[-]

KillAmericanPeople

[-]

ffiw@reddit

Already moved away from chrome after their manifest shit.

Android is becoming more iOS and iOS is becoming more Android.

Fun times.

[-]

will this stop every Boomer with an Android from ending up with a weather app or launcher app that takes over their entire device and f**ks it up? If so then, fine. I'm tired of fixing peoples phones because they can't stop clicking on random links online that auto download malicious apps on their phones.

But also the lack of freedom for tech fans, well that sucks.

[-]

NoxinDev@reddit

I would not mind if they locked it down a little and just enhanced the "developer mode" as the blocker for installing unsigned custom apps like it is clearly meant for. These lockdowns are not meant to hurt the development community - just improve the "basic user" security, which does need work. To me the method is the issue, not the goal.

To all the people defending this, consider the following.

Imagine on desktops, you were only allowed to download items from the windows store.
Loading APK's are completely optional and up to the consumer, you have to enable developer mode, turn on debugging, and then spend 2-3 minutes trying to even download the APK through all warnings.
Its funny how this is an issue after google blocked epic game store from google play and lost the lawsuit. Seems like this is a petty way to mark these epic apps as "untrustworthy "

[-]

Tweenk@reddit

Point 1 is not similar at all to their proposal. They are requiring developers of sideloaded apps to verify their identity, upload their public key and pay a one-time $25 fee. As a user, you don't need to pay anything or register anywhere to sideload, only the author of the sideloaded app needs to do this once.

[-]

Only-Cheetah-9579@reddit

its funny how the digital markets act in EU regulates this, but Trump tweeted that he doesn't like Eu telling US companies what to do so Google stops supporting side loading instantly.

crazy but I think it was a political move.

[-]

Tweenk@reddit

DMA does not require allowing sideloading of apps from anonymous developers

[-]

Only-Cheetah-9579@reddit

but it does require sideloading to exist

Let's name things as they are. Google wants to restrict you from installing apps on your mobile computer that you bought and paid for. Unacceptable.

[-]

Cafuzzler@reddit

Unacceptable

let me upload my computer public key as a trusted signer

This is more or less what Google is doing, but it's gated behind identity verification and likely a fee.

If you build and distribute apps in the Play Store already, anything you're distributing outside the Play Store will be compliant with this new policy AIUI because you're already a trusted signatory.

There are a number of use-cases where the developer / user cannot cross that bar: political enemies of regimes Google is in bed with, people building technically illegal software to control their own insulin pumps, 3rd world countries, refugees, children just experimenting with software for the first time, and many more. None of them have the tiniest amount of leverage over Google. All of them together do not represent more than a rounding error in revenue at this point.

The actual good faith question that isn't being asked in threads like this is how large the impact radius is in the other direction. How many people are currently installing malware and ransomware via sideloading on their phone because they're instructed to click through the warnings? A couple hours watching KitBoga really opens your eyes to how these scammers operate and exactly how many people are just easy marks because they view their technology as oracular magic. Tangentially, how many users would this have to help before power users accepted this was better for Android users as a collective whole? Is it not even conceivable that Google might've done the calculus and determined that hamstringing their power users was a worthwhile cost to decrease the security incident rate across the entire platform?

[-]

epicwisdom@reddit

The actual good faith question that isn't being asked in threads like this is how large the impact radius is in the other direction. How many people are currently installing malware and ransomware via sideloading on their phone because they're instructed to click through the warnings? A couple hours watching KitBoga really opens your eyes to how these scammers operate and exactly how many people are just easy marks because they view their technology as oracular magic.

Sure, the majority of Reddit comments aren't going to be thought-out takes, but there are plenty of security folks and impacted devs who understand the pros and cons and are still asking Google to reverse course.

Tangentially, how many users would this have to help before power users accepted this was better for Android users as a collective whole? Is it not even conceivable that Google might've done the calculus and determined that hamstringing their power users was a worthwhile cost to decrease the security incident rate across the entire platform?

A reasonable person could disagree with Google:

First and foremost, Google doesn't, and shouldn't, have the authority to control what people install on their phones. Most detractors likely view this as an encroachment on rights of speech and private property. Such rights aren't only valuable for the people that are presently exercising them. If you don't care about the abstract rights, you can just as easily consider the pros/cons of how the ecosystem will look in 10 years if this is the trajectory we're on.
There are good reasons to object to Google specifically as the gatekeepers. Even if we agreed that Google is right about the state of malware on Android, it is highly problematic that Google, which profits from their own Android apps as well as their control of the Play Store, is designating themselves the stewards for a self-proclaimed reasonable fee. They've already been subjected to numerous antitrust penalties for how they've behaved in this area.
For the benefits to materialize, we further have to trust that Google's planned verification scheme will be effective in mitigating the apps that users and Google agree to be objectionable. Considering that the Play Store already has hosted, and continues to host, malware and adware, that seems entirely unlikely. Google is unlikely to do anything beyond collecting the nominal fee and ID of literally any human being, which makes very little difference for serious criminal gains like a single retiree's savings.

[-]

CJKay93@reddit

First and foremost, Google doesn't, and shouldn't, have the authority to control what people install on their phones.

They already don't. This change is for the Google apps. You can use an Android distribution without the Google apps, e.g. LineageOS.

[-]

oorza@reddit

First and foremost, Google doesn't, and shouldn't, have the authority to control what people install on their phones. Most detractors likely view this as an encroachment on rights of speech and private property. Such rights aren't only valuable for the people that are presently exercising them. If you don't care about the abstract rights, you can just as easily consider the pros/cons of how the ecosystem will look in 10 years if this is the trajectory we're on.

Google, at least as of now, does not and this change does not move them anywhere closer to controlling what you can or can't install on your device. You are free to use a different operating system. Some manufacturers disallow this, but there's a much more compelling case (philosophically speaking) for them being able to sell devices that only do exactly what they want them to do. Google, on the other hand, as maintainers of an operating system are entitled to the authority and obligated to exercise it in determining which apps run on their operating system: they don't support iPhone apps or classic Java apps, for example. You can disagree with the axes upon which their determination lies, but to claim they don't have the authority to decide what runs on Android runs counter to the very idea of maintaining an OS. Even choosing which APIs to expose and how much control to expose through them is a means by which they continually exercise this authority.

