This will be an amazing gift to open-source devices. Android has been the elephant in the room, open and free enough and too huge to ignore.
When the elephant goes away, a lot of people will be free to innovate.
The infuriating part is that chain-of-trust certificate signing has been a fundamental part of the web for decades. It would be trivial for Google to allow third party signing authorities, for the benefit of people who aren’t comfortable handing over all their personal details to Google.
The only reason they’ve chosen not to is because protecting users isn’t as important to Google as sucking up all that sweet sweet verified personal data.
I don’t think it’s about the data. There’s not much volume here. I think instead it’s about blocking apps they don’t like. Like some pesky ad blocking apps for YouTube. They know more people would reach for YouTube adblockers as they keep increasing the ads on the free tier as well as the price of the Premium tier. The way to prevent that is to make it extremely difficult to install such apps.
deleted by creator
Do you think they won’t have a provision to revoke developer’s signing keys for reasons they determine? If they don’t, the whole malware-fighting angle would be meaningless. Once developer’s keys are revoked, their apps become uninstallable on Android that ships with Google apps. They could also easily uninstall apps signed with revoked keys.
I assume they’ll do this using chain of trust where they give signing keys to verified devs so that the apps don’t have to be signed by Google, but Android can still check if an app was signed by a Google-issued key.
E: Looking at this it says:
Register your apps
You’ll need to prove you own your apps by providing your app package name and app signing keys.
So you give your keys and I suppose they allowlist that package and keys. That means they’ll be able to revoke individual apps as well as dev keys.
Is that right!? Giving up the app signing keys would allow Google to publish anything in your name. This sounds like a nightmare.
Surely there could be some equivalent to DNS confirmation by adding a key provided by Google to a txt record (or the signed app)The pub key could be enough to check if an app was signed with the private key.
Code signing is expensive, and will force out some smaller devs from the market, and is the main scare tactic Microsoft is using on Windows.
plus using it to train an AI
You’re gonna own nothing and you’re gonna be free…
Side note. We need to do something, now. Only problem is, I don’t know what
It’s the year of the linux phone
wonder if my phone carrier would be ok if i show up with a phone with a new OS they haven’t heard about
They should not care as long as it has a compatible SIM/modem combo.
Yet…. Just wait until they require an approved OS for “safety” to activate a SIM. Just think BF6 and Secure Boot.
I’m so upset that this isn’t all that matters. Carriers usually setup really nice contracts with manufacturers for things like exclusivity and marketing.
They don’t care. Their job is solely to provide you with access to their cellular network. As long as you keep that tied to one device (and don’t phone clone, meaning share that access with multiple devices), they don’t care.
If you’re leasing your phone from them, then I guess they’d care but really only when they get the phone back. It would be best to put everything back to stock when that time comes. Of course this means you’ll want to take care to install only what you’re comfortable with and what you know works and won’t permanently damage the phone.
Some carriers also lease your phone. This could be what OP is asking.
Oh that’s a good point, I see the concern there. Thanks for the clarification, I’m going to edit my comment with that part.
And Vanilla ROMs users
Gservices you can simply remove via Adb, and MicroG has a magisk module
I’ve successfully debloated two googled ROMs before, once in stock and the other on a custom ROM with GApps prebuilt, and while you can debloat major parts like Google play and Google services, minor parts cause annoying crashes and functionality loss if you debloated it to get a full degoogled ROM, at that point , using a Vanilla ROM is better
Jumping ship isn’t really “doing something”
It is the only thing that can be done because we don’t make up a significant amount of the population of phone users unfortunately.
But, I’ll be moving rest of my family members to Apple while I find alternatives for myself just out of spite. Benefits of being the tech person of the family.
So this spite move is to the ecosystem that originally invented this same shitty closed ecosystem as a strategy. Genius.
Well when it comes to the two big corporations I do tend to see Apple in a better light than Google that is more heavily involved in the data collection and advertising business. Not that Apple isn’t collecting data and not completely private, but they seem less evil in those areas than Google.
