Last week, we were talking about how glad we are to be the type who by-and-large understands technology, and how it’s becoming more and more difficult to simply get along otherwise. We thought we had a good handle on the topic.
Then, we were talking about Google’s plans to require an ID for Android developers, and whether or not this will shut down free and open software development on the Android platform. Would this be the end of the ability to run whatever software that you’d like on your phone? Google offered the figleaf that “sideloading” – installing software through methods other than Google’s official store, would still be be allowed. But there’s a catch – you have to use Android Debug Bridge (ADB).
Is that a relief? It surely means that I will be able to install anything I want: I use ADB all the time, because it’s one of the fastest and easiest ways to transfer files and update software on the device. But how many non-techies do you know who use ADB? We’d guess that requiring this step shuts out 99.9% of Android users. If you make software hard to install for the masses, even if you make it possible for the geeks, you’re effectively killing it.
I have long wondered why end-to-end encrypted e-mail isn’t the default. After all, getting a GPG signing key, distributing it to your friends, and then reading mail with supporting software shouldn’t be a big deal, right? If GPG signing were available by default in Outlook or GMail, everyone would sign their e-mail. But there is no dead-simple, non-techie friendly way to do so, and so nobody does it.
Requiring ADB to load Android software is going to have the same effect, and it’s poised to severely restrict the amount of good, open software we have on the platform unless we can figure out a way to make installing that software easy enough that even the naive users can do it.
The people who use F-droid are the same people who can use ADB. I don’t think it will affect “the masses” in any noticeable way – one of my mates who is “sort of” tech savvy didn’t even know how to unlock dev mode on his phone to be able to install F-droid (which he’d never heard of).
Exactly. Not sure what the point of this article is. Masses != developers. Developers == can use adb
It’s just crocodile tears. The same people who argue along the lines that:
…don’t seem to be able to understand how the same point applies to software distribution on platforms like Linux, and why that is a big part of the reason 97% of people don’t use it. Instead, they turn around and say it’s a good thing that independent software vendors have to go through or become distro developers to get their software into the repositories, so the users can have it easily – and repeat that X times over for all the users of all different distros.
Sure, there’s flatpaks and whatnot, but try to make one that works “universally” to actually target all the users – can’t be done. There’s no drive to standardize to the point that it could work, so you still have to target a specific distro and version to gain access to its users. No wonder that software vendors generally don’t want to cater to Linux users, and therefore no wonder there aren’t more Linux users. If you want something better or different than the handful of applications the distro developers bother to maintain, you have to pull your geek boots on and start wading through the swamp. Most of the interesting software is on other platforms though, so why bother? Just use Windows, or buy a mac.
Yes, you’re killing software by putting up barriers between the provider of the software and its users, but somehow there’s no problem when we do it. On the contrary it’s a great idea since it both protects the users from bad software and keeps the platform ideologically pure by discouraging commercial closed source software and developers who aren’t part of the community. Win-win-win.
Yet there’s a big problem when Google does it. They should do as we tell, not as we do.
This is btw. the same point why Symbian lost to Android.
Symbian was, from the user’s point of view, much more open. Unless the carrier had removed all file management functions to make it into a “feature phone”, you could just download an EXE file and run it, and that’s your app.
The problem was that Nokia built phones with heterogeneous hardware, because the engineering department operated in isolation from the software department, so each phone was optimized with unique hardware. The software department then had to adapt Symbian to each and every phone model, which fractured the platform into a multitude of versions and sub-versions, which then would not run the same app binaries.
That made it hard for ISVs to target Nokia’s phones, because for each app they had to make 12 different versions, which in practice meant that they didn’t. Nokia smartphones had apps, but in practice they didn’t have apps – for your particular phone. The app you wanted, if it existed, was on the other version and even if you had the right version of Symbian, that still didn’t guarantee that the app would actually work properly – if it was originally designed for a different Nokia phone.
Since when could you just “download and run an EXE” on symbian a linux phone distro?
Did you just jumble together a bunch of stuff or use AI?
Um, what? Symbian was based on EPOC, not Linux. The file extensions for executable files under EPOC/Symbian were .app, .opx, .opo, .dll, .exe
There was package management, called SIS, but you didn’t have to use that since programs could be run directly from any folder or directory. All you had to do was, get the files in the phone somehow. By memory card, web browser, data cable, IRdA… and then launch the program.
