Back in the 2007 or when it came out in Sweden I bought the iPhone and started developing for it. This was cool, new and exciting and it was fine as long as my company was paying the $100 fee every year. But then I switched jobs and worked at a company which produced mostly open source code. Suddenly I would have to pay $100 every year just to be able to put my own software on the phone ...
This is why I switched to Android, just for Google now to pull the rug from under my feet again ...
This situation would have been avoided if we, as community of engineers, had insisted on full and uncompromised open source (Stallmanist or GPL way) right from the start instead of going the ESR way of half-hearted open source where it's technically open but corporates get to have a free lunch and make abuses.
Like most coders, I also prefer the permissive MIT/Apache/BSD licensing for most software projects but incidents like these make me question the direction we are heading towards. They raise fundamental questions about freedom itself - looking at the broader picture, is having a restrictive kind of freedom (GPL) often more beneficial than having full permissive freedom (MIT/Apache)?
But Linux is GPL. That didn't stop Google from using it as a basis for something that is not GPL and in fact not even open source (Google Play Services).
What leverage does a community of engineers have to insist on anything? Android could be entirely closed source. So could Chrome.
It would be naive to assume that the power dynamics in our society can be fundamentally altered by a 10 line software license.
"Restrictive Freedom" as you call it, is simply freedom.
Freedom cannot exist without discernment.
If you have a free and open society but allow Nazis, because you allow everyone, how long will you be free? Not long. The Nazis will use their freedom to take everyone else's.
Freedom demands a simple rule. We accept everyone who accepts everyone.
Fundamentally, GPL shares this rule. That is the point of it. Our labor, when shared, should be shared just the same when used.
Yeah, this is pretty much the rationale behind the Paradox of Tolerance, which you alluded to. Just as a tolerant society cannot tolerate intolerance without eventually just becoming intolerant, this clearly demonstrates that the same is true for Free Software. If we tolerate the use of Free Software for the use of the non-free software, eventually one loses the freedom in Free Software.
It's of course not a perfect analogy since the original Free Software still exists, but since in practice the dependency was from free towards non-free, like in this instance, it still works. Google and its anti-freedom practices are still in effective control of the Android ecosystem even though it's still technically free by way of AOSP.
And just as how some people argue that intolerance of the intolerant by a tolerant society is bad, so do some people argue that things like the GPL is bad because it prevents downstream modifications etc. going from free to non-free. Maybe this will help re-evaluate the culture around this stuff.
Yes. And society with good education has fewer stupid people. You don’t stop “bad” ideologies by outlawing them, you stop them by arguing for a free society and education.
Im a millennial dev which happens to have a Gen Z brother who also chose this profession.
Seeing him walk my steps 15 years later has been eye opening for the brutal cultural change.
They’re socially conditioned to assume that anything free is a scam or illegal, that every tool is associated with a corporation, and that learning itself is going through certain hoops (by the uni, the certificator or whatever) so that you get permission to earn money a certain way.
As more doors get closed, I fear this process will solidify.
They're right. Embrace, Extend, Extinguish and Enshittification have been the core experiences of digital life with corporations in charge of platforms.
My hope is that LLMs will help open source developers provide reasonable alternatives to the gatekeeping and spyware that corporations are now making their bread and butter. Example: Recent tried to use Unity LTS for a small project - the software is a joke now, basic functionality is broken out of the box. A couple of hours with an LLM and I had all the features I needed using a more lightweight library, monogame. Not an operating system, but I'm hoping the pattern will continue as LLMs get more proficient at code - the moat of "this is hard and laborious to do" will be drained.
An issue is that it’s not only the corpos, there’s also an increase of individuality that has become the norm.
For example, try to learn from an online resource and you’ll see that the most popular sources (YouTubers, twitchers, etc) are all preparing a rug pull to a non free resource, slipping undisclosed ads as content or straight up selling snake oil.
I grew up assuming that a random guy on the internet had always genuine intentions, even those who were assholes. Now the default is either a paid account, a bot, or someone trying to grind for personal gain. Everything’s adversarial.
See I was similar but the big difference back then was a random little 99c app on iOS would make you several thousand dollars a month, so the $100/year fee was nothing for a long time. It was only after around 2012 that things changed.
On Google Play I never, ever had any app be anything close to as successful as on iOS. I think I probably made less than 1/100th the amount I did on iOS back in the day.
Ironically, somewhere around 2014, Google was doing the exact same style "keep Android open" campaign, recruiting developers around the world - including me, to help lobby for keeping Android "open" and tell the horror stories of issues that random OEMs caused by forking Android, breaking compatibility and security.
Made sense to me at the time and they were really into "Android should be open source" vibe, so I supported it.
10 years later, I'm also rugpulled. Their vision has dramatically shifted into trying to build a walled garden on top of Android, but now they are haunted by their open source roots, and the walled garden is just a really tall pile of bricks laid around it.
So many times we've been promised things, only for them to be delivered in a half-baked state with half of the parts open source while other parts were closed only to Google and Google approved apps.
So many times the issue trackers for different parts of the platform ecosystem have changed, that some issues are impossible to debug without using web archive.
And just as many times, they have been closed, ignored for years or unnoticed, being ping-ponged among team members until they forget about it.
Yet, even with all of the closed and privatized parts of the ecosystem, they are still not able to deliver on an ecosystem promise.
They control my email, my photos, my cloud, my browser, my phone - yet cannot keep a single thing properly in sync. Still, I download something and I do not know where it went. Still, I cannot Airdrop things without a 3rd party service. Still, I take a photo only for it to appear on the cloud 5 minutes later. Still, I cannot have a "sandbox" account for testing that just works, but have to juggle multiple accounts, causing their auth system to break 80% of the time when testing.
As a developer, I do not plan to support Android anymore. I recently got an iPhone, and am now fully switching to it. Even tho I am long on $GOOG stock, because the money printer go brrr, I will be spending that money in the Apple's ecosystem from now on.
Apple pisses off many HN users who then swear to switch to Android, Google pisses off many HN users who then swear to switch to an iPhone – so for both companies, in effect, nothing changes.
Aside from that, the masses don't care or know about any of this. A couple of HN users don't make a dent in the revenue of any large company. What we can do is work on alternative ecosystems or at least support the small companies and organizations who do with our wallets.
> Still, I cannot Airdrop things without a 3rd party service
Well, it hardly works between Apple devices themselves to begin with (sending a bunch of pictures over to a 4 years old iphone works like 1 times out of 10 trial..). At least I can use regular old Bluetooth to send stuff to any kind of device from Android without the cruel gatekeeping of only Apple devices.
So yeah, both platforms have their own ways they suck in.
> 10 years later, I'm also rugpulled. Their vision has dramatically shifted into trying to build a walled garden on top of Android
Abrupt abandoning of their Nexus line for overpriced Pixel hardware was the watershed moment. The exact moment when their executives decided to ride free on open source labor.
I don’t know what it was like back then but in today’s world you do not need to pay Apple any fees if all you’re doing is writing software in Xcode and deploy it to your own device. You do need a developer account, the free version of one, but you only need to pay the fee if you’re going to publish on the App Store.
Free provisioning: If you do not pay the developer fee an app installed via Xcode will work for 7 days. Afterwards the app on your phone will *stop working*, and you must open Xcode on your Mac again, and push a new build to your phone if you want to keep using it.
Paid provisioning: If you have paid the developer fee, a build will expire based on the amount of time left before that payment renews, so if you build and install an app a month before your developer fee renews, that build of the app (that you installed via Xcode) will stop working in 1 month.
I’ve never considered or tried anything other than using a Mac, so I don’t know. But I was responding to a comment about a different matter, the fees for a developer account.
100$ a year for a dev in Sweden - that's like money you wouldn't notice if it got lost in your pockets - and I am sure it cuts down on spammers and covers administrative cost.
I have no problem with a store having a small admission fee - that's perfectly reasonable and they do have operational costs. It would be nice if they had some way to waive the fee for popular OSS to garner some god will with the devs.
Taking a 30% cut of revenue on the other hand ... both platforms are guilty of this
> 100$ a year for a dev in Sweden - that's like money you wouldn't notice if it got lost in your pockets
For someone who is making money from it, sure, but that's exactly who this isn't about. The way they get screwed is by the 30%.
A fixed fee -- in any amount -- is screwing the people who aren't in it for the money. Because to begin with, it's not just the fee, it's the bureaucracy that comes with the fee.
You're a kid and you want to make your first app, but you don't have a credit card.
You live in a poor country and maybe the amount you can lose without noticing when you're rich isn't the same there. Or even if you can get the money, you may not have a first world bank account and the conglomerate isn't set up to take the local currency.
You're a desktop developer and you're willing to make a simple mobile app and give it away for free as long as it's not a bother. The money is nothing but the paperwork is a bother so you don't do it, and now the million people who would have used that app don't have it and have to suffer the spam-laden trash alternative from someone who is only in it for the money.
And suppose the amount is as trivial as you propose. Then why does a multi-trillion dollar conglomerate need that pittance from a million ordinary people?
> Then why does a multi-trillion dollar conglomerate need that pittance from a million ordinary people?
Because the store gets spammed by million of bot applications ? Having a small fee for store review is probably a decent noise floor.
You can still develop apps on your devices without a dev license - the week long cert is annoying, they probably want to avoid people side-loading via this mechanism (which I am against FWIW).
But you can develop on your devices without paying 100$/year
We are not talking about software distribution or admitting it to a store, we're talking about executing something on your own device, a device that you purchased.