I do care about the abstract rights, but I fail to see how this is different than iOS. It sucks mightily that things are closing up, but I can't in good conscience argue they don't have every right to do what they're doing. I'm not sure I can argue in good conscience that Samsung and friends don't have every right to lock their equipment to their software, but that one is at least a bit muddier.

There are good reasons to object to Google specifically as the gatekeepers. Even if we agreed that Google is right about the state of malware on Android, it is highly problematic that Google, which profits from their own Android apps as well as their control of the Play Store, is designating themselves the stewards for a self-proclaimed reasonable fee. They've already been subjected to numerous antitrust penalties for how they've behaved in this area.

That's fair. I've never trusted Google as stewards, so much so that I use an iPhone. At least things in that walled garden are nice. But this is a decision that each user can make: Linux phones and GrapheneOS are out there in one direction, iPhones in the other. If what you want is access to Google's operating system and to use Google's services within it, you implicitly have to do so at their whims, same as I do with Apple. It sucks that they're taking options away from users, but the current version of Android won't be EOL'd for several years, long after the replacement window for current Android users has passed.

For the benefits to materialize, we further have to trust that Google's planned verification scheme will be effective in mitigating the apps that users and Google agree to be objectionable. Considering that the Play Store already has hosted, and continues to host, malware and adware, that seems entirely unlikely. Google is unlikely to do anything beyond collecting the nominal fee and ID of literally any human being, which makes very little difference for serious criminal gains like a single retiree's savings.

That's all very fair.

[-]

AquaWolfGuy@reddit

they don't support iPhone apps or classic Java apps, for example

They aren't disallowing you from running Java apps. A quick search finds me examples of people running Java Applets in emulators, specialized web browsers or compiling them into native apps. Doing this with an iPhone app sounds like it would be technically challenging, and maybe Apple could complain about the legality of it, but Google isn't stopping you from doing it.

These new changes are to implement a policy that prevent some types of apps from being installed on stock devices. Not because no one is skilled enough to make these apps, or because Android doesn't have the required technical capabilities, but because Google just doesn't want them to exist. They say this is to prevent malware, but many expect other things to be denied as well, e.g. ad blockers.

And on your point about iOS, many people complain about iOS being closed too. iOS is still way worse when it comes to openness, but at least they never claimed anything else. Android baited users and developers by being open, and now that they have a huge market share they are closing down in many ways (e.g. this change, moving things from AOSP to Play Services and proprietary apps, Device Integrity). Now it's hard to change because you'd have to give up access to the over a million apps in the Play Store, including government, banking, and id/auth apps.

[-]

Moleculor@reddit

You are free to use a different operating system.

I know of no way of getting drivers for any of the hardware on my phone, much less how I'd go and install Linux, Blackberry OS, or any other OS on my phone other than Android. There are ways of getting a Linux environment that runs in Android, but that is not the same as replacing the OS.

Google, on the other hand, as maintainers of an operating system are entitled to the authority and obligated to exercise it in determining which apps run on their operating system: they don't support iPhone apps or classic Java apps, for example.

Those are technical limitations, not social limitations, where they've opted to do less technical work in exchange for less technical capability.

This plan is a social limitation, where they will put themselves under an obligation to do more work, both technical and otherwise, simply to implement the restriction.

One is less work in exchange for less capability.

The other is more work in exchange for less capability.

Arguing these things are similar are like comparing apples and fjords.

but I fail to see how this is different than iOS.

And I fail to see how that's an argument for anything other than this being a bad move on Google's part. I avoid iOS specifically for the restrictions they actively maintain, and have always believed that iOS at my most charitable skirts the line of acceptable restrictions. And on most days I find iOS's restrictions infuriating and downright meddling on the few occasions I have to deal with iOS.

don't have every right to lock their equipment to their software

The point here is that it's not their hardware.
Not the manufacturer's, not Google's.

I paid for it. It's mine.

[-]

loup-vaillant@reddit

Nitpick:

sideloading on their phone

Louis Rossmann said it best: when you use those terms, you’re already giving in to the enemy. Same as intellectual property/monopoly, the choice of words alone heavily shifts the burden of proof one side or the other.

We don’t "sideload" an "app" on our "phone". We install a program on our _computer. Palmtops are computers, same as laptops and desktops. Thinking of them any different is utterly ridiculous.

How many people are currently installing malware and ransomware

On their desktops and laptops? I would guess a fair amount, which is deeply unfortunate. Does that warrant locking down desktops and laptops? FUCK NO. Palmtops, when you name them like that at least, are obviously no different, so the answer still is "fuck no".

Besides, increasing end user security doesn’t have to involve locking down our computers and give control to our corporate overlords. There are other ways. If nothing else, good old education & prevention.

Is it not even conceivable that Google might've done the calculus and determined that hamstringing their power users was a worthwhile cost to decrease the security incident rate across the entire platform?

Here’s the thing: they probably don’t care about how their users are affected. They care how their reputation is affected. And now that so many people fell into Steve Job’s trap of treating their palmtops different than their laptops and desktops, then accepting that just because it can fit in your hand it is okay to make it a digital prison, now Google faces the reputational risk that goes with the level of control they are able to assert. Since locking down everything is conceivable, some people are bound to ask why they do not. And then blame them for any incident whose likelihood might have been reduced if they did.

Same problem goes for payment processors by the way: since they can conceivably stop processing payments for bad actors without a court order (Wikileaks being the most prominent precedent I believe), then not stopping it comes at a reputational risk. And the moment some collective shouts loudly enough, they cave in to the moral panic.

One solution that doesn’t involve ending Capitalism itself would be to simply forbid the kind of restriction we see on iOS and may soon see on Android. And establish a similar rule for payment processing. Those things are utilities at this point, discrimination is unacceptable.

Unless you’re anti-democratic and think a cyberpunk society ruled by corporation is better. Some people genuinely think it would be, and disagreeing with that is well beyond the scope of this already way too long comment.

