Just to put out what Google actually said in their blog post [0]:
> We appreciate the community's engagement and have heard the early feedback – specifically from students and hobbyists who need an accessible path to learn, and from power users who are more comfortable with security risks. We are making changes to address the needs of both groups.
> We heard from developers who were concerned about the barrier to entry when building apps intended only for a small group, like family or friends. We are using your input to shape a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification requirements.
> Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified. We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months.
It is also true that they have not updated their developer documentation site and still assert that developer verification will be "required" in September 2026 [1]. Which might be true by some nonsensical definition of "required" if installing unverified apps requires an "advanced flow", but let's not give too much benefit of the doubt here.
> We heard from developers who were concerned about the barrier to entry when building apps intended only for a small group, like family or friends. We are using your input to shape a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification requirements.
In classic Google fashion, they hear the complaint, pretend that it's about something else, and give a half baked solution to that different problem that was not the actual issue. Any solution that disadvantages F-Droid compared to the less trustworthy Google Play is a problem.
Even restricting the mitigation to "students and hobbyists" is bad.
I should have the right to have parents, friends or anyone use a "free" store that is not under control of Google if the user and app developer wish so. But also, somehow there should be something done to avoid the monopoly forcing to use the Google services. Like major institutions like bank, gov and co being forced to provide alternatives like a webapp when they provide app tied to the Google play store.
But unfortunately, it turns out that some people you interact with aren't actually your friend. That guy that seems totally legit and just wants your sister to install his fun little game/app that he wrote is actually trying to get her to install an app that's going to track your location and read all your messages and copy all your photos. To keep her safe from the "actually" bad people, of course.
By default their app cannot though because Android uses proper sandboxing and gated API access. So you actually have to give the app location access, access to your messages and access to your photos.
Well, unless you use one of the many crappy Android devices that never get security updates, are running old kernels, old vendor security patch levels, miss all Android security patches, except applying the backported security bulletins every three months (1-2 months late). Yet, Google is happy to certify them as Android devices.
It was never about security, it is about control. If it was about security, they would have revoked the GMS licenses of pretty much every vendor outside Google themselves and maaaaybe Samsung, until vendors actually started caring about security. If it was about security, there would not be as many scam apps in the Play Store itself.
Back to your sister, the proper solution is to educate her (and everyone else) not to give apps unfettered access when they ask you to, plus let Google implement more security measures that systems like GrapheneOS already have (contact scopes, sensor permissions, network access permissions, etc.).
> That guy that seems totally legit and just wants your sister to install his fun little game/app that he wrote is actually trying to get her to install an app that's going to track your location and read all your messages and copy all your photos.
Actually, what Google does is totally legit because they pester you constantly about "sharing your location/photos/installing Gemini" until you accidentally press yes, and they can say they have your consent. So they are actually the good guys.
I'm far from a Google apologist, but at the end of the day don't they have the right to write software however they want it? You have the right to build things the way you want to, fork Android, etc etc. If you're trying to say you have the right to tell Google what the code their employees write can do, well, I don't really agree with that. Sounds coercive, honestly. I wouldn't want them to do that to you and I don't want you to do that to them.
Does a business have right to produce whatever it wishes even if it affects the environment ?
Does a business have right to pay literal pennies per hour if it manages to find people willing to work at that pay ?
Does a business have right to lace food products with addictive substances for repeat customers and profit ?
All these cases are already happening today at some level depending on who you ask. But they don’t tilt to extremes because we have laws in place to maintain balance between business needs and collective good.
This move by Google will tilt that balance forever towards absolute duopoly in mobile computing space. It is time for legislation to avoid that.
No they don't. They couldn't legally write software to hack into the Pentagon and launch nukes at North Korea. They couldn't legally write software that live streams your camera to them without your actual consent.
It is little surprising a lot of smart people somehow miss this simple logic.
Android is massive and extremely popular and I know several people who have been scammed already. It is important that Google makes this harder for scammers.
Google is not doing this to harm developers but to protect their users.
You already get a pretty scary warning when you try to install an app that was downloaded outside the Play Store. If people still install malware, that's the responsibility that comes with freedom. Your line of reasoning can be applied everywhere in life - people should not be able to do their own bank transfers or use a credit card, I know several people that who have been scammed already.
Moreover, there are better ways to protect against malware: 1. educate people; 2. rather than using whitelisting, use blacklisting (similar to XProtect on macOS).
Finally, the argument is not very strong on Google's side, since the Play Store itself has had its history of scams. Which, again is easier to protect against by educating people. No, don't put your banking information in a random app you downloaded from the Play Store (use the app that your bank tells you to). Do not install random keyboards from the Play Store. Etc.
This is "think of the children/grandma" logic. There is a different between maintaining a company store where everything is verified, and forcing everyone to use it.
Google shouldn't be able to hold a vertical monopoly, on what apps can run, what os's are allowed and what hardware can be used on devices that run Android, rest solely on this weak excuse that someone might harm grandma.
Oh, and of course, if grandma gets scammed by a app in the Google store, Google isn't in any way held responsible. Such garbage, two-faced bs.
I think you've omitted the next section, which seems more relevant. It seems like they will still allow installs, just hide it behind some scare text. Seems reasonable?
> It seems like they will still allow installs, just hide it behind some scare text.
This was already the case for enabling sideloading at system level: it warned you. Nobody really says having this toggle is a bad thing, basically the user shouldn't get an ad network installing apk's just browsing around the web without their informed consent (and android has been found to be vulnerable to popunder style confirmations in the past).
They also already had the PlayProtect scanning thing that scans sideloaded APK's for known malware and removes it. People already found this problematic since what's to stop them pulling off apps they just don't like, and no idea what if any telemetry it sends back about what you have installed. There have been a handful of cases where it proved beneficial pulling off botnet stuff.
Finally, they also have an additional permission per-application that needs to be enabled to install APK's. This stops a sketchy app from installing an APK again without user consent to install APK's.
The question is: How many other hurdles are going to be put in place? Are you going to have to do a KYC with Google and ping them for every single thing you want to install? Do you see how this gets to be a problem?
The whole point of TFA, if you read it, is that they SAID they would do that, but there has since been ZERO evidence that they actually will. This feature is not present in anything they have released since that statement.
The API is implemented in 36.1, but the previously proposed notarization requirement is not enforced in any production build, so this error is never thrown. Even if they implement the scare text, this API will still be needed.
If they implement what they said they would implement after the uproar, users will be better off. Previously, if a company wanted to distribute their app on their website, any user who installed it would have to dismiss scare text. Now, they have a way to distribute apps on their website without the scare text, and people who want to distribute apps without any tracking can still do that with the scare text.
It would be foolish to depend on that & far harder to get ridd of it if they put it in place. There needs to be clear statement and verification method to make sure they really are backtracking.
Why not? It's their operating system, and they're trying to balance quite a few competing priorities. Scammers are not a threat to dismiss out of hand (i've had family who were victims).
For it to be truly considered open source, you should be able to fork it and create your own edits to change the defaults however you wish. Whether that is still a possibility or not, is a completely separate issue from how they proceed with their own fork.
Of course it's your phone, but the whole point of using Android is that it makes a lot of choices for you. It forces a billion things on you, and this is really no different than any of the others. Everything from UI colors, to the way every feature actually works. For instance, should you be able to text message one million people at a time? You might want to, but Android doesn't offer that feature. Do you want to install spyware on your girlfriends phone? Maybe that's your idea of complete freedom, but the fact that Google makes it harder, is a good thing, not a bad thing.
If you don't like their choices, you should be able to install other software you do like. There should be completely free options that people can choose if they desire. But the majority of people just want a working phone, that someone like Google is taking great pains to make work safely and reliably.
> Of course it's your phone, but the whole point of using Android is that it makes a lot of choices for you. It forces a billion things on you, and this is really no different than any of the others. Everything from UI colors, to the way every feature actually works.
There is a difference between making a choice because there has to be something there (setting a default wallpaper, installing a default phone/sms app so your phone works as a phone) and actively choosing to act against the user (restricting what I can install on my own device, including via dark patterns, or telling me that I'm not allowed to grant apps additional permissions).
> For instance, should you be able to text message one million people at a time? You might want to, but Android doesn't offer that feature.
There's a difference between not implementing something, and actively blocking it. While we're at it, making it harder to programmatically send SMS is another regression that I dislike.
> Do you want to install spyware on your girlfriends phone? Maybe that's your idea of complete freedom, but the fact that Google makes it harder, is a good thing, not a bad thing.
Obviously someone else installing things on your phone is bad; you can't object to the owner controlling a device by talking about other people controlling it.
> If you don't like their choices, you should be able to install other software you do like. There should be completely free options that people can choose if they desire. But the majority of people just want a working phone, that someone like Google is taking great pains to make work safely and reliably.
Okay, then we agree, right? I should be able to install other software I like - eg. F-Droid - without Google getting in my way? No artificial hurdles, no dark patterns, no difficulty that they wouldn't impose on Google Play? After all, F-Droid has less malware, so in the name of safety the thing they should be putting warning labels on is the Google Play.
The problem is that step by step ownership of your device is taken away. First most phones stopped supporting unlocking/relocking (thank Google for keeping the Pixel open), now the backtracked version of this, next the full version, etc.
Yes, that is a real problem. But it doesn't justify arguing uncritically or unrealistically in other areas. I think people should be free to do anything they want with their own devices. They should be able to install any software they want. That's very different than demanding someone make their software exactly how you desire. ie. You should be able to install your own operating system, you don't get to tell them how theirs should operate.
There are legitimate concerns being addressed by these feature restrictions.
> demanding someone make their software exactly how you desire
IMO the way this should work is that Google can make their software however they want provided they don't do anything to stop me from changing it to work the way I want.
Unfortunately, they've already done a lot of things to stop me from changing it to work the way I want. SafetyNet, locked bootloaders, closed-source system apps, and now they're (maybe) trying to layer "you can't install apps we don't approve of" on top of that.
> IMO the way this should work is that Google can make their software however they want provided they don't do anything to stop me from changing it to work the way I want.
That's exactly how it is. You're free to get your soldering iron out, or your debugger and reverse engineer anything you want. I don't mean to argue unfairly, but all we're talking about here is the relative ease with which you can do what you want to do. How easy do they have to make it?
As for their software, as delivered, there are literally an infinite number of ways that it stops you from changing it. Maybe you want everything in Pig Latin, or a language you made up yourself. Do they have to design around this desire? Do they have to make this easy to do?
> You should be able to install your own operating system
So you draw the line between the bootloader and the OS. Other people draw the line between the OS and applications. Most (nearly all) people can't write either, so for them it is just part of the device.
> you don't get to tell them how theirs should operate.
I paid for it, and I allow it to be legal in the jurisdiction I (partly) control. So it is not only theirs anymore.
Yes, and it should be 100% legal for you to hack it. Get the soldering iron out, and the debugger, and alter it to your hearts content. You bought it, you own it. But the supplier should be under no obligation to make any of that easy for you.
Just like they shouldn't be required to offer it in pink if that's your favorite color. It's up to you to paint it yourself. And if you want to load random apk's, you'll have to do whatever it takes to figure that out too, up to creating your own hardware and software.
I think you misunderstood me, the software is part of the device I paid for and own.
If I tell someone to install a light switch in my living room and then it occasionally switches states when someone presses another switch at my outside wall and occasionally refuses working, I don't feel like they fulfilled their contractual obligation. Same with smartphones and software.
I would agree with you if I would want additional features, like if I want a filesystem, but there is no filesystem manager yet, or if I want to install a package, but there is no package manager, or the package manager uses another format. But here there is a package manager and the package has the right format, so I tell the device to install it and it just doesn't solely because I am called John Brown and not Alphabet Inc. . That is not right.
> They should be able to install any software they want. That's very different than demanding someone make their software exactly how you desire. ie. You should be able to install your own operating system, you don't get to tell them how theirs should operate.
I don't think the distinction exists the way you're trying to describe. If I should be allowed to install any software I want, surely that includes any .apk I want? Conversely, someone could make the exact claim one step down the chain and argue that you don't get to tell them how their firmware should work and if you want to install your own OS you should just go buy a fab, make your own chips, write your own firmware, and make your own phone. And that's absurd, because users should be allowed to run their own software without being forced to ditch the rest of the stack for no reason.
No, I don't think you have the inerhent right to install any apk you desire, if their OS is designed to prohibit it. You should be free to try to alter their OS any way you want, but they should not have to make it easy.
And the argument is the same lower down the stack. You shouldn't be able to tell someone how to design their firmware.
The only problem is where the law prohibits us from trying to undo these restrictions, or make modifications ourselves. It's government that restricts us, and we should focus our efforts there.
> No, I don't think you have the inerhent right to install any apk you desire, if their OS is designed to prohibit it. You should be free to try to alter their OS any way you want, but they should not have to make it easy.
> And the argument is the same lower down the stack. You shouldn't be able to tell someone how to design their firmware.
Earlier, you claimed,
> They should be able to install any software they want.
but it sounds like actually you only mean that users should be allowed to futilely attempt it, not that there should actually be allowed to run software at will. If the firmware only allows running a signed OS, and that OS only allows running approved apps, then the user is not able to install any software they want.
I want maximum freedom, for everyone. That includes developers. We should be free to produce the software as we see fit. If that means we think that our users are best served by having devices that are locked down against scammers etc, then we should be free to produce locked down devices like that.
And as users we should be free to buy only devices that respect maximum capabilities and customization.
There is a tension between these goals, and it's difficult to resolve, so that everyone gets most of what they want. Google seems to be doing the right thing mostly though. Providing both the locked down device, and making provisions for people who want the non-standard option too.
Anyone who thinks they can do better, should enter the market and give us something better. I'd like more options for completely open and hackable phones.
There's a very easy way to achieve maximum freedom: punish people who take away other people's freedom. To achieve maximum freedom, the one freedom people must never be allowed to have is the freedom to take away other people's freedom. Google must be punished for every software module they wrote whose sole purpose is to make you less free.
The whole point of using Android for most users is that they have no other choice if they need a mobile phone.
Google killed every other competition via dumping and shady business practices. Sure, you can go to iOS, but that is even more closed and restrictive, not to mention the devices are overpriced.