Yes that is annoying - I hate Apple anti side loading stance. But that still doesn't make 100$ fee to apply for distribution/integration with their ecosystem unreasonable.
Are you even reading the comments you are replying to, or ?
You need to pay $100 to execute code on a device that you own. Without a 7 day time limit. And only if you have the technical expertise to do so. This is not a fee for distribution/integration. This is feudal rent.
Are you reading what I am saying ? 100$ for distribution access on the store is reasonable. Side-loading prevention is shit. Both can be true at the same time.
I would call it "free developer experience" (using ADB), not "free sideloading".
If you want to send your app to a friend to download and install it directly on their phone (without using a computer with ADB), you need to be Google-approved and register your app first.
1) Oh yes of course, here friend you just need a PC and the command line tools (unless soon you'll need to be a registered and VERIFIED developer) to install revanced or any open source app
2) Unless they decide to ban you (they can if you don't show any activity in the developer account for X months) and of course because you were verified you can't simply apply again and pay again, because you were banned!!!!
Before buying a smartphone I tried to find an inexpensive model that supports open source OS, but I couldn't. What open OS support is ether expensive Pixels, or outdated models.
The solution, I think, would be a regulation that forbids manufacturers of any chip or device CPU from making obstacles to reprogramming the device (using fuses, digital signatures, encryption etc). So if you buy a device with CPU and writable memory, you should be able to load your own program and manufacturer may not use technical measures to stop you. The goal of regulation would be preventing of creating digital waste, vendor locks and allow reusing the hardware.
Of course, features like theft prevention won't work, so the user should be able to waive this right.
Looks like GrapheneOS will be available on another "major Android OEM” soon [1].
Regulation should prevent Google from subsidising manufacturers to use Android. Arguably the recent antitrust legislation [2] applies in this case because they're effectively paying manufacturers to place that horrendous and impossible to remove search bar on the home screen.
This is the place where I think lawmakers needs to be involved. Bearing in mind that laws aren't engineering specs, being able to pay for things and use a bank are about as close to fundamental rights as anything is for participants in society. If you have to buy a second device to use Netflix, so be it, but we need laws that guarantee people can make digital payments without Apple or Google's permission.
There are societies today (I live in one) where some businesses are starting to accept payment only through a banking or payment app, no cash, no card, nothing else. And these apps will only function in the very narrow circumstances of "I bought a device which runs software from one of two American tech monopolies and follow all their frequently changing rules for using various software that's unrelated to the payment I need to make." This limitation is mostly in place due to the banks believing it will make things more secure. Security is important, but not important enough that you get to start denying innocent people the ability to make payments or exile them from the banking system because they had some kind of dispute with Apple or Google. Governments need to step in with access mandates here, otherwise this problem WILL come to a jurisdiction near you sooner or later.
The argument that this is actually a security benefit is a farce. It doesn't do anything. If the device is compromised then it's going to capture your password and send it to the attacker without attempting any attestation. So the only time the attestation is attempted is when the device isn't compromised.
Most DRM / banking apps work fine for me through the browser and you can add them to your home screen. Android / Samsung Pay will stop working, but if you have a Garmin watch, you can still pay with that.
But this is changing. Already in multiple countries(and soon possibly EU wide) there will be only play integrity(strong verdicts) to enforce availability of many services(if not using ios, which is the same locked in syndrome).
Yes some banks still allow classic clunky 2FA(sms, card readers, sometimes SIM generators) but it'll all eventually go away in favor of "locked and favored" os unless legislation fights against it.
I wouldn't want the bank to access my phone, so it doesn't matter that the app doesn't work, and in a weird case where you urgently need to transfer your money to scammers while not being at home, you can use bank's web app.
Even phones from Motorola require you to literally ask permission to unlock your bootloader via a form on their website, which they then unlock remotely or you enter some generated code.
Other manufacturers do the same, where you have to wait a period of like 45 days before being able to unlock, and then have to ask permission on their website to unlock your bootloader.
Not in markets without significant Huawei and Xiaomi presence. Local banks (Czech Republic) are not using integrity APIs to keep being usable for most clients.
All the Fairphone Versions support e/OS/ as far as I know. I have the Fairphone 5 with the current e/OS/ version completely un-googled. But you also have the option to allow partial google-fication in e/OS/ so you don't miss out on most of the features and paid-apps you had.
Droidian[0] currently supports a relatively new Motorola phone[1]. A Snapdragon 8+ gen 1 device, so the performance isn't bad, and most features seem to work, including Waydroid. I've noticed incoming phone calls causing a glitch where the call can't be answered, but other than that, daily drivable. Just like a PinePhone, only more powerful. In my region it can be had for ~€250 brand new.
Did you check the stuff murena has on offer? Most if not all of their phones come with an unlockable bootloader and the OS they come with isn't that bad to start with either.
Every few years or so we collectively rediscover that general computing devices should be general and repeat the same mistake every time new format is released. We're all a bunch of reactive losers and that will never change it seems.
>The solution, I think, would be a regulation that forbids manufacturers of any chip or device CPU from making obstacles to reprogramming the device (using fuses, digital signatures, encryption etc).
Why would you make essential security features illegal? Do you want to fly on a plane where the flight control software was maybe overwritten?
>So if you buy a device with CPU and writable memory, you should be able to load your own program and manufacturer may not use technical measures to stop you.
The problem is Google and Apple locking down their Operating System, this is not a technical limitation on hardware.
> Do you want to fly on a plane where the flight control software was maybe overwritten?
I don't understand it. Whoever owns the place can replace any part of it, including computers. So being able to overwrite software doesn't change it. Furthermore, plane computers are not a consumer hardware.
You could make a better example with patched car software.
> The problem is Google and Apple locking down their Operating System, this is not a technical limitation on hardware.
The initial ROM bootloader contains hard-coded signature which prevents you from replacing Apple/Google software.
Security only works if you can control what software is trustworthy. If some software has been proven to be untrustworthy, it is worthwhile to prevent all software that the producer has ever made from working at scale. Adding some nominal process and fee to make it too expensive to create a lot of accounts prevents them from creating hundreds of alternative aliases. There is a lot of precedence for why this is a good idea and works. I think if there was another company involved with performing the audit which folks trusted it might now seem so scary.
Do you understand that you are advocating for a world in which two corporations are the sole determinator of the livelihood of all mobile software developers? A career in software development should not be at the complete mercy of Apple and Google, or I suppose if you had your way Microsoft for PC gatekeeping as well.
No matter how this turns out, I'm sure GrapheneOS will make a smart effort. https://grapheneos.org/
But long-term, Android is such a massive code base, and was designed more for surveillance and consumption, than for privacy&security and the user's interests.
I think getting mainline Linux on viable and sustainable on multiple hardware devices is warmer, fuzzier foundation. (Sort of a cross between Purism's work on the Librem 5, and PostmarketOS's work on trying to get mainline Linux viable on something else.)
> think getting mainline Linux on viable and sustainable on multiple hardware devices is warmer, fuzzier foundation.
You just have to somehow speedrun the decades of development that went into Android to make it decently run on mobile hardware.. never really understood this "throwing out the baby" direction - the UNIX userspace model simply doesn't work on mobile (I would wager it also doesn't work on desktop anymore), has no security (everything runs as your user which made sense when you ran some batch job on a terminal with multiple other users, but nowadays when a single user has as many processes as all the user had back then it effectively means no security between any of those programs), there is no real resource control, no lifecycles, so the device will burn scorching hot and have terrible battery life.
On Android (and iOS) apps were always living in a world with lifecycles so if they wanted to operate correctly, they had to become decent citizens (save state when asked, so they can be stopped and resumed at any moment). This also fits nicely with sandboxes and user permissions, etc.
So without developing an alternative user-space for "GNU-Linux", it's simply not competing with android in any form or shape.
And even if you do, now every GNU app has to somehow be ported to that userspace API (you can't just kill GIMP or whatever Linux process)
The problem is for developers. Abandoning Android for Linux is not viable for software developers who need to eat. Sure, we can use Linux smartphones ourselves, but if the software we make has a grand total of three people who ever lay eyes on it, that's less than ideal. And given how The Year of the Linux Desktop has gone, I think it'd be strongly preferable if we managed to stave off the tightening of control over Android rather than placing bets on the future Year of the Linux Smartphone.
The Year of the Linux Desktop is kind of happening. Not at the scale that the meme implies, but I've never seen anywhere near as much adoption of the Linux desktop as this year. The combination of Valve's efforts, more usage of Linux gaming handhelds, distributions like Bazzite that have strong selling points for Windows gamers, and Microsoft pissing everyone off with everything that is Windows 11, the Linux desktop has some legitimate momentum for once
Especially considering how much software these days on Windows are all Electron/Web. So is not a hard switch as it once was.
I switched from Windows to Linux it's been 2 years. One of the few things I missed on Windows, was the native WhatsApp app, as the Web WhatsApp it's horrible. Then a few months Meta killed the native app and made into a webview-app :)
It only takes one application to force you back to using Windows. HellDivers 2 didn't work well until recently on Linux. If you are playing certain factions it is a very fast paced game and I would frequently experience slow downs on Linux.
So if I wanted to play HellDivers 2, I would have to reboot into Windows.
And I can just take about any Linux distro, install it to about any computer and have an extremely nice device to work, play games, and handle almost any daily task with. I call that a huge success.
Yet, still 1/4th of the time my ThinkPad with Linux wakes with a Thunderbolt display connected it dies with a kernel panic deep in the code that handles DDC (no matter what kernel version).