(Damn, I sound way too angry for such a little nitpick.)

[-]

Carighan@reddit

And yet in the Linux-world it's entirely normal to think of "installing" as going to the repository that's used as the central place, and getting it from there. So you use different language to reference installing it manually, like "from archive" or "building from sources" depending on type.

Sure, the specific wording differs in the mobile worlds, but it's not exactly how this "central repo vs manual external installation" isn't more or less the oldest and most common way of doing it.

[-]

loup-vaillant@reddit

And yet in the Linux-world it's entirely normal to think of "installing" as going to the repository that's used as the central place

Yeah, that’s a bit of a problem actually. Linux repositories are very convenient, but I still think they’re an overreach of distro maintainers.

I can see why they act this way: among other things, they don’t trust the devs with security stuff, so they take control of as much of the supply chain as they can. They ask that you use dynamic linking everywhere so they could follow the security updates of whatever libraries you depend on, and once everyone links dynamically there’s the need to manage the dependency hell, conflicts… It’s a shit ton of work.

I’m not sure I should thank them though, because it’s a shit ton of avoidable work. Why don’t they just provide a set of stable ABIs (yes, binary), and then just let third party developers write compatible programs? No need for a package manager any more, and security updates of third party programs are not your problem.

I’m pretty sure a big part of the answer is control and ego.

[-]

gabrielmuriens@reddit

If you build and distribute apps in the Play Store already, anything you're distributing outside the Play Store will be compliant with this new policy AIUI because you're already a trusted signatory.

And how do I know that Google will not accidentally ban my Play Store account, ruining my career as an Android engineer, just because I decided that I will deploy apps to 3rd party stores or, say, a client's work phones?
I don't. And, after having watched the Android development ecosystem change for years, I don't trust Google not to fuck me or anyone else over either accidentally or maliciously.

Time to find backend work, if I can.

[-]

RationalDialog@reddit

And how do I know that Google will not accidentally ban my Play Store account, ruining my career as an Android engineer

Actually changes are that it will happen sooner or later so being a self employed "Android engineer" is a highly risky business path I would never choose. Couldn't you just found a company then and publish under that companies account? rinse and repeat?

[-]

gabrielmuriens@reddit

Yes, I am aware of this.
Native Android jobs have been getting sparser and harder to find, with a lot of competition for them. I was considering brushing up on Swift and using KMP to market myself as a mobile multiplatform developer, but that would still leave me open to the whims of two corporate giants (though I actually trust Apple more in their developer relations, they seem to be less bot driven). Corporate KMP jobs don't seem to be big yet, everyone seems to be using React Native or Flutter, neither of which seems pleasant to work with and are not very easily generalizable.

So yeah, looking at the economy, the market and the improvement of AI, finding stable, boring backend work seems to be the best bet right now.

[-]

oorza@reddit

React Native is super easy to generalize to web React. Get an RN job, get attached to some React web projects, transfer teams, then repeat for fullstack projects and then again for backend projects.

[-]

Doctor_McKay@reddit

How many people are currently installing malware and ransomware via sideloading on their phone because they're instructed to click through the warnings?

Not as many as are getting malware and adware distributed through the Play Store. I just helped an elderly guy who complained that his phone was showing "lockscreen ads", which ended up being completely true. It was a Samsung phone so I figured it wasn't the OS itself, and completely disabling the lockscreen (from swipe to off) kept the lockscreen appearing with ads on it. Turns out there was a carrier app (MetroPCS) that was running on unlock and presenting a faux swipe-to-unlock lockscreen with ads on it.

[-]

Familiar-Level-261@reddit

I had samsung app who used 3rd party app to control IR remote on it.

The app was one of the uninstallable ones that came with samsung version of android.

After I think 2 years the app just started displaying notification bar ads and there was no way to get rid of it

[-]

Carighan@reddit

Not as many as are getting malware and adware distributed through the Play Store

Source on that?

[-]

Carighan@reddit

A couple hours watching KitBoga really opens

... your frontal cortex, and makes your brain leak out. A little bit, sure. Hours?! What's next, watching twitch streamers because I'm so bored with my life just sitting around doing nothing is still too exciting for me so I need something less mentally stimulating?

Jokes aside, I get what you're saying though. This is a tricky tightrope to balance, because scammers aren't stupid: They have integrated turning on external installations into their scam instructions, and it works surprisingly well because people do as the little popup demands of them, they don't read the warnings in the settings. "Text by my niece told me to do that, so I did!"

[-]

Chii@reddit

gated behind identity verification

that's the part that is egregious. Why is google doing identity verification? What i i want my identity kept secret (as a dev), and i have other ways to gain the trust of my users?

What if google doesn't like me, and deliberately gate me without recourse?

Google is a private, self-interested company. It cannot be trusted to keep the public interest at heart.

[-]

trparky@reddit

A couple hours watching KitBoga really opens your eyes to how these scammers operate and exactly how many people are just easy marks because they view their technology as oracular magic. Tangentially, how many users would this have to help before power users accepted this was better for Android users as a collective whole?

This.

Venryx@reddit

Sure, power users might not like it. But I think they'd dislike it less than the current solution.

That's the case for me at least; a 5 minute annoyance is worlds better than having to get external permission to freely use my own phone.

After these restrictions kick in, if any Android phone makers end up bypassing these requirements, that will be a near-automatic purchase from me.

[-]

mycall@reddit

..or run Android emulator on a Linux phone!

[-]

trparky@reddit

And how many people do you know would just bypass that and click “yes”? I’m willing to bet that you would know a lot of people like that.

[-]

RationalDialog@reddit

At the very minimum, if we end up only being able to run signed code on our phones or computers, then have the ability to either sign an APK on my device using the device private key, or let me upload my computer public key as a trusted signer, and sign the APK on my computer then upload it. That's veering into being a hassle, but it is a way to "improve security" without restricting the abilities of power users. If you don't do this, then it seems more about control than safety.

I can agree with that.

personally I'm always shocked to see gigantic projects on github were basically all core maintainers are not using signed commits. yeah it is a tiny bit annoying but not rocket science. If they can't be bothered about that do they even have 2fa for their github account or care about security at all?

eg. code signing has a purpose and is not just pure annoyance.