As someone else pointed out this appears to have been entirely generated by one of the many chat bots. Try writing this sort of thing yourself.
Essentially none of this is true. At the time Symbian was killed from within, specifically in a VP driven attempt to push Windows mobile. Not because the incredibly fragmented mobile market couldn’t handle a major like it business oriented devices with an easy build platform (because, in fact, Symbian was easy to build for).
People use app stores because they are convenient, when is not they try to download things from other vendors.
Also, Symbian was literally a branch of Debian, so yes it was Linux.
Comment depth prevents me from responding directly, this is a response to a comment by “S O”.
Are you serious? A 2-second web search proves this is false. Stop spreading this nonsense.
This anti-Linux rant is largely incoherent, and unaware that in fact you can download and run programs, but it’s very rarely necessary. The internal software listings plus Flatpak are easily graphically accessable though, and a child can figure them out.
You seem to have missed that when you decided an exe was necessary to run an application, please stop using chatbots to write your posts.
Symbian wasn’t a Debian branch, it came from Psion’s EPOC, not Linux. That’s like saying a banana is a branch of broccoli. Symbian used its own microkernel (EKA2), completely separate from the monolithic Linux kernel Debian runs on. It predates Debian-on-phones entirely, and its codebase had zero relation to GNU or Linux so telling Symbian is a branch of Debian is like calling a librarIAN an electricIAN, both ends on *ian, but those are totally different jobs!
The point is that it’s a problem, and if you don’t think regular users side load… You don’t know anything about mobile users.
Epic just won a lawsuit forcing vendors to allow their self-managed software on phones, their users (almost entirely children) have been sideloading Fortnite for a long time.
Even governments push downloaded applications for mobile. This is also why this limitation isn’t likely to last. Apple got out of a few things by judges deciding a walled garden isn’t a monopoly, but Google’s more open ecosystem somehow is, but this situation won’t last forever.
This is wildly untrue, F-Droid is way more easier to use than to ADB, it’s untethered, and lets the app and the OS handle everything for you. It’s just an alternative app store with FOSS software. F-Droid users are more likely to know how to use ADB or to be predisposed to learn how to use it since they’re very likely power users, but they don’t necessarily have to know how to use it
Exactly – you can download F-Droid through the phone’s web-browser and install it after allowing “unsafe”(or something) apps to be installed.
After that I think you can remove that global permission and grant it to F-Droid specifically.
(not entirely sure)
That’s correct.
Why should someone have to plug their phone into another device just to install/update an app? This is a completely artificial restriction, with only anti-consumer “upsides”. Just because someone knows how to use ADB doesn’t mean that they should have to do so just to have normal functionality.
I don’t need to plug a cable into a serial port (assuming that there is one) on my PC motherboard just to install software that isn’t signed by some third party. I can do that, I have UART-USB adapters, but it’d be an extra hassle of a step that isn’t needed.
+1
This is the final nail in the coffin for free speech apps like ICE block that rely on crowdsourcing, but have have been banned from Google.
If you don’t care for that specific app, I’m sure you’re creative enough to conceive of one you do, and to consider the broader effects.
There will also be less development if the audience isn’t there.
They really aren’t, and you aren’t even thinking of the many popular 3rd party stores for Android that aren’t aimed at technical people. Maybe you don’t know much about mobile users?
No they are not.
I have a very common, mass-marketed inexpensive quadcopter.
Using it required snapping their QR-code or manually typing a URL. There I clicked the “download and install” button, got prompted that sideloading needs to be turned on. That very Android prompt had a button that said something along the lines of “so do it then” I think maybe I had one confirmation click after that and the app was installed.
Yes, I have F-Droid too but sideloading does not necessarily equal F-Droid or even “techie stuff”.
The developers of that app will have to jump through an insignificant hurdle to become certified. Not exactly world-shaking to them or their customers.
Isn’t Android open source? How come Google can dictate such things?
Looks like Android is just another walled garden. Or has it always been?
I believe there is a stock vanilla android. But bootstrapping the hardware is so complex we have android versions per each device.
Google mobile services apps are proprietary, if you want them in your system, then you do as Google says. Google also does most of the development and they dictate what goes into the official releases. You can fork it, but then you need to take care of the fork.
You know, things like that.