And for regular people there is less benefit to being on Android compared to Apple, since they don’t tend to care or know about sideloading or custom ROMs. So if it’s giving data to Google or to Apple I guess it’s a matter of opinion on who it’s better for them to give it to.
The solution is what it has always been.
Since DAY ONE phone hardware should have been as standardized and open as normal PC hardware - able to run any operating system that you want.
But every time it got brought up for DECADES, techbro corporate apologists were ready to line up and talk about all the reasons that wouldn’t work and how companies would NEVER do that, as if that was some kind of sensible counterpoint.
Now the noose is closing and all it’s going to take is the combined forces of the richest companies in the world to crush what little competition remains. Undercut or sue Fairphone into oblivion, for example. The lawsuits don’t even have to have merit - they can eat the costs for a few quarters to ensure no viable alternative to the walled garden ever gets a foothold.
The thing to be done now is minimize your mobile usage altogether and try to make it to the tech dystopian endgame with a few local files of your own left.
Go to the Android developer verification site and fill out the Google Form in the bottom of the page on the right under Share your feedback.
Give any employees inside google that agree with you the materials they need to show management it’s unpopular even with developers, (even if you aren’t actually one) and give Google’s shareholders concern that this isn’t just media speculation, it’s real people with real concerns.
Thank you for this
difficulty: 99% of mobile phone owners either won’t care or will consider it a good thing that their apps are all signed. As though a professional cybercriminal doesn’t have a dozen ways of getting a fake ID.
The answer is likely a de-googled phone. We have some aftermarket variants of Android available. Though installing a new operating system on a phone isn’t very mainstream. And skipping the Play services comes with consequences. Push notifications sometimes won’t work, some apps outright refuse to work, and things like contactless payment are impossible. I’ve lived without Play services for a few years. Now I have them sandboxed in GrapheneOS. I wonder what they’re going to do to address this.
Does contactless pay work in the sandbox? What about ticket apps like mlb ballpark?
I’m pretty sure Google locks us out and Google Pay is impossible, despite the operating system being more secure, having hardware attestation and not even being rooted.
Ticket and banking apps sometimes work, sometimes they don’t. They’re doing their best and a lot of things are fine. There’s a community maintained list for banking apps here: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
Even with Play Services enabled on GrapheneOS through Sandboxed Google Play, this wouldn’t affect it, as this would be a system-level change that only affects stock Android and OEM-modified variants of Android that are “Certified Android”
GrapheneOS would not have to put much, if any effort into blocking this.
It can still affect other OSs, though not directly but by killing off open source projects
With any luck, this will just clarify the divide between OSS and the garbage on the Play store.
Honestly, given the ID requirements this feels like more efforts to track everything everyone does. It means any app with sufficient user base is trackable back to a real person. A real person they can arrest, bully or otherwise deal with if they don’t like what they’ve built.
If you are an EU citizen then you need report this to the consumer protection services.
Here are some links I have found. There might be better ways to contact them but this is what I got for now. Feel free to correct me or add more ways to make our voices heard.
If you are unsure about the problem, you can contact the European Commission at: comp-market-information@ec.europa.eu or write to:
European Commission, Directorate General for Competition Antitrust Registry B-1049 Brussels, Belgium
Fork Android?
For years Android people were yapping about how it’s open source, open platform and the competitors are not. So why not just fork it and keep on? Isn’t that the strongest point of being open source?
There’s already a bunch of forks, GrapheneOS and LineageOS being two of the most popular.
Trouble is, this affects the app ecosystem. The overwhelming majority of applications are only available through the Play Store. Sure, there are alternatives like F-Droid, but your bank isn’t offering its app through F-Droid.
Theres a high likelyhood your bank still allows access through a web browser. I think a lot of people forget that browser shortcuts that you can add to your home are a thing that makes a lot of apps partially if not fully redundant.