Google makes it mandatory for your girlfriend's phone to have spyware on it. The spyware is made by Google. It doesn't protect you from spyware.
While we're talking about that, have you heard of Bright Data SDK? A lot of apps on the Play Store include it to monetize. What does it do? It uses your phone as a botnet node while the app is open, and pays the app developer. How is Google protecting you from spyware, again?
100%. If I buy something, it's mine. I should be able to resell it, modify it, or generally work on it however I see fit. Licensed digital media bound to platforms is different (barring some kind of NFT solution?) but an OS that my phone cannot function without (and that cannot be replaced in many cases) absolutely must be under my jurisdiction.
You paid for it but Google still has the control. I understand that you prefers things to be different (as do I) but the reality is that we don’t have control over devices we paid for.
You might choose to not have control. The reason people protest is because we should have more control over the things we own. Sure this might create a better market for alternatives but it is worse for most people. F-droid is spectacular.
I think it's reasonable for Google to control what happens in their version of Android (which can be installed by default) but it's not reasonable for Google to lock the bootloader (preventing installation of a non-Google OS).
Perhaps this is why Google hardware doesn't have locked bootloaders; Samsung et al can get away with locked bootloaders since it's not Google forcing the consumer in that case.
Whether the bootloader is or isn't locked should be very conspicuous before purchase, for consumer protection.
Reverse engineering the drivers, to permit you creating your own OS, for your own hardware, is already an area where people are accused of crimes. DMCA Section 1201 isn't something to so easily be worked around, to allow you to place your software in a working state onto undocumented hardware.
So, yes, there is a lot of things stopping you from coding your own OS.
> We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands.
I've lived through them locking down a11y settings "to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer", and it's a nightmare. It's not just some scare text, it's a convoluted process that explicitly prevents you from just opening the settings and allowing access. I'm not giving them the benefit of the doubt; after they actually show what their supposed solution is we can discuss it, but precedent is against them.
> Seems reasonable?
No. As I said before, any solution that disadvantages F-Droid compared to the less trustworthy Google Play is a problem.
> It seems like they will still allow installs, just hide it behind some scare text.
That describes the current (and long-established) behavior. App installation is only from Google's store by default and the user has to manually enable each additional source on a screen with scare text.
Why is it reasonable that installing software is behind an "advanced flow" what ever that means? I find it not very reasonable at all that the only way to install software on my phone is by jumping through hoops. I don't think it reasonable that the Play Store is the only portal. I don't even find it reasonable to call installing software "sideloading". Downloading and installing software from a vendor's page has been the norm for decades before smart phones came along but all of a sudden when it is on a small screen the user can not be trusted? That's ridiculous and not at all reasonable.
It's not the screen size, it's the demographic shift. By 2000, only half of U.S. households had a shared living room PC, mostly for work and/or games. Everybody having a phone in their pocket later was a change that we did very much have to account for. Non-technical people can be scammed very easily into life-ruining mistakes with a little social engineering and a little bit of access to powerful tools already on their devices.
I remember when big sites started having to put big banners in your browser console warning you that if you weren't a dev and someone told you to paste something there, you had been scammed, and not to do it. They had to do that because the average Facebook user could be tricked very easily by promises of free FarmVille items or the opportunity to hack someone else's account, and those are fairly low stakes bait. Now people bank with real money on their phones.
And yet the Play Store and App Store are the largest vectors of scams and malware out there, to the tune of billions of dollars a year.
We should be prioritizing securing our systems so that they run only what we want them to run, instead of putting all of that trust in gatekeepers who make money when they let you get scammed.
They are the largest vector of scams and malware because they've centralized it and it's hard to deliver malware and scams otherwise. That malevolence will always happen and centralizing it ensures a single avenue that can be controlled and measured and importantly sued when they fuck up. I can't sue f-droid when they allow malware on my device, that's one of many reasons why I don't use it, that's why nobody uses it in real life. Every day on HN I see people who seem to unironically think "enshittification" is a real term normal people use, a generally understood term by people who don't follow links to Corey Feldman's blog.
HN tends to forget that linux is not a target for general malware because nobody gives a single fuck about linux as a real malware target because they're smart, and therefore not the target of most scams. HN has the cute attitude that technology is king and that as long as you inspect it and open source it and care enough and have full control, then that's enough. Often the same people ignoring that AI has made it way easier to fuck stupid people over with no effort at all.
I don't not want unlimited control over the hardware that I buy from vendors like Google but I don't know yet of any better way to keep stupid people from kneecapping themselves other than introducing harder and harder quizzes. If you think it's an advantage that third party vendors like f-droid are absolved of responsibility then you deserve and own the fault when you get hacked and fucked over. Most people don't want that. They have real life to deal with. In real life you can kill people or sue them and it's harder to kill people over the internet.
It's deliberately written to be vague and not say anything, and given the original intention, it's hard to believe that means it should be interpreted generously.
> shape a dedicated account type for students and hobbyists.
Even that is a step too far in the wrong direction. Doesn't matter if it's free, or whatever, simply requiring an account at all to create and run software on your own device (or make it available to others) is wrong.
There exists no freedom when you are required to verify your identity, or even just provide any personal information whatsoever, to a company to run software on your device that you own.
> We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands.
Perhaps this, when shipped, will pave the way for sane regulation of Apple’s practices along these lines, too.
I want Google as an app, not OS. Hear me out. Imagine an open device where you can run Google as just another sandboxed app. Inside, they can exert all the control they want. My bank and government can force me to use Google.
Then, at least I control my hardware and my OS.
It's just nasty to have your device and OS controlled by an antagonistic entity.
I see this in people why have used antagonistic software for decades and have become zombified and shellshocked; the idea that software could be on your side is to alien to them. They hate software and technology and just want to get some work done. They tolerate the abuse because they can't fight Google alone; it's pointless to resist.
The link is to the f-droid blog. The official "Keep Android Open" site is at https://keepandroidopen.org/, and contains good information on how you can contribute by contacting regulators.
It's also heavily influenced by businesses. Most employers will happily hand you an Apple or Android phone for work, but I don't think there is a single company out there that would dare to hand normal people an Ubuntu Touch based phone.
> Fully opensource hardware with fully opensource software? Maybe, but also this is wishful thinking.
My smartphone runs an FSF-endorsed OS, PureOS. This is reality. It's not open hardware, but it's a long way from Android in the right direction. You can also get a Precursor, which is open hardware.
We (people who live in a country/confederacy with working antitrust laws) have power to keep large companies from anticompetitive practices such as this one.
If they close things up with no alternative, the free open source software will likely start to catch up. it will take a few years though. This could be a blessing in disguise.
There is just no reasonable way that the open source community can compete with a $3.8T company. And before you say something along the lines of, "But they don't need to compete, they just need to be good enough", that still requires business to put their apps on some open source app store and make them compatible with the open source OS, and there is close to zero incentive for them to do so.
It is a disgrace how Google has managed this situation.
To recap the storyline, as far as I understand it: last August, Google announced plans to heavily restrict sideloading. Following community pushback, they promised an "advanced flow" for power users. The media widely reported this as a walk-back, leading users to assume the open ecosystem was safe.
But this promised feature hasn't appeared in any Android 16 or 17 betas. Google is quietly proceeding with the original lockdown.
The impact is a direct threat to independent AOSP distributions like Murena's e/OS/ (which I'm personally using). If installing a basic APK eventually requires a Google-verified developer ID, maintaining a truly de-Googled mobile OS becomes nearly impossible.
If this finally pushes adoption of truly open Linux phones, then this will end up being a good thing, and the greatest favor that Google could do for the open source community.
Tragically, Linux phones have languished and are in an absolute state these days, but a lot of the building blocks are in place if user adoption occurs en masse. (Shout out to the lunatics who have kept this dream alive during these dark years.)
It won't though, because there's a ecosystem of banking/insurance/whatever apps that have bought into the android/iphone lockdown mindsete that people will simply be locked out of. Open alternatives can grow when there is a viable means of slow growth, and cutting off the oxygen to such things is the implicit intent.
I know banking apps are the typical example, but I've always wondered why. I use my bank's app maybe once or twice a year when I need to Zelle someone, which I only need to do when they don't have Venmo. (Unless we consider Venmo a banking app.)
I only have one bank's app installed, the rest of my banks I only interact with over their website, on desktop.
As for insurance, I've never had an insurance company's app installed.
Am I just an outlier here? Honestly, if I switched to a non standard OS, I'd be more annoyed about losing, say, Google Maps, Uber/Lyft, or various chat apps. Banking and insurance just don't come to mind at all as something I need my phone for.
You're definitely not alone. I just checked the list of installed apps on my phone and found three different banking apps that I completely forgot about because I never use them. I installed them because I thought it would be convenient for checking things on the go, but I actually just end up using the computer whenever I need to do real banking business. The only finance-related app I use with any regularity is Venmo for e.g. paying back a friend for covering dinner.
Another commenter mentioned needing to get alerts for fraud, but none of the financial institutions i'm currently doing business with have any trouble sending me text messages. In fact I have the opposite problem, I can't get them to stop using text for 2FA codes...
I can get alerts in email or messages, no need dedicated app for that, I can track there also my balance, so only useful thing app provides are easy wire transfers from phone, which I never do, if I wanna transfer money is much more convenient work big display, proper keyboard and mouse than from phone.
We've cultivated a tech culture that can't stand the slightest inconvenience. People will give up nearly everything if it means avoiding the least bit of effort.
If 80% of adults worldwide somehow became unable to tolerate the slightest inconvenience, then yes, I'd say they would be morons, but I doubt they are. I'm unsure where you're getting the 80% statistic from.
Yes, because “bigstrat2003” said so. I work for a 1000+ consulting company and no one uses email for internal communications. Even for company wide messages leadership uses Slack.
Heck even when we first start a project we either federate (or whatever you call it) the client’s Slack workgroup with ours or we ask to be on their Teams channel.
Before working where I worked now, I worked for the 2nd largest employer in the US, even there most communication happened over Chime or Slack.
On a personal level you actually email personal contacts - in 2026?
I email my dad documents and photos I need printed (and he uses his work office's laser printer). I forward the billing statement I receive monthly from my family's ISP to my mom via email. And I'm "Gen Z"
And I’m 51 and far from a Luddite. I’ve moved with every technology transition since learning how to program in AppleSoft BASIC and 65C02 assembly. My 83 year old mother is less of Luddite some people commenting here.
She is a retired high school math teacher - been retired for 30 years - and she has used every popular word processor/suite from the original AppleWorks for the Apple //e and she was tutoring friends kids and helping them use GSuite and PowerPoint until 5 years ago.
She uses her phone for everything and she has up to date computers a couple of printers on her network and two ISPs just in case one goes out. She kept the legacy DSL account that’s not available to new subscribers and she has cable internet.
It is in the specific case that you don't have biometric or PIN login set up on the device and you use a password manager that doesn't require authentication. In that case, the only factor is "something you have". Otherwise, it is still a multi-factor authentication because the device itself still represents "something you have", and your device unlock represents "something you know" or "something you are".
I would stop using bank requiring phone app to do banking, simple as that, both my main EU accounts use sms verification codes and extra password, which is fine with me. If they will require an app, they will lose customer.
No. The "banking app doesn't work" argument against non-corporate mobile OS, raised incessantly is HN comments, is bogus
I want a "phone", i.e., small form factor computer, that can run something like NetBSD, or Linux. But I have no intention of using it for commercial transactions. Mobile banking is not why I want to run a non-corporate OS
I want to use it for recreation, research and experimentation
NB. I have more than one "phone". The choice is not corporate mobile OS versus non-corporate mobile OS, i.e., "either-or". I can use both, each for specific purposes
> I want a "phone", i.e., small form factor computer, that can run something like NetBSD, or Linux. But I have no intention of using it for commercial transactions. Mobile banking is not why I want to run a non-corporate OS
> I want to use it for recreation, research and experimentation
I am a firm believer that phones are personal computers and should have all the end user freedom we have come to expect from personal computers. I am totally behind what your saying. (The amount of irrational anger that wells up in me when I hear someone make the argument that phones are somehow not general purpose personal computers and shouldn't provider their owners software freedom would astound you.)
Personally, I opt out of services that require the use of phone "apps" and any potential attestation they provide. Unfortunately, I just offload those needs onto my wife and her iPhone.
Want to go to a concert in a TicketMaster venue? You have to have a phone. Pay to park in some places requires a phone. Mobile ordering for some restaurants requires a phone.
I don't think it should be this way, but it is. I think we need consumer regulation to insure software freedom on phones and curtail awful user hostile "features" like remote attestation.
Until that happens (if it ever does) there is a realpolitik with needing corporate phones for some activities that can't be denied.
Well fuck those venues. It's a small percentage. I've never run into one and I live in LA, a city with hundreds if not thousands of venues.
So you only get 98% of the world instead of 100%. That 98% is far more than the the 100% of 10 years ago. Everyone wants perfection when they've already got abundance.
It has been reported that Ticketmaster has exclusive agreements with 70-80% of US venues. It's great that you have all the choices you do. For me, in western Ohio, every major venue for hundreds of miles in every direction is an exclusive Ticketmaster venue. You can't gain admittance to any show in those venues without a phone that can run their proprietary app.
Ticketmaster is bullshit, for sure, but they're just one example of the problem of being forced to use proprietary user-hostile software.
He's referring to his activity ON THE DEVICE. We know you can't stop the location tracking from the carrier. But that doesn't mean give up on everything else.
Worrying about random app tracking you - which is a boogeyman in and of itself on iOS - and nog worrying about the government tracking you is like being concerned about a mosquito bite when you have a bullet hole.
Fair point - but then take national eID apps instead.
Take Denmark, for example: most banking apps use eID for login, so that problem translates 1:1. But other apps who do the same include the national school communications platform (which is pretty much mandatory for a huge chunk of the adult population, who need to look at it almost daily). Also: social security card (including health portal/doctor booking/comms), driver's license, bus pass, parking app, used-stuff-marketplace, ... eID is _everywhere_ because it's a good idea.
Sure, all of this can be done on a computer. If you're near one. Or you can have separate and physical cards, like we used to have. That still works, mostly: more and more services (eg. bus pass) are going digital-only.