The Android change will limit the available software, but not because “the masses” aren’t able to figure out how to install things. Users of free and open source software are almost exclusively free riders who do not contribute to its creation. The problem is that it will make it substantially more annoying and inconvenient for everybody, including software developers, to install what they want on their phones.
Additionally, the change signals that Android has become hostile territory. Writing software for a hostile environment is also known as reverse engineering, which requires additional time and different skills compared to unimpeded creative coding.
We’re doing dead simple email encryption. Unfortunately, we don’t have the money to publicly support anymore. We’re working on a solution for this. Until then, we can only offer to paying customers, unfortunately. The software is 100 % free software, though. The sources are publicly available.
Volker Birk
p≡p project
So someone will code, probably vibe-code, a graphical wrapper for ADB with some setup smarts in it? So “the masses” get a easy to use tool to “sideload” stuff.
But here’s the thing I don’t see mentioned, and by all means I don’t want to discourage the Google-bashing because they’ve earned it for a lot of things (imho), but reducing the possibility to install any old APK with maybe malicious code inside that you get from a shady place (cracked games or softwares, that sort of stuff kids do?) seems like a good move. People that are able to use ADB may be better estimating risks of unmoderated software packages, whereas the typical not-informed user might not be able to see a risk.
Like with a lot of things, this could be seen two or even more ways – a grey area, as you may call it.
I agree. There’ll be a PC-based store that automatically installs over ADB in no time.
So if Microsoft decided not to let you install Steam games, but said “Well you can still install from CD/DVD” you would be ok with that?
But what if there was a way to have steam emulate installing from CD/DVD, continuing that analogy, it’s fully possible for f-droid to use adb to install apps, especially since same device adb has been possible without root since android 9
same device adb without root ? how ? where ?
Did he say he was okay with this? He just said there will be a piece of PC software that automatically installs ADB developed quickly. What you implied is an entire different sentence.
And then what next ? When you’ll have to side load the installation of a store on your PC, you’ll explain that one could use a Fridge-based store that will allow you to install software on your PC using TOSLINK ?
How is this different from downloading a random exe from the Internet on a Windows PC and installing it? Sure MS will yell at you if it’s not signed by a known publisher, but you can still do it. What if the windows store was the only way to add ‘apps’ to a PC OS? I don’t see why people aren’t making more of a stink about this, given that in 2025 smartphones are many peoples’ main/only computing device.
Nah this is just rent seeking from the Big G – pay for your developer licence so your stuff is signed and can actually be used by the general population. Which for good measure brings you most of the way in hoop jumping to just listing it on the play store so they can take their cut of all your sales…
It doesn’t do anything to protect from malicious packages, and I’d bet Google doesn’t actually care at all as there have been so many junk apk on the store they should have noticed relatively easily and purged, but don’t. If anything Google probably like this change even more as the occasional developer having gone to far that does get ritually cut off to great fanfare of how much safer it makes their users will simply have to pay them their fee again for a new developer account. Which they won’t much care about as that developer of malware won’t care at that tiny fee to be able to exploit the huge market of users…
If someone has a phone with android 9 or above, they can use ladb (paid but open source), builds available here which allows for using adb to “sideload” apks onto their device without a computer, surely f-droid can adopt this somehow
Devils advocate here. Malicious apps are a huge problem for Android. Sideloading random apk you find on the net has had detrimental outcomes. I browse archive.org APK archive, but I stopped bc I have no assurances of the safety of sideloading. Nefarious use is the dominant use case here, people attempting to steal games outnumber developers building apps.
And the playstore is in your opinion actually safe and free from bad actors?!?!?!?!
You don’t have any assurances that an executable for desktops is safe. How is it any different?
so all you need is and ID? what’s the problem?
A little money and sending your government ID to Google.
And hope like hell that it doesnt end up on https://haveibeenpwned.com/
Where today it is to identify yourself and pay a small fee, this barrier to entry is likely to increase over time. Furthermore, they can revoke credentials if you do something they don’t like. Where, doing stuff vendors don’t like is very much a necessity when doing meaningful security research.
So a private company just wants all your personal information, including current address and a number that can directly be used to steal your identity. . .
That they will sell to others. . .
Yeah whats the problem
The problem is that Google should pay you for your ID information. Your software makes their platform useful, not the other way around. If they absolutely need your ID information, they have to afford it. Making your pay for giving your data is like double penalty. You’re already paying them with your data for everything else, now they want even more!
