, maybe it’s time to switch OS, they keep annoying me.
And i don’t even sideload apps, but i want to have the option in case i want to
Sorry I have a few questions I’m not too familiar with android-google relationship. I open android studio maybe twice a year to write some simple utility app for personal use, so I don’t follow these developments.
Are they saying that I won’t be able to install an application via an apk file that I have? Or are they saying an android dev won’t be allowed to put their app on the play store without their permission?
Both.
in principle the change is that the app will have to be signed by a verified developer before you will be able to sideload it. so basically taking a restriction that has been in place in the play store for a year or so now, and applying it to side loading as well.
but according to their announcement, it will continue to be easy to become a verified developer (i am one, i can verify the ease of it), and it will continue to be possible to bypass the system entirely for self-signed apps (akin to debug key apk self-signing today). so my take is that nothing will change, just another layer of ‘are you sure?’ click through. but that’s in contrary to the alarmist consensus aroud here :)
Even if it does start as that, which it might, it is only a very very tiny step from the setup in this announcement to actually shutting down independent developers and any previously registered developer they have decided they don’t like. You can be the frog in bathtub of slowly boiling water without noticing the risk of cooking if you like, doesn’t me the rest of us have to take on faith the pot will stay comfortable!
while you’re freaking out about this thing that doesn’t exist and can’t exist as long as AOSP exists
there’s a very real possibility that they’ll somehow sabotage AOSP — a fork of some sort. not even on your radar. because you’re jumping at shadows.
Given Google effectively even if the vendors are less than willing followers dictates most of what ends up on all ‘their’ devices, the framework everything runs on etc, and somehow has the trust of things like Banks so many banking apps won’t work unless the big G says its ok…
They have too much control without oversight already! So this step of ending sideloading is one more step towards making all future devices have something like a new TPM module (etc) that locks out all future devices from being so accommodating and even able to use what is left of AOSP as they cut back on freedoms users of these new devices have!
There are already indications that they are going to end AOSP. Look at the recent concerns from the GrapheneOS project.
Pretty much the only app I’ve sideloaded is SmartTube, which as you might have guessed from the name, is a Youtube front end, with a built in ad blocker. I don’t trust Google not to change their ToS to ban ad-blocking and refuse to verify the accounts associated with them.
I was thinking about this issue while reading Al’s great post on App Inventor for creating an Android app interface. I like the back-to-back timing of the posts.
The more you tighten your grip, Google, the more end user systems will slip through your fingers.
We’ve had nanny state and now we have nanny corporations.
If you want to be protected to this degree go play in the Apple sandpit with rubber knives and forks.
You have to explicitly confirm what you are doing before side loading an APK.
Why does saving stupid people from their own moronic stupidity mean that I cannot have nice things ??
We have a population problem. FFS let Darwin take care of it.
Yeah, turns out that power corrupts, no matter if it’s public or private. Who’da thunk?
Semi-open otherwise this would be a nothingburger. Just like our reaction and result to devs changing the license. Fork and do your freedom thing.
Symbian was exactly the same. I didn’t even have an appstore because it didn’t need one. The difference was that US carriers locked Symbian phones down from installing ANY applications because they wanted to charge money for “features”.
Not in Belarus though. On our phones we could install anything and back in the day I wrote some funny viruses. One of them MMS-ed goatse to all your contacts and bricked the phone XD
Also I liked playing Red Faction on my N-Gage
Exactly. Anyone could write an app for Symbian, and all the users had to do was download it and run it.
The problem with Symbian was that every friggin’ phone had a different version or variant of it, because Nokia made each and every phone so very different that they couldn’t be made software compatible.
No. Symbian apps had signatures. And now you can’t load them without setting date back, otherwise they fail to load.