And the latest gen finger print scanner only works between 10-50% of the time depending on the day, humidity, etc., no matter hof often you re-enroll a fingerprint, enroll a fingerprint multiple times, etc.
And the battery drains in 3-4 hours. Unless you let powertop enable all USB/Bluetooth autosuspend, etc. But then you have to write your own udev rules to disable autosuspend when connected to power, because otherwise there is a large wakeup latency when you use your Bluetooth trackball again after not touching it for one or two seconds.
And if you use GNOME (yes, I know use KDE or whatever), you have to use extensions to get system tray icons back. But since the last few releases some icons randomly don't work (e.g. Dropbox) when you click on it.
And there are connectivity issues with Bluetooth headphones all the time plus no effortless switching between devices. (Any larger video/audio meeting, you can always find the Linux user, because they will need five minutes to get working audio.)
As long as desktop/laptop Linux is still death by a thousand paper cuts, Linux on the desktop is not going to happen.
That is simply not true. I have tried to get so many people on Linux, just for it to fail when they try to do something simple, enough times in a row for them to want to go back to Windows.
I really wish it was seamless and good, but it just isn't (and frankly it's a bit embarrassing it isn't given desktop environments for GNU Linux have been in development for 20+ years).
I had so many more issues running Windows over the years than Linux. BSODs were a common occurrence, and yearly fresh installs were a thing to keep my computer usable.
I moved to Mint almost 4 years ago at this point, running it on a now fairly old Dell G5 from 2019. Runs as smoothly as ever.
I had one problem during this 4 year run (botched update and OS wouldn't start). Logging to terminal and getting Timeshift to go back to before the update did the trick. Quick and painless. I could even run all the updates (just had to be careful to apply one of those after a reboot).
I have no idea what you are talking about. Maybe I am just very lucky with Linux.
The odds of having just about any Linux distro work "out of the box" without manual tweaking on just about any computer are still pretty low I'm afraid (by "work" I mean "support all of the functionality"). For instance, the laptop I'm writing this on connects without problems to a Bluetooth mouse, but won't for the life of me work with my Bluetooth headphones.
> The odds of having just about any Linux distro work "out of the box" without manual tweaking on just about any computer
Well, show me that magic OS that works on "just about any computer", because I am sure Windows ain't that. OSX only works on their select devices, and Windows have its own way of sucking. Let's be honest, there are shitty hardware out there and nothing will work decently on top. People just try to save these by putting Linux on top and then the software gets the blame.
It really isn't. This is a temporary sugar rush that comes after pretty much every time Microsoft does something awful. After a while the buzz will fizz out and the majority of those PC gamers that looked to switching go back to Windows.
IME a lot developers don't even use Linux on their desktop machine. I've met three developers that use Linux professional IRL. A lot of devs have a hard time even using git bash on Windows.
I am always called up by people at work because I am "the Linux guy" when they have a problem with Linux or Bash. I am not even that good with bash.
Sure, there are a lot of people that use Linux indirectly e.g. deploy to a Linux box, use Docker or a VM. But if someone isn't running Windows, 9 times out of 10 they are running a Mac.
More generally the thing that has paid the bills for me is always these huge proprietary tech stacks I've had to deal with. Whether it be Microsoft's old ASP.NET tech stack with SQL Server, AWS, Azure, GCP, what pays the bills is proprietary shite. I hate working with this stuff, but that what you gotta to pay the bills.
> This is a temporary sugar rush that comes after pretty much every time Microsoft does something awful.
I think what it fundamentally comes down to is that for consumer-oriented Linux to see widespread adoption, it needs to succeed on its own merits. Right now, and since forever, Linux exists in a space for the majority of consumers who consider it where they think "I might use it, because at least it's not the other guy". A real contender would instead make the general public think "I'll use this because it's genuinely great and a pleasure to experience in its own right". And that's why I have absolutely zero faith in Linux becoming a viable smartphone ecosystem. If it were truly viable, it would have been built out already regardless of what Android was doing. "Sheltering Android refugees" is not a sustainable path to growth any more than "sheltering Windows refugees" is.
I agree, with a caveat. The vast number of consumers don't even know Linux/BSD or any the alternatives exist.
I have zero faith in a Linux smartphone. What will happen is that there will be some GNU/FSF thing with specs that are 15 years out date and you will have to install Linux via a serial console using Trisquel and the only applications available will the Mahjong (yes I am being hypobolic).
Clearly hyperbole! We'll also have TuxPaint, SuperTuxKart (CPU rendering only, because the toolchain doesn't support Android's HAL), and a couple of (long-abandoned) LibreOffice forks that crudely adapt different subsets of the interface for a touch device.
I mean, this strongly has to depend on what kind of software you are developing.
I don't know a single developer who primarily uses Windows.
Literally everyone around me uses Linux for development work (and a large portion of them also use Linux for their personal machines).
Of course. However if a developer isn't using Windows typically they are using a Mac.
In corpo-world. Everyone is using Windows. If they are using Linux it would be through a VM or WSL. I guarantee none of those people are using Linux at home.
So for every developer you know that is using Linux, there are many more people using Windows supplied to by their IT department.
I know it's been tried before (eg by Mozilla), but perhaps now the time is right for a web apps-only OS.
Many developers would need some help to get offline functionality and updates right though.. And it would be really nice if these apps didn't require parsing megabytes of JavaScript libraries on startup.
so the thing is, as an Android dev if I get embedded linux experience then I have lateral career movement to the peripherals that I'm usually writing apps for. While the intersection of app developers to embedded linux developers is probably very small, there is a smidge of incentive there, and that can be a powerful thing for the community: a lot of the pain points on linux phones feel hardware oriented (I complain loudly about the pinephone battery elsewhere in this thread).
another tailwind might be in the gaming scene. I have the general sense that SteamOS has been an interesting gateway for technically-minded folks to be impressed by this Linux thing. A similar model for mobile phones might be a tailwind (like a SteamOS for ARM?) The reason why that's perfect is because it undermines the Google monopoly and creates an app ecosystem that people will absolutely flock to, at least for games ($$).
Some people don't care and build on top of Linux anyway. This lockdown will accelerate this. At some point a critical mass will eventually be reached, perhaps with the assistance of some corporate entity or organization of some sort that pushes it over the edge. Then there will be a real open competitor. Will take some time though.
I'd rather like to see AOSP development spun off to a separate non-profit entity. Either by Google doing it or by a hard fork (which will need a lot of funding). Traditional Linux misses the polish and especially the security layering to be a good phone OS. Better to start from an already good base that works.
Waydroid does surprisingly well at running Android apps on Linux.
Sure some apps won't work for whatever reason & HN commenters will have incredibly scathing things to say about that, but I bet there's a lot of folks who'd be cool with missing an app here or there.
It sucks to be losing Android, but IMO it's an ecosystem in free-fall. Bootloaders are locked more and more, there's literally zero AOSP hardware buyable now, and the roms scene has diminished not grown over time.
I totally think theres a Steam Deck moment waiting around a corner, where what seemed impossible a year ago shows up and is dead obvious & direct, and we all wonder why there were so many doubts before.
> Right, but that's a choice from manufacturers, not a requirement of building a mobile platform.
IMO, I think Microsoft gave up on running Android apps on Windows because they read the writing on the wall: Google will use Play Integrity/Protect to ensure Android apps only run on Google-approved devices/operating systems and nothing else.
I think this is the ultimate fate for Waydroid, as well.
The hope is lost for Android, there is no moving forward with google antagonizing its foss roots. Libre phone it is. We have to forcibly remove the bandage.
I wish you were wrong, but I don't disagree with assessment. I am on grapheneos ( edit: on pixel ) now, but even that should only be a pitstop now since google has decided to show its hand in such a nasty ( if not that unexpected ) manner.
(2018) makes me more than a bit sad. I have a OnePlus 6, and it was ok with the software I tried out ~3 years ago, and basically fast enough. But it's soul crushing how running mainline Linux is just so impossible for consumer mobile chips.
It felt at the time like there was positive progress, more bits getting mainlined at a trickle but at least steady trickle rate. But it feels dark now. At least the GPU drivers everywhere have been getting much better, but I get the impression Qualcomm couldn't even ship a desktop/laptop after years of delay, is barely getting that in order now. It feels impossible to hope for the mobile chips anywhere to find religion & get even basic drivers mainlined.
> Android is such a massive code base, and was designed more for surveillance and consumption
I disagree. I have been using de-googled / de-spywared Android for a decade now and I really love it. Once you remove google mobile services and rely on open source applications Android feels really good.
Also its questionable if projects such as purism or even the pinephone will ever offer such good security and privacy as a de-googled Pixel with GrapheneOS will.
In the past, they forced Steam to implement proper refund policies, and they are currently suing Microsoft about the way subscribers were duped into paying more for "AI features" they didn't want.
If, and I do mean if, government is a solution here, its only role is to ensure that app use cannot be required for service ( and we can argue over what services can stay app-only ).
Oh, the irony. I still remember how in the early days of Android vs iOS discussions, the main point was "but it's OPEN!". The word "open" was used as a comma by Google people. It was The Thing. The Difference. Good vs Evil and all that.
It looks like eventually any company will start squeezing customers for what they are worth.
But only once the company is powerful enough. We don't call Google a monopoly, because there is Apple, but taken together they certainly behave as one. Both create expectations, create expected momentum in a certain direction, people build (companies, lives) on those assumptions and boom, you can't get out and now the company changes the deal.