Now we’re getting to the real issues. Back in the 90s some of us saw the opportunity for an open source world where big businesses didn’t control everything . Ensuing years have seen this idea belittled and o/s shut down by big tech. Having ripped data from the public for free for years, Google etc want ID info to control entry into their world. If we hadn’t experimented & shared for free they’d be way behind. It’s always grab more and then ring fence it.
When the local authorities decides to blacklist yours because they don’t like what you’re developing.
So, how long till they lock the apps that are installed via adb into some sandbox with limited access to the rest of the phone? Similarly like they neutered addons in chome with manifest v3. You know, because of security .
I lost so many add-ons with manifest v3 that I switched back to firefox for there is no interest in running chrome anymore
I find this really concerning. Considering chat control that is once again a real threat in the EU und probably soon enough in the US and worldwide, being able to run our own software is becoming more and more important. Also what’s the use of being able to have your own software if you’re alone with it…
I’m not one to say “wake up people” light-heartedly, but this might well be a pretty large step towards serious restrictions in how you can privately communicate on the internet.
I get that malware is a problem on android. But this even holds for play store apps. It’s not like having to present a (fake) ID is going to stop hostile people from doing evil. It’s only going to stop “the good guys*”. It’s nothing but incapacitating and even insulting.
Chat control is quite simply a (sad) joke. Proposed by a Swedish Social Democrat (take note – the Social Democrats have a long standing tradition of saying things at one point in time, then flat out denying they said it later on, hoping nobody notices), who as mentioned in the parenthesis later on denied being behind it or even supporting it!?!
They say they expect to be able to implement it by monitoring encrypted comms and ‘sensing’ bad content, without actually looking at the content aka looking at a fibre and seeing what’s flowing over it. To the masses this likely sounds reasonable – to those with the slightest knowledge you know they can only do this by inspecting ALL your pre-encrypted traffic, but obviously if they say that the proposal would be almost dead in the water.
“A (sad) joke” describes a lot of those countries these days..
There are alternative versions of Android, but Google keeps finding ways to make those less viable, like breaking RCS and disallowing Wallet and encouraging more people to use Play Integrity. I think eventually Google is gonna overplay their hand and enough people are going to opt out of Android proper that these services are simply not going to be used by enough people that everyone has to reject them or offer viable alternatives.
Your premise is technically correct, but requires multiple reading to actually understand it, which is bad because it initially SOUNDS like you are making the opposite statement.
You (paraphrased for clarity): it is getting more and more difficult to get by without having a good understanding of technology.
That is true, and GOOD.
Tech has become far too easy in the last few decades. This leads to LESS technical expertise.
Anyone can go to Wikipedia and FEEL like they know something. This is a problem, because now they don’t listen to actual experts.
Anyone can spend $dinner to buy a dev board, fiddle with it, and ‘understand’ electronics.
The problem is, commitment and repetition are IMPORTANT parts of understanding.
Tech knowledge today is mostly casual. And I don’t mean most people have it. I mean the bar for entry is now SO LOW that you can comfortably stop learning/doing without feeling like you have wasted any sunk costs.
Making things easier is FANTASTIC for people who were already going to put that effort and commitment into it. We can learn/do twice as much.
But for people who never were going to commit, they know less than ever.
The Apple-ification/Android-ification of computing has been such an awful thing for tech knowledge. Things are now so easy, and users have been trained to rely on the system suggesting(or steering you to) what it thinks you want, that users have no clue how to even use a computer anymore. Tech knowledge for highschool graduates is lower than it has been in the last 25 years.
I certainly don’t want my permissions revoked, since I’m more than willing to put in the due diligence, and I understand the risks. But at the same time, ‘normies’ genuinely ARE children who need to be told not to pick things up off the street and put them in their mouth. If we need to make it harder for morons to ignore safeguards so they stop constantly getting malware, then so be it. They need to be treated like children.
Imagine if 90% of drivers didn’t know they should go to a mechanic if their check engine light was on, and all kept driving until their engines blew up.
“My new laptop is slow and weird after only 3 months. Fix it?”
Fixing the laptop is faster than fixing the person, but doesn’t actually fix the problem…
But we don’t. It’s their problem, not yours or mine.
