The future of this elegant and proven system was put in jeopardy last month, when Google unilaterally decreed that Android developers everywhere in the world are going to be required to register centrally with Google. In addition to demanding payment of a registration fee and agreement to their (non-negotiable and ever-changing) terms and conditions, Google will also require the uploading of personally identifying documents[^regid], including government ID, by the authors of the software, as well as enumerating all the unique “application identifiers” for every app that is to be distributed by the registered developer.
If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all. F-Droid’s myriad users5 will be left adrift, with no means to install — or even update their existing installed — applications.
Didn’t apple just lose some court cases about this?
I was thinking about getting into mobile development. Guess I won’t.
If Google was smart they would hammer out some sort of agreement with F-droid
I’m not sure they are that smart
They are rich, they don’t need to be smart
Once you reach orbit you can fall forever and never crash.
It’s up to us, users of those FOSS apps, to collectively pour more money into the pockets of FOSS devs to make f-droid more important to their bottom line (and for a lot of FOSS apps that are also distributed on the play store, it won’t be hard to be a bigger financial input) so that when the requirement is pushed to their play store account, they feel free to decide to side with their hearts and say goodbye play store, knowing this community will keep them fed.
Time for many of us to get aquainted with the liberapay button on most app pages in f-droid.
As I said & many others before me. We need a massive unified push towards breaking the OEM locks on our phones & make it compatible with Linux.
Linux on the phone currently sucks
We need a unified platform like Android but open
Maybe its time to fork what can be forked of android
Linux on the phone currently sucks
We need a unified platform like Android bit open
Oh, it’s preventing sidloading?! I thought it was just for their app store!
That’s shit.
If I understood correctly it doesn’t prevent sideloading, but even apps not from the app store will need to have their creator’s legal identity verified by Google. Meaning not only do they have to dox themselves, but they have to pay Google for the privilege. And if it’s an app developed to not comply with Goggle’s terms then it just won’t be usable at all.
Stop calling it “sideloading” as if it was something bad. Let’s all call it “installing apps”
Yes, some of the latest commits to AOSP repo added code to the Package Installer app for denying .apk package installation based on developer verification result, and even for denying installing .apk packages when internet isn’t available so it can’t contact Google’s servers for developer verification results. Google is already making it clear this kind BS is how they intend to enforce this ridiculous decree.
That’s egregious and really will impede using open source software on Android. Guess my phone will turn into a device for tethering now, instead.
Or just root your phone and continue to use your phone exactly how you would use a Linux laptop lol
Why would anyone use an Android phone without root after Google started showing their true face with Android half decade ago anyway lol
I mean, sadly most people. But I like the enthusiasm.
Yeah may Google have mercy on them LMAO
Hint: Google will NOT have mercy on them LMAO
Fair point, but there’s quite a large hurdle to rooting a phone nowadays, and I’m not optimistic that FOSS will continue to work as well on Android for the average person once Google introduces these restrictions. iPhones could be jailbroken but there never really was much open source software on those things.
Unlike iPhones, where Apple dictates all iPhone to require literally hacking the phone via exploits to jailbreak, the ease of rooting a phone depends entirely on its OEM. Indeed there is Samsung the Apple wannabe who makes it physically impossible to root with locked bootloader, but there’s also Sony Xperia phones where Sony makes it clear about their specific open device policy with step-by-step instructions on their dedicated developer support webpage for how to unlock bootloader and the process itself taking less than 10 seconds.
Vote with your wallet, remind others to vote with their wallet, support OEMs who don’t do the kind of anti-rooting and anti-bootloader-unlocking practices, and support FOSS projects. This is our best chance, and Google is NOT going to stop themselves doing all the evil.
Also Mr. Average McPerson is not a real human being, and we shouldn’t be too concerned about the opinion of someone who doesn’t physically exist and is merely an abstract conceptual construct.
Lobby lawmakers to label phones and devices that do not have full user control
Regarding Sony, they too may be interested in enshittifying.