Hnd signature situation is sorta like google’s
yeah i think that was really intrinsic to the symbian OS too. just like maemo on the slightly larger devices. it didn’t really solve any of the important problems before being distributed, so every time they made progress on an important problem, they had to take a few steps backwards.
the most recent decade of android has been really vexing to experience but the first few years of it, through about android 4, were a real master class in solving the important problems decently well from day 1, and then maintaining backwards compatibility as new features were added. and coincidentally android 4 is about the last time a new feature was worth anything (that’s about when the title bar at the top of the screen became useful and normalized, and the notifications became fully-featured)…so everything that has been added since then is pointless churn.
android did such a great job of it that i almost think the way forward is to fork AOSP…which i think is effectively what a lot of less expensive vendors have already done. the sticking point is whether you can use the ‘g suite apps’….but the only one i really like is ‘google maps’ and i’m confident i could replace it if i wanted to. it seems like if the pendulum swings much further, google will have to beg people to use g suite, instead of forcing us to jump through hoops in order to get the privilege.
i’m still a little upset that if you go off of the google reservation then you can’t use phone-based nfc payment…but truly, i think that’s for the best. there’s an argument for it but personally i want some functions to remain distinct.
I want to be able to install the OS that we want on our phones with ease like we can in x86 land.
You still can (unless the manufacturer locked the bootloader AND doesn’t provide a way to unlock it, like Samsung). You’ll install a Google-free Android, and enjoy a wonderful experience (more battery, more privacy, no ads). But as soon as you need a paying app, you’ll either have to pirate it or install the google hell on your phone. This isn’t going to happen anymore, since this will imply all your apps won’t be signed by google and as such, will refuse to run.
All in all, this is a good thing, since this will force real users to look for open source applications from F-Droid and trash the garbage spying apps found on Google’s store. I think I only have one application that I actually need/use from the play store (and paid for), everything else is already open source or side loaded.
Not really, as in many cases even though the device might not be locked to prevent you tinkering the kernel often has to be the probably hopelessly obsolete one the vendor tweaked specifically for the device so the hardware will actually work. So you don’t really in truth get real freedom for your own OS, just maybe to put your own skin over the vendors supplied OS with some stripped out parts.
So not all bad, at least you have some control, but it just isn’t the same as x86. In the PC world all the hardware works to the same standards so in theory anyway anything can run on any suitable hardware WITHOUT needing to know anything about the hardware when you create the installer/OS image – which is why you technically can though really shouldn’t transfer your existing OS drive between motherboards, even wildly different hardware vendors and generations and just have everything work (at least usually).
i’m just continually astonished by how confidently you say stuff like this
i’ve actually built some kernels from AOSP and chromium open source, and for the most part google and the vendors comply with the GPL and you are not stuck in the way you describe. it is often even possible to fix kernel & driver bugs that the vendor has declined to fix. people have traveled this road and they aren’t saying the things you’re saying.
And plenty of people have tried, and given up because they can’t get the information they need to actually do the job right – I didn’t say it was universal case, as I too know of cases where it has happened the right way. But that doesn’t mean the other way round isn’t also true!
So you have had good experiences, great, lucky you!
For any given piece of hardware? Please provide a more specific example rather than an equally broad general statement. As I’d actually like a decent phone with an open source tree for all its hardware.
As I’ve had a similar experience as Foldi-One developing for Mediatek phone hardware stacks over the years. The H 64 bit series most recently.
@inhibit Darn Wish I’d asked that too. Kicking myself I didn’t think of it.
Yea, well, I’m saltier than you are about having to hack on Android obviously. :)
inhibit – postmarketos website publishes this information. they have a list of phones, and under the phones i spot-checked, they have a link to how to compile the kernel from source. i’m not saying anything will be easy, or that you should use postmarketos. but it is not remotely difficult to find phones with open source kernels.
Greg further specific info would be handy as many devices are not actually supported (yet anyway) by anything but the original kernel – you can make a new OS image around it with many new elements but it is still the old kernel. Or in many cases you can use a mainline or closer to it community developed kernel, but probably none of the hardware really works – but it boots! WOOO!
