cross-posted from: https://discuss.tchncs.de/post/45277582
Opening my weather app this morning I was greeted by this warning:
Google has announced that, starting in 2026/2027, all apps on certified Android devices will require the developer to submit personal identity details directly to Google. Since the developers of this app do not agree to this requirement, this app will no longer work on certified Android devices after that time.
It’s the first time I hear about this, seems to be about:
Cirrus app: Github
Was this a big thing I somehow missed? I hope more devs will follow suit.
Seems to me like there’s about to be one hell of a market for phones that you can run alternative operating systems.
Ah yes cause that’s the only part of any platform that requires a full name and address and will absolutely make a dent when the walled garden servants now have to use their slave names people sure will Exodus in droves
Except the economics for it are trash. Google uses Android as a loss leader to make money on Google’s services.
Damn the economics. The only people who care about “cheaper phone” are those who don’t care about other things
I am going to refute you over here.
I can’t seem afford a Linux phone (or any mobile device really), simply because they tend to be made by labour in high-pay countries, while I am in a low pay country (which means I am not paid as much either).And then I can’t afford to try any possibly existing Linux ROMs on my phone, because I can’t afford to brick it at all.
-
A shitton of people have lived economic realities that don’t allow them to splurge on a phone at all, even if they’d really like digital freedom or privacy. See: half of the global smartphone market, where Android Go and KaiOS enabling cheap smartphones lead to millions of sales.
-
People who can and want to don’t even make the jump because the reality of owning a non-iOS/Android phone is that it requires sacrifices. I went to a concert last night that required me to have the Ticketmaster app to even get in. Everyone at that concert had to have either an iOS or Android phone, myself included. I’m testing Ubuntu Touch on a second phone, but if I make it my daily driver, I’m going to have to keep a second phone around for stuff like that. Ecosystems are too locked down now, and unfortunately you will have to either miss out on some things, or adapt hard-core.
-
The devices and software have to be there. Right now there are only a handful of truly modern devices thar you can load Ubuntu Touch or another Linux distro on, and they’re… not quite straightforward for non-techy people to get up and running. Which is, believe it or not, the vast majority of users.
2025 being the year of the alternative smartphone OS seems just about as likely as any other year being the year of the Linux desktop.
-
I think fairphone is doing ok. Kind of expensive
Unfortunately, I think the vast majority who care are already using one. However, with Google device tree and other shenanigans on Pixel devices, it probably makes substantial room within the niche market for the likes of Fairphone and Shiftphone to get into new regions.
On the other hand, mandates for major operating systems to report illegal activity that are in the pipeline could have a larger effect.
I dunno, I’m talking out my ass.
On the other hand, mandates for major operating systems to report illegal activity that are in the pipeline could have a larger effect.
That’s pretty much what I’m afraid of, full 1984
And massive propaganda campaigns are turning people’s civic energy back on themselves, and their own communities. Ain’t life grand?
If I didnt have to pay 2x - 3x the price for a fairphone in the US I would’ve already switched. Unfortunately, $1k for a device with USB 2.0 is really not worth it for me or anyone else I know.
If I didnt have to pay 2x - 3x the price for a fairphone in the US I would’ve already switched. Unfortunately, $1k for a device with USB 2.0 is really not worth it for me or anyone else I know.
Going for a used FP4 should address both those concerns!
But you don’t need to buy a Fairphone to use /e/OS. You can install it for free on any supported phone, so it’s worth checking the website to see if your phone is supported. Switching to /e/OS has breathed new life into my Moto g 7 without having to spend a penny on hardware.
I’m not sure why you mentioned /e/OS lol. I use iodeOS, I was using CalyxOS before that. I don’t feel entirely comfortable using /e/OS given their recent controversy with using OpenAI for STT. I want a fairphone because I dont want to buy a Pixel just to be able to relock my bootloader + I like their philosophy of carbon neutral phones w long support
Agreed, though if it weren’t for tariffs it wouldn’t be too expensive to ship from the likes of Clove Technologies. If the extra cost were going to Calyx instead of Murena I might pull the trigger.