[-]

smallfried@reddit

And I would like to mention Valve's steam deck.

It's basically a normal laptop, but steam games work out of the box with proper configuration as easy as any console. The crazier the stuff you want to do and install, the more safeguards you have to disable, but it's all possible.

[-]

ChrisAbra@reddit

if google does this, i will buy an iphone - theyre better phones - i buy androids because it feels like my device and not a massive tech company's that i'm just renting...

[-]

iamapizza@reddit

I've always found people who carry water for these trillion dollar companies to be weird and pitiful. I think they see it as some kind of brownosey points and brand identity, almost like a tech version of celebrity worship.

[-]

Statharas@reddit

Honestly, at least Apple curates its app store(to a degree).

Google just wants to earn more from the play store.

[-]

freecodeio@reddit

They could have seen this coming 10 years ago. Only then this was impossible to pull off because being open was one of the small quirks android was holding on to for dear life. And guess what, people trusted it and made it famous because of these quirks that made it big in the first place.

[-]

Doyoulikemyjorts@reddit

Hey, they are doing it for money.

[-]

knottheone@reddit

They are doing it because millions of their customers are being scammed using their software as a facilitator.

[-]

iOS apps are tightly sandboxed and resource controlled, why should Apple change that in allowing sideloading?

[-]

tecedu@reddit

Is your computer filled with slop? Is the android ecosystem filled with slop?

gestures broadly towards windows inbuilt bloatware and andriod inbuilt bloatware (Yes I know you can get the standard variants but most people in the world using andriods get it from samsung or some chinese manufacturer filled with bloat) You do not need a different app store slop filled on chinese phone, you do not need hundreds of samsungs slop apps but you still get them.

The fact that almost all games on the App Store are abhorrent ad-infested tracking nightmares that give 3 seconds of gameplay before putting up what is essentially a time-enforced pay wall is a strong indicator that whatever the App Store was supposedly trying to stop didn't work.

Pretty sure the idea here is to avoid unintended damage, games like these are the norm. Not just on app store but also PC. The unintended damage being someone stealing your card details to siphon off large amounts of money, currently apple pay protects you. With apple checking every update, you know there is a good chance that you wont get malware on your phone.

It's at times like this that a lack of anti-monopoly enforcement really bites. Unfortunately i don't think there are enough people affected by this to cause Google or Apple to much trouble.

Personally the lack of vendor lockdown was a big selling point for me on Android.

Maybe Amazon will step in?

[-]

XalAtoh@reddit

This is what happens when people behave like sheeps and buy things that other people also buy.

[-]

Carighan@reddit

Apple is actually immune to much of this anti-monolopy stuff (and I bet Google is jealous of that) since they're not selling an open-ish OS that you can use on whatever, they're selling a device with an integrated software stack. Of course there's a monopoly on the software Apple runs on Apple devices, it's an Apple device!
You don't go complain to anti-monopoly that you cannot run OS/2 Warp on your Bosch computer-controlled screwdriver, do you? Same kind of setup! (that's their argument, not mine, if that wasn't obvious enough 😂)

Sadly, legally, they laaargely get away this. Not entirely, but it's a shitty defense that actually works.

[-]

RogueJello@reddit

I sincerely doubt that the anti-trust lawyers are fooled by such sophistry. Sounds like the "sovereign citizen" stuff that's always getting shot down in court.

[-]

pxm7@reddit

Amazon

The same Amazon who, starting this year, have stopped allowing Kindle ebook buyers from downloading their purchased ebook files from the website? The only supported way now is via their app or a Kindle device.

Also Amazon did phones. They flopped, and somehow I can’t see them return to the market to become the standard-bearer of “open Android”.

[-]

gimpwiz@reddit

Phone, singular, yes?

[-]

oorza@reddit

The most likely players are all saddled with either poor consumer sentiment, a history of failed smartphones already, or both. Microsoft is both; Amazon is both. A legacy phone player that could capitalize on the nostalgia of their branding could probably do it, but where are Blackberry and Nokia financially right now?

butter14@reddit

I would have already, except a lot of apps won't work outside the vetted ecosystem, like banking apps.

[-]

tom-dixon@reddit

There's ways to hide root that work even on Android 16. Every one of my banking apps and Google Pay works on my rooted phones.

[-]

alaslipknot@reddit

the fear is that they may go the gaming console path, basically for every rooted/patched console you can do what you are claiming, until, one update gets ahead of the homebrew, they detect you are using an "illegal" console, and permanently ban your account.

And when it comes to google accounts, if you lose one of your main gmail accounts you're kinda fucked, at least for all the other apps that are using google to sign in and dont have any 2fa enabled to tell who you are without your google account.

This is not correct. I have two banking apps running on graphene os without any problems at all.

[-]

loup-vaillant@reddit

a lot of apps won't work outside the vetted ecosystem, like banking apps.

Can someone name two more examples? So far I’ve only heard about banking apps. Sure, being de-banked sucks (see Wikileaks), but there’s a difference between "a lot of apps" and "banking apps".

[-]

FlyingRhenquest@reddit

I'm planning for my next phone to be a Librem 5. I think it's time to start removing google from the rest of my ecosystem as well. Librem also has a modular notebook computer that looks pretty slick. I'm not associated with them in any way and haven't even tried their products yet, but I like their pitch at least.

[-]

Ok-Scheme-913@reddit

Strangely enough, going with a pixel is probably the best decision. Open hardware is mostly a lie to begin with (there is no non-proprietary CPU that would be even remotely fit for being in a phone, let alone the modem and a million other pieces, which all run proprietary blobs), and you just punish yourself with an expensive and shitty experience.

I've been using RedMagic phones, which are about half as much as an Android flagship, but with the same or better performance.

[-]

misterrpg@reddit

Android has a much better UI at least.

[-]

Iamonreddit@reddit

Both UIs suck.