Recently they removed USB camera monitor and control from non-Sony phones, locked it to only flagship Xperias, and further behind a $4.99/month paywall.
https://www.androidauthority.com/sony-xperia-monitor-and-control-camera-3593061/Also a video from Louis Rossman regarding this shit: https://youtu.be/PqPfM6lxv90
That’s hardly enshitification, the USB camera monitor feature is NOT USB video output capability, which remains as a hardware feature on all Xperia phones, it is a proprietary software feature for receiving video output from Sony’s Alpha Cameras into the phone via standard USB-C port, and displaying the camera’s viewfinder feed on the phone. This is exactly the same as what you can do with for example Spacedeck to use your phone or any other Android device as an external monitor for PC, but with Sony’s own proprietary implementation. And Sony’s implementation is exclusive to their professional Alpha series cameras, you could never use your phone as an external monitor of any other device with that feature, which would always require another software to encode the video feed to transmit theough the standard USB-C interface anyway. So it’s been an extremely niche proprietary feature only used by a very small group of people who happen to be professional photographers, doing certain specific types of photography, and happen to be using certain Sony Alpha cameras instead of professional cameras from other vendors. I agree it’s a ridiculous and beyond stupid decision from Sony but I do also think it’s a bit of a stretch to call that enshitification, especially compares to the kind of practices from many other much bigger OEMs that have unfortunately become almost ubiquitous these days throughout an entire industry.
While at the same time, Sony Xperia phones remains some of the very few high end Android phones these days that still have BOTH 3.5mm headphones jack and SD card support, together with an open device policy where you’re always free to unlock bootloader and root without artificially losing major core OS features.
Doesn’t rooting it mean a lot of apps no longer work though?
Personally I’ve had my phone rooted for years and only twice encountered an app that really wouldn’t work anymore.
Sure but what about google pay? And I imagine you have to do some stuff to get some apps to work.
I personally never used Google Pay, I don’t have a usecase for it. For other apps the worst I had to do was hide root from the app in Magisk.
Sure but what about google pay? And I imagine you have to do some stuff to get some apps to work.
You mean rooting causes some of the apps which were deliberately designed to be anti-consumer, from some of the companies that are known to be most consumer-hostile with a long history of screwing over not only their customers but also the entire industry? Yes.
But why would you use those apps anyway.
I mean rooting causes some apps that rely on androids security model may stop working so malware can’t steal all your money.
(I think, I don’t know how common this is)
You can’t root a ton of phones. My Samsung phone is 5 years old, and it still isn’t possible to root it. Also, at current I believe the Linux OS options have a much more severe battery drain.
Okay then keep buying Samsung phones and support their aggressive and audacious push for walled gardens on a platform that started as an open source OS, when they are neither the most affordable nor the most feature rich option.
You deserve every bit of the enshitification and corporate exploitation that you have enabled and supported directly yourself.
There’s a difference between you cannot root on a lot of phones and you cannot root on a lot of Samsung phones. Saying you cannot root Samsung phones isn’t all that different from saying you can’t root iPhones is it?
Can can say “a lot” and “most” because Samsung has over half of all android phones in the US and is also globally the most used android phone.
So yeah. A LOT of android phones can’t be rooted.
By 2025 Q2 Samsung smartphones have 19.7% global market share, how cute.
Samsung has over half of all android phones in the US.
Oh don’t worry it is not even close to being the biggest problem people in the US are having lol
Because unfortunately rooting makes the device significantly less secure. It was fine back in the day when a smartphone was a cool new thing to tinker with but now it’s got all my personal information and more on it I value security a little more.
What BS. Not doesn’t. No more insecure then a computer. Actually more secure apps have to ask for root I mean the user can be stupid and click allow to every app I guess but you can’t fix stupid.
That’s one of the biggest lies that’s been systemically propagated by the industry. A rooted phone is as secure as you make it, because you are in control of your device’s security.
And a device you have control over is as secure as you make it so.
Is it? I’m no security expert but doesn’t that go against things like the principle of least privilege? Even obsessive security people like GrapheneOS say root access breaks the Android security model.
A rooted phone is as secure as you make it, because you are in control of your device’s security.
I agree in theory, but you’re never completely in control of what’s running on Android because there are still proprietary bits (like device firmware) that we can’t replace, right?