Is it just our assumptions that get us in trouble? Or do we need to do more?
I'm not sure how to regulate this, other than to stimulate open source, as the "for the people by the people" solution. But also that will just lead to poor expensive solutions (the market created some nice FOSS though). So the law it should be... And we're back to the problem of lobbying...
Perhaps there should be contracts: Google advertises Android as open: They should sign a contract: For how long will Android be open? Define "Open". The contract can be enforced. Or perhaps we, the people, sue now, for false advertising, although that will just make them flex their legal and lobbying muscles... And they didn't sign any contracts.
Android has not been really open for a long time now.
- Many APIs have been moved to Google Play Services (which is not open source), and many apps have come to rely on them. You can emulate it partially but not fully, see second point below.
- Some features like device attestation / SafetyNet fail on non-"official" devices, for example many banking or government ID apps refuse to work on open source os like GrapheneOS
I've only been interested in Android phones particularly Pixels because I can just flash another OS and do whatever but if Google goes through with this I might consider iphones this time
Between this and a growing number of oems not permitting bootloader unlocking (latest being Samsung with OneUI 8) Android's "open" future is pretty bleak.
IMO the bigger recent issue is that Google stopped pushing AOSP updates timely. As far as I know the QPR1 source is still missing in action after almost two months (!).
While I understand the reasons behind this campaign, I have mixed feelings about it.
As an iPhone user, I find it frustrating that deploying my own app on my own device requires either reinstalling it every 7 days or paying $100 annually. Android doesn't have this limitation, which makes it simpler and more convenient for personal use.
However, when it comes to publishing apps to the store, I take a different view. In my opinion, stricter oversight is beneficial. To draw an analogy: NPM registry has experienced several supply chain attacks because anyone can easily publish a library. The Maven Central registry for Java libraries, by contrast, requires developers to own the DNS domain used as a namespace for their library. This additional requirement, along with a few extra security checks, has been largely effective in preventing—or at least significantly reducing—the supply chain attacks seen in the NPM ecosystem.
Given the growing threat of such attacks, we need to find ways to mitigate them. I hope that Google's new approach is motivated by security concerns rather than purely economic reasons.
Android already has this strict oversight, in theory, in the form of the Play Store. And yet.
Personally I feel much more safe and secure downloading a random app from F-Droid, than I do from Google, whose supposed watchful eyes have allowed genuine malware to be distributed unimpeded.
I don't understand how you can have mixed feelings about this.
> However, when it comes to publishing apps to the store,
This isn't about publishing apps to the Play Store. If that's all this was about, we wouldn't give a shit. The problem is that this applies to all stores, including third party stores like F-Droid, and any app that is installed independently of a store (as an apk file).
> Given the growing threat of such attacks, we need to find ways to mitigate them.
How about the growing threat of right-wing authoritarian control? How do we mitigate that when the only "free" platform is deciding the only way anybody can install any app on their phone is if that app's developer is officially and explicitly allowed by Google?
Hell, how long until those anti-porn groups turn their gaze from video games and Steam onto apps, then pressure MasterCard/Visa and in turn Google to revoke privileges from developers who make any app/game that's too "obscene" (according to completely arbitrary standards)?
There's such a massive tail of consequences that will follow and people are just "well, it's fine if it's about security". No. It's not. This is about arbitrary groups with whatever arbitrary bullshit ideology they might have being able to determine what apps are allowed to be made and installed on your phone. It's not fucking okay.
If the manufacturer wants to offer verification of developers, this should be an optional feature allowing the user to continue the installation of applications distributed by unverified developers in a convenient way.
Making this verification mandatory is an absolute non-starter, ridiculous overreach, and a spit in the face of regulators who are trying to break Google and Apple's monopoly on mobile app distribution.
A year ago I built a React Native Android app for my wife called "Pimp daddy", which she uses to track her earnings as an independent contractor.
The whole concept is meant to poke fun at the idea of me "checking up on her" (I file her tax returns) and the entire theme is 80s pimp styled.
Every time she submits something, she'll get a random pimp remark, like "Go get that money for me, girl!". She just rolls her eyes and ignores it, but it's what made it fun for me to work on it.
Edgy stuff like that could jeopardize my account in the near future. It might just be security now, but an automated "naughty words detector" will be an obvious next step.
I doubt I will invest any more time in hobby app development if I have to deal with some humorless overbearing watchdog telling me what I can and cannot install on my own device. Very sad to see Android following Microsofts anti power user direction.
Given the apple v epic ruling about in payment commision outside the app store, I don't understand this. I assume Google would get the same ruling if they tried what apple did, so why bother with walling off if you can't get paid?
At least with 3p app stores they could have Gpay if the app developer wanted to, but now they will be pissed and can't build a 3p app anyway since users can't install it via 3p app stores.
The play store ID process is ridiculous, their AI is making up BS why it wouldn't let your documents pass, clearly no human in the loop.
In the EU we can report this to: comp-market-information@ec.europa.eu
State that:
Google is abusing its dominant position on the market for Android-app distribution by “denial of access to an essential facility”.
Google is not complying with their "gatekeeper" DMA obligations (Article 5(4), Article 6(12), Article 11, Article 15)
Attach evidence.
Financial penalty is the only way to pressure this company to abide law.
You can't even develop without the paid dev account? I thought it'd just be for distribution. Like, you can build and run whatever you want on an iPhone without a paid account.
You can develop and install via adb, but you can't just tell the package manager to install an APK you downloaded on your phone. Maybe attestation makes sense to allow Amazon App Store or Epic Games Store to be installed without a warning and to allow companies like Spotify to distribute their apps themselves from their websites without using Google Play Store and without a warning. What's wrong is preventing people from installing apps that haven't been attested by Google straight from their phone, even with a warning.
I get that requiring attestation for downloaded apps is wrong too, it's just this website says "it will no longer be possible to develop apps for the Android platform without first registering centrally with Google" which seems incorrect from what you're saying.
Edit: Oh I get it, "develop for the platform" means develop and distribute. Maybe it's just me, but seems like an important difference.
The idea of offering something for free then later deliberately restricting and or reducing its scope after securing enough takers to maximize benefits and advantages for those making the offer ought to be unlawful as they are knowingly and deliberately manipulating human nature. Those who accept such seemingly appealing offers often end up disadvantaged or harmed. And here with Google's latest Android edict we have yet another instance.
Manipulation and deception tactics are particularly relevant in internet age and they are Big Tech's standard modus operandi because its found them to be such financially successful business models. Laws need to enacted to prevent such exploitation as it is unreasonable and unacceptable for the psyche/reasoning of ordinary citizens to be pitched against such psychological might.
As so often happens with such authoritarian and manipulative dictates, this Google edict comes wrapped in the usual paltry excuse of security. Even Blind Freddy knows this excuse to be bullshit and that the real beneficiary is Google. The time has come for Android to be decoupled completely from Google.
It's tragic that despite a monopolistic finding against Google the Law didn't recognize the fact.
Are there any alternative mobile OSes actively developed? I remember Ubuntu Touch was the thing and something from Firefox, but not sure if they are continued?
We also have PostmarketOS (alpine base) and Mobian (debian base) as frontrunners. Supposedly Arch Linux for ARM and openSUSE Tumbleweed are also used by some on mobile.
I just bought a fairphone6 hoping this phone would last me a decade with security patches and lineageos support. Naively I was assuming Google would keep Android open for that period. Now I might as well switch to Apple so I'm in sync with the rest of my family.
Ugh.
You will probably run some kind of community Android distribution on that phone, like Lineage or Graphene, and those will likely not include this limitation. The world will be worse off, but you and I will be unaffected. Worst case is that future Google will decide to kick us out of the Play Store, but there has been plenty of workarounds for that before.
Unfortunately the feedback period for the European Digital Fairness Act has been closed since October 24th. Does anyone know of another way to appeal to my European overlords^H representatives?
Whats also an issue is that Android seemingly has stopped publishing the source code for Android (AOSP). Android 16 QPR1 has been out for months but still no source code released.
Every company is open when they gain from it and closed when they gain from it. The idea of free general computing needs a different sponsor. Like a country or regulations. I don’t think open source projects and private companies can defend this idea adequately.
If people working for Google had a conscience, they would be working to break the system from within. At this point it's leaving the confines of anti-consumerism and entering into a gray area of basic human rights abuse. It's clearly a cartel market with the other big players (Apple and others to a lesser extend) that needed to be broken 10 years ago(if it were possible).
It reminds me a bit of the book "The Constant Soldier", depicting Auschwitz guards and staff enjoying their carefree holiday at a nearby lake resort, before going back to burning people. Might seem like hyperbole, but I think we're rushing towards an ugly plutocracy.
I've got my Linux smartphone running and ready to go. VWYF, folks. I'll take shitty software and poor battery life over digital authoritarianism every single time.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
gonna say: the pinephone has been hell over the last few weeks. Phone auto-boots whenever power is applied (either by their keyboard case or via USB-C), then the battery dies very quickly, and you need a minimum charge to boot the phone, so that means you have to swap an SD card in there with JumpDrive just to charge the darn thing. There are some mitigating factors (larger battery, Tow-Boot + loading OS from SD card, potentially some SMT soldering shenanigans), but I genuinely feel like this is a fire hazard. I -do not- recommend inflicting this on others.
someone suggested (I can't lost the link) flipping the script with a GLiNet Mudi hotspot with SMS forwarding (to e-mail); I really like this idea. It would be suuuper neat to play around with the tethered model: make SIP calls with a hacked Switch with Android installed / dedicated ruggedized VoIP phone for emergencies, or justify making and carrying a cyberdeck.