(Which is a good achievement but not a useful device really)
We could have had this if Linus Torvalds had upgraded the Linux license to GPLv3.
Android exists to sell non-Apple phones. If phone’s aren’t being sold, their manufacturers feel the heat. They are best positioned to move that heat to Google. Nobody needs to buy a new phone every year or two. Yet many do. Simply stop doing that IF this goes through. Convince everyone to hold onto their existing phones for 2 years. Google will fold.
Android exists to datamine its “owners”. Convincing consumers to act in their own long term interest is asking pigs to fly. They’ll buy new phones because they don’t care about sideloading or freedoms. They want the newest toy and features that come with it. Perhaps I’m too pessimistic. But I don’t think will be able convince a large enough group of consumers to not buy a new phone.
What do you think the overwhelming majority of users will do? Rebel against Google over an issue they don’t even understand much less care about, or continue to buy Android phones like nothing has happened?
I haven’t been able to use software requiring Strict Integrity for years now because I want to own my phone and have full control. This new move sucks by Google, but I actually think it will hasten the backfire. Already, I’ve noticed that nearly no software still requires strict integrity, because so many users are locked out. With this move, even more people are going to move to alternative roms, things like LineageOs, GrapheneOS, CalaxyOs, and others. More people are going to branch out to Linux phones with Waydroid. This will make Strict Integrity checks even more worthless and without that, alternate roms can just disable these sideloading checks with little other consequence.
What percentage of smartphone owners even understand that this is a problem? One percent? Less?
The owner doesn’t actually need to understand – it is their technical wizard who did/does, so the owner is not actually the most relevant thing when so many are just using the supplied experience – it is the folks setting up those device images in the first place that actually matter here.
Also while I suspect the vast majority of owners wouldn’t immediately know all the ins and outs or understand the full implications way more than your 1% of them have been impacted by this sort of thing from Google or know somebody who has enough to care. Might still be a relatively small percentage, but for the sake of argument assume its 10%, that 10% knows many more folks in the remaining 90% and will likely be demonstrating perfectly good alternatives just by going about their day without the Spymaster and Head Teacher in their pocket device dictating what they can and can’t do. So I think Jack is right this has the potential to really backfire on them quickly.
What “technical wizard”? What on earth are you talking about?
The manufacturers of phones are already in bed with Google anyhow, so they won’t object. The shops that sell phones don’t care. Who else is there to “wizard” over a cellphone?
every manufacturer of android phones has a tense relationship with google, and several of them are overtly antagonistic these days. they are not remotely servile to google.
for example, samsung loves to lock down everything they can, so this sounds like something they will love. but at the same time, samsung has constantly been trying to eliminate parts of the google ecosystem. they failed at making their own cellphone OS (so far), but they are constantly rewriting / replacing core OS functionality in android to make their unique one UI skin.
one of the biggest competitive advantages that android has is that every significant vendor who wants to replace it wants to replace it with something more locked down. if android locks down enough, like Jack Dansen says, it will only create an opportunity for something like LineageOS to become central instead of peripheral.
As Greg A says mostly. though with the added note that there are also places that deploy Government/company/university phones – in which case it may well be the in house tech wizards doing a company wide setup, perhaps with help from the vendor and/or Google, but quite possibly not too. In either case the user can be clueless.
An effectively locked down phone would be a feature for most users.
Too bad they all remain big targets with huge attack surfaces…The users demand it!
We’ve been spoiled by regular users paying for the entire eco system, when they would really have preferred much, much less versatile devices.
Gamers, geeks and devs are going it alone in the future of computing.
No hope of that group picking one solution, so no netBSD won’t win in the end.
75%+ of the market will be happier on locked down appliances, include many gamers at the lame/console end.
But that’s fine, whatever % is left needing an actual general purpose computer will be a bigger market than the whole damn thing was in 1995.
