Last week, we were talking about how glad we are to be the type who by-and-large understands technology, and how it’s becoming more and more difficult to simply get along otherwise. We thought we had a good handle on the topic.
Then, we were talking about Google’s plans to require an ID for Android developers, and whether or not this will shut down free and open software development on the Android platform. Would this be the end of the ability to run whatever software that you’d like on your phone? Google offered the figleaf that “sideloading” – installing software through methods other than Google’s official store, would still be be allowed. But there’s a catch – you have to use Android Debug Bridge (ADB).
Is that a relief? It surely means that I will be able to install anything I want: I use ADB all the time, because it’s one of the fastest and easiest ways to transfer files and update software on the device. But how many non-techies do you know who use ADB? We’d guess that requiring this step shuts out 99.9% of Android users. If you make software hard to install for the masses, even if you make it possible for the geeks, you’re effectively killing it.
I have long wondered why end-to-end encrypted e-mail isn’t the default. After all, getting a GPG signing key, distributing it to your friends, and then reading mail with supporting software shouldn’t be a big deal, right? If GPG signing were available by default in Outlook or GMail, everyone would sign their e-mail. But there is no dead-simple, non-techie friendly way to do so, and so nobody does it.
Requiring ADB to load Android software is going to have the same effect, and it’s poised to severely restrict the amount of good, open software we have on the platform unless we can figure out a way to make installing that software easy enough that even the naive users can do it.
The Android change will limit the available software, but not because “the masses” aren’t able to figure out how to install things. Users of free and open source software are almost exclusively free riders who do not contribute to its creation. The problem is that it will make it substantially more annoying and inconvenient for everybody, including software developers, to install what they want on their phones.
Additionally, the change signals that Android has become hostile territory. Writing software for a hostile environment is also known as reverse engineering, which requires additional time and different skills compared to unimpeded creative coding.
We’re doing dead simple email encryption. Unfortunately, we don’t have the money to publicly support anymore. We’re working on a solution for this. Until then, we can only offer to paying customers, unfortunately. The software is 100 % free software, though. The sources are publicly available.
Volker Birk
p≡p project
Banking apps, government apps, even heating control apps like neasmart refuse to work when ADB or debug mode is enabled. For your security (TM).
It is a pity you can not exist without a cellphone in my country. How did it become such a shackle?
“How could this big sinister iron ring with a lock on it become such a shackle? If only somebody had foreseen this!”
fwiw i think that’s a good example of a real problem. apps that won’t work on unlocked phones are a real problem.
do any of you in this comment section understand that a fair bit of people who have phones don’t have computers, and still sideload apps and the such?
I was pretty shocked myself. It’s like they have no idea how much phones are used now, despite complaining about it.
I doubt this will help with any “malware” being loaded onto devices. A company should be able to use an EIN as verification and getting one is easy (DBA, LLC, etc). Nefarious folks will just do this and the issue will persist. Google still allows Google Ads as a vector for malware on PC’s (many of my non tech friends were affected and called me to help clean up the messes). Malware is a fact of life for non tech users and only education will help them non get affected – not hurdles.
I agree this Android developer signing issue is bad, but that is all to mask a much bigger problem. Google is ramping up on the security checks.
Android smartphones running Android 13 or later that are more than a year behind on security updates will be downgraded from MEETS_STRONG_INTEGRITY to MEETS_BASIC_INTEGRITY. This means payment and banking apps will stop working even if is Google certified with a locked bootloader.
The ironic part is that in the future, the only phones that will have MEETS_STRONG_INTEGRITY are new smartphones and rooted smartphones.
https://old.reddit.com/r/Magisk/comments/1m77cxd/strong_play_integrity_guide/n4wbvb7/
https://nothing.community/d/40678-all-nothing-phone-2-will-lose-meet-strong-integrity-on-6th-of-september