Really, what we need is a top-down embrace of open-source-based platforms as being _as_ (or more) secure than the established tech giants. From governments down, organisations _should_ move away from locked-down (foreign) commercial interests.
My main bank is Commonwealth aka CBA (one of the "big 4" banks here in Australia). For a long time, I held out against installing their mobile app (on Android), and managed fine with their web UI (and with 2FA codes via SMS). Then, 2 or 3 years ago, I needed to start using PayID (sort-of Australia's version of Venmo, ie free instant transfers, except it's supported directly by all the major banks here). And I discovered that CBA had (deliberately?) only added PayID support to their mobile app, you absolutely can't use it in their web UI (last I checked). So I had to finally relent and install the mobile app. I started out only opening it on the rare occasions when I needed to send money to someone via PayID.
Then, a while later, CBA pretty much phased out SMS-based 2FA (or they said that if you had the mobile app installed then you can no longer use it?). Only other supported option is in-app 2FA (no support for third-party TOTP apps). So I had to start opening the mobile app every time I needed a 2FA code. Then, within the last year or so, they made a new rule, that in order to log in to the web UI at all (just initial login, I'm not talking about sending money or any other high-risk action), you had to receive a push notification via the mobile app and tap "allow". So now I literally can't log in to the web UI without also logging in to the mobile app!
So, unfortunately, "just keep using the bank's website on desktop" is increasingly and deliberately becoming not an option. I assume there are many similar stories with other banks around the world.
I paid someone via payid via the web ui. Was via an email address. It was a while ago though and haven't used it since.
Also I've never used the app since the blocked rooted devices, magisk stopped working (cause of safetnet) and moved back to sms "security". I just logged in then without having to enter a code.
I do note you need to allow browser fingerprinting to allow the login to work. Otherwise it's some generic error.
I've made a lot of noise about it so maybe they've "unblocked" me to shut me up. Email the CEO so it registers a complaint. Make some noise.
Definitely have another bank though as you can't just depend on one.
That's true, but the notion that we're still using paper checks in 2026 is so crazy. And yet they remain the cheapest way to handle many transactions in the US financial system. Like a lot of small healthcare providers still prefer to receive paper checks from insurance companies because the electronic payment processors take a 3% fee.
Yes, it is completely insane and stupid. Direct bank-to-bank transfers require significant administrative work to set up, and may still incur bank fees. For individual consumer accounts most people can use Zelle but it's not universally available.
I haven't had issues with the mobile apps of 3 of the most major US brokerages. They run fine on rooted phone. They do everything I'd want a bank to do anyway.
Ditch your bank if they have issues. If their retention department asks why you're leaving, tell them their app doesn't work.
This is what I was thinking as well, TBH. I'm not particularly tied to any of my banks, I already did mostly switch off of BoA because their website was so bad.
Good to hear everyone's responses in the thread though, some stuff I definitely didn't consider.
Country dependent of course, but recently i observe steady push from banks to adopt mobile app. Some have webui neglected and glitchy, some openly announce sunsetting, some already killed web access only allowing app.
And this tendency will prevail as bank can collect way more data this way. Just a month ago one of banks that is often praised here sent me a letter saying “your IP activity doesn’t match your residence” (and i am not even installed their app, they pulled data from web ui usage. Imagine what happens when they get access to data mobile app can supply
The best solution for this is to buy a $30 burner phone at Walmart and use it unactivated, tethered to your main de-Googled device. You can use the burner for only tasks requiring Play Integrity.
Make sure to leave one star reviews on all such apps that you run into.
Yes. However, I already carry a tethered hand-me-down quarantine phone where I install my work apps and undesirable apps like Whatsapp (for those loved friends and family that can't or won't install Signal). Carrying a third phone for "Play Integrity" starts being a bit much.
Anything movement that requires people to routinely acquire a second phone is doomed to failure (in the “this will never become a mass movement” sense)
In theory, it's possible to have a third party (other than Google or Apple) to provide attestation on third party hardware.
You can have a separate core and kernel to run such code. They don't have to be powerful, but they'll need to be small enough to be verified by the said provider. For most of the code that doesn't need attestation, they can be executed on normal hardware.
The provider also has to convince the regulator or banks to trust them. However, if that's solved, the user should feel no difference between pure Android and alternative platform plus attestation.
In that case a two phone approach makes sense. I was willing to try that out, to give Ubuntu Touch a trial on my main phone. This might incentivise it even further for an off-ramp of the Google/Apple duopoly.
In EU/UK, some are sadly app only. I avoid those. Many others are pushing apps as a 2FA, even if you use their website. You need to insist to get another authentication system, like TAN. Some governments are also pushing mobile IDs.
The best Linux for phones, SailfishOS, has a fairly good Android compatibility layer that runs many bank apps well. But despite that, it's an uphill battle. The network effect of the duopoly is gigantic.
I’m old enough to remember the days that banking apps required Internet Explorer and didn’t work on Firefox. Eventually, they were dragged kicking and screaming to support all modern browsers.
There's no point. Remote attestation means your device needs to be corporate owned to be trusted. Even if you had your own linux phone, it wouldn't be able to interface with institutions such as banks and governments. They trust Google's keys, not yours. This doesn't quite end free computing, it just kills it for normal people and ostracizes us hackers who insist on owning our systems.
Some banks have added their verified boot keys. I think it helps that GrapheneOS is well-known by now for great security practices (most likely more secure than all vendor phones out there).
Credit unions, at least in theory, are known for caring more about their customers. It'd be worth explicitly giving them the feedback that you use them via their website or via an app that works on an Open Source phone, and telling them that that's one reason you're a customer.
For me as a desktop linux poweruser, I find this potential transition pretty intimidating, I've never flashed a phone with a custom rom let alone switch to a completely different OS, and I am not sure if the phone can even be reset to its original OS, if things go south.
/e/OS at least has a browser based installer[0] for quite some supported phones.
I definitely recommend trying it out, installing a custom os on my phone gave me the same feeling when I first ran debian on a laptop struggling under windows (even though the performance gains aren't that apparent in my opinion).
The /e/OS installer is terrible though and often fails, even on their officially supported phones (like Fairphone). The standard recommendation in their forums is nah, just install /e/OS through the command-line.
Also, /e/OS has pretty bad security practices (shipping very old kernels, very old vendor firmware, and missing most AOSP security patches).
Also, be careful to follow the instructions really carefully. For some devices it's really easy to get the phone in a boot loop, where the only resort is to get your vendor to repair it. E.g. Fairphone 6 has downgrade protection and will become a brick if you relocked the phone when the old system's Android SPL is newer than the new system's.
Lots of people brick their phones by relocking the bootloader when the Android SPL before flashing was newer than the newly flashed OS when the phone has downgrade protection (e.g. Fairphone 6). The Fairphone/e Foundation forums are pretty full of people making this mistake. Then the only solution is paying Fairphone to fix it.
"flashing" a phone is largely the same as any OTA update. There's of course always a risk of it going wrong, disk failures are always possible, but it's exceptionally hard to do so accidentally. Especially with custom ROMs where they basically never include a new bootloader, so "flashing" is no different than installing an OS on a desktop system - it's just writing to the boot partition. Which you can always do again since the bootloader is still available.
It is not 'largely the same as OTA' on phones with downgrade protection. Once you lock the device again, it's game over because the bootloader refuses to boot an older version of the OS, and you cannot unlock the phone anymore. Happens all the time in the /e/OS and Fairphone forums.
It really depends on the device. E.g. Pixel is quite hard to brick. Though they do sometimes increment the anti-rollback version:
In that case you have to be careful to not flash an older version to both slots and lock the bootloader, which is possible, because many non-Google/GrapheneOS images are often behind on security updates.
> Are you seriously implying that flashing phones doesn’t risk bricking them or you’re not aware of that risk are you serious?
Yes, that is generally the case. As a general rule with an Android phone reflashing the OS itself or the bootloader carries no risk of bricking the device (meaning making it impossible to recover without specialized hardware and/or opening up parts that were not intended to be opened).
There are plenty of ways to "soft-brick" a device such that you might need to plug it in to a computer, and adb/fastboot can definitely be a pain in the ass to use (especially on Windows), but if you have a device with an unlocked bootloader it's very rare to be able to actually brick the device while doing normal things.
Now, if you're doing abnormal things like reflashing the radio firmware you can absolutely brick some devices there, but you don't have to do that just to boot an alternative OS and generally shouldn't be doing it without very good reason and specific knowledge of exactly what you're doing.
I'm not going to say there are no devices where the standard process to flash an alternative OS is dangerous, but none of the relatively common ones I've ever owned or used have been built that way because OEMs don't want their own official firmware updates to be dangerous either.
tl;dr: It is sometimes possible to brick a device by flashing the wrong thing incorrectly, but the risk of doing that if you are just installing an alternative OS through a standard process is basically zero.
I flash phones almost every other week. And tablets. I have been flashing since Androids came out. But never bricked. But maybe that is why I don't have any problems.
The challenge I've found when looking for instructions for flashing one of my old phones is the assumption of knowledge some rom builders have, or perhaps an assumption about their audience. This seems like it has the potential to bit someone in the ass because if they're relying on other sources like the lineageOS wiki or forum posts elsewhere for example there's no guarantee it'll stay available, complete, or relevant to their variant over time. It's an added burden for what is a gracious volunteer role, but it's a handicap if they want more people using the fruits of their labor.
Expecting Google to give up control of one of the only alternative operating systems is right up there with believing in the tooth fairy.
What you're saying should happen, but it will only happen when the government legislates it happens; which frankly they should be doing (along with nationalizing a few other software projects to be fair).
A trillion dollar transnational corporation with massive monopolistic tendencies will never ever do the right thing. Expect to force feed it down their throats.
In general, governments seem to be much more invested in making it illegal to have anything that is too open and too free. Even EU is lusting for draconian control features like chat control where you don't own and operate the software you installed on your device even if, at the same timem, they're trying to gnaw on the influence of Big Tech.
Adoption would mean that orgs like the European Payment Initiative behind Wero would adopt Linux phones even other AOSP ROMs. Not seeing that. Banks and streaming platforms that require DRM are keeping most (non-activist type) users locked in.
It may push a minority of users who really care about open source to Linux phones. I expect the majority of users will grumble but cave and re-adopt mainstream Android or Apple.
I don't care about specs, I care about functionality and price. The camera on the pinephone doesn't practically work because it is too slow and the quality sucks. You basicially cannot record videos whatsoever. I can't use the device for GPS navigation. I can run whatsapp within waydroid, but it isn't practical due to the battery life and startup limitations that imposes. The GPU on the pinephone sucks, is underpowered, doesn't support OpenGL ES 3 or vulkan, and the user interface is always slow as hell to navigate.
So practically I cannot use it as a daily driver.
Librem 5 does have enough GPU horsepower, a functioning camera, and good pmOS support. But $800 is a lot to ask to test out switching to linux with no guarantee that my workflow will work or I will have enough battery life. It looks like the librem 5 can't record videos or do GPS navigation yet.
I am looking at the librem 5 specs again. The EG25-G is probably a better starting point for the modem now that it has been better documented and reverse engineered as a result of the pinephone project. It is interesting that the L5 has a generic smartcard reader though.
Even if you have linux, there are still third parties that have control over your hardware. Even if you're using graphenos, you can't block the sim or the cellular radio stack, and likely other modules on the SoC, from at-will access to every sensor on the device. You can at least protect your files, unless there's a mitm or other vector that graphenos can't cope with. And at worst, they can simply clone all your encrypted bits and wait on Moore's law or sufficient cubits to go back and crack the copy, on the off chance there's anything they want with your data in the first place.
What a lame and useless doomer POV. Do you refuse to go outside because a lightning strike could kill you at any instant? Why let things that aren't in your control (yet) stop you from taking control of the things you can now?
If it's got a sim card, it's still phoning home and providing location data. You can't escape the panopticon. A faraday bag gets you mostly there, though, but the point isn't that you can maneuver against it, it's that the device and its operation is fundamentally compromised by design.
There's a whole lot of shady crap underlying the infrastructure and the hardware that consumers cannot touch, pinephone / librephone or otherwise. It's not designed for consent. At best you can gain ephemeral relief, but even that is illusory, because by simple process of elimination, differential analysis allows fine grained ID and tracking of people even if they don't have accounts, phones, interact with websites, etc.
It's not a shady cabal of lizard people, it's just the grubby natural alignment of interests by a wide ranging set of companies and regulators and groups who allow it to happen without imposing any accountability, and ensuring that the system remains structured such that no effective accountability can be imposed.
Extorting constant streams of data for adtech is too valuable and the entire thing is too complex for silly things like ethics to interfere.
For sure - and you can use WiFi only, set yourself up with a HaLow rig and give yourself a ~10mbps connection anywhere up to 10 miles from your home, suitable for voip and low rate streaming, throw in VPN, and remain completely off-net as far as cellular networks go. I'm actually planning on using a wireless touchscreen and mobile halow/raspberry pi network/storage stack to completely replace my phone, but the bigger issue is automated tracking of everything - if you're the only blank spot in a sea of known individuals, it's just a matter of seconds to id you, since everything everywhere about everyone is tracked online.
We should be enforcing informed consent regulation of network infrastructure, treating privacy and anonymity as synonymous with liberty and freedom. Allowing the system to operate as it does is a choice; those with lots of money get to make it grow by exploiting a constant invasion of privacy with no concurrent return to the society being exploited.
Phones aren't built to be privacy respecting, and kill switches are a mitigation of a symptom, they don't do anything to address the disease.
There is an implicit shame in disgrace but faceless entities have no shame. They'll just put out another press release written in corporate newspeak by an LLM and move on withe the plans anyway. This is standard Google behaviour. They do it with Chrome, they do it with Android, they'll keep doing it with all their captive markets. I fear that in practice even having an "advanced flow" will make little difference as some applications will refuse to work if you have it enabled anyway (in the same vein if debugging is enabled, for example).
Nothing about Android is open except the absolutely minimum amount of linux kernel that's required to boot the thing. Then it's blobs and restrictions all the way to the screen.
The impact is a direct threat to independent AOSP distributions like Murena's e/OS/ (which I'm personally using).