Still economically viable, but not funding Moore’s law (RIP) either.
I suspect that LineageOS – which I use – is going to have a very hard time going forward. I think Google is going to start making it more and more difficult for them to build working, feature-complete versions. Even on my 2017 Samsung, Lineage has a few quirks, and I expect that to get worse, not better. And if I recall correctly, Google’s near-term plans for Android will even leave GrapheneOS behind – they’ll end up having to do all of the reverse engineering that LineageOS does, even though Graphene only works on Pixel phones.
I don’t love Android anyway – it’s just the least of evils. What I really want is a phone that runs a regular Linux distro similar to the one I’m typing this on. The Pinephone isn’t yet suitable as a ‘daily driver’, and I don’t think it ever will be, at least for me. Then again, with Google attacking freedom yet again, maybe there’ll be a bigger market of folks like us who insist on owning our phones in fact and nit just in name. That might drive development of the ‘phone’ I’ve always wanted – a pocket-sized Linux box that I can connect a keyboard, mouse, and monitor to, which just happens to also be a fully-featured cellular phone with decent battery life.
sometimes you trust hackers and pirates more than you trust corporate overlords.
Sometimes?
you got to give the better corporate overlords the benefit of a doubt that they may actually do something right once. i cant think of any examples of that at this juncture however.
I trust burglars more than I trust the police/government.
Because police steal more money every year and brag about it.
They call their thievery ‘Civil Asset Forfeiture’, just like commies call theirs ‘Expropriation’.
i’m way off topic here but i’m triggered by how much nuance is erased in your ‘confiscation is confiscation’ gloss :)
civil asset forfeiture in the US is the process of police taking resources from people who can’t afford to pay a good lawyer and buy a premium subscription to the US legal system. it is designed and implemented as a war against impoverished people.
expropriation in USSR is the process of police taking resources from wealthy people who were mis-applying them. USSR was finely focused on not expropriating from the poor, for ideological and practical reasons. overall, communist government exists to terrorize the wealthy.
it’s superficially a similar tactic, but they are used against different groups for different reasons and with different results. i recommend reading Solzhenitsyn’s Gulag Archipelago. the first half of the first volume is sufficient to get this distinction across.
To be fair, I really don’t care about the motivations of the people who would steal from me, I just want to prevent the theft.
you should care about motive because motive often drives behavior. if you are living in USA and you aren’t poor, then civil asset forfeiture won’t hurt you. they aren’t aiming at you and they’re very unlikely to hit you and you’ll have a little recourse if they do.
these programs aren’t hypothetical and the people they impact aren’t generalized mythologies. they’re specific individuals selected according to a metric, and whether or not you fit that metric affects your future under that system.
Given that Russia is openly being run by rich oligarchs, I think your assertion may be outdated by at least several decades.
whoosh! USSR, guy. USSR. yes, i’m talking about the past.
Really not how it actually worked in practice – the came into existence “to terrorise the pre-existing wealthy” is arguably true, at least a lightly twisted paraphrase of the premise they started with. But as soon as they hold the power they become the group that largely terrorises the regular Ivan while stealing as much wealth for themselves as they can. Sure some of these new wealthy did fall from grace, fail to pay big enough bribes etc, but as a rule…
Let the Bolshevik out himself.
The idiotic derp he repeats tells the whole story.
It’s not at all like a rival airline running security. Google is the airline. A “rival airline” would be Apple running Google’s App Store.
Google make the OS, Google decides what runs on it. The oddity here is that Samsung et al have handed 90% control of their phones to Google. They’re Google’s unwitting helpers in it.
Apple make the phones; Apple runs the App Store; Apple gatekeeps. That makes sense.
The only bit of the Google story that doesn’t make sense is that Google gets control of everyone’s phones except Apple’s.
Everyone loves to hate on Apple, but it is and always has been pretty trivial to install XCode and build and sideload whatever you want to your own phone.