SO TRUE LOL! If you could get the FP5/6 with a Calyx Membership that would be bomb.
Maybe they could make some similar arrangement with Shiftphone.
The ability to create them will become increasingly challenging. Carriers will increasingly not approve them.
Hopefully chip manufacturers like Qualcomm that will continue to lose revenue from Apple see the need for more generic, open hardware.
Can’t have shit in a closed system. Fuck google.
Linux on phones needs to become a thing. If they start locking down like apple does I will literally go back to a dumb phone.
Linux on phones no where near as private or usable
Android (AOSP) is really solid as a platform. Even with Google trying to turn it into a proprietary hellscape projects like Lineage OS still work to build a open platform
Degoogled android ROMs will not have this restriction, as they will just have googles verification system removed. So until linux for mobile is a bit more ready you can still use graphene/lineage/etc.
The issue with that is that fewer and fewer phones have unlockable bootloaders.
So long as you can still have GrapheneOS and others. Google’s handling of pushing updates and device tree shows how fragile that actually is. Linux phone is going to be the best solution so long as Google runs Android
Linux wouldn’t fix that
If you don’t have the source code you can’t do anything.
Aparrently they are trying to close the Sharing off android.
They can’t actually do that as vendors build off of the sources.
Luckily we have other vendors like Motorola who are very supportive of custom roms
“Very supportative” like making you wait 7 days before the option in dev settings become un-greyed lol (serious wtf, I was just about to install Lineage and learned about this bullshit, welp, guess I have to wait till next week)
It really sucks but at least the unlock process is simple and reliable.
Much better than Samsung and other companies
Idk if I’d call it “very supportive”, Motorola voids your warranty to install custom ROMs.
Are there any companies that don’t?
Anyway I’ve never had to use the warranty plus my most current phone is a eBay refurbished device
Google and Fairphone don’t. I can’t imagine Shift does either being a German company.
Yes they are. And it’s bleak.
I’d stay way from Graphene but Lineage OS is solid
Does your opinion come with a reason?
Louis Rossman: https://www.youtube.com/watch?v=4To-F6W1NT0
Techlore: https://www.youtube.com/watch?v=Dx7CZ-2Bajg
TL;DR: The Graphene devs are crazy. I wouldn’t trust them personally. If they were making something lower risk like a text editor I wouldn’t be a concerned but I take my phone seriously.
Thx for the context.
Why stay away from Graphene?
Not an endorsement, but I just found out about the existence of this phone today: FLX1 which purports to be based on Debian.
I’m really confused by this. First, does any phone running a legit copy of Android count as a “certified Android device”?
How can they enforce this for apps not on the play store? Like if I write my own APK will my phone just refuse to run it if I don’t go through some paperwork with Google? How does that work?
Like if they’re capable of this then why aren’t they doing it already to prevent piracy?
To your first question: Google released a list of all “certified” android devices and it’s basically every phone from every halfway known brand. So yeah, you will be effected. The only devices unaffected by this would probably be no name Chinese phones (probably also Huawei, but I am not shure) and IOT devices like smart fridges. The best way to avoid this would probably be installing a custom ROM, like Graphene OS.
To your second question, the Android System already controlls the package Installation process, do you know the “Do you want to install this APK” popup, you geht every time you want to install an app outside of the playstore? That’s controlled by the android operating systen and by extension Google. In the future, every android apk would have to have a unique “developer key” attached to it and if it isn’t verified by google, the android system can just refuse to install the apk. For that, you don’t have to go through the playstore, but you still would have to go through a verification process with Google for every app, you make. How that will be implemented in detail is not yet quite known.
Google could have done this much earlier, it isn’t hard to implement, but you can’t make it in a way that only negatively impacts ransomware or pirated apps. And most sideloading on Android is perfectly legitimate, so the reason, why Google hasn’t done it, because there is (deservately) a big pushback from developers.