Personally, I'm hoping to revive my 3DS because I fell in love with the darn thing again (and its near infinite battery life). I heard you can make calls on the original DS with SvSIP, so suuurely that can work on the 3DS too. As a fellow gamer and android dev I'm sure you'd appreciate the idea.
I don't want a phone owned and controlled and spied on by governments and mega corporations. I want a Gibson-Neuromancer style obelisk disk blob thing that does Internet, Telephony, and Computer stuff and uses whatever I tether it to as the human interface.
Edit: and to be clear, I’m against this change by google. I think there is value in protecting grandma from sideloaded apps (if that even happens in the real world) but this isn’t about protection of consumers, it’s about centralised control of what you can and can’t do, in preparation for handing over the reigns to an authoritarian government. ‘Security’ either to protect you from scams, protecting YouTube from third party apps, or preventing nation state hacking or similar will inevitably be the driving narrative.
i've had a positive experience with OnePlus 6 and Mobian, but if you want something more modern with a business behind it, check out https://furilabs.com/
My primary for the time being remains GrapheneOS, which, ironically enough, only runs on Pixel hardware for now (though the GOS team is working with an unnamed major Android OEM to produce a handset that meets GOS's strict platform requirements).
My Linux phone is a PinePhone pro, which I believe is no longer being sold. It's not great. Phosh could generously be described as "in progress" last time I used it. UIs for many applications aren't built for small touchscreens like that.
I'd have to review the hardware market again if I were going to make a fresh recommendation. Librem looks cool conceptually, but they're a bit pricey, and their framing of a "Made in USA" variant as a premium feature rather than a red flag, a reputation risk, and a supply chain risk make me skeptical of whether Librem is a trustworthy entity at all, or might just be controlled opposition. That could just be me erring on the side of paranoia, though.
You can still run an Android build that doesn't require a Google signature for apps. You'll just lose access to Play Integrity APIs, which you wouldn't get from non-Android Linux phones either. A better technical solution is to set up a federated replacement for Play Integrity that third party ROM developers can opt into and a library that can use that or Play Integrity for app developers that want it to use.
That's a bit overblown. Almost all banking apps work fine. You might be one of the unlucky few of course, but there's no need to scare others from running free software.
I think the "one smartphone for absolutely everything" era is over. Either switch banks (there are many who don't do this nonsense) or have a dedicated Android/iOS device for banking.
This works now, but good luck in 10 years time when the radio chip requires a digital signature from the host OS signed by google or apple and your current phone is deprecated by 6g or whatever.
I remember, when DVD players were required to show mandatory, non-skippable sections of video, chinese players violated the standards and international agreements and allowed skipping those sections, and they also sometimes illegally ignored regional restrictions.
I think times were different back then. Modern times are more like China selling Playstation 5’s with mod shops: to my knowledge, they currently don’t. Even if it ever becomes a thing the PS6 is only a few years away and will be even harder to break.
I mean, the actual implementation will be that CCP signs Google DragonFly Global Root CA cert, and Apple runs Google signed firmware, but those are just minor implementation details.
Which Android phones? If I understand correctly this will be a requirement for certification, so any devices that do not enforce it will not pass integrity checks. Goodbye banking apps, etc.
Having a trustworthy channel for verified app loading is a vital security tool. F-Droid is such a channel; the Google Play Store is not. F-Droid inspects the source code of the applications they build, removes malware and other antifeatures from them, and compiles them from source to ensure that the binaries they deliver correspond to the source code they've inspected. The Google Play Store doesn't do any of those things. Consequently it's full of malware.
The topic here is Google nuking F-Droid from orbit, probably because it has NewPipe.
I'm not sure about the NewPipe angle, as Grey Jay exists (Backed by FUTO/Louis Rossman) on the Play store, which has ad-block and sponsor block incorporated into it.
Google is just being malicious towards opensource and privacy, under the guise of security
Not neccesarily a guise of security, but perhaps a different means of security. E.g. securing stock investments, profits, monies, etc. Nothing is 100% secure, you can't be in the void and still call it a void, etc
AFAIK most of the victims actually fall for social engineering in combination with legit apps. If you force developer registration criminals will simply find other attack vectors.
You are restricting a fundamental digital right in exchange for a minuscule reduction in risk.
The ability to 'sideload' is already off by default, and warns you before turning it on. Maybe just a bigger or sterner warning? I mean there's only so much you can do there...
This won't be true for much longer iiuc. Look at the outcomes of the Epic lawsuit. That's probably why Google is changing how they tackle this problem.
What those "people-who-don't-understand-the-risks" will do then, with more money left? I think they will give their money to all sorts of political populists, who will cause danger not only to themselves, but everyone.
Anyone who has lived through the windows PC era knows it's a legitimate problem. Google has tons of data to show malware exists for Android as well. Being able to prevent that malware from affecting the lives of Android users is a moral imperative for Google. I understand why folks are skeptical, but it's worth trying to dig into the fact rather than just react blindly.
A ton of malware is pushed through Google's adsense network, which already requires some level of verification afaik. It doesn't stop jack shit. You are naive if you think more verification is somehow going to stop this.
That's rich knowing that both Apple and Google get most of their store money from dubious casino like games which I'm uncomfortable giving to my family.
Before they are allowed to make any comment on scams, they should clean up their own store first.
99% of all malware with real world consequences is caused by unverified developers, ergo, all unverified developers should be removed from app stores.
99% of all car accidents with real world consequences are caused by licensed human drivers, ergo, all licensed human drivers should be removed from roads.
Same argument. It's true, and simultaneously, it skips right past all of the ramifications of the proposal, even when the ramifications conceivably result in more harm than the original problem did.
EDIT: apologies I misunderstood that this is limiting third-party distribution. I am of course, in favour of this.
Original comment:
I don't want this. The App Store on iOS has its flaws, but it's a curated system that has a lot of checks in place to prevent malware. I have never felt unsafe on iOS and it's the primary reason I've not joined Android and the Play Store's wild west.
Because I'd actually be interested in an Android phone if Google locks down the play store to legitimate actors, increases the barrier for entry and improves the quality and safety of submissions. Which this looks to be doing?
Back in the 2007 or when it came out in Sweden I bought the iPhone and started developing for it. This was cool, new and exciting and it was fine as long as my company was paying the $100 fee every year. But then I switched jobs and worked at a company which produced mostly open source code. Suddenly I would have to pay $100 every year just to be able to put my own software on the phone ...
This is why I switched to Android, just for Google now to pull the rug from under my feet again ...
This situation would have been avoided if we, as community of engineers, had insisted on full and uncompromised open source (Stallmanist or GPL way) right from the start instead of going the ESR way of half-hearted open source where it's technically open but corporates get to have a free lunch and make abuses.
Like most coders, I also prefer the permissive MIT/Apache/BSD licensing for most software projects but incidents like these make me question the direction we are heading towards. They raise fundamental questions about freedom itself - looking at the broader picture, is having a restrictive kind of freedom (GPL) often more beneficial than having full permissive freedom (MIT/Apache)?
But Linux is GPL. That didn't stop Google from using it as a basis for something that is not GPL and in fact not even open source (Google Play Services).
What leverage does a community of engineers have to insist on anything? Android could be entirely closed source. So could Chrome.
It would be naive to assume that the power dynamics in our society can be fundamentally altered by a 10 line software license.
"Restrictive Freedom" as you call it, is simply freedom.
Freedom cannot exist without discernment.
If you have a free and open society but allow Nazis, because you allow everyone, how long will you be free? Not long. The Nazis will use their freedom to take everyone else's.
Freedom demands a simple rule. We accept everyone who accepts everyone.
Fundamentally, GPL shares this rule. That is the point of it. Our labor, when shared, should be shared just the same when used.
> We accept everyone who accepts everyone.
If we were to accept and enforce this rule, billions of followers of some major religions would not be eligible to be part of a free and open society.
Yeah, this is pretty much the rationale behind the Paradox of Tolerance, which you alluded to. Just as a tolerant society cannot tolerate intolerance without eventually just becoming intolerant, this clearly demonstrates that the same is true for Free Software. If we tolerate the use of Free Software for the use of the non-free software, eventually one loses the freedom in Free Software.
It's of course not a perfect analogy since the original Free Software still exists, but since in practice the dependency was from free towards non-free, like in this instance, it still works. Google and its anti-freedom practices are still in effective control of the Android ecosystem even though it's still technically free by way of AOSP.
And just as how some people argue that intolerance of the intolerant by a tolerant society is bad, so do some people argue that things like the GPL is bad because it prevents downstream modifications etc. going from free to non-free. Maybe this will help re-evaluate the culture around this stuff.
Just because we “allow nazis” doesn’t mean society will turn into an authoritarian dictatorship.
People are not stupid.
In this case, it was precisely the act of "allow nazis" that led Google to its current situation.
People aren't stupid, but the fact that Google is in this situation proves that we should have been less naive.
They don't need to be stupid. They could be complacent, afraid or morally corrupt.
Bold move, arguing against yourself like that.
> People are not stupid.
There are plenty of stupid people around.
We interact with them every day.
Yes. And society with good education has fewer stupid people. You don’t stop “bad” ideologies by outlawing them, you stop them by arguing for a free society and education.
Hmmm. The rise of nazis to power from time to time is evidence to the contrary.