I don't think this is true, right? An AOSP build can just decide to still allow installing arbitrary APKs. Also see this post from the GrapheneOS team:
The enforcement mechanism is in Google Play Services, not AOSP. To laypeople the difference doesn't matter but to folks looking for alternatives it does, so the discussion is often muddied and imprecise. This is like when YouTube removed public dislike counts and it turned into "they're removing the dislike button!"
You can’t really do that long-term as Google will change code that will not match however you are not enforcing this policy
So at the very least you’d have to keep patches up to date.
Long term divergence could be enough that’s it’s just a hard fork and/or Google changes so much that the maintainer can’t keep the patches working at the same pace
I couldn’t read your link as it asks to join mastodon.social
Good thing restricting side-loading isn't legal in the European Union! Not a problem here. Apple had to enable side-loading on their EU-based phones and so will Google if they restrict it.
Yes it is, and no they didn't. Apple has to allow (heavily restricted) alternative app stores, and I'm not clear on whether any actually exist right now.
What Apple restricts and is legal are not the same. Apple is doing malicious compliance and the legal system ain't buying it. But it takes some time and iterations to shake out.
They have moved much faster on much more complex plans though. If this is a case of Apple breaking the law then surely they wouldn't need over two years to tell them to stop it? The EU regulations seem largely to be, you need to do X and you need to figure out how to comply by Y date. They aren't gently guiding these corporations to compliance.
So I'm leaning more towards Apple is in compliance and the common perception is incorrect. Which is fairly common when it comes to laws and regulations of any country.
The kind of "side-loading" of notarized apps outside the manufacturer's app store that Apple allows in the EU is exactly what Google proposed to do for all its Android builds. We don't want that.
If a lawsuit tackles this problem in the EU, will we finally also see somebody go after MS for their obnoxious code signing certificates?
While MS code signing certs are more circumventable for power-users than Android's new approved developer program, their pricing is far more prohibitive for independent OSS developers and hobbyists, costing hundreds of USD per year.
Good news: You (as a community) can now finally wake up from your dreams and get some things right!
It's really a shame that you always wait until you really get forced. Particularly in situations when every individual's inability has consequences for the others as well. I really gave up all ideas of a better world. With this community, the best you can hope is that the decay will be slow.
So everyone who would describe himself/herself as a FOSS enthusiast, or at least a friend of a somewhat open system where the user has some actual rights beyond sole consumption, put some pressure towards having actually de-Googled systems. A system that mostly comes from Google, would not fit my definition of that term at all! Even if they removed some parts of it. It's an euphemism. And it's dangerous because you constantly get trapped by these euphemisms. Ever. Single. F'ing. Time.
Why does there seem to be a growing push to tie real-world identity to nearly everything we do online? The justification is almost always "safety". I know this trend has been developing for years, but over the past couple of years it feels like it's accelerated globally.
I think people in power have realized the impact of misinformation campaigns. And to be fair, western countries have proved to have the resilience of a wet paper bag against foreign influence and private interests.
I honestly can’t imagine a good solution here. A move back to the early 2000s internet would be the ideal middle ground, which requires separating social stuff from informational stuff, and both from engagement algorithms. I have no idea how we’re supposed to put that genie back in the bottle.
And to be clear I’m not saying this as vouching for the current push, I hate it as well.
Yeah, propaganda works, and the US wants to stop foreign propaganda, but the problem is they still want to push their own brand of US biased propaganda so they can't put in any sort of useful journalistic standards requirements upon media conglomerates or it will tie their own efforts up in court and lawsuits.
I think one major issue is the shortening of people's attention spans. People consume snippets of information that show a tiny fraction of the full story. They don't spend 10 minutes reading an article or watching a video, with a few exceptions. More people probably watch clips of Jon Stewart than actually watch his show. I think we ought to start addressing that issue, and see how it affects the efficacy of misinformation campaigns.
Yes, misinformation is a problem. Deanonymization is a bigger problem. If you can't say anything anonymously, it becomes much more difficult to fight entities bigger and more powerful than you.
I agree, but that isn’t a good argument to offer to the entities bigger and more powerful than me.
Governments and companies feel a pressing threat of a trump-like populist overtake in each country. They need the bots, fake socials and slop stopped yesterday. An abstract degradation of freedom of speech isn’t going to cause pause.
There is a national security argument that I think is more likely to help, at least for non Americans. Do you want a foreign power to have control over your citizens phones being functional?
The irony in this line of thought is that by stifling anonymous speech and enabling censorship, countries will usher in their own reactionary movements as dark money is globally spent on platforms to push paid advertising advancing reactionary rhetoric. It's already happening in the UK, Germany, France and Spain.
Right-wing populism isn't what's being banned here, it's dissent. Platforms are happy to take domestic and foreign fascists' money and push their agendas no matter where they are globally because it benefits them, too. Those paid placements aren't being banned, your ability to disagree with them and not be identified is.
That’s a very good point, it’s another hole in the sieve.
This “fix” just routes people through official channels but those channels aren’t exactly proving to be worth the term walled garden. My YouTube adverts lately border the quality of early 2000s piracy sites, it’s honestly baffling how little they value their own product in their willingness to take anyone’s money.
The only reason I was sticking to Android for years is this. And I think there is no moat for Android. I would rather switch to iOS if both platforms are same restrictive.
I did this last year. Reluctantly. And using iOS still hurts. But it’s better than that Google crap.
I developed my own Android ROMs from 2009-2011, complete with my own tuned kernel. I ran the local Android developers MeetUp group and evangelised Android development. When Honeycomb launched I helped OEMs test their beta firmware. For free.
But as Google has become certified Evil, the direction of Android has been very clear. In practice I honestly can’t say it’s now any more open than iOS. Except it has a lot more avenues for Google to mine your data to sell ads. And the quality of third party apps on it is decidedly worse.
I thought long and hard about getting a Linux phone. But I need a good camera on my phone to take random snaps of kids/pets/etc. And the Linux phones just aren’t there.
I hate the shitty duopoly we have ended up with. But I now realise that the openness of x86 and pc as platform really was an accident of history.
Strong disagree. Linux, its permission system and its (barely existent) application isolation are lightyears away from the security guarantees that Android brings.
Desktop OSes and their derivatives are woefully behind in this regard, and unfortunately the will to bring them up to par is incredibly weak. Of those in mass use (Qubes OS is neat but its user base isn’t even a rounding error), macOS probably does the most, but it’s still lagging behind iOS and what’s been implemented has come with much consternation from the technically inclined peanut gallery.
I understand some amount of reticence with commercial OSes, but there’s no justification for being against it on open Linux based desktops and mobile OSes. We really need to get past the 90s-minded paradigm of everything having access to everything else all the time with the only (scantly) meaningful safeguards coming in the form of *nix user permissions.
> We really need to get past the 90s-minded paradigm of everything having access to everything else all the time
I do agree with that, and I strongly believe that the iOS and Android security model is way ahead of Desktop Linux. But what I observe is that nobody seems to care about the security model. A recurrent complaint I see against anything AOSP-based (including Android) is that people "want to be root".
It comes from a history of using mostly trusted application sources like Debian/Ubuntu package archives with manual review being the norm. And few supply chain attacks.
But both Flatpak and Snap offer this new model from the two biggest desktop players in the Linux world: Red Hat and Canonical.
As the sibling comment said though, being an administrator for your own computer (including a phone) does not mean that you will be running untrusted applications as one: on the contrary, if you assume an administrator role and run an untrusted application, naturally, all bets are off. But even as a power user, I'd love to be able to safely run programs I do not necessarily trust, feeding it only data it needs and no more.
Again, Snap/Flatpak provide this model, but we need to see more application authors take them up to ship their software.
It comes from a history of using mostly trusted application sources like Debian/Ubuntu package archives with manual review being the norm. And few supply chain attacks.
What most of these people do not seem to get is that proper sandboxing does not only protect against attacks from the inside (rogue developer, supply chain attack), but also from the outside. Most desktop apps probably have a good number of security vulnerabilities that can be exploited when they parse untrusted data. On the Linux desktop, most apps still use decades-old C libraries for parsing XML, images, JSON, etc.
Sandboxing also protects against external attacks.
Again, Snap/Flatpak provide this model, but we need to see more application authors take them up to ship their software.
Agreed, though for a lot of technical and social reasons, most apps still need privileges that allow trivial sandbox escapes on Flatpak (I don't know or care about Snap). Strengthening app sandboxing should be a top-priority for the Linux desktop, but only a few people seem to care. The same for fully verified boot, etc. Even things like UKIs only go so far, yet almost no distribution has adopted them.
The general security mindset of the Linux desktop community seems to be stuck in the 90ies, levitating between hahah, they cannot get root (as if that matters on desktop Linux) and secure boot and sandboxing is here to take my rights (on open source desktop Linux, seriously?).
Agreed. I want to "own my device" as in "being able to install the system I want on it". Not as in "I want it to behave exactly like Desktop Linux", or whatever it is that people complain about AOSP.
On my Desktop I love Linux. But on my smartphone, I want AOSP.
Largely agreed, though I think on the desktop I’d also want AOSP in desktop mode with a traditional Linux distribution in a VM pretty much like Android 16’s Linux VM.
But then on desktop/laptop-class hardware, since the thermal constraints are different and it’s nice to have extensible storage and RAM. Of course, all this on the phone is also nice for when you only have your phone with you.
Then one could use fully sandboxed apps for banks, instant messaging, etc. and the VM for development.
Yes I can totally imagine that in a few years, most people will only need a smartphone and a dock station. At home, they will plug their phone (iOS, Android, whatever) to their dock station and it will behave as a Desktop. And it will be good enough for everything they do.
Allowing the owner of the device root access doesn't necessarily break the security model. It just means that the user can grant additional privileges to specific apps the owner has decided to trust. Every other app still has to abide by the restrictions.
The fact that Android complains and tells any app that asks whether the owner actually, you know, owns the device they paid for is an implementation detail.
A Linux distribution that adopts an Android style security model could easily still provide the owner root access while locking down less trusted apps in such a way that the apps can't know or care whether the device is rooted.
IMHO, I should be able install the OS I want on the hardware I paid for. What should be illegal is to technically prevent me from installing a different OS, because I paid for that hardware and I should own it.
But that does not mean that all OSes should be open source. I think it's fine for iOS to be proprietary, but there should be enough information for someone to write an entire alternative OS that runs on iPhone. I think it should be illegal to prevent that (is it called tivoisation?).
All that to say, I don't believe that having root on my Android system is a right. But being able to install a system that gives me root should be one. If that system exists, that is.
> A recurrent complaint I see against anything AOSP-based (including Android) is that people "want to be root".
I want to be able to do what I want with my PC or phone. I don't want every app on my PC or phone to be able to do whatever they want, without me agreeing first.
I want to be able to install what I want on the hardware I own. And I should be able to leverage the hardware to its full capacity. Preventing me from adding custom keys and relocking the bootloader should be forbidden, because I own that hardware.
But that does not mean that I should be able to do whatever I want with any OS I install. If I am not happy with Android, I can install LineageOS and modify it the way I want.
I am obviously not a big fan of Google, but I do believe that AOSP is actually a good deal (a lot better than iOS which is proprietary). Google is doing a lot of work on AOSP. That I cannot unlock/relock the bootloader on some devices is not Google's fault.
It's important to keep separate the parts of the security model mobile did well from the parts it got wrong. Declaring that app developers can decline end user access to app files is unacceptable. I get final say on my device. I get to run as root. Hell, I get to run as ring 0 if that's what I want to do.
IMO, the developers choose what software they want to write. If Microsoft Word decided to remove the "export to PDF" feature, that would be their right. And it would be your right to stop using Microsoft Word. If you want to be root on your system, you are free to install a system that gives you root access.
And that's the part that I believe should be a right: if you buy a smartphone, you own that piece of hardware, and you should be able to install the system you want. But if you are not the one developing that system, you don't get to decide what this system does. Just like you don't get to decide whether Microsoft Word can export to PDF or not.
Do you have any source for that claim? That would be a pretty serious security issue even unrelated to any security hardening (eg. on a multi-user system, one user could read out the password from another user — even with desktop usage, second user could be SSHed in).
As a datapoint, everything in /dev/input/* is owned by root:input on my Debian Bookworm install, and my main user is not a member of the "input" group either.
Biggest problem with most security hardening for Linux desktop is that it breaks the natural usage pattern: I store my files by their content, not by their format (eg. I might have a folder for my project containing image files, spreadsheets, FreeCAD files, maybe even some code or TeX/ODF files). If programs are restricted to access the entirety of my $HOME though, there is not much benefit to that protection since that's where my most valuable data is. If they are restricted to per-program folder, I need to start organizing my data differently and unnaturally.
Android mostly does not use the "files" metaphor and basically does exactly that (per-app data): coming up with a security model and file management UX that does both is where the challenge is.
It's the same reason I choose to keep my front door unlocked basically all the time - I know my neighborhood, the risk is really low and the convenience is high.
Further... practically everyone agrees that they don't need bank vaults as front doors. It makes zero practical sense: The cost is incredibly high, and the convenience is very low.
There are ALL sorts of wonderfully cool things you can do on a system where applications are allowed to trust each other, and the system is permissive by default.
You can customize behavior more easily, you can extend software more easily, you can add incredibly detailed & functional accessibility support, you can create incredibly powerful macros and commands.
This is so important that fundamental OS design from the early 90s actually prioritized and catered to exactly this style of open, trusted, platform (ex - all of COM in windows...). This is what made personal computing a reality...
All of those fall flat when you try to impose "well funded" security efforts.
Those efforts have a place, in the same way that bank vaults have a place. Whether that place is a personal computer is a different question.
Implying those folks are hostile for no reason is... at best a woeful misunderstanding of the situation, and at worst a malicious mischaracterization.
Flatpak and Snaps are built to solve this. They do conflict with some expectations from users to be able to play around with things, though, so they do not have the penetration one might want.
They only cover the user-facing app part of the story. The rest of the system needs isolation and safeguards, too, including things like the desktop environment and whatever random daemon.
A solution that's integral to the system and not just loosely taped on is required.