I agree in theory, but you’re never completely in control of what’s running on Android because there are still proprietary bits (like device firmware) that we can’t replace, right?
That argument is moot, even if you use a device that’s 100% FOSS and you actually have total control over even down to firmware, like a Raspberry Pi cyberdeck/small form factor PC you built yourself using open source wifi cards, you are still connected to an internet infrastructure that’s filled with proprietary devices such as routers and servers which you have practically no control over, and deliberate malicious actors can still do MITM attack for example as long as any data is being transmitted. And it’s not really a personal mobile device anymore if you don’t connect it to the Internet at all.
However, even if you cannot ensure 100% control, having root access on your personal device enables you far greater freedom to monitor and investigate the behavior of the proprietary stuff you can’t control directly, and mitigate or bypass the security and privacy vulnerabilities they might poss with far more options than is ever even close to possible on an unrooted device.
For example, there are many apps I need to use because of services I need to use because of the city I live in, they have known track records of security and privacy violations. With a rooted device I have the freedom to capture every single pocket they transmit and analyze on Wireshark to see what they are doing, I can block internet access specifically for these apps without conflicting with my existing VPN setup, I can spoof my device’s IMEI and other identifiable information for specifically these apps so they can’t identify my phone, including even spoof my geolocation without the apps realizing they are spoofed, I can block these app’s access to my phone’s application list so they can’t profile me by seeing what other apps I have, I can block their access to my phone’s sensors without the apps knowing they are blocked (other than getting empty sensor reading), I can even deny permissions to those apps without the apps knowing the permissions were denied. On an unrooted device you either need ADB or can’t do any of these at all.
Also, without any of these tools how do you even know your device’s manufecturer has done everything they need to do to protect your security and privacy? Just because they said “Trust me bro!”?
Principle of least privilege is completely irrelevant here, any system app provided by your phone’s manufecturer already have total system control anyway, including Google’s GMS apps and Facebook framework apps that are pre-installed, and without root you also do not have an option for truly stopping or removing those apps.
So downstream just removes that code? I don’t see the big deal
It doesn’t work like that for mainstream manufactures, the way Google does this, as they have declared so far, is making it a contractal obligation to keep this code in order for them to get Google’s GMS certificate, which Google requires for authorizing them to integrate Google’s suite into their phone’s ROM, including Play Store and Google Service Framework, which are all proprietary software which manufacturers are not legally allowed to distribute without Google’s authorization. And outside China it doesn’t look like most mainstream manufactures dare to sell an Android phone without Google’s Play Store, thanks to the wonderful collective of the Android users making fricking brilliant choices with their wallet over the decade, didn’t they?
The only way out of this for a government agency to step in it seems because Google really does have the manufacturers cornered here.
Why would you run the OS that comes with your hardware, anyway? Any business is going to do a wipe and OS reinstall as a required first step before issue. Phones should be no different.
Because the most popular choices for Android phones don’t even let you unlock the bootloader, let alone install a different OS (also custom rom support can be a tad spotty at times).
Sounds like a lot of people are going to be forced to buy libre phones, then
Most people don’t even know libre phones exist.
It is just for their app store. If you don’t install gapps, this doesn’t matter…
Affecting just 99.99 % of android users
Probably closer to 80%
But that number will fall rapidly, thanks to this change.
You underestimate how many people have no idea how to/own a phone that doesn’t even let you disable gapps.
Just buy it from the right vendor. Like iode. You don’t need to even know how.
You need to know that iode even exists in the first place.
What’s China going to do? Fork Android more officially?
I could see China pouring a lot of resources into Linux phones.
AFAIK Huawei already forks Android (and the Play Store) for their stuff, but I have zero knowledge beyond that.
Yes, but it is locked down since HarmonyOS NEXT and requires workarounds to install apps outside of their app store.
Their so called written from scratch Harmony OS is just forked Android.
I wish more people focused a bit more on the need to agree to terms and conditions, I didn’t know that was a part of this issue and that massively increases the negative impact of this potential policy change
Google’s terms and conditions are consistently draconian and stupid. Especially if it’s the same terms and conditions applied to the play store, where apps constantly get pulled and devs are always frustrated as hell
Well maybe companies should make clear concise terms and conditions. No one is reading 30 pages of documentation to use something.
