Wow, that’s an interesting one, thanks for that. That would be quite annoying to deal with.

In that case, since the 2FA is coming from the carrier, if you can disable 2G and 3G on your handset, the air link on LTE and above is AES-based encrypted at least, if the carrier configures it correctly, even though the channel itself often isn’t. Or if very paranoid you can use WiFi calling in airplane mode on a burner so the carrier sends the message over the wifi calling IMS-encapsulated-in-VPN-connection over the Internet.

The chance of someone being able to intercept that 2FA code in a way that could get into your bank account is pretty much absolutely scant.

Not trying to change how you do things either, though. Just knowing how terrible some banks can be at writing software, I’d be more apt to trust “weaker” methods versus apps. The future is quite exhausting.

They don’t need your permission to gather all sorts of data from most modern smartphones, nor can you really deny some of it. (Some you can, like camera, and microphone, allegedly.) Part of the whole banking<->handset manufacturer agreement also frequently allows “special access” outside of the traditional user-permission security model. For…“security” to “prevent fraud”.

Something nobody ever asked for or wanted.

This must be a European problem perhaps? I can’t understand why this is the deal breaker for so many.

Banks have web sites. I don’t know why anyone would ever allow their financial institutions access to their phone’s plethora of sensors and the available telemetry on what they are doing on their mobile device 24/7. That links confirmed ID + “trusted platform” + biometrics + transactions + location + all the metadata every other app hoovers up in one convenient place. The very same people across the pond are worried about having to verify ID to look at porn, but are cool with their bank knowing the position of their accelerometer while they’re taking a dump.

Probably only released it now to help ICE disappear people.

Good summary right there. Clean up your own house before you start preaching under the guise of user safety, fools.

So far the only “cleanup” I’ve seen in the Play Store is removing old apps that haven’t been updated in a while but still run just fine, which means things like a physical Bluetooth air quality sensor I have needs the APK sideloaded now. Totally fighting scammers, Google. Totally.

Wouldn’t it be great if these tech companies just dropped the verbal diarrhea filter and just spoke plainly?

“We’re doing this to try and increase revenue by making ourselves a walled garden like Apple, because there isn’t really competition anymore, we’re greedy, and we lost the plot,” is what they should be saying.

The Senate folded, which forced a vote in the House because that bill changed in the Senate, which brought the House back into session, so she had to be finally sworn in.

It is all, oddly, related.

Extrapolating from there, the Senate Dems decided to gamble American citizens’ health insurance in exchange for some tabloid headline documents. Hoping for…mass sentiment against the Mango presumably? Strike while there is bipartisan support for something in the House. To then what, maybe oust Mango for Couchfucker? Sow distrust? Maybe they just pulled back because they realized the US was inches from doing a general strike? What better time.

Meanwhile, citizens were ready for the long-haul. Effect real change. Get actual attention to being pissed off at this sham of a government. Thrown away for some documents that will be buried in a few disaster news cycles.

They’ll just keep further stretching out releases until they stop completely. Google is trying to kill AOSP. What will end up remaining is a skeleton (if that) akin to how Apple only has a fragment of their OS open-source anymore. Google is the enemy and should be treated as such.

LLMs are basically read-only Mr. Meseeks, except rather than being present for the whole conversation like Mr. Meseeks, each new question in the conversation is a new Mr. Meseeks that has to context the previous convo and answer. It’s no surprise they hallucinate.

If apps didn’t suck, and app devs weren’t manipulative shits, updates would be rare anyway.

Awesome, so pointless manifest revisions to manipulate store reviews and falsify user engagement will update even faster? (Which are most “Bug fixes and quality improvements!” updates these days.)

Really can’t wait for this terrible “app” update concept to go away. The market manipulation aspect drove shipping shittier code out the gate and generalized FOMO.

Or better, apps can go away entirely, lets go back to everything lives in the browser, it’s generally safer, and most “apps” are just browser containers that only exist to harvest device telemetry.

Google could, and probably would become more malicious on deprecating and obsoleting old hardware, but that’d be a huge revenue loss for them. They tend to actively support the app layer on older Android OS versions (here’s an arbitrary breakdown from some web search: https://composables.com/android-distribution-chart ) for a very long time, as older Android is used in many embedded devices, inexpensive devices, purpose-built devices, and other places.

Keeping the Play Services and Play Store up to date on older phones means they can continue a metadata-gathering and app-sale revenue stream on older phones for many years after they “age out”.

Couple that with the fact that most “reasonable” vendors now try to support 3, 5, or more years on a piece of hardware, you should at least be able to get almost half a decade out of a phone before it no longer receives primary OS updates, and likely then another 5 or so years until they stop updating for that API level.