Letting everything I install have access to everything is the core feature I want out of a platform. If I can't have that might as well just use android
This might be a strange take in these times, but I feel like the browser largely solved the "I need to run potentially adversarial application code in a sandbox". For native applications, stick to stuff that's vetted and in well-maintained repositories, or well-known open source projects that you trust. All of this technical work just to be able to run hostile native code ignores that you don't have to, and probably shouldn't want to, run sketchy code on your device. Installing random untrusted software is bad, even with the most advanced security model in the world. At the very least it will probably abuse whatever permissions it has to spy on you to any degree it can (which is a lot, even for web pages) and to send you advertising notifications.
The security of Android doesn't mean much to me as long as the front door is left open by design for Google, and therefore the government, to directly spy on you.
This assumes that the mentioned systems are the only security considerations on a Linux system. Clearly this is not the case so I am unsure why you omit other security-related aspects of Linux here.
Android, being based upon the Linux kernel, has all those and its own app permission system built on top. Linux on its own comes nowhere close to this.
I understand why mobile/tablet OSs are so crappy compared to desktop; in the past these devices had no resources cpu and ram wise and had to heavily watch battery consumption (the latter is still true mostly, but that should be up to the user), but my phone is more powerful than my laptop and yet runs crap with no real usable filesystem and all kinds of other weirdness that's no longer needed.
However, I have 2 Linux phones and Linux on phones is just not there. Massive vendors (Samsung, Huawei, etc) would need to get behind it to make it go anywhere. Also so banking etc apps remain available also on those phones. We can already run android apps on Linux, Windows apps, so it would be a bright future but really it needs injections and support for large phone makers.
I hope the EU/US mess will give it somewhat of a push but I doubt it.
FWIW, Nokia did develop a pretty good Linux phone back in the day (Maemo/Meego) with Nokia N9 (it even received rave reviews from consumer tech sites like engadget), but it did get killed off as they got absorbed into Microsoft (we all know that didn't age well).
Similarly, Palm Pre, and especially HP Pre 3 was a wonderful WebOS incarnation.
Ubuntu Touch did seem like it had a future, but it was a massive sink for Canonical so it was defunded as well.
The user experience was there on all of these: the apps, not so much.
Ubuntu Touch is not dead though, I use it happily on my primary device for 8 years. It's working like a charm. And waydroid allows you to run APKs, even if some bank apps may not work.
I.. don't think it will happen. For several reasons too. It is not that I don't think Android will change substantially, but the following constraints suggest a different trajectory:
- AI boom or bust will affect hardware availability
- there is a push on its way to revamp phones into 'what comes next' -- see various versions of the same product that listens to you ( earing, ring, necklace )
- small LLMs allow for minimal hardware requirements for some tasks
- anti-institutional sentiment seems to be driving some of the adoption
This is one of the most naive things I see people repeat.
The reality is that we're lucky to have mostly-good things at all that align with most of our interests.
Yet people get so comfortable that they start to think mostly-good things are some sort of guarantee or natural order of the world.
Such that if only they could just kill off the thing that's mostly-good, they'll finally get something that's even better (or rather, more aligned with their interests rather than anyone else's).
In reality, mostly-good things that align with most of our interests is mostly a fluke of history, not something that was guaranteed to unfold.
Other common examples: capitalism, the internet, html/css, their favorite part of society (but they have ideas of how it could be a little better), some open-source project they actually use daily, etc.
If only there weren't Android, surely your set of ideals would win and nobody else's.
Agreed that there is a ton of baby in this bathwater.
Also, the open nature of AOSP gave Google its advantage during the early days. Since then, Google has morphed into a company that would likely not make the same decision to create an open-source OS free for others to use and contribute to.
So in the end, what we as consumers actually get, in 2026:
- Google encourages application developers to use hardware attestation to prevent themselves from running on non-blessed, third-party AOSP distributions.
- Google builds basic functionality people care about (including passkeys!) into Play Services, a closed mega-application that happens to require a Google account for most features, and is a moving target for open distributions to mimic.
- Google has closed AOSP contributions to themselves and OEM partners only. AOSP releases are now quarterly source dumps.
- OEMs which traditionally allowed bootloader unlocking (and thus actual ownership of the hardware) have removed it as a matter of policy.
So what exactly is open about Android anymore? Does "source-available OS you can see and not touch" align with your interests? Because it's increasingly not aligned with mine.
I like it, because more and more people see Google as what it is: a ruthless, selfish and extremely greedy mega-mega-corporation. The less we depend on it the better.
>The impact is a direct threat to independent AOSP distributions like Murena's e/OS/ (which I'm personally using). If installing a basic APK eventually requires a Google-verified developer ID, maintaining a truly de-Googled mobile OS becomes nearly impossible.
I have trouble understanding why this is a threat to AOSP distribution. I would have said quite the opposite actually, I don't see why they would not remove the verification and that's an incentive for people to use their project instead of Google Android.
Who could Android be possibly recommended to at this point?
I know iPhones aren't affordable for the layman in many countries. But for anyone with an option, why would you buy an Android? All the "customization" things I cared about when I was on Android are either doable on an iPhone now with better implementation, or something I don't care about.
I was a die-hard until I went through enough cycles of Google deprecating and reinventing their apps and services every year, breaking my workflow/habits, that I got sick of them and moved to Apple everything. And all the changes I've seen since then are only making me happier I got out of the ecosystem when I did. Unlimited Google Photos backups with Pixels are gone, Google Play Music is gone, the free development/distribution environment is gone, etc.
If people can't even develop for the thing without going through the Google process, they're really just a shitty iOS knockoff.
But this thread is about the option to install apps on your device regardless of OS vendor approval, and that's not possible either with iOS nor is iOS open source. And that's what this is all about. If you don't care about open-source and user freedom, then this change wouldn't matter to you anyway.
I switched back to Android in large part for KDE Connect. You can get continuity esque features that work with any desktop operating system. I also get to use real Firefox instead of a Safari wrapper. I still use as few Google services as possible, pretty much just Maps.
It "works" but it is significantly less useful. Notification mirroring doesn't work, you can't read/respond to text messages, it can't reliably run in the background.
These are all due to limitations imposed by Apple.
Regarding notifications, both iOS and android doesn't support reading and responding to text messages. The feature works on android because of a workaround: apps create a global notification listener and they can also interact with notification - read UI contents and respond.
I know it's still better than not having a workaround at all like in iOS. But just pointing out that Google probably never meant to let others access notification mirroring.
As someone who hates both android and iOS but currently has to use iOS, I definitely hate it more. It lacks so many things one can take for granted on android. Even a usable keyboard is missing from iOS.
I love the Java/Kotlin userspace, even if it is Android Java flavour, and the our way or the highway attitude to C and C++ code, instead of yet another UNIX clone with some kind of X Windows into the phone.
In the past I was also on Windows Phone, again great .NET based userspace, with some limited C++, moving into the future, not legacy OS design.
I can afford iPhones, but won't buy them for private use, as I am not sponsoring Apple tax when I think about how many people on this world hardly can afford a feature phone in first place.
However I also support their Swift/Objective-C userspace, without being yet another UNIX clone.
If the Linux phones are to be yet another OpenMoko with Gtk+, or Qt, I don't see it moving the needle in mainstream adoption.
They only share a brand and a subset of filter lists - the implementation and functionality of uBlock Origin Lite and uBlock Origin are entirely different.
When UBOL was released for Safari I switched to it from 1Blocker in hopes of getting a closer experience to the full uBlock Origin, but actually switched back after a few weeks - the filter lists in UBOL were letting through more ads than 1Blocker - and both of them are notably deficient compared to uBlock Origin in Firefox.
At this point, I wouldn't recommend Android other than enjoying the much steeper discount with the headset. For me, the only thing that is keeping me on Android is easier access to commas on the keyboard.
If I understood correctly, to "protect" users, Google wants to control what is installed on Android phones. I guess it means the Play store will be the only way to install an app, which in turn means:
- That users won't be able to install what they want and that they would need a google account to install apps
- That app developers have to go through google to distribute their apps, with identity verification etc.
Obviously this is awful and would mean the end of F-droid and Aurora store etc.
However, I'm also reading here and there that it is a threat to alternative ROMs. To me it sounds at the contrary as an amazing opportunity, as they can strip this verification and be the only truly open Android, or am I missing something? Why do people link this app verification thing with a possible closing of AOSP?
Also, Mozilla was already saying it 10years ago with Firefox OS but... The web is the platform. 90% of the apps out there could be websites. We have all technologies needed for this including offline with service workers. And it works on every damn platform, even the most obscure OS has a web browser. Don't want to be locked to an ecosystem? Just target the web!
> I guess it means the Play store will be the only way to install an app
No, non-Play stores will still work, but developers will need to register a developer account with Google that is tied to some real identity. They already need to do this to distribute through the Play store, but now it'll apply regardless.
This is to make it harder for scam apps to churn app signatures. Kind of like requiring code-signing, but with only one CA.
> That users won't be able to install what they want
No, sideloading will still work, but it won't work if the APK isn't signed by someone in the Google developer registry.
> and that they would need a google account to install apps
Nope.
> That app developers have to go through google to distribute their apps, with identity verification etc.
They don't need to distribute through Google, but they will need to be involved with Google and do identity verification.
> However, I'm also reading here and there that it is a threat to alternative ROMs. To me it sounds at the contrary as an amazing opportunity, as they can strip this verification and be the only truly open Android, or am I missing something?
You're being misinformed. They won't even need to strip the verification. The verification is only for certified Android -- OEMs that partner with Google. Custom ROMs and the OEMs that aren't certified (Amazon, some Chinese manufacturers) won't have verification.
The target audience for verification and who would ever use a custom ROM has basically zero overlap.
Yeah, I get you. I think the main misunderstanding from the original comment is that the *user* won't need a Google account, only the *developer* (signer to be technical) will.
I contacted the EU DMA team about my concerns and got a real reply within 24 hours. Not just an automated message, it looked like a real human read my message and wrote a reply. I'd urge other EU citizens to do the same.
Great idea, I just did the same. I encourage other EU citizens to do the same. Keeping at least one of the two major mobile ecosystems open is important.
(And install GrapheneOS, the more successful open Android becomes, the better.)
True. I'm really happy that they are working with an OEM to bring an alternative in 2027. Until then:
- A refurbished Pixel works (except some weird Verizon locking that I heard about the other day).
- Pixels get really heavily discounted near the end of the cycle (e.g. 9a currently). Google probably doesn't make much on it if you are opting out of your ecosystem.
Still, you are stopping the extraction of analytics, which probably bring Google the much more revenue over the longer term, and it is not possible to disable on regular Android phones.
Remember that on every certified Google Android phone, Google Play Services runs with system-level privileges. On GrapheneOS, it is sandboxed like pretty much any other app (if you choose to install Play Services) and you can make it 'blind' by revoking most privileges.
Same for Pixel Camera, etc., I just block network access.
Well, Google has marketed Android as an open source operating system (AOSP) and openness about the system [1] and encouraged manufacturers and developers to build on it based on the premise of openness and of course being "free". People advocated for Android because it was open source compared to other alternatives. But with this change they are simply ending that openness. People that have developed F-Droid and other alternative stores have contributed to the platform value (such as not being able to de-google their phone), the same goes for many other developers who have spent countless of hours developing for Android.
To say they don't owe you nothing seems like a betrayal on the promise that Android was an open platform (and open source).
> You are free to not use their products or start a company to compete
That's not an option as you are making it out to be. For a user switching means buying a new phone, repurchasing apps (if you bought) and maybe apps won't be even available to the new system, for developers that means all their knowledge about the system gone. Building a mobile operating system requires millions if not billions of dollars, years of work and convincing developers and businesses (hardware makers) to use your operating system. The barrier to enter is so high that telling people to just compete with Google is not a realistic solution.
Party A does not owe Party B the right to sell in Party A:s legal area.
Party B is allowed to choose not to sell in EU. If you wanna sell in EU you have to comply with EU rules. If you wanna sell in US you have to comply with US laws. That simple.
Maybe "intelectual property" is really imaginary property given how the same big companies just gobble data from other people and companies wothout permission to feed their AI models (Facebook with books, recently NVIDIA with milions of videos from Youtube).
I guess they would not due that if they really believed some questionable synthetic construct like "intelectual property" really existed ?
Are we still talking about massive companies with power to arbitrarily decide how billions of people use the personal computers they bought? Who's doing the feeling? Why would we presume all of their conduct to be moral?
That is not how the European Union works. One of the core goals of the EU is to guarantee the European single market. One of the core principles of the single market is the Freedom to establish and provide services [1]. The Apple/Google duopoly have effectively created a market within the single market where the core principles of the single market do not apply anymore.
Tech has a strong tendency to favor outcomes with only a handful large players that make competition impossible due to network effects, etc., distorting the market. The Digital Markets Act was made to address this problem.
IANAL, but Google's Android changes seem like a fairly clear violation of the DMA.
This is typically hard for people from the US to grasp (I saw that you are not originally from the US though). In Europe, capitalism is not the end goal, the goal of capitalism is to serve the people and if that fails, it needs to be regulated.
---
As an aside, the lengths people go to defend a company with $402.836B yearly revenue :).
Yes. I am effectively asking you what the moral justification for DMA is. I understand that lawmakers can make whatever law they want. I understand they made it. I am curious how people who agree this should be possible think of this from a moral angle, especially as engineers who make their living by creating intellectual property and probably wouldn’t want to see control of it seized randomly
I'd ask the inverse of the question: morally, should a single gatekeeper have the right to deny two consenting parties the ability for one to run the other's software?
Especially when that ability has been established practice and depended upon for decades? And the gate-kept device in question is many users' primary gateway to the modern world?
There's nuance here, of course - I'm not morally obliged to help you run Doom on your Tamagotchi just because you want to do so. But many people around the world rely on an Android device as their only personal computing device (and this is arguably more true for Android than it is for iOS). And to install myself as an arbiter of what code they can and cannot run, with full knowledge that I could at any time be required to leverage that capability at the behest of a government those worldwide users never agreed to be dependent on? That would be a morally fraught system for me to create.
At some point free markets become fiction. There's no financially viable way to start competing businesses in markets as entrenched as mobile OSes. Otherwise this would have happened. And if that becomes anti consumers, then the consumers start changing the rules the companies operate under. Because in a democracy we have more consumers than CEOs,so they vote with majority.