If you make yourself the babysitter of the “dumb public”, then you’re making infants out of everyone and making sure you have to keep babysitting them forever. That’s a great tactic if you want to be a left wing politician, but ultimately it’s just wasting your time.
Really not true, tech always aimed to be easy for the user, even in the old copy code from the magazine by hand era you don’t have to understand it at all, just follow the instructions.
The bit that has changed is tech now by default tends toward actively trying to prevent the user from learning anything about it – NDA, obfuscated code, legal action if you reverse engineer anything and UI that hides the fact there are many configurable variables you could and in many cases really should be interacting with to have a proper setup rather than one that ‘works’. You are as the user not allowed to learn if you also wish to use the service to a large extent.
So those $dinner dev boards and the internet are just about the last bastion that lets the uninitiated learn anything about how computing and electronics actually works, and should be celebrated for existing for that reason alone. It really isn’t any different to you and your C64 (etc) ‘playing’ with some provided code as you start to understand how things worked!
Re – GPG e2e encrypted mail:
To me the main reason is that there’s no official requirement anywhere.
How many countries have ID with electronic functionality that could (have been designend to) be used to sign stuff.
Imagine that – a lot less fraud per mail because every company sending you a bill must sign it with their public key (which in turn may have been signed by some kind of state key).
Of course one would still be able to use/sign “unofficial” keys but if the option to use your ID card to GPG sign something with your name existed.
If banks, financial or really any companies were required by law to only send you signed eMails and the customer must be able to verify it…. (initially the company could just add their public key to paper mail they send to you anyway (QR-code)).
Really a frustrating sequence of commentary from Hackaday, and from some of the users as well. More than half of what I’ve read on this subject has been baselessly alarmist. TBH, it mirrors a lot of political discourse. People are obsessed with the principle of the thing but very few are considering who and what with enough specificity to say anything correct.
You consider a specific user and app and suddenly it doesn’t look like a big deal. For example, many of the apps on F-droid are already signed by verified google developers. This doesn’t kill F-droid, it’s just another in a long long line of nuissances they’ll have to deal with. An app developer that is trying to reach for the masses will jump through Google’s hoops. A member of the masses who is trying to install an app is probably going to benefit from being prevented from installing malware.
The app developer who is harmed by this is someone who wants to make an app for the masses but doesn’t want to use the play store. That venn diagram is two disjoint circles.
The end user who is harmed by this is someone who wants to hack his phone but can’t follow simple directions to install adb. The venn diagram here has a huge overlap — lots of people want to fall for scams! I don’t think we need to enable their mistake.
The particularly frustrating thing here is that there is a fire, but y’all are freaking out about something that’s not even smoke.
I’ve been sshing into my phone to install my own apps for about a decade now and it’s never worked well. Google keeps changing the Intent you have to create to accomplish this, and they keep changing the UI to accept the Intent, and it has worked well for a couple disjoint 6 month long eras, punctuated by pointless churn. The ssh server i use (and wrote) has been deleted from the play store because google decided to ban all apps that use file management permissions but aren’t file managers (and they aren’t willing to consider that people are using ssh to manage files). That’s about 30,000 active users left out in the cold by Google. As a developer, they not only break the API every year, but they also break the compatibility layers! Entirely new compatibility methodologies every couple years. They keep breaking the build system! The online documentation is a javascript nightmare that, with stock Chrome, brings my 8-core 32GB RAM computer to its knees! Instead of making a reasonable permission system for things like background execution, they keep making one system that is overly permissive, and then a year later throwing it away and replacing it with another system that is overly permissive. And none of these systems have ever worked because every single vendor responds to “my new phone’s battery only lasts 6 hours” reviews by sabotaging Google’s overly-permissive system.
Like, a core function of my phone is a bespoke app that synchronizes my notes across all my platforms. 5 minutes after i stop using it, i want it to phone home in the background. But it has never worked! I keep adopting the Google API du jour. I keep jumping through the hoops — now it’s a background service, now it’s a broadcastreceiver, now it’s a JobScheduler. It doesn’t matter, every single one of them has been only about 80% successful. Sometimes, the job is scheduled and it simply doesn’t run. And every one of them has been broken by google changing its mind.