Most people, might not be 'stupid'; but complacency in the population is enough to drop the guard down.
I am not arguing for complacency. I am arguing that authoritarian ideologies are won over with arguments, not by outlawing them.
Im a millennial dev which happens to have a Gen Z brother who also chose this profession.
Seeing him walk my steps 15 years later has been eye opening for the brutal cultural change.
They’re socially conditioned to assume that anything free is a scam or illegal, that every tool is associated with a corporation, and that learning itself is going through certain hoops (by the uni, the certificator or whatever) so that you get permission to earn money a certain way.
As more doors get closed, I fear this process will solidify.
They're right. Embrace, Extend, Extinguish and Enshittification have been the core experiences of digital life with corporations in charge of platforms.
My hope is that LLMs will help open source developers provide reasonable alternatives to the gatekeeping and spyware that corporations are now making their bread and butter. Example: Recent tried to use Unity LTS for a small project - the software is a joke now, basic functionality is broken out of the box. A couple of hours with an LLM and I had all the features I needed using a more lightweight library, monogame. Not an operating system, but I'm hoping the pattern will continue as LLMs get more proficient at code - the moat of "this is hard and laborious to do" will be drained.
An issue is that it’s not only the corpos, there’s also an increase of individuality that has become the norm.
For example, try to learn from an online resource and you’ll see that the most popular sources (YouTubers, twitchers, etc) are all preparing a rug pull to a non free resource, slipping undisclosed ads as content or straight up selling snake oil.
I grew up assuming that a random guy on the internet had always genuine intentions, even those who were assholes. Now the default is either a paid account, a bot, or someone trying to grind for personal gain. Everything’s adversarial.
See I was similar but the big difference back then was a random little 99c app on iOS would make you several thousand dollars a month, so the $100/year fee was nothing for a long time. It was only after around 2012 that things changed.
On Google Play I never, ever had any app be anything close to as successful as on iOS. I think I probably made less than 1/100th the amount I did on iOS back in the day.
Ironically, somewhere around 2014, Google was doing the exact same style "keep Android open" campaign, recruiting developers around the world - including me, to help lobby for keeping Android "open" and tell the horror stories of issues that random OEMs caused by forking Android, breaking compatibility and security.
Made sense to me at the time and they were really into "Android should be open source" vibe, so I supported it.
10 years later, I'm also rugpulled. Their vision has dramatically shifted into trying to build a walled garden on top of Android, but now they are haunted by their open source roots, and the walled garden is just a really tall pile of bricks laid around it.
So many times we've been promised things, only for them to be delivered in a half-baked state with half of the parts open source while other parts were closed only to Google and Google approved apps.
So many times the issue trackers for different parts of the platform ecosystem have changed, that some issues are impossible to debug without using web archive. And just as many times, they have been closed, ignored for years or unnoticed, being ping-ponged among team members until they forget about it.
Yet, even with all of the closed and privatized parts of the ecosystem, they are still not able to deliver on an ecosystem promise.
They control my email, my photos, my cloud, my browser, my phone - yet cannot keep a single thing properly in sync. Still, I download something and I do not know where it went. Still, I cannot Airdrop things without a 3rd party service. Still, I take a photo only for it to appear on the cloud 5 minutes later. Still, I cannot have a "sandbox" account for testing that just works, but have to juggle multiple accounts, causing their auth system to break 80% of the time when testing.
As a developer, I do not plan to support Android anymore. I recently got an iPhone, and am now fully switching to it. Even tho I am long on $GOOG stock, because the money printer go brrr, I will be spending that money in the Apple's ecosystem from now on.
Apple pisses off many HN users who then swear to switch to Android, Google pisses off many HN users who then swear to switch to an iPhone – so for both companies, in effect, nothing changes.
Aside from that, the masses don't care or know about any of this. A couple of HN users don't make a dent in the revenue of any large company. What we can do is work on alternative ecosystems or at least support the small companies and organizations who do with our wallets.
It doesn't make sense to choose between a snake that bit you and another that bit you earlier.
If you don't want to be bitten, get out of the snake pit.
> Still, I cannot Airdrop things without a 3rd party service
Well, it hardly works between Apple devices themselves to begin with (sending a bunch of pictures over to a 4 years old iphone works like 1 times out of 10 trial..). At least I can use regular old Bluetooth to send stuff to any kind of device from Android without the cruel gatekeeping of only Apple devices.
So yeah, both platforms have their own ways they suck in.
> 10 years later, I'm also rugpulled. Their vision has dramatically shifted into trying to build a walled garden on top of Android
Abrupt abandoning of their Nexus line for overpriced Pixel hardware was the watershed moment. The exact moment when their executives decided to ride free on open source labor.
I don’t know what it was like back then but in today’s world you do not need to pay Apple any fees if all you’re doing is writing software in Xcode and deploy it to your own device. You do need a developer account, the free version of one, but you only need to pay the fee if you’re going to publish on the App Store.
Free provisioning: If you do not pay the developer fee an app installed via Xcode will work for 7 days. Afterwards the app on your phone will *stop working*, and you must open Xcode on your Mac again, and push a new build to your phone if you want to keep using it.
Paid provisioning: If you have paid the developer fee, a build will expire based on the amount of time left before that payment renews, so if you build and install an app a month before your developer fee renews, that build of the app (that you installed via Xcode) will stop working in 1 month.
We're stuck between two mafia families :-(
Don't you also need to buy a Macbook? That is quite expensive. I guess in Apple's view also developping on a non-Apple device is a security risk.
I’ve never considered or tried anything other than using a Mac, so I don’t know. But I was responding to a comment about a different matter, the fees for a developer account.
100$ a year for a dev in Sweden - that's like money you wouldn't notice if it got lost in your pockets - and I am sure it cuts down on spammers and covers administrative cost.
I have no problem with a store having a small admission fee - that's perfectly reasonable and they do have operational costs. It would be nice if they had some way to waive the fee for popular OSS to garner some god will with the devs.
Taking a 30% cut of revenue on the other hand ... both platforms are guilty of this
> 100$ a year for a dev in Sweden - that's like money you wouldn't notice if it got lost in your pockets
For someone who is making money from it, sure, but that's exactly who this isn't about. The way they get screwed is by the 30%.
A fixed fee -- in any amount -- is screwing the people who aren't in it for the money. Because to begin with, it's not just the fee, it's the bureaucracy that comes with the fee.
You're a kid and you want to make your first app, but you don't have a credit card.
You live in a poor country and maybe the amount you can lose without noticing when you're rich isn't the same there. Or even if you can get the money, you may not have a first world bank account and the conglomerate isn't set up to take the local currency.
You're a desktop developer and you're willing to make a simple mobile app and give it away for free as long as it's not a bother. The money is nothing but the paperwork is a bother so you don't do it, and now the million people who would have used that app don't have it and have to suffer the spam-laden trash alternative from someone who is only in it for the money.
And suppose the amount is as trivial as you propose. Then why does a multi-trillion dollar conglomerate need that pittance from a million ordinary people?
[dead]
> Then why does a multi-trillion dollar conglomerate need that pittance from a million ordinary people?
Because the store gets spammed by million of bot applications ? Having a small fee for store review is probably a decent noise floor.
You can still develop apps on your devices without a dev license - the week long cert is annoying, they probably want to avoid people side-loading via this mechanism (which I am against FWIW).
But you can develop on your devices without paying 100$/year
> Because the store gets spammed by million of bot applications ?
They're a search engine company. They can't figure out how to put real apps on page 1 and spam apps on page 500?
Also, then why are they charging the fee if you use someone else's store?
> the week long cert is annoying, they probably want to avoid people side-loading via this mechanism
It seems like you understand their underlying motives, so then why are you defending them?
I'm not talking about putting the App into the Store, just installing it on my phone.
But this isn't about the store. It's about being able to install apps even without going through the store.
We are not talking about software distribution or admitting it to a store, we're talking about executing something on your own device, a device that you purchased.
You can do that without dev license ?
Yes, but app is only usable for 7 days on iOS.
Yes that is annoying - I hate Apple anti side loading stance. But that still doesn't make 100$ fee to apply for distribution/integration with their ecosystem unreasonable.
Your options are either $100/year for "integration with their ecosystem", or your app stops working every 7 days.
It is very unreasonable.
Are you even reading the comments you are replying to, or ?
You need to pay $100 to execute code on a device that you own. Without a 7 day time limit. And only if you have the technical expertise to do so. This is not a fee for distribution/integration. This is feudal rent.
Are you reading what I am saying ? 100$ for distribution access on the store is reasonable. Side-loading prevention is shit. Both can be true at the same time.
>This is why I switched to Android, just for Google now to pull the rug from under my feet again
1) You can continue to install unsigned APKs via adb with the upcoming update.
2) Signing APKs for sideloading requires a Google development account which is a one time fee of $25, no yearly fees.
So still a free sideloading option available, and if you want to avoid adb it is a one time cost that is 1/4 the annual rate on Apple.
I would call it "free developer experience" (using ADB), not "free sideloading".
If you want to send your app to a friend to download and install it directly on their phone (without using a computer with ADB), you need to be Google-approved and register your app first.
1) Oh yes of course, here friend you just need a PC and the command line tools (unless soon you'll need to be a registered and VERIFIED developer) to install revanced or any open source app
2) Unless they decide to ban you (they can if you don't show any activity in the developer account for X months) and of course because you were verified you can't simply apply again and pay again, because you were banned!!!!