Average is 40 pages. Teams is more than double that
What are people going to do instead? It isn’t really feasible for people to spend hours reading legalese and from the standpoint of the consumer there is really no other option
Google’s terms and conditions are consistently draconian and stupid.
They are not stupid, they are just intentionally malicious.
I will always believe that people can’t be asked to read a whole fucking T&C written in legalese to avoid being transformed in a human centipede.
Fuck that bullshit!
“I have read and agree to the Terms” is the biggest lie on the web. Together, we can fix that.
But what can we do beyond letting out elected officials who don’t care know about it? How can we really push back against Google for doing this?
Elected officials can only do so much as people still need to care. Eenshitification will drive people into other platforms if it gets bad enough.
Donate to PostmarketOS so that we have a polished Linux alternative to Android.
Linux desktop isn’t even as polished as closed source OS even after all these years. Windows always gets better battery life on the same hardware.
Linux is pretty damn polished now, in some areas more polished than Windows.
Battery management seems to depend on the specific device and how well supported and optimized it is. As an example, the steamdeck gets better battery life on Linux than it does on Windows.
But we’re at a point where the ‘polished’ options are so user-hostile, that a ‘good enough’ community built alternative is enough.
I will, I think Google has proven that android can’t be the “open source” alternative, especially since it’s not even open source anymore
Only purchase devices you can unlock bootloader and root, then bypass this with an Xposed module that hooks into Package Installer like how you would bypass Google’s stupid minimal SDK version requirement for side-loading that’s already enforced for years.
Google has made it absolutely clear that for years there’s absolutely no reason you should ever use an Android device without root anymore than you should use a personal Linux device without sudo lol
Unfortunately for work I’m not allowed to have a rooted phone, that’s their only requirement. On top of that working in finance I know that tokenized payments like Google wallet and apple pay are the most secure, and I like leaving my wallet at home and paying with my phone. I hear though no other OSes or roms support wallet, is that still true?
Let’s not confuse rooted with bootloader unlocked. My /e/OS is not rooted and four bank apps work, including Curve Pay for leaving the wallet at home. Probably thanks to microG contacting Google when needed.
This might break if the comment over there is right: https://lemmy.world/post/36621884/19652276
If work pays for your work phone, then this isn’t relevant to that. The company I work for provides me with an iPhone - they pay for the device, service, and insurance. It’s not my phone, so I’m not gonna bitch and moan about not being able to jailbreak it. I have my own phone for that.
The iPhone lives in my work backpack with my work laptop. Both are actively ignored unless I’m on the clock.
Tell them its a security risk and refuse to use a phone that’s not rooted. You can’t even get an iptables firewall without a rooted phone ffs
Then get another cheaper phone for work, you don’t need an expensive high end phone just for work, it’s not like you’re gonna run engineering simulations on your phone anyway, and there are a lot of good reasons to keep your personal phone and work phone separate too.
In Asian countries there are many digital payment platforms other than Google Wallet and Apple Pay that don’t care about root, or are very easy to spoof for root status. And besides relying on digital payment platforms that are specifically owned by Google and Apple, and willingly stay locked inside their walled garden, is increasingly seem like vert very scary things these days don’t you think?
Very good points except for my work phone I need to then pay for a separate sim on that one which is why I haven’t. For wallet and finance the problem isn’t that the community can’t build our own, it’s that banks would never trust it because it’s not backed by a company. So we’re locked into those few for now, but they are more secure
Why not just use credit/debit cards like we used to do before Google Wallet got its current market dominance in certain regions?
And for most of the service apps like Uber you can just add your credit card information so payment never need to go through Google Wallet anyway, and you can also deal without your bank directly if there’s a purchase dispute instead of having to have Google in the middle, no?
By the way you’re in EU right? I’m curious which region is having so much issues with all of these
I’m in the US unfortunately here.
So working in FinTech for decades taught me a lot about how these systems work. To be clear, I’m talking about adding a credit card to your google wallet, not keeping money in your google wallet, so disputes and everything still go through the credit card company. Call me paranoid, but carrying around cards now is a risk, especially when traveling. I carry around one spare in case the phone gets stolen, but it’s the card I know I can lock down immediately.