Software vendors pick the biggest distribution channel and ignore the rest, which means Google Play is the place you get all the software. The rest would have to duplicate effort which costs them money, and they still have less software available so people avoid them.
That doesn’t mean the other companies like Samsung aren’t trying with their own app stores. It’s just that they suck. There’s nothing on there and I’d have to make yet another account and hand over personal information to yet another company to access it.
This problem is just a symptom of centralized software distribution in general.
i miss the days when you could grab an installer off of a sketchy website and just run it like an idiot. now that i think about it this is still how i install most non-game software on windows. for now. i really dont like repos/app stores and want to go back to software you buy a physical copy of in a brick and mortar store anonymously cash on the barrel head. no 3rd party login required. im old, il go yell at clouds now (not the white fluffy ones in the sky).
I didn’t know that about Apple. Does XCode also allow for removing apps and excluding Apple infrastructure from the phone in the same way that LineageOS and others do for Android phones?
I might be interested in that, if there was also an F-Droid equivalent for Apple. But I suspect that will never happen.
It’s so easy to villianize them but they have to consider that the majority of the 72% aren’t very tech savvy and even when they are it’s still difficult to keep the nefarious things away. The fact that they are 72% means they’re a gigantic target. I love and have loved open source for a very long time but I can understand the need for a walled garden for phones. At the very least they are giving an option to developers that don’t want to use the play store, unlike apple. You can use a slippery slope argument, but that is still a fallacy last I checked. Otoh, I’m considering a phone with ubuntu touch for my next phone just because android has become such a big target.. security through obscurity isn’t the best approach but sometimes it’s better than nothing.
Also, were we the majority of android users, android wouldn’t be nearly as well funded as it is and would thus have considerably fewer features..there’s a trade-off. That’s why ubuntu touch has a lot of catching up to do, if it (probably won’t) ever do(es). If it does, it will likely face the same problems as android. Google has to consider the liabilities of non tech savvy people that keep very important things on their phones.
To put that trade-off succinctly, your grandmother doesn’t get her identity stolen or worse
Something like Ubuntu Touch or any of the other Linux on phone type concepts has in its favour is they are very very very close to mainline desktop Linux, and actively trying to converge – to some extent they don’t actually need to catch up already being miles ahead as the FOSS Linux ecosystem is so full and vibrant. With the areas where they do have work to do in theory ending up fine – it should end up thanks to that convergence goal simply being another regular part of the cycle, with development that benefit phones/desktops actually being mutually beneficial.
NB I’m not saying real Linux phones are 1:1 with the more usual alternatives by any means right now. And to some extent they never will be as the very nature of NOT being the walled garden makes the user experience different. But if you can give your grandmother a laptop you can give them a Linux phone, and they will probably be just as lost on both…
Removing hazards from the internet is like removing wolves from the forest. The prey species become overpopulated and stupid, and clutter up the place. Let nature run its course.
But does verifying a photo of a government ID really do anything? Seems like it would be trivial to fake, or use a photo from some data leak.
And if they aren’t checking the app contents, you are left with the only resort of suing the developer who is likely in another country, possibly with more lax cybersecurity laws, and trying to gather some evidence beyond your own word. Police aren’t usually interested in spending resources on international cybercrime unless it involves really big money.
The slippery slope isn’t necessarily a fallacy if there’s reasonable suspicion that the slide will occur. I.e. if taking the first step will make it more likely or easier that the next step is taken, and then the next.
For instance, if you start gambling to gain money because you’re poor, you’re likely to continue gambling because you’ll lose, and you’ll inevitably lose all your money. This is a feedback loop by the assumption that you will respond to loss by gambling more, and if that is true or at least plausible and likely, then the slippery slope isn’t a fallacy but a sound warning not to start gambling.