First they came for F-droid...
Before buying a smartphone I tried to find an inexpensive model that supports open source OS, but I couldn't. What open OS support is ether expensive Pixels, or outdated models.
The solution, I think, would be a regulation that forbids manufacturers of any chip or device CPU from making obstacles to reprogramming the device (using fuses, digital signatures, encryption etc). So if you buy a device with CPU and writable memory, you should be able to load your own program and manufacturer may not use technical measures to stop you. The goal of regulation would be preventing of creating digital waste, vendor locks and allow reusing the hardware.
Of course, features like theft prevention won't work, so the user should be able to waive this right.
Looks like GrapheneOS will be available on another "major Android OEM” soon [1].
Regulation should prevent Google from subsidising manufacturers to use Android. Arguably the recent antitrust legislation [2] applies in this case because they're effectively paying manufacturers to place that horrendous and impossible to remove search bar on the home screen.
[1] https://www.androidauthority.com/graphene-os-major-android-o... [2] https://www.justice.gov/opa/pr/department-justice-wins-signi...
> a regulation that forbids manufacturers of any chip or device CPU from making obstacles to reprogramming the device
Except regulations are now moving in the opposite direction: to mandate device locking.
Most vendors (at some level) allow flashing custom distributions, as long as you didn't buy that device from carrier: https://github.com/zenfyrdev/bootloader-unlock-wall-of-shame...
You will lose DRM-based apps (e.g. Netflix), Payment apps, and bank apps though.
This is the place where I think lawmakers needs to be involved. Bearing in mind that laws aren't engineering specs, being able to pay for things and use a bank are about as close to fundamental rights as anything is for participants in society. If you have to buy a second device to use Netflix, so be it, but we need laws that guarantee people can make digital payments without Apple or Google's permission.
There are societies today (I live in one) where some businesses are starting to accept payment only through a banking or payment app, no cash, no card, nothing else. And these apps will only function in the very narrow circumstances of "I bought a device which runs software from one of two American tech monopolies and follow all their frequently changing rules for using various software that's unrelated to the payment I need to make." This limitation is mostly in place due to the banks believing it will make things more secure. Security is important, but not important enough that you get to start denying innocent people the ability to make payments or exile them from the banking system because they had some kind of dispute with Apple or Google. Governments need to step in with access mandates here, otherwise this problem WILL come to a jurisdiction near you sooner or later.
> Security is important
The argument that this is actually a security benefit is a farce. It doesn't do anything. If the device is compromised then it's going to capture your password and send it to the attacker without attempting any attestation. So the only time the attestation is attempted is when the device isn't compromised.
Most DRM / banking apps work fine for me through the browser and you can add them to your home screen. Android / Samsung Pay will stop working, but if you have a Garmin watch, you can still pay with that.
But this is changing. Already in multiple countries(and soon possibly EU wide) there will be only play integrity(strong verdicts) to enforce availability of many services(if not using ios, which is the same locked in syndrome).
Yes some banks still allow classic clunky 2FA(sms, card readers, sometimes SIM generators) but it'll all eventually go away in favor of "locked and favored" os unless legislation fights against it.
I wouldn't want the bank to access my phone, so it doesn't matter that the app doesn't work, and in a weird case where you urgently need to transfer your money to scammers while not being at home, you can use bank's web app.
Even phones from Motorola require you to literally ask permission to unlock your bootloader via a form on their website, which they then unlock remotely or you enter some generated code.
Other manufacturers do the same, where you have to wait a period of like 45 days before being able to unlock, and then have to ask permission on their website to unlock your bootloader.
And good lock unlocking anything over 5 years old because the updated website doesn't support what you've got. Been there, it sucks.
To be fair, for "anything over 5 years old" you can probably find a privilege escalation exploit.
the question is not "being able to", the question is "being able to with a reasonable effort".
wandering the web to find an exploit is way beyond my spare time.
That small little caveat already makes it a non-option
Bank apps work fine (at least UK ones) on Graphene OS installed via the play store.
Not in markets without significant Huawei and Xiaomi presence. Local banks (Czech Republic) are not using integrity APIs to keep being usable for most clients.
All the Fairphone Versions support e/OS/ as far as I know. I have the Fairphone 5 with the current e/OS/ version completely un-googled. But you also have the option to allow partial google-fication in e/OS/ so you don't miss out on most of the features and paid-apps you had.
Droidian[0] currently supports a relatively new Motorola phone[1]. A Snapdragon 8+ gen 1 device, so the performance isn't bad, and most features seem to work, including Waydroid. I've noticed incoming phone calls causing a glitch where the call can't be answered, but other than that, daily drivable. Just like a PinePhone, only more powerful. In my region it can be had for ~€250 brand new.
[0] https://droidian.org/ [1] https://www.notebookcheck.net/Lenovo-ThinkPhone-by-Motorola-...
Did you check the stuff murena has on offer? Most if not all of their phones come with an unlockable bootloader and the OS they come with isn't that bad to start with either.
They are pretty bad when it comes to security:
https://eylenburg.github.io/android_comparison.htm
Many of those devices are closed exactly due to regulations.
We just had a thread about this on https://news.ycombinator.com/item?id=45740383.
Every few years or so we collectively rediscover that general computing devices should be general and repeat the same mistake every time new format is released. We're all a bunch of reactive losers and that will never change it seems.
>The solution, I think, would be a regulation that forbids manufacturers of any chip or device CPU from making obstacles to reprogramming the device (using fuses, digital signatures, encryption etc).
Why would you make essential security features illegal? Do you want to fly on a plane where the flight control software was maybe overwritten?
>So if you buy a device with CPU and writable memory, you should be able to load your own program and manufacturer may not use technical measures to stop you.
The problem is Google and Apple locking down their Operating System, this is not a technical limitation on hardware.
> Do you want to fly on a plane where the flight control software was maybe overwritten?
I don't understand it. Whoever owns the place can replace any part of it, including computers. So being able to overwrite software doesn't change it. Furthermore, plane computers are not a consumer hardware.
You could make a better example with patched car software.
> The problem is Google and Apple locking down their Operating System, this is not a technical limitation on hardware.
The initial ROM bootloader contains hard-coded signature which prevents you from replacing Apple/Google software.
On pixel devices you can add your own signature to be checked and thus can use secure boot with a custom OS - that's how GrapheneOS works.
No need to strip out every wall, we just have to think about the problem and put doors at necessary places so we can enjoy both freedom AND security.
Security only works if you can control what software is trustworthy. If some software has been proven to be untrustworthy, it is worthwhile to prevent all software that the producer has ever made from working at scale. Adding some nominal process and fee to make it too expensive to create a lot of accounts prevents them from creating hundreds of alternative aliases. There is a lot of precedence for why this is a good idea and works. I think if there was another company involved with performing the audit which folks trusted it might now seem so scary.
Do you understand that you are advocating for a world in which two corporations are the sole determinator of the livelihood of all mobile software developers? A career in software development should not be at the complete mercy of Apple and Google, or I suppose if you had your way Microsoft for PC gatekeeping as well.
No matter how this turns out, I'm sure GrapheneOS will make a smart effort. https://grapheneos.org/
But long-term, Android is such a massive code base, and was designed more for surveillance and consumption, than for privacy&security and the user's interests.
I think getting mainline Linux on viable and sustainable on multiple hardware devices is warmer, fuzzier foundation. (Sort of a cross between Purism's work on the Librem 5, and PostmarketOS's work on trying to get mainline Linux viable on something else.)
> think getting mainline Linux on viable and sustainable on multiple hardware devices is warmer, fuzzier foundation.
You just have to somehow speedrun the decades of development that went into Android to make it decently run on mobile hardware.. never really understood this "throwing out the baby" direction - the UNIX userspace model simply doesn't work on mobile (I would wager it also doesn't work on desktop anymore), has no security (everything runs as your user which made sense when you ran some batch job on a terminal with multiple other users, but nowadays when a single user has as many processes as all the user had back then it effectively means no security between any of those programs), there is no real resource control, no lifecycles, so the device will burn scorching hot and have terrible battery life.
On Android (and iOS) apps were always living in a world with lifecycles so if they wanted to operate correctly, they had to become decent citizens (save state when asked, so they can be stopped and resumed at any moment). This also fits nicely with sandboxes and user permissions, etc.
So without developing an alternative user-space for "GNU-Linux", it's simply not competing with android in any form or shape.
And even if you do, now every GNU app has to somehow be ported to that userspace API (you can't just kill GIMP or whatever Linux process)
The problem is for developers. Abandoning Android for Linux is not viable for software developers who need to eat. Sure, we can use Linux smartphones ourselves, but if the software we make has a grand total of three people who ever lay eyes on it, that's less than ideal. And given how The Year of the Linux Desktop has gone, I think it'd be strongly preferable if we managed to stave off the tightening of control over Android rather than placing bets on the future Year of the Linux Smartphone.
The Year of the Linux Desktop is kind of happening. Not at the scale that the meme implies, but I've never seen anywhere near as much adoption of the Linux desktop as this year. The combination of Valve's efforts, more usage of Linux gaming handhelds, distributions like Bazzite that have strong selling points for Windows gamers, and Microsoft pissing everyone off with everything that is Windows 11, the Linux desktop has some legitimate momentum for once
Especially considering how much software these days on Windows are all Electron/Web. So is not a hard switch as it once was.