Or actual bank locations and ATMs.
This is why I use user agent spoofer extensions in firefox, I don’t have to deal with “you’re on a phone so here’s half the functionality” bullshit
We need reboot of N900. Although it lost support long time ago as it was launched in 2009, you can still install latest PostmarketOS onto it: https://postmarketos.org/install/
A commercial Linux phone with backing from some larger company could succeed.
I picked one of these up around 2015 and used it as my main phone for ~2 years. It’s a cool phone and I had a great time messing around with it.
Unfortunately the hardware is just into up to modern requirements - old modem means bad signal, old WiFi standard, really low RAM, very slow processor. The browser was barely usable even with an adblocker.
Sadly the Neo900 never got off the ground.
It all sounds very anticompetitive / anti trust to me.
Local laws may vary. In Australia I imagine the ACCC would the place to contact (TIO and ACMA don’t sound right)LineageOS? Aosp is still under Google control, so maybe not.
I think the problem is that this is one part of the puzzle. Samsung are doing the other half. Locked bootloader. I fully expect the bigger manufacturers to go with both for a “fully trusted platform”. That’s how they will sell it at least.
The only question is, who will be making the unlocked phones and how much will they cost us?
The only question is, who will be making the unlocked phones and how much will they cost us?
Fairphone probably. To my knowledge Fairphone 6 can be unlocked and for the less technical, who want to degoogle, they also sell Fairphone 6 with /e/os installed. You won’t get a competitive price for the hardware but rather a fair price for the hardware and under capitalism fair isn’t competitive because the competition regularly resorts to exploitation of third world resources and cheap labor.
My man I hate to say this but pretty sure lineage kicked the bucket last year, at least that what was happening when I had to change phones last year and Got the community notification
Latest Github commits are within the past hour… Why do you think that it’s dead?
Because there was a heartfelt goodbye and everything in the matrix server for it, last I was aware, yeah, they were saying it was dead. Good thing it’s back though
Matrix exists to contain people whose schizo power level was too high for discord and it has no other function. You can safely ignore 100% of all activity on matrix servers and that percentage is not an exaggeration.
Sounds like you would know something about schizophrenia
Suck my Frances E Dec
Oh, shut up LiniageOS will be stone dead any moment now.
Last blog post is from December 31 2024.
I hope there’s still someone working at it.
Yeah this is going to affect android in multiple ways. I’m guessing that the emulators and YouTube apps are out, the Devs will have all their apps banned if they bother to register.
Personally I have a developer account but some apps I give away as open source. Now I’m going to have to register those apps and if one of them isn’t up to Google’s standards (whatever they say that is on the day) then ALL of my apps get banned!
I have multiple old android devices which can’t use lineagos because they are locked or just too obscure. But right now they can be used with f-droid apps for games and ad-free content. I’m guessing that’s going to change.
The barrier to entry will go up and even more old android devices will be thrown away. Make sure you buy a mainstream device that has a chance of being supported beyond the manufacturers 2 year support window - in my experience mobile and tablets actual lifespan is 4-5 years, up to 10 with new battery. Why are we forced to throw them away after 2 years? It’s a total scam.
Of course it’s a scam. But its also a money grab and a power grab. Google is completely gone from “do no evil” to “heil Trump”
What’s worse, is that I do self hosting and almost all self host apps are open source on the android side, so now I may loose several of those apps if they don’t want to sign or are banned by Google.
The developer registers not the app.
Which in an authoritative government they know who to pressure into removing privacy features or forcing backdoor data collection
Are there currently any viable alternatives to Android and iPhone?
the easiest path would be Chinese phones without GMS like Huawei,OPPO,vivo,Xiaomi,Honor
Or use graphene os without google play services. No google play, no restrictions.
Didn’t they ban Huawei phones in the US
Yes, they banned Huawei in the free market.