It becomes a fallacy if each subsequent step has an independent probability or the feedback loop isn’t plausible. Then it’s just stacking improbability on improbability.
calling a slippery slop a fallacy is like applying lubricant to a hill.
“the community needs to make noise about the issue”
Where does one make noise about that issue?
The only option I see is to get a non-Android phone.
But iPhone is still worse, I don’t know if an app I don’t want to do without will work in Waydroid on a Linux phone and using Miraclecast to connect my NexDock looks pretty damn painful!
I don’t see any place for feecback on their blog post!
The unfortunate fact of the matter for the open source movement in general is network externalities and people’s established patterns. While this community would happily ditch google’s ecosystem for something more privacy friendly, the rest of the world doesn’t seem so keen on it.
I myself use Instagram and Snapchat. I would prefer to move to something more open, but I can’t. Well, technically I could. But if I were to search most of my friend’s names in Telegram or Signal, nothing would show. Why? Because none of them have signed up. Why wouldn’t they? Because they don’t need to. Snapchat works well enough, all of their friends are already there, and if I were to move, I wouldn’t be influential enough to cause them to move. If everybody moved, things might be different. But that will probably not happen for a VERY LONG time. However, I am not willing to compromise my friendship with them just because I don’t like the platform. I will just use each in a browser, give it a burner email, and put each in it’s own profile. This also applies to Android, but in a reverse way. Many people use Android, thus platforms will develop for Android moreso than they would for any other platforms, like mobile Linux distros. As a result, app devs are stuck to google, users are stuck to google, and users are stuck to app devs. Breaking that apart is very challenging. Besides, why would most people want to? They have a perfect utopia of free apps in the Play Store, and all their friends are in the ecosystem too. The price? their privacy and autonomy. Most can’t perceive a privacy violation, though, since it happens behind closed doors and info about the specific data being taken and what happens to it is very vague and open to interpretation. Not only that, many have come to accept it as a fact of life that they assume is inescapable.
Not only that, but people’s patterns play a big role. Why learn a whole new platform when you have the muscle memory to stick to the one you have? Many people are used to their favorite platform’s features and layout.
However, I do see a ray of hope in all of this. Open source technologies are starting to find a place in the general public. Many people have heard the name Linux, and with the twitter controversy, platforms like Mastodon and Bluesky are surging in interest. Not only that, but public interest in privacy protection is starting to grow. One of the member of my Bible Study, an older gentleman, recently asked me if I could make his computer more private and google-free. I installed Firefox, disabled third party cookies, set up uBlock Origin, removed some bloatware, and did a few other things. He loves it! Honestly it was rather surprising, though, that he, being a less technical person, would show enough interest in privacy to be willing to do something about it. Sadly, though, he was set up with Gmail, and changing his Gmail would be a little too hard considering he’s used it for a very long time, so he’s not completely google-free. Better than where he was, though.
Hopefully, although the world at large is locking itself into big tech, maybe that will change in the future. It probably won’t be for a while though.
The more things go this way the easier it is to convince them, and you might be surprised at how many of your friends who are probably already using heaps of different platforms to talk to different folks anyway would add another one pile.
I use the de-googled android OS: e fundation
When you use the application store (AppLounge instead of Google Store) it allows you to see nasty things that embedded in any software you wish to install. You are informed that you may have chosen to give your soul or not.
Moreover, you can choose, after installation, what you want to “give” to each application: should it have access to your exact GPS location, or an approximated one, or a random one ? should it have access to contacts / SMS / ? …
This is far away more secure and instructive that what google want to do, from my point of view.
If you don’t inform people, you can’t blame them for being stupid :)
When Google incorporated they made their motto “Don’t be evil.” There could hardly have been a clearer sign that evil was precisely what they meant to be. “The lady doth protest too much, methinks.”
It is astounding that Google has abandoned 297 projects. Relying on Google is as stupid as Ukranians were to believe the West would defend Ukraine if they gave up their atomic weapons.