(This obviously simplifies things, but ultimately we as humans still haven't found the one and only true philosophy or moral, and maybe that's not possible (I'm no philosopher))
The moral justification is that I am a citizen, and can demand the laws I want. When enough people think like me, we can actually make it a law. By holding the smartphone OS oligopoly these companies hold a lot of power on the people. I do not like that. Hence I like laws that try to change that.
> especially as engineers who make their living by creating intellectual property and probably wouldn’t want to see control of it seized randomly
If these people try to use their intellectual property to control my device and hence my ability to do things, I want to have a say what they do. Yes, that is what software is: directions to machines. I own the machine, hence I want a say what it does. You are free to keep your intellectual property for yourself, if you want to.
> especially as engineers who make their living by creating intellectual property and probably wouldn’t want to see control of it seized randomly
The premise of your question seems surprising.
1. In what sense the DMA enables seizure of control of intellectual property? I haven't heard of seizure being part of this.
2. In what sense DMA does so randomly? The DMA's rules seem to be written down, not random. Where are you seeing randomness?
Also:
3. One intention of regulation is that you don't want one (or a few) entities, regardless of what they are, to gain too much power over your citizens' lives. They want power to be distributed, just like to America's 3 branches of federal government were designed to distribute power. Could you explain what specifically you find difficult to understand about people finding it immoral to give a single entity too much power?
There are no absolute morals. But I think in general healthy societies are arranged around the ideas that people should have: the basics of living (housing, food, vacation, and some luxory), agency, and equal opportunities.
It should be clear that having a small number of companies murder all competition and personal freedoms (like doing what you want to do with something you own like a phone) are in contrast to these basic values.
---
Or the alternative, more blunt answer: it does not require a moral justification. EU citizens directly elected the EP, the EP ratified the DMA. So Google can either comply or leave the EU as a market (which they wont do because it's too large and others would be happy to take it).
The moral argument is that vertically integrated monopolies threaten the rights of consumers, who are human beings. Corporations are legal fictions and their "rights" are another convenient fiction to align incentives. They carry zero moral weight.
The moral argument is that private companies aren't elected and Google/Apple aren't supposed to have the power they have, they aren't government bodies.
> Party B owes you nothing. You are free to not use their products or start a company to compete.
When 99% of government/banks/etc require you to use a certain service to access basic services, you need some way of ensuring you don't have to sell your soul to use it. Alternatives would be really great, but Google is part of a duopoly.
Just because you build the rails doesn't mean you get to decide who gets to use the trains.
That is not their fault, though. I can see how you could complain to the people who mandate you use B’s products. Otherwise what you’re saying is that control of any intellectual property can be stolen from its owners simply by becoming popular outside of their control
It is though. They are actively working on increasing their marketshare. That doesn't happen by accident. They have chosen to place the interests of the corporation over the interest of their fellow people. They are fine to do that, because we separated that responsibility. Corporations can only chase for profit, because we have governments, that make the rules, so that chasing profits is in the interests of the people.
Maybe you don't like that, and that is fine for you, although I don't like that you don't like that. Maybe you want a society where might makes right. However a lot of people don't feel that way, hence why we outsourced that world model to the government.
People don't like that their neighbor is stronger than them and takes there stuff, so they pay feudal lords. Then the feudal lords want some security, so they outsource that to elected emperors. After a while the feudal lords misuse their power, so parliaments are invented. Eventually people have enough and demand voting rights. The elected leaders betray the people by sending them to war, so they created multinational institutions, that try to prevent this (EU). They haven't used their power to betray the people enough, so we are still fine with them.
"Wealth comes with obligations" is literally in my country's constitution. You, may don't like that, but I do. I think a lot of other people do as well. It is of course always for discussion how much.
It kind of is their fault because of Google Play Integrity APIs. They are effectively developing tools that are designed to make their product mandatory. There wouldn't be a backlash that big if we could just unlock our bootloaders and run a patched version of Android.
> any [] property can be [taken by the state] from its [original] owners simply by [those owners becoming more powerful than the state wants]
When rephrased like the above, I think what you’re describing is pretty common in history. Many industries and assets have been nationalized when it serves the state’s interests.
IMO the moral justification is that there is no ownership or private property except that which is sanctioned by the state (or someone state-like) applying violence in its defense. In this framing, there’s little moral justification for the state letting private actors accrue outsized power that harms consumers/citizens.
People outsource the brutality (to the government), so that they don't need to deal with it in their daily life. If we couldn't force companies to act in ways we want through a formal system, then the world would look much more brutal.
I can ban persons from doing things, I rather not have them do. Companies are legal persons, so why shouldn't this apply to them? At some point ignoring behaviour is not making it go away, it needs to be actively worked against, otherwise it will become (practically) mandatory.
the core problem with banning is who is doing it and why, right? once we allow it, it goes into the hands of the “politicians” and then books get banned today, ice scream gets banned tomorrow, math gets banned the next day…
Which is why the more serious consequences a law has the harder it is to change it and the more people need to sign off on it. There is stuff that needs simple majorities, stuff that is in the constitution and requires a super majority, stuff that can't be changed short of abolishing the current state and stuff that can't be changed at all, because it is just an assertion that is independently on anyone asserting it.
This is kind of a "solved*" thing in theory, not so much in practice of course.
*solved meaning we have a proper process established
Google is engaging in immoral business practices. Since they are immoral, it is morally justified to say they must be stopped.
> how would you feel if you were on the receiving end of such a dictum?
I continue to be astounded how people still just flat out assume that everyone must be a capitalist.
If I were on the receiving end of a dictum aimed at stopping immoral behavior, I would cease my immoral behavior. But I'm not going to be on the receiving end in the first place because I don't aim to do immoral things in the first place.
My moral justification is that my right to do with the physical property I have in my physical hand is more important than any noncorporeal corporation's right to do anything with their noncorporeal intellectual property.
The truth is, I gave party C money for a product. Party B does not get to say anything about what party C gave me. And they absolutely do owe me something, and that is the use of the product they gave me for my money. Whatever their terms of service say about licensing versus owning should not trump the fact that I made a one-time purchase and I have physical ownership that they cannot revoke. This is not a car lease where I have a contract with the dealership and they can reposses the car if I don't make the payments.
And you can use it. You can, in fact, keep using the software that shipped on it. What you want is access to further intellectual property they develop (updates, features), that just so happens to be able to run on your hardware and ability to shepherd it in a direction you want and they don’t.
> What you want is access to further intellectual property they develop (updates, features), that just so happens to be able to run on your hardware and ability to shepherd it in a direction you want and they don’t.
Well yeah, I am paying them with money (and data) and thereby with power and expect them in turn to provide directions for my device, so that is does what I want. That's kind of the deal. If they don't want to provide that, then they can just not accept my money (and data). They can of course produce devices, that to what they want, and want me to carry them around, but then they better pay me.
If they use the power I gave them against me, then I will demand my power projection as a service provider (aka. the government) to project power in my interest.
> that just so happens to be able to run on your hardware
the hardware is specifically locked down with "trusted computing" features to facilitate this. It's not a random coincidence. The problem here lies in the network effects and the use of trusted computing. If my bank app mandates that I use "real deal 100% certified android", then I can't just develop my own OS. So it's an antitrust situation.
If every company in the world teamed up with MegaCorp and made their services contingent on wearing a MegaCorp shock collar powered by trusted computing, would you wear it? You are free to not use the collar... and starve to death in the woods I suppose.
I don't usually even care about intellectual property. It's a hack to grant a temporarily exclusive monopoly as a way to incentivize R&D. The R&D in this case is just solving the question of "how do we establish a larger monopoly". So why should the public be forced to uphold it?
Asking me if I am willing to violate intellectual property in this situation is like if I was being lowered into a pit of liquid hot magma and in order to get out I had to break the flag code or jaywalk or something.
I'll gladly take that trade, either:
- They lose the right to their "intellectual property" and I'll accept that they owe me nothing.
or:
- They continue to enjoy "intellectual property" protections granted by the state, but the state subdues them into actions which are for the benefit of the public.
I'd be happy to make that offer to any of the parties that build closed ecosystems, but none of them will take the offer since closed ecosystems are almost always built with the intent of misusing the copyright system to create a state-enforced monopoly and bloodsuck value produced by real economic activity.
So you're saying that if I open a restaurant I'm free to poison the food and you can just decide whether to eat there or not and no government should be able to forbid me to do this?
The moral justification is the same anyone else employs. I have a tool to create an outcome and I'm going to use that tool to produce that outcome. It's that simple.
I remember not long ago arguing that having Chromium become a monopoly was a bad thing, as it would mean Google could totally twist the web standard in something much more closed. I think this is a prime example.
How do Google and Apple plan to deal with the immense influx of personal apps that AI will help non developers build?
Recently, I was thinking that AI might force Apple to open their devices, because if Apple’s competitor allows sideloading, then the creatives and builders most likely to build their own apps will migrate to the platform providing less friction to getting custom apps onto their device. But apparently THIS is the time that Google has chosen to start locking down their devices as well?!
AI is not yet at the point where non-developers could use it to build useful apps. I've tried. It gave me a good start that saved me a ton of time setting things up but the result was buggy and had a lot of bad code, so I still had to read and understand it all and fix the issues.
The fundamental problem is that we are relying on the good graces of Google to keep Android open, despite the fact that it often runs run contrary to their goals as a $4T for-profit behemoth. This may have worked in the past, but the "don't be evil" days are very far behind us.
I don't see a real future for Andrioid as an open platform unless the community comes together and does a hard fork. Google can continue to develop their version and go the Apple way (which, funny enough, no one has a problem with). Development of AOSP can be controlled by a software foundation, like tons of other successful projects.
Yeah, that's the biggest issue. And it all originally stemed from phone carriers wanting to lock customers into their services.
We need some pro-consumer regulations on hardware which mandate open platforms. Fat chance of that happening, though, as the likes of both the EU and US want these locked down systems so they put in mandatory backdoors.
Google's own phones do not have a locked booloader. You can buy a Pixel and put GrapheneOS on it in like 10 minutes. But basically no one does this, because no matter what people say in online forums they actually value ease of use and shiny features over privacy and software freedom.
Even if locked bootloaders weren't a thing, not being able to just buy a phone with an open Android pre-installed means it would get relegated to the Linux Zone, with a whole lot of "security alert" and "device not supported". Also, low popularity leads to fewer development resources, so it would probably suffer from lack of polish.
People will keep using the OS their phone comes with and that would be Google's Android. It's worse than with Windows PCs and Windows to be honest because phones have a locked bootloader.
The Italian digital ID wallet is already in fact banning GrapheneOS and other ROMs [1], the EU doesn't mandate that member states have to allow non-Android/iOS apps [2]
A hard fork is not needed. Non-Google Android do not have to enforce this requirement. It's more important to get as many people on alternatives like GrapheneOS as possible. And fund them by donating to them. If every ~0.5 million GrapheneOS users donated 10 Euro per month, they would be very well-funded.
There is no such thing as non-Google Android. At most you have people applying tiny patches on top of AOSP, but 100% of the code in the underlying project is still Google-approved, and none of the alternatives have control over that.
It's the same as the situation with Chrome/Chromium. There are a million "de-Googled"/"privacy focused" alternatives to Chrome all using the same engine, and when Google pushed manifest v3 changes to block ad-blockers every single one of them was affected.
At most you have people applying tiny patches on top of AOSP, but 100% of the code in the underlying project is still Google-approved, and none of the alternatives have control over that.
You are making an orthogonal point. Yes, Google maintains AOSP. No, that does not mean that AOSP OSes that are not in Google's Android program (calling it that to avoid semantics games) have to adopt this change. If you want to hear it from the experts: https://grapheneos.social/@GrapheneOS/116103732687045013
Unless these different Android flavors all have the resources to indefinitely rewrite AOSP and remove all Google code they don't agree with - no, they pretty much have to adopt the changes (see the earlier Chromium example). And if they do somehow manage this after a point all the patching basically becomes a fork, which is exactly what I started the conversation with.
I see your point, but it all hinges on when you consider the changes to be a patch set and when a fork. I don't think there is a very clear definition, except I don't think most of these projects would call themselves AOSP forks.
At any rate, this particular Google anti-feature does not require a large patch (or maybe none at all).
> and when Google pushed manifest v3 changes to block ad-blockers every single one of them was affected.
That's just objectively wrong, both Brave and Opera still support manifest v2 and are committed to continue doing so for the foreseeable future. Even Edge apparently still has it, funnily enough.
Nope, actually "both Brave and Opera still support manifest v2" is objectively wrong.
Brave does NOT support manifest v2. They have instead hand picked exactly 4 manifest v2 extensions (AdGuard, NoScript, uBlock Origin, and uMatrix) and have hard-coded special support for them. They quite literally say in https://brave.com/blog/brave-shields-manifest-v3/ that all other v2 extensions will go away from Brave once Google fully removes support for them (which may have happened already, since it was posted a while ago).
> They have instead hand picked exactly 4 manifest v2 extensions (AdGuard, NoScript, uBlock Origin, and uMatrix) and have hard-coded special support for them. They quite literally say in https://brave.com/blog/brave-shields-manifest-v3/
You're misreading that page, they have special cased the hosting of those 4 extensions, because they do not have their own addon web store and are relying on Chrome's instead. You can still install any manifest v2 addon manually, not that there are going to be many outside of those 4 that care about v2.
As for Opera:
"Today, we reiterate what we said back in October 2024: MV2 extensions are still available to use on Opera, and we are actively working to keep it that way for as long as it’s technically reasonable."
which begs the question, why ublock origin is not native on all browser yet?
addons for firefox were at first a way to test features. we only have devtookls because one person wrote an addon copying ie6 dev tool. next Firefox release it was part of the core browser.
Get a large phone vendor to get a flagship phone with Graphene or so on the market. Otherwise nothing will happen. Even starting with the smaller ones like Blackview would do something. But almost no one will do that because users are said to want android; like my parents care... But they will care of course when their banking app stops working... That is the real issue imho.
What about the Android SDK? I don't think that this is open source, is it? As a developer, when you download an Android SDK you have accept a licence that is not open source, right?
Yeah, they're Apache 2.0. That's how Android and some of its forks handle licensing.