(probably also Huawei, but I am not shure)
Huawei’s HarmonyOS NEXT is no longer based on Android code and requires some workarounds to install applications outside of AppGallery (Huawei’s app store).
Thank you.
First, does any phone running a legit copy of Android count as a “certified Android device”?
Yes
How can they enforce this for apps not on the play store?
Checks will be built into the operating system and run on install attempts
Like if write my own APK will my phone just refuse to run it if I don’t go through some paperwork with Google?
Yes
How does that work?
TBD. Probably a database check
Like if they’re capable of this then why aren’t they doing it already to prevent piracy?
Piracy of what?
certified android devices are those you can get in most stores. the play store is important for many people, ajd many apps don’t work correctly without the google mobile services components, and device makers can only legally install these on their phones if they certify their device. the certification process requires an array of quality controls and restrictions.
How can they enforce this for apps not on the play store?
certified devices will need to integrate an app verifier that will check if an app has been approved by google. the public AOSP project is said to also get this, but anyone basing on it can rip it out or modify it to their advantage. but certified device makers don’t have a choice thn to include this restriction.
Like if I write my own APK will my phone just refuse to run it if I don’t go through some paperwork with Google?
what we know so far, apps you made can be installed through a development tool. but app store aps like fdroid don’t have access to this tool, it’s difficult to enable, and somewhat risky too
How do I uncertify an Android device then?
Install a custom ROM. Or buy a Chinese made phone, such as Xiaomi (which I do not recommend***).
Edit: some custom ROM links in no particular order:
*** Edit 2: I don’t recommend the route of a Chinese brand, because I’ve had only bad experiences.
Don’t buy a Chinese phone
iodeOS is good too.
Note that if you’re in the US, Samsung doesn’t unlock the bootloaders at all and afaik Motorola is also hit or miss. Importing a phone is also risky as international versions might not have the cell bands required for US carriers.
If you want a custom ROM in the US you basically have to buy a pixel, and at that point you might as well go with GrapheneOS since it’s the most secure
And aren’t they stopping that with Pixels?
Somebody needs to actually make a Linux phone.
They haven’t stopped it yet for the pixel 10s but who knows how long it’ll last
Why the Chinese phone would work? In Europe they have Google play services and thus are also affected. Maybe it’s the Chinese version of those? Not sure if they have Google play services there
That’s a fair point. It depends on the manufacturer. Some brands don’t have google play preinstalled. I probably should have mentioned that before, sorry mate. The Xiaomi I had didn’t have playstore installed, so I had installed fdroid and aurora store. I’m actually not sure about the future of aurora store with this play store integrity bs.
Just to note, Calyx currently has a questionable future, and at best has frozen new installations while they work out new signing keys after some developers left the project. My understanding is that there will be one or no further updates to anyone that has a current installation, and a fresh install will be required if they do continue development.
Their gerrit is extremely active, and it was only one Dev that left, cdesai, who is also a lead Dev for Lineage. While its possible they dont come back, given the very active gerrit (and the fact that the other person who left was Nick, who was really only a PR person) i think theres a good chance the project comes back fine.
Man, I hope so. I’m on Graphene for now, but I’d like to move away from Pixel devices.
A security chip is great if you know what it’s doing, but we really have no idea what Titan might be doing in the background. And Google is becoming more and more abusive to the FOSS community.
I’m seriously considering trying to import a Jolla C2. I ported my number to jmp.chat, so as long as I can run Cheogram or some other XMPP client that handles the PSTN gateway well, I honestly don’t even care much about cellular connectivity anymore. My phone is basically a wifi phone with Signal, downloaded maps, authenticator app, and my music at this point.