If you want a truly open system maybe preach the good word of open source and how narfarious things are ignorant.
Anyone that even gives a damn about this conversation likely has a device that has a truly open system on it and without Google. You can do nefarious shit on it, no? Surely you weighed the pros and cons of android before buying the phone with android on it vs one with ubuntu touch or something else. I’d welcome more security for my device that has important things..though, I’ll admit Google is not without their faults.
I can’t believe that sideloading is really a big problem for Google. It is already hidden behind a good layer of protection. This is just looking for trouble and it’s alienating some of their most vocal customers. Whoever though of this is out of touch with the ecosystem.
Or simply thinks they’ll get away with it, which honestly they have the chance to do this time IMO.
As it sounds like they are starting with a subtle enough step that doesn’t really really gate out the folks like us yet, but its only a small shuffle further from this statement to the outright ban of you wildcards can’t play in our sandbox at all, all things must be done through the play store. While also forcing the folks like us to get closer and closer to having jumped through all the hoops to put our work on the play store just to distribute it all that they expect to make more money.
So unless the currently rather distracted and spineless looking governments of the world decide to act on this one…
I just hope those incompetent ‘leaders’ in Brussels do something for US .. If theyd just do soms finding on some FOSS project Luke microG that would already help a little. The new EU Banking system tot remove dependency on google pay is good start though, assuming they do it in a FOSS way, and not ‘but needs to be sanctioned by google’.
Problem will be the hardware itself of course, but I trust in fairphone for the future. Pixel phones are probably at an end …. Though different departments …. And then, the EU could demand phones shall be unlockable. Kinda like we can disable and/or install our own keys into secureboot.
They want to make sure that they can get all the data they can so they can sell it. What we need is some law that prevents this and put the data brokers out of business.
How long until we can’t block intrusive ads? How long until we can’t use the video viewing platform of our choice? You already can’t uninstall most of Google’s apps. They’re baked into the phone by default, and even if you turn them off, one update later and they’re back.
Our world is getting demolished by the people whose only creative ability is to steal.
They’re still gatekeeping the RCS API, and no other company can make RCS messaging apps because of them.
Next time discuss tech, not politics.
I knew my comment were only about Google and tech, so some moderator threw out the baby with the bathwater.
Probably 99.99% of device users are incapable of recognizing security risks.
Side loading is awesome. Side loading is an obvious vector for malware. Click and run has been a security nightmare for decades.
In a strange way I miss the days when you had to jump through nefarious hoops to unlock the bootloader to be able to put your own custom roms on, it was a wild west of necessity bringing fixes where this type of greed had clamped down to restrict consumer power and personal ownership.
Then of course it became so mainstream and normalised that the attempts to cat-and-mouse became embarrassing enough that we then had devices where we knew we could root-n-rom as much as we wanted and the custom rom scene seemed to lose its edge.
Well we seem to be back here again and if there’s one thing I can be quietly confident on it’s that it doesn’t really matter what big decisions are made like this at a high level, at the end of the day there will always be people who will poke and prod and tweak and twist.
It’ll mean that Google Android devices will only be used by people who don’t have the interest in customising and controlling their own hardware, and sure for a while it’ll be cat-n-mouse again while this and that is tried, new-new’s are the latest thing and the needles shift again.
I for one side-eyeing my very crap pinephone and starting to seriously think about what a ‘phone’ actually is.
HaD gets a lot of engagement from these controversial posts 🙃
Isnt it the first step for the stuff that Apple did recently to “AltStore” Torrent client? AKA
https://www.theverge.com/news/767344/apple-removes-itorrent-altstore-pal-ios-marketplace
Apple pulls iPhone torrent app from AltStore PAL in Europe
They used directly the mechanism that we are talking here – by disabling authors certificate, so no of their devices accept anymore his apps.
Want to make the internet a better place.