WildKarrdesEmporium@reddit

I'll be joining you. I owned an iPhone for about 14 years. Got fed up with their draconian restrictions, and switched to Android about 4 years ago. I love the freedom I get with Android, but if they take that away, and I can't find an alternative, I'll just go back to Apple. They still have the best consumer devices on the market, if you don't care about, or can't have freedom.

[-]

Crowsby@reddit

This and the back button. And let's not give them any ideas about that.

[-]

silon@reddit

Aren't some new versions suggesting to use gestures instead... I switched back to normal navigation immediately.

[-]

RANDOMGUY3182002@reddit

So what happens to college students developing their own apps. They didn't think it through of that?

[-]

Huawei bro

[-]

JohnTDouche@reddit

What google services do people use? I've been using Lineage OS for ages now and I've never had any issues. Honestly what the fuck do google even do now?

[-]

cake-day-on-feb-29@reddit

Can you even have custom ROMs for most phones these days? I thought android manufacturers were locking people out of that option?

[-]

YumiYumiYumi@reddit

Yes, manufacturers are increasingly locking out your ability to install ROMs, not to mention issues with obtaining device drivers (why Mediatek SoCs rarely get custom ROMs).

[-]

loup-vaillant@reddit

But the suggestion to not use banking apps is stupid. Especially when all the common banks here require non-rooted phones.

Then switch to a non-common one. Don’t give in to the power grab. Don’t let your freedoms erode for the sake of short term convenience. That would be stupid.

[-]

S0phon@reddit

Yeah, I will definitely switch from one of the established banks to some random ass bank all because I want to root my phone.

[-]

loup-vaillant@reddit

Look, I don’t know where you live, the actual constraints you face when choosing a bank, or the risks associated with seeking the services of a lesser known or lesser established bank. I don’t know the regulations of your countries, and what recourse you have if your bank happens to defraud you. I don’t know whether "random ass banks" are a thing in your area, nor do I know the actual risks associated with them, if any.

I know two things:

Where I live (France), it’s easy to find a bank that doesn’t require a locked down computer, including for online purchases. My partner’s bank right now only requires visiting their web site, no app required.
What we often call a "phone" is actually a general purpose palmtop computer, that has the additional capability to make and receive phone calls. What we refer to as "rooting", is just the removal of arbitrary restrictions put on by the manufacturer, so you can have full control of your computer that you purchased, with your money.

You know that already of course. My point is, the choice of words is an important rhetorical tool. When we say "phone" we implicitly accept a fundamental difference between palmtops and desktops/laptops. But when I say "palmtop", you instantly understand that the main difference is the form factor, that it would be utterly stupid and ridiculous and self-defeating to think of palmtops as anything but general purpose computers.

I have fewer issues with "rooting", which literally means "become root on my own device", which is the default on most personal UNIX computers. Still, I have a feeling it has acquired a hacky connotation, or at least something exceptional that only geeks might want. Ideally we’d have a word for "make my computer actually mine" or similar. Because that’s exactly what it is: your phone isn’t really yours until you have root access.

Make no mistake: requiring locked down palmtops is but one step in the ongoing war on general computation. The end game is to lock down all computers, so corporations can finally be safe from democracy.

[-]

darkfm@reddit

This might be a region-specific problem but in south america most banks require a phone app for 2FA. Hardware keys like Yubikey or SMS 2FA-ing has been phased out for a long time and is now only available for enterprises (if even that).

[-]

loup-vaillant@reddit

Banks that require a locked down computer can go fuck themselves. I’m about to change phone and switch to Lineage, if my banking app doesn’t work there I’ll ask for an alternative. If they don’t have that, I’m leaving for a bank that has.

[-]

RockstarArtisan@reddit

Yes, I pointed it out in another place in the comments too.

I'll be testing soon whether my bank requires play store or unrooted device to be present. Hopefully there will be enough demand to make this work without having to have 2 phones, but that's my fallback plan: root an older device so I can use apk on it, keep a newer device unrooted for things that require it.

I don't think that bank apps require playstore specifically, so rooting might not even be needed.

[-]

chat-lu@reddit

the day this become effective is the day I switch to iPhone,

I intend to switch to Graphene OS instead. There are still options, why surrender prematurely?.

[-]

AdvertisingDue6606@reddit

Ah yes. GrapheneOS, which runs on Google devices exclusively, and which existence is totally subject to Google's desire to keep the pixels' bootloader open.

[-]

Seconded: I don’t like giving money to Google (buying the Pixel) as a part of getting away from them. Feels like giving in to racket.

[-]

coloco21@reddit

Yeah it makes no sense. If my phone can't support an alternative OS then I imagine there will always be a way to sideload with adb or something, I believe the EU ruled in that favor recently. Otherwise my next phone will be a Fairphone.

[-]

Android isn't going "walled garden" though. They aren't removing side loading with this proposal. If you think they are, you haven't actually read anything about this issue.

Your narrative is corporate bootlicking.

[-]

knottheone@reddit

The article cites one possible reason, but no definitive answer. And it doesn't seem right to me, ruzzians are not banned from the App Store, and alternative app store developers don't have to be from the EU.

Okay, so regardless of evidence directly from your source and Apple, you're just right because you feel that you are? Right.

It is true that Chrome haven't removed ad blockers. But they have significantly nerfed them with Manifest v3.

No they didn't. You install uBlock Origin Lite and have the exact same user experience as before. There is no difference in actual end result of blocking.

Your narrative is corporate bootlicking.

Ah, got it. You're one of those.

[-]

Booty_Bumping@reddit

This is a wacky technicality. They are allowing a narrow form of sideloading where app developers that have submitted a government-issued photo ID to Google and passed all the usual requirements for GPlay publishing get the opportunity to self-publish their apps after being cryptographically signed by Google.

iPhones don't even let you have an alt store

Not really. Since Google is the only one who gets to decide if you're allowed to distribute apps, it means anyone google doesn't approve of, doesn't get to distribute.

This also therefore means that anyone the US government doesn't like, doesn't get to distribute apps. And it's not like the US is very reliable. Hell, they've sanctioned judges from the ICC.

Basically the US will control which software is allowed to run on all android devices all over the world.

If anything people aren't mad enough.

[-]

plazman30@reddit

Well, it's not like Android isn't open source and can't have a version without these protections in it.