Banned from selling, but its not illegal to possess one (at least for the time being), so you could still import it (and hope that customs doesn’t make up excuses to consfiscate it upon the package’s arrival).
Graphene OS is working well for me and installation was pretty straightforward. As people have said, though, it needs access to the bootloader.
And a Pixel - the only device it currently runs on (not a criticism, it’s because Pixel is the only device with a TPM).
Lineage runs on a lot more phones. It’s nit as secure as Graphene, but arguably more secure than what a phone ships with.
I’d say its as secure but not as private as Graphene.
I think you are mixing up the two terms.
Lineage OS is way less secure than Graphene OS. Lineage OS doesn’t even officially support Re-Locking of bootloader under custom keys, so it could be easily tampered with, and they also lack all the hardening that Graphene OS have.
Yep. Unfortunately, Graphene requires further investment in google products. Buy used/refurbished! Or go with Lineage.
Also, google is cracking down on custom ROMS too, checkout the calyxos blog, it is rough.
Pixel phones are so damn cheap on eBay. There’s no reason to buy directly from google.
I find this unbeliable.
But, maybe, this will finally make some viable mobile Linux alternatives exist?
unbeliable.
is that a word i haven’t learned yet or misspelling?
Liable
Be liable
Un be liable!belial-iable
I’m curious to understand how Google defines “malicious apps” that they’re using as the justification for this.
Conceivably, google revoking a certificate will mean an app installed outside of google play, will stop working for users.
How do they feel about celebrite? And the other companies that violate user privacy as their sole reason for existing. Will they still get “permission” for their apps? Seems like a great way to protect users by not issuing one to them…
They don’t care as I understand, they just want to hold an iron grip over their ecosystem
Use Ubuntu Touch?
I thought Tizen was cool, though I never used it.
Oh cool, looks like my next phone is going to be an apple huh…
Minimal apps, heavily browser reliant, and android can go fuck itself.
Out of the frying pan into the fire…
You realize Apple is already the same way, right? You have to jailbreak them to install anything outside of the app store.
I would say maybe the user is in the EU but apparently apple can still pull sideloaded apps in the EU so what’s the damn point of the DMA, Europe?
My man, I get the sentiment, but as someone who regularly has to do work on an apple for my fiancee, it’s still not worth it.
I’d argue as a transitional device / threaten the shit out of Google.
In the mean time, governments that still function should fine Google for purposely generating millions of eWaste devices in software.
Maybe they’ll correct, maybe not, but in the mean time, one can spend the time on iOS to pare back what they do on a phone, with the end goal of ending up on a dumbphone/home brewed/linux/alt phone that will then be available.
Some really sweet simple phones like light phone, keyphone, minimal phone, punk mp02 and more already.
If enough people do it, Google could be more likely to revert the change. The only thing Google loves is money, so take that away.
This only affects android phones with Google Play Services installed. So degoogled phones won’t have any issue. Please look into custom ROMS or alternatives.
Sadly they are clamping down on that front too. AOSP is no longer being developed in the open. They are also moving to a standardised internal emulator instead of releasing the “recipe” to build on real hardware development platforms (aka pixel phones)
It’s so upsetting. Makes me want to start recommending iPhones (only partially out of spite).
Edit: you can downvote, but can you tell me what the difference is at this point?
You can still get some Android phones with relatively easily repaired hardware. And for innovative third party hardware your only option is still going to be Android.
I wish there were some way to effectively protest this decision they’ve made, but I can’t think of anything they’d actually care about unless nearly all developers objected.
I may have been a little hyperbolic but it’s still a huge selling point lost for the majority.
To add bootloader unlocking probably isn’t going anywhere soon so at least you have the option to run something like graphene on Android devices.
only works for pixels unfortunately.
Graphene is only supported on Pixels for now, but by their own FAQ this isn’t the plan forever. With Google blocking third party apps at their own discretion on Android, there will certainly be motivation to officially support more devices.