Step One: Install uBlock Origin
Step Two: Add ||google.com$all, ||google*$all, ||googleapis.com$all to your block domains.
Time?
Time to learn how to use adb shell pm list packages | grep ‘google’ and
adb shell pm uninstall –user 0
Time to stop sharing our data with them?
Can’t respond to the most deeply nested comments because the button reply is hidden
That just is the way it is here, and probably a good thing really – So do what the rest of us do and reply to the last comment you can with quotes of what you are replying to inside that chain if required.
So then “open source“ android becomes basically as meaningful as “free range“ eggs? Technically true, but these “ranges“ are just a complex of slightly-larger inescapable cages with the illusion of being able to go where you want–which is only ever right where they want you to go?
This is a direct result of the recent court decision which makes sideloading mainstream.
Aka forcing Google to allow any competing app store and for few years actually give them access to full app catalog.
Installing a rando app store will now be one click exercise and would open floodgates of crap being installed on clueless users phones without any verification.
So now core android will have to enforce some basic app developer credentials/verification.
Remember how on windows you had to buy certificate to make your own drivers?
Now windows will actually give you a bit of warning if you install unsigned apps.
Mac OS is even worse, since forever it makes you jump through a lot of hoops to install apps from outside the store.
Man how long will it take for the government to just raid houses with personal computers? Every year since 2012 they have been slowly locking down the internet. It’s been an effort from both governments and corporations.
It’s kinda funny that you can pinpoint exactly the Q and the year that all the enshitfication in every major tech company in the fortune 500 started, followed by some inner turmoil in every sector almost like a caste system clash and them see they dropping comically tyrannical updates and “products” in a manner that resembles some sort of people that doesnt interact but tries to trick you by saying what you want to hear instead of having a human interaction.
My saars, I wonder what kind of people would cause this ?!
*them
Haha damn, I never made that connection, but it makes sense. Wild stuff.
So, everyone just forgot about this really fast?
https://www.theverge.com/news/662180/app-store-freedom-act-apple-third-party-app-stores
The two are not technically exclusive – forcing a third party app store to be allowed doesn’t mean that the authors of that app store (or even the apps within) can sidestep the certified google developer step now required on everything ‘for security’, that would as long as they allow a token amount to point to be a ‘fair’ playing field – that was more focused on payment methods anyway, which is an entirely different problem.
While the two are linked in monopolistic practices and somewhat related so perhaps regulators will find some teeth and act nothing in being forced to allow alternatives to exist forces you to treat them better than your own store’s developers. If anything it gives you the perfect excuse to not actually allow the third party stuff you don’t want to with a great legal argument you are not actualy blocking them, they just won’t follow the steps required for users ‘security’- at least it seems that way to me as a definitive not lawyer.
Simple question:
Will they consider ReVanced and ad blockers “malicious code”?
When it rains it pours, doesn’t? AI censoring what can be said on “social media”, authoritarianism fast gaining traction in the U.S. and all over the world., ensh!t!fication now just seen as normal, a rapidly disintegrating social situation in the U.S. and elsewhere, devices getting more locked down with each passing year, and now what Google’s doing.
Ultimately this is about money. It started with locking down bootloaders. The money isn’t in selling, it’s in monthly recurring revenue. Where you rent your device and the services you use. Google uses the Gas methodology. Raise gas to 5$ a gallon (when it was 2). People lose their minds, scream rant, threaten etc. Then after a time, lower it to $3.50. The masses go YAY! Gas is finally coming down. Quickly forgetting the profit the company made (and they lost) while it was $5. That isn’t the rub, it’s that many will feel almost gratitude that it’s $3.50 now, not $5. It’s now the new normal. In Android there are too many ways you can bypass their, “pay us for everything all the time”, system. So they take something away, let people yell, then give a little back. Not as much as they took, certainly not more. The masses will thank them in the name of safety, the rest of us will do as we are told, because we have no choice and no power over the situation.