[-]

klti@reddit

Thank god this is definitely not Google using its power over Android to curb-stomp alternative YouTube clients with adblock they drive people to.

[-]

darthwalsh@reddit

Right, if there was a random FOSS Android app I needed, I could give Google my ID, sign it, and sideload it. It would take a few hours for just one person in the community to learn and share.

But anybody who does that to a third-party YT app will have their personal Gmail accounts torched with napalm. I can't risk that.

[-]

loup-vaillant@reddit

But anybody who does that to a third-party YT app will have their personal Gmail accounts torched with napalm. I can't risk that.

If you can’t risk losing your Gmail account, you should consider getting away right now. Transfer all your data, get your own domain name, redirect your email and warn all your contacts of the transition. Now.

Then you’ll be able to risk that. Or whatever else might piss off Google.

[-]

darthwalsh@reddit

Last time I was looking at degoogling, I was stuck on Google Maps Timeline being the best -- they solved that problem...

Thanks, I know LTT did a series I'll check it out.

[-]

Freika@reddit

Check out Dawarich, might replace Google Timeline for you

[-]

mixxituk@reddit

Also Google: Go ahead and use smart tube and you can whine when we block your google account and all the logins elsewhere you trusted to us, not to mention your MFA

[-]

Interest-Desk@reddit

Hey maybe we shouldn’t all be trusting one company with our shit

[-]

Carighan@reddit

It's quite likely not, no. Simply because decisions such as these come from a level where something like Youtube Vanced isn't even registering as a blip on the radar.

This is likely either to align the internal dev workings closer to Apple - to get closer to Apple's defense against monopoly laws about providing an integrated device with their Pixels, not hardware + a re-usable OS - or alternative about some probably legislation that is either present or upcoming where they can be on the hook for developer-bad-apples doing shady stuff if they cannot say they verified them and hand the data over to law enforcement.

I'm not saying that from their perspective, curbing Vanced isn't a nice side-benefit. But the decisionmakers probably wouldn't even know what a "Vanced" is, except maybe they think you telling them that their favorite vice president has passed or so.

[-]

Coffee_Ops@reddit

With the social media ID verification thing, you're labeled a predator. Say you're against Steam or other gaming stores banning mature games and you're labeled a porn addict.

With this, you might end being labeled a criminal, because "why would you want to use a phone or an app that is not from the official source". Or "if you don't have anything to hide, you shouldn't worry about it" argument.

Google has no competition. Apple is like Nintendo and will keep doing their own thing and people will keep buying their products. So that's it for me, Apple it is, unfortunately.

[-]

britneymariela@reddit

True to that, and it sucks that every time someone does up against them, they find a way to buy them out or shut them down.

Meta forced bought WhatsApp and Instagram.

Google force bought YouTube, I still have an old channel that i pray no one ever finds as I can’t even delete it, nor get ur deleted as I’ve tried as the videos I made were mean and hateful and I was completely drunk and living couch to couch due to homelessness after being released from Missouri foster care.

I want both apple and google f-ed so hard by EU for this.

shame US politicians are such cheap sellouts

[-]

Ieris19@reddit

EU politicians are sold too

[-]

cranberrie_sauce@reddit

oh god - US is on a whole another level.

US can't get US version of GDPR for 10 years.

[-]

loup-vaillant@reddit

US can't get US version of GDPR for 10 years, you cant tell me they were not paid off by tech lobby

I won’t, but. I’ve heard there’s a fundamental difference in how the US and EU legal system see personal data:

In the US, personal data is an asset. If you go see a judge, demonstrating misuse isn’t enough, you need to demonstrate financial harm.
In the EU, personal data is an extension of your own self. Misuse here is perceived as mistreatment of your own person, and can be prosecuted as such. (Okay, not as harshly as physical harm, but the idea is still there.)

So of course the US doesn’t have, and won’t have a GDPR. Who cares what giant corporation do with your data, as long as you’re not physically or financially harmed by what they do with it? And even if you are, good luck demonstrating that without their data-augmented ad, you would have been 5% less likely to make that bad purchase.

[-]

cranberrie_sauce@reddit

> physically or financially harmed by what they do with it

I got 5 breach letters last year like a majority of americans. we do get harmed both phisically and financially all the time by completely laxidasical attitudes towards our data.

[-]

Ieris19@reddit

The US has structural issues that prevent that, plus their general political position is generally less regulatory.

Yes, US politicians are constantly lobbied and they have issues, but seeing Chat Control, the implementation of Palatir across EU and more should show that the EU isn’t any better. Our government is just more culturally inclined to meddle and regulate corporate activity, and citizen’s activity. Which is sometimes good, but sometimes it’s a big downside

[-]

cranberrie_sauce@reddit

> The US has structural issues that prevent that, plus their general political position is generally less regulatory.

I can assure you - nobody wants unhinged unrestricted mass data collection and surveillance state.

US congress rats are simply paid by tech lobby. which is btw is the same as legalized bribing and not allowed in normal countries.

[-]

PoliteCanadian@reddit

US congress rats are simply paid by tech lobby. which is btw - congress lobbying is the same as legalized bribing and not allowed in normal countries.

Corporate lobbying happens in literally every country in the world. It happens in the EU all the time.

Doubtful. The EU already has laws that require software publishers to identify themselves and this will likely be seen as a good way of enforcing that requirement.

[-]

Dense-Activity4981@reddit

Eu about to get rude awaking. USA company’s are about to show you why. We’re sick of the clown show over their. Wish they would all just leave the EU and let them crash and build their own shit. Oh yeah I forgot nothing great ever comes from there. Oops

[-]

but it's a serious national security issue for EU to support only American software.
So if it was EU doing this then Windows, MacOs, IOS,Android.. they are all dangerous to force.

[-]

alaslipknot@reddit

you mean the EU who want access to all your chat history, encrypted or not ?

https://www.europarl.europa.eu/doceo/document/E-10-2025-003250_EN.html

[-]

Only-Cheetah-9579@reddit

it's not legal under the Digital Markets Act but now with Trump Google don't give a shit about EU.