I felt the same way about getting a OnePlus 6 or Pixel 3 for PostMarketOS. I’m currently on iodeOS which supports a lot of devices, even some EoL pixels with bootloader relocking. Its similar enough to Calyx. I tried Graphene but it wasn’t for me. I’m hoping someone within Google makes sure AOSP stays the A_OS_P, but if not I guess its time for us to start throwing money at rhe PMOS devs.
Root it
Technically, this would allow the identification of malware providers in Google’s app store.
Practically, every us citizen’s personal identification details were taken by doge idiots and are likely by now up for sale at a cheap price, so false identification by malware providers is pretty much guaranteed.
It’s a “we covered our ass” policy same as any “save the children” that does anything but the implied thing.
Technically, this would allow the identification of malware providers in Google’s app store.
play store publishers are already needed to submit (and publish) their name and address. they made it a requirement ~5 years ago.
Obviously fictional. An ID and a picture of yourself holding today’s paper are also needed to confirm authenticity.
This is about all app makers, not just ones in the Google Play Store. This also applies to third party app devs and hobbiests making open source apps to put up on alternative app stores like the all open source F-Droid.
it will most likely be patched to be able to bypass this; if not just don’t update your phone.
Those are both really bad options
Use Lineage OS
maybe a dumb question but i’ve been looking at both lineage and graphene. i currently have a s24+ so obvs i’m going to need a new one anyway to do anything. is one better than the other? i do have google fi (i don’t like google services but it’s a cheap phone plan compared to verizon). it seems like google fi works fine on graphene with the sandboxed google fi app would it work as good on lineage? and if so what do you think about pixel 9 vs 8? i was leaning for the 8/9a vs the pro since i wanted to keep my s24 just in case but if the a series is that much worse then i’ll just bite the bullet.
Graphene is by far the most technically secure option and it allows you to choose for yourself how much google you want on your phone. But you need a google phone. Lineage, as far as I know, is “just” a custom ROM with more device flexibility.
My experience with Lineage is very old and I’ve been running Graphene for more than a year now. So take it with that in mind.
You’re probably best making this a post, and also mention what you want out of your phone and why you’re currently unhappy with your S24+
I just recently replaced my Moto G7 power which lasted me about 6 years.
Lineage OS for me provides a really nice experience where I’m in control of the device. I do wish Lineage OS had bootloader locking support since many devices do support it. However, I get where the devs are coming from.
I guess if you are using any of these, (which I do and like them a lot) then the chance is high to get this message. I think this is about the russian hunt that came in effect after a US presidental order. No russian devs allowed even in the linux kernel developement. Big cleansing went down to secure IT from sabotage. Google has to oblige.
The same president that paused cybersecurity defense program, the same that first blocked funding for Radio Free Europe and when judge reinstated it he just blocked the satellites over Russia, the same president that suggested to have joint cybersecurity program with Russia?
If anything, this move is there to restrict further access to information for us.
Of course american sabotage is encouraged.
I have a bird identifier which listens to the mic when you run it and it easily identifies the birds and it gave me that tonight when I opened it. I’m thinking that F-Droid (where it came from ) may be injecting that in the installs for those devs which have yet agreed to Google’s changes or otherwise flat out said they wouldn’t. I’m not sure if that would be the case with this app, but since you got the same one I did, it makes me wonder if that is the case.
Let’s go ahead and not accuse alternative app stores of injecting code into apps they distribute with absolutely no evidence, hey?
Yes but if we don’t accuse them, how will we lock down and own all software so nobody can avoid our malicious code!?
If it is whoBIRD it’s the same author.
And Audio Spectrum Analyzer
Actually it looks like author developed a lot of apps, they are listed on GitHub https://github.com/woheller69/omweather
Yes, it’s whoBIRD
As far as I know F-Droid are adament about builds being easily to reproduce.
They are the only alternative market that worked for hours for free to come up with a build system that let’s you get the same APK with every builds.
So basically you are accusing an alt market that makes it a point that you can recreate any APK on their market. They are the only actually making sure you can check there is nothing “injected” in an APK.