Tokenized payments are the most secure because no data about you or your payment info is transferred at the PoS/terminal/till when you check out. It requests a one time token from google wallet/apple pay/whatever and some metadata about the transaction into the terminal, which passes the token to the banks. The actual passing of private details then happens solely between those two parties, the money is (scheduled) to move, and the bank informs the register that the sale went through.
Credit and debit cards contain your personal info. While the stripe exists on it it can be skimmed and duplicated, and even with the chip someone can still steal it off of you and make bogus purchases. Tokenized payments you are required to be present for it to work. If someone steals your phone they can’t access the wallet app without you there, it’s low likelihood they could even access the account without you there. Even then, you can erase it remotely now.
So, I don’t care that it’s Google wallet, some other name would be fine, if there was a more open one I’d use that in a heartbeat, but I am a stickler for tokenized payments. It’s just undeniable that they’re more secure.
I think you can set up apple pay on an apple watch and use it offline. So if you are fine with getting a cheap iphone to set up the watch could be a convenient way to only have to go around with a phone and use the watch to pay for stuff. Multi devices seem the best route for those who need functionality moving to custom roms might not offer.
Yeah… The benefit to increased security there is marginal at best. Google wallet doesn’t play nice on rooted devices, and having a rooted device that allows me to tell Google to fuck right off is far more worth it than slightly more convenience.
Yes I agree that in terms of a financial service, tokenized transaction system indeed architecturally guarentees greater safety, but a bigger concern is the provider of this service.
Did you not hear about what happened recently when a certain major payment processor realized they can arbitrarily enforce what they think other people should and should not be able to buy, by withholding the availability of such service? Well functionally the exact same thing is happening to you, Google doesn’t want you to be able to control your own devices because Google is an advertising company who also profits from selling your data, annnnd Google also happens to be the commerical supplier of Android with their commerical GMS certification program which includes Play Integrity check and all that, so they can arbitrarily decide that if you attempt to have more control over your own device, you don’t get to use Google Wallet anymore.
Are you happy to submit to this mafia practice from Google? I wouldn’t lol. Not saying I have a solution but then again I don’t think any single individual could possibly have a solution to the disaster that is the US capitalism.
Not using it but I heard curve does it too over graphene OS. (And no, it’s not a bank nor FOSS) But if a tokenised wallet app is all that keeps you from Moving forward …)
Stop buying their phones and using their services?
And use what?
Go chinese
That would involve missing out on apps people may need in their country due to no play store.
And even if a phone like oneplus does, there are still issues. One example being them moving to being less friendly to custom rom devs which ended up killing the custom rom scene. Groups like lineageos don’t appear to support their newer phones so you end up having to use random custom roms from unknown people uploading stuff to telegram which isn’t a great idea for privacy or security.
So its not as simple as just get a Chinese phone or get an unlockable bootloader phone. Have to see if the few more trustworthy custom rom groups support the device.
That is somehow worse
It was just a suggestion. Look up OpenHarmony.
Degoogled phones, there are plenty.
In any case, you can probably prolong the usage of your current phone for a few extra years without issue. So don’t panic yet.
It’s not the Gapps, it’s Android itself. Have you hit your head?
It isn’t Android since AOSP isn’t effected
“Android” Open Source Project.
You can sideload until they remove the functionality. You can flash a ROM until they lock the bootloaders.
All things that are happening and you seem oblivious to.
It doesn’t impact AOSP what so ever
What the hell are you talking about? Android is OPEN SOURCE. Degoogled phones will simply modify the codebase to avoid Google limits and bloat, like they are doing literally today? LineageOS, GrapheneOS, /e/OS…
I said degoogled phones, not degoogled apps.
“modify the codebase” Alright good luck with that buddy. Let us know when you’re in the mainframe.
Okay, see you when inevitably all the Android forks keep working fine with sideloading allowed. 😘
Making my next phone a classic flip phone would probably do me a lot of good.