[-]

yes_u_suckk@reddit

The EU already has legislation against this but Apple simply didn't comply. It will probably take 20+ years for the EU to do something.

[-]

chucker23n@reddit

The EU already has legislation against this but Apple simply didn’t comply.

The EU does not object to Apple inserting itself as a gatekeeper as long as they only do basic vetting for abuse/security reasons.

It’s when Apple overreaches (“we don’t like emulators/torrent clients/etc.”) that the EU objects.

[-]

Fridux@reddit

Unfortunately it is, since the DMA includes explicit exceptions allowing platform providers to prevent abuse, meaning not only being able to force developers to sign code but also to require submitting the app to be automatically verified and notarized by the gate keeper. While the gate keeper cannot legally stop applications from being published for petty or greedy reasons, they can still require developer identification for accountability. The DMA is a step in the right direction but stops short of upholding true freedom, plus don't forget that the same EU institutions are trying to convince everyone that looking for child abuse on all our online chats using opaque methods not subject to public scrutiny is totally fine, is not being done to benefit some private company, and will never be abused by anyone.

Samsung isn't

samsung kind of already did - relevant xda thread

[-]

loup-vaillant@reddit

If that happens, I’ll stop using this shit. Go back to land phone, local voice mail, and desktop/laptop messaging apps. And switch to a bank that doesn’t require an Android or iOS device.

Or ask some repair shop to repair my device to a functioning state. Where "functioning" means, work for me, not against my own interests.

[-]

Ieris19@reddit

Be ready to be branded a terrorist.

We have to be loud now, not prepare for the worst

[-]

loup-vaillant@reddit

Be ready to be branded a terrorist.

I’m okay with that.

We have to be loud now, not prepare for the worst

We need both. Preparing for the worst gives us leverage, and can help us being louder. Though I do agree being loud now remains the priority.

[-]

Zatujit@reddit

ironically google pixel is one that doesn't lock it.

[-]

Ieris19@reddit

They will start now, just wait, they just introduced anti-rollback.

Next thing is to lock the boot-loader…

[-]

Zatujit@reddit

personally i don't have regular Android but i will keep that in mind next time i buy another smartphone. unfortunately, i feel the all mobile phone are going into this direction and that it may not be sustainable in 5 years. the only thing that doesn't work is google pay.

[-]

Fit_Smoke8080@reddit

I would like to be optimistic but drivers support is going to be a huge problem thanks to the ARM ecosystem. Almost every vendor is closed to death and the open alternatives are not there. Realistically if regulation doesn't force Google to make this opt-out and is how things go down the road I'll just buy an used IPhone for work and bank related stuff only and forget it in the drawer as soon as I can. Maybe I might be able to do some wackyness with an remote desktop stack? Mobile computing feels like a dead dream.

[-]

eocron06@reddit

Chinese is the way probably. We will probably just buy their versions of hardware+some popular OS. This market is competitive enough to adapt new/old players . Just need to wait a bit. Remember how openai monopolized their models, now we have llama, deepseek, etc. Through basic theft, but still.

[-]

TomWithTime@reddit

Through basic theft, but still.

That would be the cherry on top for this scenario - imagine China utilizes this moment to unveil a pixel alternative with mostly stolen designs and software and the release is around the time this policy is set to rollout.

[-]

Sopel97@reddit

there are far better phones than pixel from china already

[-]

RationalDialog@reddit

but running the same android with the upcoming restrictions.

[-]

You can watch, but don't touch ))

[-]

teapotrick@reddit

die out? what percentage of android users do you think are installing APKs directly or use F-Droid?

This isn't really something that should be a surprise. It's a compromise because people and organizations are constantly on Google's back about security and there has been a significant increase in sideloaded malware, and this is only more risky with allowing apps to be stores that are more susceptible to manipulation.

It's important to remember that Android and Google Play Services are different things. AOSP still won't have Play Services by default, the Android certified devices that have Google's Services are literally that way for the average consumer. That means having a better user experience isn't about side-loading, it's about security, simplicity, and providing reasonable options within an approved framework.

If we're nerds that want to sideload an app, there are far worse things than needing to do so using a computer with ADB.

[-]

Somepotato@reddit

This isn't really something that should be a surprise. It's a compromise because people and organizations are constantly on Google's back about security

No, not really lol. organizations can already lock down external installs and heavily harden device security via an MDM, and go even further with GrapheneOS.

[-]

Pzychotix@reddit

Devs generally don't use their own keys when developing in the first place, or at least not the same keys that they'll sign their release builds with.

[-]

A_Light_Spark@reddit

True... But what's stopping them from getting two keys? One for test one for release?

I'm not being butthurt, just genuinely wondering how this would play out.

[-]

Pzychotix@reddit

Would be a rather big step up in the entire dev process. It's not wholly unfeasible (as it's essentially how Apple does it with their walled garden), but the tooling (i.e. Android Studio) would need to be much more closely integrated with the PlayStore and dev accounts in a way that it's not anywhere close to at the moment, especially for new devs.

XCode (Apple's IDE) handles all of this for you since it's tightly integrated with their App Store/Developer accounts. Android Studio is just a fork off of a third party IDE and doesn't really any integration to speak of with their PlayStore. Not to say that they couldn't do all of this, but it's certainly a level of effort higher than they've generally put into the ecosystem historically.

It should also be noted that the current modern way of doing things is that Google controls all the keys, and signs the app for you. You don't have any access to the final signing key. They could, again, still give you separate specialized keys for you to do dev on, but that's also just even more drudgery for them to go through.

[-]

A_Light_Spark@reddit

Thx, got it. Seems like google would risk breaking third party dev env if they block adb

[-]

nikomo@reddit

you could absolutely register your own key with the new "light" Play Console

most people have installed an APK from somewhere from the internet at the very least once on their phones

I really don't think this is true.

[-]

riyosko@reddit

young people* since I am talking about games. and no its pretty much true, even more when you consider poeple who also own a PC and have definitly downloaded thier apps from websites, poeple who download from Microsoft store are even less than those who sideload by googling "APP_NAME download for windows", as those are more likely to do the same on their phones.