For example, most repos in LineageOS's GitHub org lack a global LICENSE file. Instead, licensing is specified on a file-by-file basis within the comment headers.
This does lead to some ambiguity though. You can't put a license header into binary files like PNGs. In those cases, you can only trust that Google won't sue you for using them.
Who else is going to maintain and develop it? It's the same issue as with Chrome, even if you force Google to give it to some other company, they're all just as bad. And it's too big and too costly to maintain for anyone else but tech giants.
The only other options would be convincing users to pay 5 bucks a month for their software, or have some Government fork over the tens of millions required to pay open source developers. And good luck with that.
I'm thinking with ever increasing seriousness: let's split any company that grows past a certain size. Each side gets a copy of the codebase and half the assets, no one who's been on the board on one side can be on the other side's board, and neither side can buy off the other. They can use the existing branding for a limited time and with a qualifier (say Google Turnip vs Google Potato) but after that it's on the strength of the new brand which they're each building and for which they're competing against each other and the rest of the market.
This is not happening in my lifetime, of course it isn't. But by god does it need to happen.
Right? We need a "You won capitalism!" award where everybody in the org gets a huge bonus and then the company is split into small pieces and then they start over. On top of it we do what you describe and enforce the split so they can't collude.
I don't think you understand what that word means.
Regardless, your opinion (and mine) is irrelevant. People want at least some of the features of modern android, and any alternative lacking those is not going to be adopted by most people. Just look at how many people try GrapheneOS and find the minor things to be dealbreakers for them.
And as long as that's the case you can't expect people to vote for a scenario where they'll end up with a, in their eyes, worse product.
Historical meaning is pretty worthless though. It's like saying CPU's are going backwards because the 386 was a bigger jump. Technology matures eventually and that's not a bad thing.
Android doesn't really work on hardware changes as AOSP doesn't run on a single phone on earth anyways, not even the emulators, this is the goal of the manufacturers.
For the features you can read here for example what Android 16 changed:
The gigantic task of maintaining and developing a mobile OS that needs to retain compatibility with AOSP/GPS anyway to tap into the huge amount of applications that are available?
It will cost a lot of money and as long as Google is still doing regular AOSP code drops, what's the point?
I want Google to lock down their platform. Hardcore locked down. So locked down you can't do anything with it at all. Because people need motivation to do something hard.
Android has been a bloated walled garden for years. It should have been like a PC w/Windows or Linux: anyone should be able to make an app (any way they want), publish it, let anyone who wants to download it & run it. But that was never the plan. The plan was to provide a moat to allow mobile telephone operators (& Google) to dictate what users were allowed to do with their phones. Imagine your ISP having total control over your desktop computer. Or killing a website, or program, because the ISP doesn't like it.
It is insane that we, the people giving them the money and agency to do this, that we've allowed this to be the status quo. We need to do something about it. We need to kill Android. And from the ashes, make a new platform that works for us, and not for a corporation's profits and anti-competition.
It's really a cultural disease to accept this. From my other comment:
> I see this in people why have used antagonistic software for decades and have become zombified and shellshocked; the idea that software could be on your side is to alien to them. They['ve come to] hate software and technology and just want to get some work done. They tolerate the abuse because they can't fight Google alone; it's pointless to resist.
Luthen: Turning back will be impossible. You knew where this was going. You've always knew. Has anyone ever made a weapon that wasn't used? The network has been built. It's up. It grows or it dies. We've waited long enough.
Mon: Do you realise what you've set in motion?
Luthen: It was time for that as well.
Mon: Palpatine won't hestiate now.
Luthen: Exactly. We need it. We need the fear. We need them to over-react.
Mon: You can't be serious!
Luthen: The empire has been choking us so slowly we're starting not to notice. The time has come to force their hand.
Mon: People will suffer!
Luthen: That's the plan. You're not angry with me. I'm just saying out loud what you already know. There will be no rules going forward. If you're not willing to risk your conscious then surrender and be done with.
> Imagine your ISP having total control over your desktop computer. Or killing a website, or program, because the ISP doesn't like it.
It's not very hard to imagine? Most people don't expect that level of control anymore; their desktop just updates with whatever corporate slopware is pushed out seasonally. Websites come-and-go. It's not a hugely motivating rally-cry for average person.
> We need to kill Android. And from the ashes, make a new platform that works for us, and not for a corporation's profits and anti-competition.
Android is the best-working part of that equation. Microsoft supported Android apps on Windows Phone. Jolla supports Android apps on Sailfish OS. Linux supports Android apps in Waydroid. You don't have to "kill" Android as a runtime or smartphone OS; just force Google to compete with 3rd party ROMs.
They way we usually do, by restricting their access to EU markets unless they comply and/or fine them, and/or threats about nationalizing the "EU Google".
If I can't use banking or my NFC wallets on my phone, it has become 90% useless. The other 10% of usefulness is texting and calls, which every other phone can do.
Unfortunately, this mostly means using the closed android ecosystem.
That's pretty much my usage pattern too, including some group texting, the occasional call and sometimes taking photos/videos. Otherwise my phone pretty much stays in my pocket or on my table the entire day. What are you using your phone for that makes that so unbelievable?
Web browsing (like right now), photos, e-books, lots of messaging, music, sometimes video.
I use NFC payments often, but I wouldn't say that amounts to more than a few percent of my total usage.
Everyone uses their phones differently, of course. I don't think your use is unbelievable or odd, but I do think your use patterns are not the common case.
I run Graphene on my Pixel and banking apps just work. There is no Google Pay, obviously, since Google dependencies have been stripped out from the system. I just carry a credit card.
No inherent reason all that stuff can't work on an open platform. It works just fine on my Linux box with yubikeys, fido2, and smart cards. Gcloud even let's you authenticate with them only to put a medium lived token in plaintext into a sqlite file on disk.
The ability to install signed and unsigned APKs directly correlates to the financial institution policy regarding mobile devices and banking apps. Unsure how you've separated these two.
I run GrapheneOS and use several US-based banking apps. I'll not name them since I don't really want my HN account associated with my financials in any way, but I've got a mix of well-known national bank apps and smaller local credit union apps working.
I'll admit there is a single institution's app I've found that doesn't work, but that is just one of several that I use.
For me, the showstopper would be NFC payments. From what I understand, Google Pay doesn't work on Graphene. I have all my credit cards in GPay, as well as a transit card. I use it for boarding passes when I fly, and any other tickets/passes that support it, since it tends to be much more reliable than the airline or ticketer's app. I've come to heavily rely on it, unfortunately.
I haven't tried this, because I try to minimize Google exposure, but I think Google Wallet (minus NFC payments) works on GrapheneOS. So, tickets, boarding passes, etc. should work fine.
>this mostly means using the closed android ecosystem
Maybe, but there's no technical reason for this. As I've mentioned before, I can do banking just fine on my Gentoo machine where the entire corpus of software on it, is FOSS and compiled by myself.
This is a common answer but it does not apply to at least most of Europe. Because of regulations most banks require to install their app either on iOS or Android to act as a 2FA device. One of my banks gave me a hardware device 20 years ago. When its battery dies I'll have to use their app and my fingerprint.
If you really don't have an alternative in Europe, buy the cheapest Googled Android device (less than $100 or euros), and use that as a glorified 2FA device. It's not ideal because you have to pay for it, but on the other hand Android devices with unlockable bootloaders (mostly Google Pixels now) tend to be cheaper than iThings. A Pixel 9a or 10a running Graphene for everyday use plus a cheap Android phone that stays are home are still considerably cheaper than Apple and Samsung devices, and give the users far more privacy and freedom.
When I was still rooting it was possible to bypass this on a rooted device with enough effort. It wasn't unsecure either. Padentic corporate security doesn't really make us more secure. Just more lazy.
How do you install the bank app if google does not allow you to install APKs manually / with a 3rd party store? You have to go with Google Play. Which requires a Google account. So I can't do it. That's the whole point of this thread: it would not be possible to use Android without a Google account.
Yes, that's the endgame, an Android device in a drawer at home. But what do I have to carry on my pocket to use the minimum amount of apps? Firefox, WhatsApp with video and audio calls, Telegram no video no audio, a mail client, a YouTube client (possibly not from YouTube), a maps and navigation app (for cars), phone calls, SMS.
The line between a phone and a computer is what has been perforated. What I need is a modem. I don't need the modem baked into a computer that has a permanently affixed screen and battery. That then pretends to be some kind of secure enclave for my deepest secrets.
"Security."
As if I'm in the government or something. Why can't the people who need military level security get their own platform? Shouldn't they just have that already?
This isnt going to be a popular post because the HN crowd is very much a "China bad" crowd but I hypothesize China will likely step in and offer a fork that's compatible with open ecosystems not under the direct control of the us state department. This might be in the form of commits and investment in fdroid and pinephone, or a tiktok like alternative to the wests walled garden.
Edit: this will likely exist "uncensored" in other markets but conform to the PRCs standards and practices domestically, similarly to how tiktok operated prior to selling a version specifically taylored to US censorship and propaganda.
Not a chance. A fork that is under China's control, maybe, but not an "open" fork. They don't even pretend to have that as a value.
You may theoretically find it advantageous to use such a system anyhow. To a first-order approximation, the danger a government poses to you is proportional to its proximity to you. (In the interests of fairness, I will point out, so are the benefits a government may offer to you. In this case it just happens to be the dangers we are discussing.) Using the stack of a government based many thousands of miles/kilometers away from you may solve a problem for you, if you judge they are much less likely to use it against you than your local government.
But China certainly won't put out an "open" anything.
Not sure if you have been following the LLM space or even the emulator handhelds space, but Chinese companies have been doing great with putting out open source software lately.
The irony is that software coming from China is a lot more open than western software. Biggest examples are huggingface models mostly coming from Chinese institutions. Its also strategicaly wise for China to go this path.
Maybe a shift to Huaweis HarmonyOS with its android compatibility layer or SailfishOS if they play their cards right.
As far as HarmonyOS i dont see many uptakes outside strict US free requirements as the other OEMs are lazy and also dont want to be locked into a competitor.
SailfishOS looks like its your time to faceplant once more , by not having a proper stratergy on monetizing on the many missteps from the current monopoly.I thonk at this point they need a leadership/biz stratergy overhaul - the tech is nice and polished, user demand is off the charts for an alternative . And they are just .. missing. Not even in th e conversation.
Pinephone is tragic, bought a bunch of Pine64's devices (PP, PPP, PB, PBuds, arm tablet, eInk tablet) but old tech, missing drivers, can't blame em no money no drivers... Still the community on Discord is great/helpful people.
That'd be great but I'm not feeling like the Chinese market is too worried about open development. I got a Huawei Watch 5 as a gift and I liked it enough to try to develop my own apps (their app store is a wasteland) but to my surprise Harmony OS is not Android compatible (just Android based somehow). The watch's developer mode is useless. Trying to register a developer account is almost impossible and it seems they only allow chinese nationals and there's no plan to open registration. I couldn't even download their custom IDE (something like Android Studio) without an account.
Yeah, I’m amazed at how far the western surveillance apparatus has been able to coast on plausible deniability. Folks, please don’t stick your head in the sand domestically just because there’s an even more obvious or egregious example abroad.
Say it with me: “Living in a police state is bad no matter who’s running it”.
I'm just imagining the poor intern at the NSA having to sit in a dimly lit room with an array of 64 x 64 monitors mounted on a wall, watching the O-faces of thousands and thousands of fat, balding, middle age men for hours straight.
Maybe stupid question, we keep seeing "LLM figures out math problem humans couldn't, LLM finds security vulnerability by looking at hexdumps for 6 months straight. How hard or expensive would it be to let some LLMs loose on reverse engineering all the proprietary driver binary blobs?
People mentioning forking Android is hard, how easy do LLMs make this?
You are overinflating how useful AI is. Moreover most FOSS people actually don't want any AI written code unless the human driving it has done equivalent amount of work understanding and designing it from scratch.
The shift towards locked-down ecosystems is concerning for developers. Openness isn't just about freedom; it's about the longevity of the hardware we own. If we can't side-load or audit, we're just renting the device
This is sad as there’s been a real resurgence of gaming devices (Ayn Thor/Odin, Retroid pocket devices, Ayaneo, etc) moving to Android from Linux variants (Batocera, Arc, Garlic/OnionOS).
It’s sad but more of an incentive for folks to finally take Linux as a viable alternative, and build on efforts made by Valve with SteamOS.
If they go through with this I am switching to iPhone because there at least I am told up front and am tried less like the a product to be sold to advertisers.
it's becoming ever more clear to me that i'll have at least two devices: one running software i trust, one running software corporates trust, with a very narrow pipeline connecting the two, if it all. my demon-haunted device can stay offline in my bag and get hotspot'd in to my trustworthy device as necessary.
not happy about it, but i don't see a path forward that lets one participate in the wider ecosystem and maintain their own sovereignty and sanity.
The biggest surprise I had in attempting to distribute my first Android app is how difficult it is to get beta-testers through the "standard" channels. It requires a 1 week review and 25 beta-users invited by email addresses
In contrast, Apple has a ~48 hour turnaround for reviews before you can upload to TestFlight and distribute a beta with a link
Not sure if I am in some "trusted developer" cohort on iOS but not Android - but the difference was enough for me to stop trying on Android
I've finally started de-googling and removing google from my life as much as I can. It's difficult with how much of everything is soaked in Google. I'm sure other's here have gotten much further, but everything you do to reduce their monopoly control helps.
Amusingly, if Microsfot didn't have a such an awful reputation ( both recent and old ), their newly announced phones could have actually been a viable competitor.
I question whether an OS that has always been controlled by Google has ever been open.
Sure parts of it were, but Google has always remained in control of Android. Anyone who expected that to change (in favor of more openness) hasn't been paying attention to the actions of tech companies for the past several decades.
The relative openness is the reason I gravitated towards Android and Google. I've never really taken advantage of it, but it's nice knowing it's there and that my phone (a Google Pixel) is something I have more control over than with other vendors.
This is where I wish someone like MKBHD and others with big Android followings would speak up and say they will both blast this practice and not review any new Android phones/(Google) apps unless there's a full walk-back of this position.
the frustrating part is that the "advanced flow" alternative Google mentioned still doesn't exist in practice. the media ran with the reassurance headline and most people think the issue was resolved.