And just as a regular end user, core apps are a poop-hitting-fan experience. Messages, Clock, and now Gboard keep getting broken. Pointless frustrating churn, but also overt bugs! These are core to the Android experience and Google just doesn’t care! I keep getting pop-up spam from Google, and i can’t block it. Every time i block a category of notification, they invent a new category to get around it. Clock has a splash screen it shows while you wait for it to load!!! YOU WAIT FOR CLOCK TO LOAD!!!
There’s a real problem, Google is the new Microsoft. This app signing requirement isn’t even a footnote to that problem.
Mostly agreed, however this is one of the most overt and obvious bad actions, and one you can actually explain to the less technically minded in a way they will understand it. Big G acting in bad faith with excessive control and money grubbing methods isn’t new, but events that make it obvious to a wider audience are relative rare. For instance I didn’t know about your file management permission problem at all, that particular annoyance is a new one to me, as it has never affected me personally (probably because my few devices are rarely used and actually stuck on very old manufacturer kernels with a postmarketOS rebadge – been needing to get something that isn’t 10+ years old for a while really, but as I rarely actually need a mobile and the ecosystem has been going to hell…).
No, you can get people riled up with this issue but no one is trying to explain it to them, only to get them riled up about it. If properly understood, it’s nothing.
It really isn’t nothing – it is not quite BMW heated seat now having subscription costs to use, but its well on the way to being that. And is a problem that will actually bother a reasonably significant portion of the users, certainly a much larger group than just the handful of developers pulling their hair out at some small highly technical annoyance.
Like what? Be more precise.
I claim that 99.9% of phone users never need anything outside of the Play store.
@Dude I’m not Google or a phone brand to have all the data on their customers to be precise. However I can’t believe for a moment its only .1% – almost certainly more like 5% as a minimum, and if you include the vendor provided stores as not play store quite possibly in the 30 odd percent.
But F-Droid’s continued existence is in its own right rather darn suggestive the population of users for software from outside of the playstore is vastly vastly greater than the number of Android software developers – which was my point anyway. Bothering the few thousand or more likely tens of android developers bothered by any of the changes Greg is annoyed by vs bothering all the users of F-droid just as a starter…
My whole point is that no one has named the intersection of cares about this but can’t install adb. I’ve read the majority of the comments on all of these articles and the closest i’ve seen is the physically-distant family member using a one-off family-only app that can no longer be distributed as easily as clicking a link from an email. And i agree that use case will face an inconvenience but it’s tiny, it’s nowhere near 5% of users.
If you don’t want to be the first to name that intersection and explain how it’s 5% of users, then i don’t suppose i can stop you from waving your hands around anyways. Enjoy yourself.
adb is way more challenging than installing something like F-droid, from which you can then load a huge number of apps (at least till Google kills it with this change). Plus to actually load an app through adb you need to know enough to curate the collection of apps you likely have to compile from source yourself…
Lots of folks might not even be able to install F-droid easily on their own as it stands, its not difficult, way way easier than getting adb working but still a little tricky. But F-droid is the sort of thing your techie friend can do for you in seconds and then leave you in control of your apps.
Oh also @Greg A the same really darn easy in comparison to adb install method F-droid uses can be used by other applications, at least until you can’t without paying rent to the big G for permission…
This is why i keep saying that if you understood this, you wouldn’t be upset — this change won’t kill F-droid! It will require a member of the dev team to get a google certification. Trust me, as an app developer, i have jumped through harsher hurdles than that one, and so have the F-droid folks. F-droid is exactly on the side of the diagram where getting the certification so they can have mass distribution is easy.
@Greg a quote from f-droid folks under the news tab
“The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.
If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all. F-Droid’s myriad users will be left adrift, with no means to install — or even update their existing installed — applications.”
SO they certainly think its going to be rather impactful…
It’ll just be another hurdle they have to jump through that they don’t want to jump through. They didn’t want to jump through the previous hurdles either.
In that case cease complaining about the change that bothers you – as the same logic applies to that problem – it is just another hurdle…
You are assuming that ADB will remain viable permanently.
You also ignore people like me who have no desire to reach widespread masses, but do share some of my programs with other non-technical people who can benefit from them.
In addition you ignore developers that don’t want to expose ALL of their PII, including current address and a number that can literally be used to steal your identity, to a private company, who’s business it is to sell your information.
There are literally TONS of reasons to be beyond infuriated with this and concerned with the future.