[-]

10ForwardShift@reddit

Somewhere around 4 billion people using Android devices. You think that most of them are sideloading APKs for games and stuff? Not a chance. There is no way that more than 2 billion people are sideloading.

[-]

RationalDialog@reddit

I just watch youtube in firefox with ublock. don't even need special apps for that ad-free experience.

[-]

MaleficentCaptain114@reddit

You can at least get some of the same functionality by disabling/uninstalling every youtube app, and using it via firefox mobile with addons (adblock and sponsor block both work on mobile).

I suppose that'll be the next thing they lock down...

[-]

destroyerOfTards@reddit

Hah, don't think they can even try. Chrome is already under cross hairs.

[-]

zambizzi@reddit

Android is amazing and it's open source. We just need the investment and organization, to break free of Google to create the best, and most free, mobile OS.

bennett-dev@reddit

It's still a lot less restrictive than what Apple does. It's not requiring you only install apps through the Play Store, it's just that whoever is creating the APKs has to be verified.

That being said it's pretty funny and a lot of funny things could happen. First it's worth noting that all of the pro-Android Apple haters are in shambles. Google was never your friend. Second, there's a funny scenario where Google gets sued by consumer protection agencies f.ex in Europe, loses, and then creates legal precedent for Apple to have to allow unverified apps. Third, I think its mostly okay. You just have to register as a dev with Google. That's it. There's a lot of fraud and bad shit on the platform as a result of the openness, and IMO it has substantially harmed the OS. As a mobile staff engineer f.ex 90% of our fraud comes from Android, and Android users deliver like 30-50% of the revenue of iOS users.

[-]

eeriemyxi@reddit

It's not "some control", it's full control. They won't let you install any third-party app unless the developer "verify" themselves with Google. So you don't get to install anything that Google considers bad or evil. That might be okay with corporate drones like you, but regular people often don't fully agree with companies and making use of your freedom in those scenarios is not "fraud" or "harmful" to normal people.

[-]

OneRandomGhost@reddit

Hah you remind me of myself during my student years. The thing is though, the older I grow, the more I realise that regular people (not the minority here on this subreddit, the true regular people) are mostly idiots. Google wouldn't have a proper precedent to make this move unless there was actually a lot of fraud going on. You're suffering from this XKCD: https://xkcd.com/2501/

Liam2349@reddit

Wow, well thanks for the info.

an exciting new Call recording feature

It really shouldn't be, but... anyway, is this global?

[-]

Dense-Activity4981@reddit

Go make your own company bro. Google finally waking up to seeing android blows compared to apple bc of all the scummy scammers and bad faith actors. If you don’t like it, go build your own . All you people who think u can force company’s and just bitch and moan bc a product u have no say in is going a diff direction are such annoying whiners . Writing a letter to them lol. Just like Europe thinks it can do whatever it wants to our innovations and obviously everything great comes out of America. All you other country’s need to build your own shit or continue using ours bc no one else can do it bc all other country’s are pathetic when compared to the USA lmao. Go to chinas clown tech instead. They keep their people on a nice short leach

[-]

FortuneIIIPick@reddit

I googled it and Steam and Sony require developers to be verified, why should Android developers not need to be verified? I think it's a great idea.

[-]

smjsmok@reddit

Steam is not a general purpose operating system. Valve of course mandates that those who want to sell their games on Steam need to meet certain criteria. This is analogous to Google curating the content distributed over Google Play - nobody protests against that. It's the "we will decide what will and will not run on your device" part that's problematic.

MyArchetype@reddit

I think some misinformation exists here. Students, developers and whoever else can just verify who they are and a package name and they can send it out to whoever they want. It doesnt require approval or anything, it's just for linking bad actors to real people.

The other case is likely illegal and or malicious content. The debate on user choice here I wont be putting any opinions on.

Then the other concern is what if Google doesnt like someone, can they remove you. That needs answering.

This actually doesnt hurt many people at all who want to distribute. They just cant do it anonymously now

[-]

FeepingCreature@reddit

"It doesn't require approval, it just requires approval"

[-]

Aetheus@reddit

This actually doesnt hurt many people at all who want to distribute. They just cant do it anonymously now

Which they should be able to do. Why should I have to give up my real life identity to Google in order to build and distribute apps that are meant to be sideloaded? The entire point of sideloading is that you do not have to live in Google-land - that distribution is not beholden to Google.

Look, I get it. The argument is that this protects grandma and grandpa from installing "Fo0 Bank" app instead of "Foo Bank" app, because bad actors would not want to unmask themselves. I'm OK with that. All you need for that is to make sideloading difficult for the average non-technical user, which it actually already is on most modern phones anyway. If you want to add an additional flashing, obnoxious warning popup for unsigned apps to keep grandpa/grandma safe, go right ahead.

But I draw the line when you want to remove the ability to sideload any unsigned app at all. My Android phone is honestly more powerful than most of my older laptops. It IS a personal computer. And as a personal computer, I expect to be able to run anything I damn well please on it.

[-]

MyArchetype@reddit

I very clearly stated I am not putting any opinion on that matter. I guess I have to because this has blown up, I think they should have a technical way around it.

When we approach problems like this we cant go shouting "all these people are fucked!". Google would shoot back with 99% of people will identify and continue as normal.

We need to frame the problem as it is, that anonymous users cant distribute anymore.

[-]

seiggy@reddit

Anonymous distribution is necessary here in the US, as we have the most broken rules in DMCA, where I'm not allowed to distribute a fixed APK/app/firmware, etc to crack the dumb encryption on some device that is broken due to the company that made the device deciding to stop supporting it. Until the DMCA is heavily overhauled, the thought that Google wants to force identification of the person who wrote an APK is just another way for people to be held liable for shit that should be legal to begin with. It'll do nothing but suppress consumer right to repair. For an example -- see the recent stuff around Echelon for why this is a terrible idea by Google that will hurt consumers more than it helps.

[-]

zezoza@reddit

because doxing the revanced developers won't get Google fucking them into oblivion

[-]

WinEpic@reddit

"if you have nothing to hide you have nothing to fear" type answer