Why doesn’t the market respond? If people don’t like Android, it seems like a market opportunity to make another OS. People love to complain about Apple and Google’s “monopoly,” but doesn’t that present an opportunity for someone to build their own thing and if enough people want it, they will be able to sell it?
Since smartphone apps are often times required to do banking or identifying yourself now and there's tons of special apps in order to use appliances, and by that I mean really the only way to use modern appliances is by a smartphone app, emulating an Android environment on a laptop or PC with a bluetooth dongle is essential if you want to leave that smartphone era behind you for good, but still be able to function in this society.
What people forget is that the real monopoly is in how the AOSP hardware OEM contract is written....
Remember how hard Amazon had it to attempt an Android fork?
I was due to OEM SOC access being locked out due to those contracts....
Any open source mobile OS attempting to complete with AOSP needs access to mobile OEM soc providers not touched by AOSP contracts and currently that is somewhat hard.
Android was never open. User apps are limited, only system apps can do X which means third party apps can't compete with Google and this is not a coincidence.
Let's focus on making it possible to use really open Linux systems on smartphones.
I still can't comprehend why they implemented FIDO/WebAuthn support in Play Services. Passkeys are extremely difficult to support in apps that don't depend on Play Services client libraries.
I'm not sure what you're referring to, but I was talking about the whole permissions system where the user is a third class citizen. Device manufacturers are second class citizens (restricted by Google via CDD/CTS) and the only true winner on that system is Google.
Regarding some concrete examples - Google can deeply integrate Gemini, but a competitor can't do this and users get no final say here either. Competitors are restricted by the permission system, Google is not restricted at all.
While rooting can alleviate this to some extent, Play Integrity is there to make sure the user regrets that decision to break free..
>But Google said… Said what? That there’s a magical “advanced flow”? Did you see it? Did anyone experience it? When is it scheduled to be released? Was it part of Android 16 QPR2 in December? Of 16 QPR3 Beta 2.1 last week? Of Android 17 Beta 1? No? That’s the issue
A bit ironic to not believe Google is doing this. The same questions have same answers when asked about when Google is locking down side loading. A bit self-serving to pick and choose which things you want to believe are happening.
Google made the first move with their initial plan to lock it down, so the onus is on Google to calm the fears they caused if they don't want people to distrust them.
But they did. That was the announcement that they would still allow sideloading. If you are still afraid then that's kind of on you. Seems silly to expect Google to put out info about enabling sideloading for a system they haven't even released yet. It could very well be in there day 1. Nobody knows.
Just like Microsoft screwed up Windows, Google will screw up Android and people will move to Linux on PCs and some open version of Android, or Harmony, or whatever new mobile system comes up, on their phones.
Nothing lasts for ever. The sooner you make the switch, the better off you will be.
On desktop, unknown OS cannot be anything else but Linux, so that's 20% altogether(16%+4%). But that does not matter. The shift has started last year when W10 support ended and due to how bad W11 is and it is just getting stronger and stronger. Watch increase in YT videos about moving from Windows to Linux, or social networks in general. You cannot miss it. I've been on windows since 95, before that DOS. So that is three decades of being a loyal customer, so to speak. Even though I tried Linux in the past, Windows just works so I had no reason to switch.
With W11, that is not the case. Therefore, it becomes inevitable. Worth mentioning is that companies, governments and whole countries are ditching Microsoft altogether - for various reasons(some are geopolitical, due to sanctions and tariffs, others are technical).
Lenovo, Dell and HP are slowly ditching W11 as well in favour of linux. If you look up definitions of malware and spyware, windows 11 falls into both of them. It's that bad. So again, I'm not a linux fanboy by any stretch of imagination, but the writing is not just on the wall, we've passed the point of no return. Or rather, Microsoft has.
Now that linux supports 95% of games, there is little holding people back as gaming was always the biggest hurdle when it came to linux. And Adobe, too, is no longer what keeps people stuck on Windows - either because they ditched it due to their horrible pricing practices, or because there are now solid alternatives.
Of course many people will switch to mac as well. But windows in general, i think, is done. It had a good run for few decades, but they dropped the ball so hard that there is no going back or fixing it with w12.
You keep hoping things won't get too bad, but they will. You just keep delaying the inevitable. So it's better to switch now to get the initial hurdles of such a big change over with as soon as possible. It's not easy, getting used to completely strange behaviours and new things in general. Abandoning what worked for you for years for something completely foreign. You have to force yourself to withstand the first few days or week(s), but then it becomes the new normal and you'll be fine.
Personally, I am still on W10 and and delaying the move, so i'm not holier than thou. It's tough. But I also am a programmer/power user and am on my PC 24/7, sort of, so this disruption must be timed properly for me to make the move, which is not necessarily the case for most people/average users.
Phone on the other hand, as long as it works and does not limit me, I have no need to use different ROM, it's more of a want. But i do not see me doing anything until the system stops being supported or it breaks or something else. So it depends on how you use it.
Crazy idea: when companies change their product, they have to change the name.
Do you ever feel like the same food item doesn't taste the same it did 10 years ago? Maybe it's your memory being faulty or maybe the company got new management which decided to cut costs while keeping prices, extract the differential value from customer inertia and move on when the product stops being profitable.
Android is the same. Certain freedoms were a part of the offering - a part of the brand name. They no longer are. Not only should lose their trademark[0], they should be legally forced to change the name.
[0]: The purpose of which is to identify genuine product from counterfeits - in this case, the counterfeit just happens to be by the same company which released the original product.
From a marketing standpoint it seems like a baffling decision on Google's part.
I own a Pixel and while the hardware seems decent, I've had a buggy and annoying experience with Android, and it's been getting worse lately.
Are Google so high on their own supply that they think people use their phones out of preference for the OS? Because frankly it's not very good. That's like Microsoft thinking people use Teams because of its merits.
People buy Android phones because they can be had cheaper than an equivalent iPhone and because in spite of the buggy and inconsistent mess of an OS, you aren't beholden to Apple's regimented UX. Locking down Android will not give it a "premium experience"... It'll always just be "Temu iOS" at best.
Have you considered Graphene since you own a Pixel? It's a huge upgrade over the stock OS in terms of security, privacy and general reduction of bloat.
Having just gone from an iPhone as my main phone to a Pixel with GrapheneOS, GrapheneOS is such a breath of fresh air. No constant push of AI, iCloud services, etc. plus I actually feel owner of my phone and not living on some feudal landlord's plot.
There are several topics where Android is significantly ahead to the point that iOS is just a toy, and there are areas where the reverse is true.
And I say that as a recent convert, so it's not like I have a decade out of date view of any of the OSs. In my experience I had more visual bugs in case of iOS than android (volume slider not displaying correctly in certain cases when the content was rotated as a very annoying example).
It's not, though. Google phones are not going to suddenly become luxury devices.
It's going to remain at the same level of polish (i.e. mediocre), except now without the major selling point of being able to run your own apps and have alternative app stores, etc. Back around Ice Cream Sandwich or thereabouts they got rid of "phone calls only mode" and forced us to rely on their half-baked "priority mode" that's an opaque shitshow.
When my wife is on call she gets random whatsapp notifications dinging all night, whereas when I had an iphone I could set Focus mode and achieve proper "phone calls only".
Android is not good. I use it despite its flaws, because of the trade-offs, not because it's better.
> Google phones are not going to suddenly become luxury devices
Pixel Fold disagrees.
> When my wife is on call she gets random whatsapp notifications dinging all night, whereas when I had an iphone I could set Focus mode and achieve proper "phone calls only".
You can do that with do not disturb.
> Android is not good. I use it despite its flaws, because of the trade-offs, not because it's better.
You can definitely make a "phone calls only" mode: create a mode, allow certain apps to interrupt, and add only phone calls to the list.
I do think they should offer more pre-configured notification modes by default, if only to show people what they can do with the feature. Perhaps "phone calls only" should be one of those.
People buy high-end Android phones like crazy, I don't know what bubble you live in. Samsung Folds and Flips are the luxury phones, not the iPhone Pro Max S eXtreme Edition 32 GB that looks exactly like the base model but has a slightly better camera. People show off their S Pen and perfectly stabilised 100x zoom lens, not their liquid ass. Multi-window and DeX are features for professionals who need to Get Shit Done^TM, iPhones are the toys kids use to send memojis to each other.
And yes, I can also click one button and go into phone calls only mode. I can even set it on a schedule or based on my calendar. I don't know where you're getting your half-baked Android, mine Just Works.
You might not agree with every one of those points, but you can't seriously think everyone thinks like you. Go outside your bubble some time.
Putting "Samsung" and "luxury" in the same sentence is lunacy. Their proprietary Android is even worse than Google's.
Where do you live? I've literally never seen anyone using a Fold or Flip device, ever. My kids are at the age where some of their peers are starting to get phones. All those kids have iPhones.
If your plan is to keep saying unsubstantiated bullshit, take that to Reddit. Go to a store and try modern OneUI - it's just AOSP with a slightly different layout and more features. The apps are worse than Google's, but the OS is better. Both are miles above iOS in features, especially for power users. Split screen, windows, chat bubbles, DeX, notification categories and history, vendor-neutral PC integration and TV casting, ...
And I don't quite see your point about your kids' friends using iPhones. I sure as hell wouldn't give a kid a "luxury" phone. I'd take the cheapest thing that does the job and lasts a long time. An iPhone has a very long software support window so the cheaper models actually end up cost-competitive with budget Androids.
As for folds and flips, I've mostly seen people in suits using them, along with a few techy power users and some kids with rich parents. That's a luxury phone in my book.
> Are Google so high on their own supply that they think people use their phones out of preference for the OS? Because frankly it's not very good
Honestly having gone back and forth between iOS and Android every three years or so, both OS are the same. It's not like the grass is really greener on the Apple side. The UX is virtually identical for anything that matters. Personally I put material Android above liquid glass iOS. The alleged polish of the Apple UX was lost on me when I had my last iphone.
The reason Google's moves are surprising has more to do with them embracing being a service player more and more with the arrival of Gemini and them having regulators breathing down their necks everywhere.
I guess they did it after the truly baffling US decision in the Epic trial but it's very likely to go against them in the EU.
The rumors that I have heard (and one government document I read that was poorly translated from Thai) is that there are some countries who are pressuring Google on this to combat info-stealing malware. Apparently, account-takeover/theft is very prevalent in SE Asia where most banking is done via Android phones.
Maybe but lobbying is extremely strong in SE Asia. It's hard to distinguish from governments putting pressure for something and companies suggesting it would be a good idea.
Capitalism is the privatization of human needs. As long as these tech platforms are owned privately they will be used to police and make money.
This view NEEDS to be central to the tech freedom rhetoric, else the whole movement is literally just begging politicians and hoping corporations do the right thing... useless.
Aren't the politicians or their appointed bureaucrats who'd be making all the decisions if these needs were government owned? Why would state control lead to less policing? What incentive structure would lead to innovation without a profit motive, when even the modern communist world relies on capital markets?
> Aren't the politicians or their appointed bureaucrats who'd be making all the decisions if these needs were government owned?
Well that would be true under a capitalist government.
> Why would state control lead to less policing?
Its not just "the state runs it", its "we actively become the state".
Collective ownership through peoples councils, peoples courts with a world view that keeps it all open: socialism.
The world view of not allowing individual ownership over collective goods, the world view of socialism, is the life line of the movement. The actual practice of daily democracy, of running production and of deciding social functions is everyones responsibility and it should not be left to what has become a professional class of liars.
Public office members, which should only exist where absolutely necessary, should be locals and serve as messengers with 0 decision making power. All power should be in the local councils. We can mathematically implement this today (0 knowledge proofs).
Every single book on socialism is on theory and practices of acheiving this. Thats what the "dictatorship of the proletariat is", the dictatorship of working people, collectively.
> What incentive structure would lead to innovation without a profit motive, when even the modern communist world relies on capital markets?
We've been innovating for hundreds of thousands of years before capitalism. You dont need to generate money to innovate, the innovation itself is the driver, AKA a better life. No need to lock and limit production behind the attaining of profits of those who lead it.
A lot of people are allergic to this rhetoric and will just assume I have a deep irrational bias, but I was actually a staunch free market supporter before.
Once I decided to be more intellectually honest with myself and read more about what both sides meant historically and currently, it really just made sense.
I'm so exhausted of the partisan "my team vs your team" politics in the US that shuts down conversation, overlooks the blatant hypocrisies on either side, simplifies every issue to a single label to plaster on your opponent, etc etc.
I take honest conversation where I can get it, even when I don't agree. And to be clear I don't agree with most of your points and think it's idealistic and couldn't work in the real world. But I appreciate the spirit of what you're arguing for (in my interpretation) power with the people vs power with corporations and government and I think that's a very fundamental principle that is very important common ground.
If we force it upon them by begging politicians, corporations still have the incentive to find a way to remove it or circumvent it.
Youre playing the cat and mouse game because you've been taught that solving it is too extreme (thats not a coincidence).
We dont need to endlessly fight a whole class of people, capitalists, for them not to use the things we require against us. Only socialism can solve that.
I visited change.org to sign the petition for them, only to get spammed by far-right extremist propagandas supporting nazism like this: https://imgur.com/a/E6LMUcB
I regret giving my real name and e-mail address to that website now.
Fairphone 4 looks close, hopefully fairphone 4 support will continue to improve at this rate. Pinephone is another close one, but underpowered hardware and camera support kills it.
I am not even that intensive of a phone user. but there is no way I could daily drive pmOS.
> We appreciate the community's engagement and have heard the early feedback – specifically from students and hobbyists who need an accessible path to learn, and from power users who are more comfortable with security risks. We are making changes to address the needs of both groups.
> We heard from developers who were concerned about the barrier to entry when building apps intended only for a small group, like family or friends. We are using your input to shape a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification requirements.
> Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified. We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months.
It is also true that they have not updated their developer documentation site and still assert that developer verification will be "required" in September 2026 [1]. Which might be true by some nonsensical definition of "required" if installing unverified apps requires an "advanced flow", but let's not give too much benefit of the doubt here.
0: https://android-developers.googleblog.com/2025/11/android-de...
1: https://developer.android.com/developer-verification
reply