Or would you support Microsoft disallowing game installs from Steam, “but you can still install them from the Microsoft store, or via DVD”
No bud, that is malicious to the max
Right, and you don’t even have to endless paranoia here, there are many many cases where people will need to load software that is not in the app store or signed or signed by Google. I’ve been thinking this entire proposal was strange when it was first announced because this is like an invitation for additional lawsuits in the EU, and if Google somehow decides that this is going to be a regional thing that’s just not going to work.
My guess is that this was actually pushed by a third party, and Google is willing to let public opinion play it out because they have enough money to weather this strategically.
I am not assuming that Google won’t make a significant mis-step in the future. I’m arguing about whether this is significant.
I am not ignoring you. I’m pointing out the vanishingly small size of that gray area. I don’t care about the widespread masses, but i do enjoy giving away my software to the few who can use it, and i have been a google-verified developer for years. There is a real google policy that screwed over my 30,000 users, and verification isn’t it.
One thing you’re right about though, i willfully ignore the tiny fraction of a tiny fraction of a tiny fraction of people who have something to contribute, can’t be bothered to figure out how to publish, and are super paranoid. That group doesn’t matter to me, or really to anyone. I’m sorry.
And microsoft has its own story of signed executables, where the details really matter, just like in android
So what happens to you personally when Google decide, or more likely their automatic systems decide quite likely in error to ban you and thus your apps entirely? You can’t then publish in a useful way, it isn’t something you can just ‘figure out’! And this is all being done by the same folks that ban youtube creators for ‘violations’ or copyright struck a video in error because the automatic system has decided it is and no human is available to correct that error if the channel isn’t huge…
The whole point of your 30k of users are bothered because a change you are complaining about forces you the dev to change the program code is annoying I agree, but you can actually make that change – its no different to any other development with external dependency changes!
This is way way worse as its a step that gives them basically complete control of every users devices, as even if you assume adb will never, ever become more restrictive (like perhaps requiring you to be a paid up G developer to actually run the darn thing) it is wildly impractical to try and distribute your software via adb install methods. The HAD reader probably has that other computer/device to host the adb instance and sufficient understanding to get it working right no matter what their device(s) are, but the wider public, and even the smaller business that used your app probably doesn’t have the IT expert…
i already lost the ability to publish the only app that had a significant userbase because of an idiotic policy change on google that wasn’t even a footnote on a single hackaday article
(a) it doesn’t matter, i still use the app
(b) it’s a real fire and hackaday is ignoring it while trying to blow this smoke
And as I said elsewhere Greg I didn’t even know such a problem as one you mentioned existed – if you want HAD to cover something that most of just won’t even know happened you better tip the writers off to the problem! Where this in comparison is a darn nearly universal problem for so many, with a public announcement of a major change – its rather hard to fly under the radar with so of course its covered!
Same reason why this recent security bug in a decade of Unity game engines releases is going to be widely spread and most of us will hear about it, but a small flaw in an engine used only for some small family of rather obscure indy games only those directly impacted will even know happened!
If you haven’t yourself noticed the exodus of good apps and good developers from the google play store, the bit rot (compatibility failures) of old apps, the enshittification of core apps, and the incredible nuissance it is to develop your own apps….then you’re exactly demonstrating how tiny is the minority actually cares about any of this stuff. shrug
Most people just use the dang thing and accept that it sucks. These developer-facing nuissances that i am running into are run into by every android developer and hence indirectly by every android user but no one cares. Except this fake “muh freedoms!!” gets a lot of press but it’s the least of the insults.
Not really on two counts, one I am aware its terrible, just was not that the specific annoyance you mentioned exists.
But also it proves rather the opposite – as I don’t use Google store apps by default, but the usually better, actually privacy respecting and working properly offline apps by default that Google is now trying to make less viable with the BS in this particular article.
I am very very much in group of folks that care about this stuff and well aware its just one more element of the ever worsening Android situation (which is one of the reasons I’ve not updated my phone, just got it a fresh battery a few times instead). My phone is in tech terms a fossil and doesn’t even run Android any more (though is stuck on the original vendor kernel so the hardware actually functions at all..).
So you already gave up on android, and this policy change means even less to you than to people who actually use it. I’m shocked to discover this is the reality underlying your copious alarmist comments.
Step one make the fig leaf of still open adb.
Step two, since this requires a secondary device or a wilder wireless adb loopbacking setup while inevitably less secure.. and less visible and understood.. wait for inevitable security issues around workaround solutions employing the path to occur.