I think I’m almost at that time where I dump the internet. I’m 50 and I was an early adopter. I’m a very frequent user, however this is not the internet we all fought for. It’s been slowly eroded to a corporate money grab and I’m not really down for that anymore. I’m tired and I think the internet needs to go away for me.
I’m pretty much on the Internet to look up information for video games, Fediverse, and write the occasional email. My smart phone is mainly to receive emergency calls from family, coworkers, and the occasional navigation task but they still make GPS units.
Sounds like we’re both old enough to remember that there is life without the Internet. I could do it. Tech companies are out there acting like there’s no alternative.
Just don’t install gapps :yawn:
Fuck this is going to cripple my phone so bad.
What about those 40$ meshnet devices for real use and a google phone you keep in a foil pouch until you need to bank?
I will push with my current phone, for a few years. Luckily abd installs could do the trick for a while.
For when this phone is failing I hope the new partnership between GrapheneOS and a phone manufacturer that’s not google is already working and producing a phone I could buy.
I’m sure there will be ways to get around this even without a custom ROM. Would be better if it weren’t necessary of course
ADB installs are not going anywhere for now. So an alternative store could install packages with it via Shizuku(Obtainium and Droidify have this option AFAIK)
Droidify has? Nice, gotta check that setting
Working now, have to see how stable it is, seeing as it relies on the current network it seems
I’ve gotten to the point were I won’t even buy a device unless it is either fully offline or I can swap the firmware
I do not like to have to fight with every device I use every time i use it. I do not like having to hack everything I own just so it kinda-at-least-half works. This is effort and time and opposition that is being imposed on me. This is theft–not even in a cool way. This is an attack.
Like I said
Would be better if it weren’t necessary of course
Yeah im riffing on that. Fuck these fuckers.
That fight isn’t the fault of the device. Its the fault of corporations that purposefully gimp their shit from running on anything other than “approved” operating systems and devices. Which also happen to be offered by big corporations. Like George Carlin said, “its a big club, and you ain’t in it.”
For me, that fight is absolutely worth the trouble. I run exclusively Linux in my house and have rooted every single Android device under my ownership over the last 15 years. Even though there are some odd issues here and there, figuring it out and making it work on an “unapproved” OS or device is so much more satisfying, as its a big “FUCK YOU” to locked-down corpo bullshit.
Just reinstall your OS. Problem solved.
How will this be enforced?
It will be enforced by Package Installer app, just like how minimal SDK version requirement is enforced, per recent commits to AOSP repo.
Did
--bypass-low-target-sdk-blockget removed?Not last time I checked, and it does seem like bypassing Google’s new developer verification restrictions for installing apk packages via ADB should remain an option after it gets enforced.
But that’s besides the point, you should NOT need to literally hook up a dev kit just to install a software on your own general purpose computing devices FFS
i think basically play protect, but instead of a ban list, it will be an allow list.
So people without gapps are unaffected, cool.
Nothing burger scare and cowardice from F-Droid
Right only 99.998% of people will be affected
So everyone not on Lemmy?
More like 80%? But when people find out they can’t install Foss software, that number will drop fast as folks strip google off their Android devices
If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all
What the FUCK F-Droid. Why would you close your doors?!?
This change would literally have no effect on many of your developers and many of your users.
Just because someone writes Android software or runs Android apps doesn’t mean they need to distribute apps on google play or install gapps
Did you not read what they were saying? They don’t want to, they would HAVE to.
That’s misinformation. Downstream OSes don’t include gapps, by default
Not sure why you’re all through this thread trying to defend google, but the entire point of why google is doing this is to close both sides of app installation- AOSP support is getting deprioritized/dropped, meaning there won’t BE downstream OSes, and then they’re trying to lock development behind Google’s approval, blocking non-gapps stores from being able to be installed on Google’s OS.
I assume google will make it impossible to sideload unless its a google authorized dev
They can’t if you degoogle your phone. That’s my point.
Anyone who reinstalls their OS doesn’t have Google (by default). It’s an additional step to add their binary spyware crap
They have stopped open sourcing parts of android I think I heard, so its going to get tougher for non google android devs to build for hardware. ( I’m running GrapheneOS )
It’s not in any jeopardy. I don’t use gapps anyway
Good for you.
MicroG rocks