The ELI5-ish version of it is Android is composed of a few layers. The stuff that makes the hardware work, the stuff that makes the OS work (drawing on screen, install/remove programs, texting, calls), and the stuff that makes the software (apps, etc.) work. The part they stop updating is the stuff that makes the hardware work, and the stuff that makes the OS work. However, it’s already working, soo… Over the years, Google spent a lot of time migrating as much of Android as they could so that the apps, some bits of OS, and other things like app security could be updated even on very old versions of Android. You could turn on a phone from 2015 like the BlackBerry Priv right now, and install current apps and most things would run without issue.

Yes, there could be a slight risk that some malware comes out targeting older phones with older OSes and older hardware support, but that’s generally a smaller audience than targeting the latest and greatest phones that are way more “popular” - so not really worth it to malware peeps. The hack targets would most frequently be at the app layer to cast as wide a net as possible. Since Google continues updating Play Services and the Play Store software at the app layer, this would mostly keep people safe from the majority of attack vectors. The diversity of phone hardware really helps here.

Mostly though, mobile marketing just tries as hard as they can to create FOMO that you might be missing out on something by using an older phone.

As long as humans have to be the ones to drive their vehicles, down with this distractive nonsense.

Best thing to do is just stop buying new phones. Play Services and apps will still work and receive updates for years. Swap that old battery and keep chugging for a few years.

Starving all the tech brah corpos of money is the only message we plebs have the power to send. Bouncing to their competitor in a duopoly isn’t actually “showing them” anything.

Changing your workflow is work, but those apps, and Paypal, Stripe, Plaid, and bank account linking services all really exist to harvest all your personal transaction data under the guise of making your life “easier”. There are banking regulations governing (somewhat) how older style payment methods can be tracked. These apps circumvent those regs. Those services are best used with throwaway money accounts not bound to your normal accounts, and at the end of a very long pole, but mostly not at all.

However, even credit card companies like MasterCard and American Express are in on it as well, further limiting options. AmEx is an interesting one, as they marketed themselves as a more premium card, housing most services in-house, and keeping transaction data in-house…only to turn around and profit off of it just the same.

Might as well go back to cash and paper checks at this point. Although a realistic lesser perspective is just to minimize which of these services one uses, and be sure that when paying on a web site to not check the “remember you for next time” checkbox that gathers further information to cross-link your purchases. Can’t block it all, but starve them of what one can.

The one good thing about AI video. No reason to pay “influencers” when that content can just be (crappily) generated.

Why spend all that money when you can spend less for a device by Withings that you piss on?

Palm Pre did it first. Apple copied.

You’re under-thinking it.

In pseudo-correct but probably not order:

• Step 1: Collect underpants
• Step 2: Keep receiving Google security updates but stop updating Google mainline
• Step 3: Start replacing the underbelly to just raw Linux (or BSD or whatever) and slowly shift the “Android” portion to a VM/container
• Step 4: RIL and other stuff (probably should happen first) have to be packaged up and become their new entity on the modem side (also probably the biggest challenge, but manufacturers and ODMs provide dev kits)
• Step 5: ???
• Step 6: Once the Android side is safely firewalled away from the core OS, start embracing something like PostmarketOS
• Step 7: GUI/graphics are built out with the Android pieces still running in a container
• Step 8: Start writing applications that replace the Android applications, go one by one, remove dependence on each Android application as you go while still maintaining compatibility (I mean the core OS ones that make the device at least basically functional, the F/OSS devs will have to each rewrite/change their apps, or some other magic can be inserted here that isn’t really magic.)
• Step 9: Once the OS itself is beefed up enough, retain Android container for the needs of some for some uncomfortably long frustrating time to maintain, but not too long
• Step 10: Have Obtainium/F-Droid/etc. all simultaneously pivot and start providing apps for the native OS as well as maintaining backwards compatibility with the Android apps in the container
• Step 11: Once some magic point, forced or otherwise happens, sunset the Android portion of the app stores. Keep the containerized Android around a little longer
• Step 12: Sunset the Android container, at this point the phone should be running 100% “native” OS and apps and store
• Step 14: Profit!

There are industry blueprints for this. Apple is probably the best example of how to implement these shifts, from OS 9 (co-op MT proprietary OS)->OS X (BSD-NextStep-based Unix OS), 68k->PPC, Replacing Unix underpinnings with Apple Frameworks, PPC->Intel, OS X->iOS, Mac from Intel->ARM, etc. etc. They frequently used containerization to keep the old running while the new was built up around it and replaced. It is a solid proven design pattern.

And edit72: I’m not just saying “hey magic people do this” - I’ve done this shit. I’m down to help, and I will. But the project owners need to step up for some actual work instead of just putting potpourri on something someone else built. Annoying side-story, I figured out how to cross-compile/rebuild/fix dependencies on a CPAP app called Oscar so it would be ARM-native on ARM Macs. Couldn’t figure out how to contact the devs after much digging to let them know, so. I have 1 of 1 copy of that app running ARM-MacOS native. Would be neat to help them replicate it though.

Graphene would be better off cutting themselves off from Google’s OS future entirely and pivot the fork as quickly as possible to remove all dependencies. Probably too arrogant to consider it, though. Also becomes much more work.