To your first question: Google released a list of all “certified” android devices and it’s basically every phone from every halfway known brand. So yeah, you will be effected. The only devices unaffected by this would probably be no name Chinese phones (probably also Huawei, but I am not shure) and IOT devices like smart fridges. The best way to avoid this would probably be installing a custom ROM, like Graphene OS.

To your second question, the Android System already controlls the package Installation process, do you know the “Do you want to install this APK” popup, you geht every time you want to install an app outside of the playstore? That’s controlled by the android operating systen and by extension Google. In the future, every android apk would have to have a unique “developer key” attached to it and if it isn’t verified by google, the android system can just refuse to install the apk. For that, you don’t have to go through the playstore, but you still would have to go through a verification process with Google for every app, you make. How that will be implemented in detail is not yet quite known.

Google could have done this much earlier, it isn’t hard to implement, but you can’t make it in a way that only negatively impacts ransomware or pirated apps. And most sideloading on Android is perfectly legitimate, so the reason, why Google hasn’t done it, because there is (deservately) a big pushback from developers.

Yeah, it can definetely be a great solution, but the idea for this was specifically to be more independent from big tech. We already habdle stuff like registering for camps over Office 365, but I wanted to introduce Nextcloud to replace that, because I don’t think it’s a good idea to let Microsoft handle personal data of like a hundred people, that probably don’t even know, that they are giving away their data to Microsoft there. But again, I don’t wanna judge anyone for using things like that, Nextcloud can be a pain to maintain, especially for non technical people.

Yeah, I guess the plan would be (if we decide to use an old labtop) to have a similar backup system to my home server, so one daily incremental backup with something like borgbackup to a newly bought external hard drive and automated updates using watchtower (I heard major nextcloud upgrades can be tricky though, so I an not shure if it would be a good idea to automate those). I guess it would still suck if the laptop unexpectedly failed and we would have to scramble to find new hardware though, how long would you expect an old laptop to last as a server?

Yeah, I totally get what you mean, I am kind of expecting that aswell, but at least I know, that other scouts groups in the area already have a nextcloud and it is actively beeing used, so I have some hopes in that regard. But yeah, getting them to use something like Matrix is probably pretty unrealistic.