Step three use said issues as excuse to remove that path too.
It’s engineered “stop punching yourself” with a heaping of extra anti user, profit seeking, and a side of doing this to protect you more from the results of the options we chose for you.
All of this doubled for regions where bootloader unlocking has become impossible outside googles own devices and imports with poor band or carrier whitelist support.
It’s also worth noting that not everyone has a second device in the form of an open computer platform, and this goes extra for some regions so even the optional path to enable tools for wireless adb loop back on device becomes an extra hurdle.
We have a very capable computer in our pocket. It should be able to be the Swiss army knife du jour to solve when you need it on the spot issues with.
Instead it consistently becomes less useful than almost any other approach at anything.
Lock most people in a cave, with their device and a sheet of hints on talking to the door lock wirelessly to get out.
Without massive pre setup they’d now remain locked up forever if they don’t have a correct second device, if the right approved appstore tool chain to do devwork on device and deploy approved registered app to work the door isn’t available. If the dev registrations down or abandoned being sol, you name it.
You can otherwise manage people searching and script kidding their way to a chance of escape, but not like this.
It’s bad and extra fragile.
If you use adb and loopback locally you don’t need to use wireless, why would that be necessary at all? Have you never run local servers?
Aside from that, this isn’t about adb at all. It’s about creating a walled garden because that allowed apple to get out of monopoly charges in court. There’s also the likelihood of other pressure (consider UK id policy and US shenanigans), but for Google’s lawyers this is probably enough to go over their engineer’s reports saying it’s going to backfire. The EU isn’t likely to take it lying down either.
Banking apps, government apps, even heating control apps like neasmart refuse to work when ADB or debug mode is enabled. For your security (TM).
It is a pity you can not exist without a cellphone in my country. How did it become such a shackle?
“How could this big sinister iron ring with a lock on it become such a shackle? If only somebody had foreseen this!”
fwiw i think that’s a good example of a real problem. apps that won’t work on unlocked phones are a real problem.
YAcbTq3fvk
I believe Google will be forced to create an option to remove this restriction in the settings. This reeks like an attempt to create a monopoly and courts will have to get involved. It would be a different matter if authentication was free and provided by an independent organization but this is not Google’s goal it’s just another way to create a revenue stream.
Almost exactly, but you are missing the part where a judge decided Apple’s walled garden meant they aren’t a monopoly (wonder how much that cost), so to Google lawyers, this isn’t just about profit, it’s indemnification from repeated lawsuits they have been losing for quite a while now.
Still I think you’re right, and that they will be forced to allow people to opt out of it because the situation is ridiculous even without some judge deciding on Apple’s behalf questionably.
The stupid thing is that already exists. In order to install something not from Play, you need to enable the toggle in Developer Settings, which is hidden by default.
I am very glad I switched to a hybris/halium linux phone a year ago at this point. Having direct hardware access, the ability to use any programming language I want, hell even scripts with a .desktop file to launch from the UI.
Truely a breath of fresh air.
do any of you in this comment section understand that a fair bit of people who have phones don’t have computers, and still sideload apps and the such?
I was pretty shocked myself. It’s like they have no idea how much phones are used now, despite complaining about it.
I doubt this will help with any “malware” being loaded onto devices. A company should be able to use an EIN as verification and getting one is easy (DBA, LLC, etc). Nefarious folks will just do this and the issue will persist. Google still allows Google Ads as a vector for malware on PC’s (many of my non tech friends were affected and called me to help clean up the messes). Malware is a fact of life for non tech users and only education will help them non get affected – not hurdles.
I agree this Android developer signing issue is bad, but that is all to mask a much bigger problem. Google is ramping up on the security checks.
Android smartphones running Android 13 or later that are more than a year behind on security updates will be downgraded from MEETS_STRONG_INTEGRITY to MEETS_BASIC_INTEGRITY. This means payment and banking apps will stop working even if is Google certified with a locked bootloader.
The ironic part is that in the future, the only phones that will have MEETS_STRONG_INTEGRITY are new smartphones and rooted smartphones.
https://old.reddit.com/r/Magisk/comments/1m77cxd/strong_play_integrity_guide/n4wbvb7/
https://nothing.community/d/40678-all-nothing-phone-2-will-lose-meet-strong-integrity-on-6th-of-september