I switched from Windows to Linux it's been 2 years. One of the few things I missed on Windows, was the native WhatsApp app, as the Web WhatsApp it's horrible. Then a few months Meta killed the native app and made into a webview-app :)
It only takes one application to force you back to using Windows. HellDivers 2 didn't work well until recently on Linux. If you are playing certain factions it is a very fast paced game and I would frequently experience slow downs on Linux.
So if I wanted to play HellDivers 2, I would have to reboot into Windows.
And I can just take about any Linux distro, install it to about any computer and have an extremely nice device to work, play games, and handle almost any daily task with. I call that a huge success.
Yet, still 1/4th of the time my ThinkPad with Linux wakes with a Thunderbolt display connected it dies with a kernel panic deep in the code that handles DDC (no matter what kernel version).
And the latest gen finger print scanner only works between 10-50% of the time depending on the day, humidity, etc., no matter hof often you re-enroll a fingerprint, enroll a fingerprint multiple times, etc.
And the battery drains in 3-4 hours. Unless you let powertop enable all USB/Bluetooth autosuspend, etc. But then you have to write your own udev rules to disable autosuspend when connected to power, because otherwise there is a large wakeup latency when you use your Bluetooth trackball again after not touching it for one or two seconds.
And if you use GNOME (yes, I know use KDE or whatever), you have to use extensions to get system tray icons back. But since the last few releases some icons randomly don't work (e.g. Dropbox) when you click on it.
And there are connectivity issues with Bluetooth headphones all the time plus no effortless switching between devices. (Any larger video/audio meeting, you can always find the Linux user, because they will need five minutes to get working audio.)
As long as desktop/laptop Linux is still death by a thousand paper cuts, Linux on the desktop is not going to happen.
I have had worse experiences on each and every count with various Windows installs on various laptops, and yet it is the "de facto" desktop OS.
That is simply not true. I have tried to get so many people on Linux, just for it to fail when they try to do something simple, enough times in a row for them to want to go back to Windows.
I really wish it was seamless and good, but it just isn't (and frankly it's a bit embarrassing it isn't given desktop environments for GNU Linux have been in development for 20+ years).
I had so many more issues running Windows over the years than Linux. BSODs were a common occurrence, and yearly fresh installs were a thing to keep my computer usable.
I moved to Mint almost 4 years ago at this point, running it on a now fairly old Dell G5 from 2019. Runs as smoothly as ever.
I had one problem during this 4 year run (botched update and OS wouldn't start). Logging to terminal and getting Timeshift to go back to before the update did the trick. Quick and painless. I could even run all the updates (just had to be careful to apply one of those after a reboot).
I have no idea what you are talking about. Maybe I am just very lucky with Linux.
The odds of having just about any Linux distro work "out of the box" without manual tweaking on just about any computer are still pretty low I'm afraid (by "work" I mean "support all of the functionality"). For instance, the laptop I'm writing this on connects without problems to a Bluetooth mouse, but won't for the life of me work with my Bluetooth headphones.
> The odds of having just about any Linux distro work "out of the box" without manual tweaking on just about any computer
Well, show me that magic OS that works on "just about any computer", because I am sure Windows ain't that. OSX only works on their select devices, and Windows have its own way of sucking. Let's be honest, there are shitty hardware out there and nothing will work decently on top. People just try to save these by putting Linux on top and then the software gets the blame.
It really isn't. This is a temporary sugar rush that comes after pretty much every time Microsoft does something awful. After a while the buzz will fizz out and the majority of those PC gamers that looked to switching go back to Windows.
IME a lot developers don't even use Linux on their desktop machine. I've met three developers that use Linux professional IRL. A lot of devs have a hard time even using git bash on Windows.
I am always called up by people at work because I am "the Linux guy" when they have a problem with Linux or Bash. I am not even that good with bash.
Sure, there are a lot of people that use Linux indirectly e.g. deploy to a Linux box, use Docker or a VM. But if someone isn't running Windows, 9 times out of 10 they are running a Mac.
More generally the thing that has paid the bills for me is always these huge proprietary tech stacks I've had to deal with. Whether it be Microsoft's old ASP.NET tech stack with SQL Server, AWS, Azure, GCP, what pays the bills is proprietary shite. I hate working with this stuff, but that what you gotta to pay the bills.
> This is a temporary sugar rush that comes after pretty much every time Microsoft does something awful.
I think what it fundamentally comes down to is that for consumer-oriented Linux to see widespread adoption, it needs to succeed on its own merits. Right now, and since forever, Linux exists in a space for the majority of consumers who consider it where they think "I might use it, because at least it's not the other guy". A real contender would instead make the general public think "I'll use this because it's genuinely great and a pleasure to experience in its own right". And that's why I have absolutely zero faith in Linux becoming a viable smartphone ecosystem. If it were truly viable, it would have been built out already regardless of what Android was doing. "Sheltering Android refugees" is not a sustainable path to growth any more than "sheltering Windows refugees" is.
I agree, with a caveat. The vast number of consumers don't even know Linux/BSD or any the alternatives exist.
I have zero faith in a Linux smartphone. What will happen is that there will be some GNU/FSF thing with specs that are 15 years out date and you will have to install Linux via a serial console using Trisquel and the only applications available will the Mahjong (yes I am being hypobolic).
Clearly hyperbole! We'll also have TuxPaint, SuperTuxKart (CPU rendering only, because the toolchain doesn't support Android's HAL), and a couple of (long-abandoned) LibreOffice forks that crudely adapt different subsets of the interface for a touch device.
I mean, this strongly has to depend on what kind of software you are developing. I don't know a single developer who primarily uses Windows. Literally everyone around me uses Linux for development work (and a large portion of them also use Linux for their personal machines).
Of course. However if a developer isn't using Windows typically they are using a Mac.
In corpo-world. Everyone is using Windows. If they are using Linux it would be through a VM or WSL. I guarantee none of those people are using Linux at home.
So for every developer you know that is using Linux, there are many more people using Windows supplied to by their IT department.
I know it's been tried before (eg by Mozilla), but perhaps now the time is right for a web apps-only OS.
Many developers would need some help to get offline functionality and updates right though.. And it would be really nice if these apps didn't require parsing megabytes of JavaScript libraries on startup.
One can dream! :-)
so the thing is, as an Android dev if I get embedded linux experience then I have lateral career movement to the peripherals that I'm usually writing apps for. While the intersection of app developers to embedded linux developers is probably very small, there is a smidge of incentive there, and that can be a powerful thing for the community: a lot of the pain points on linux phones feel hardware oriented (I complain loudly about the pinephone battery elsewhere in this thread).
another tailwind might be in the gaming scene. I have the general sense that SteamOS has been an interesting gateway for technically-minded folks to be impressed by this Linux thing. A similar model for mobile phones might be a tailwind (like a SteamOS for ARM?) The reason why that's perfect is because it undermines the Google monopoly and creates an app ecosystem that people will absolutely flock to, at least for games ($$).
Some people don't care and build on top of Linux anyway. This lockdown will accelerate this. At some point a critical mass will eventually be reached, perhaps with the assistance of some corporate entity or organization of some sort that pushes it over the edge. Then there will be a real open competitor. Will take some time though.
> Abandoning Android for Linux is not viable for software developers who need to eat.
We'll finally get our ecosystem diversity back when the next geopolitical happening happens and Google bans Chinese android apps on bullshit pretexts.
Wait a few years more.
I'd rather like to see AOSP development spun off to a separate non-profit entity. Either by Google doing it or by a hard fork (which will need a lot of funding). Traditional Linux misses the polish and especially the security layering to be a good phone OS. Better to start from an already good base that works.
Why would that affect anything? The Chinese Android ecosystem is already split from the Google one.
Waydroid does surprisingly well at running Android apps on Linux.
Sure some apps won't work for whatever reason & HN commenters will have incredibly scathing things to say about that, but I bet there's a lot of folks who'd be cool with missing an app here or there.
It sucks to be losing Android, but IMO it's an ecosystem in free-fall. Bootloaders are locked more and more, there's literally zero AOSP hardware buyable now, and the roms scene has diminished not grown over time.
I totally think theres a Steam Deck moment waiting around a corner, where what seemed impossible a year ago shows up and is dead obvious & direct, and we all wonder why there were so many doubts before.
> Right, but that's a choice from manufacturers, not a requirement of building a mobile platform.
IMO, I think Microsoft gave up on running Android apps on Windows because they read the writing on the wall: Google will use Play Integrity/Protect to ensure Android apps only run on Google-approved devices/operating systems and nothing else.
I think this is the ultimate fate for Waydroid, as well.
The hope is lost for Android, there is no moving forward with google antagonizing its foss roots. Libre phone it is. We have to forcibly remove the bandage.
I wish you were wrong, but I don't disagree with assessment. I am on grapheneos ( edit: on pixel ) now, but even that should only be a pitstop now since google has decided to show its hand in such a nasty ( if not that unexpected ) manner.
AOSP is open source so it could be forked.
buy a used OnePlus 6 and load Mobian on it. quite functional these days running a mainline kernel.
(2018) makes me more than a bit sad. I have a OnePlus 6, and it was ok with the software I tried out ~3 years ago, and basically fast enough. But it's soul crushing how running mainline Linux is just so impossible for consumer mobile chips.
It felt at the time like there was positive progress, more bits getting mainlined at a trickle but at least steady trickle rate. But it feels dark now. At least the GPU drivers everywhere have been getting much better, but I get the impression Qualcomm couldn't even ship a desktop/laptop after years of delay, is barely getting that in order now. It feels impossible to hope for the mobile chips anywhere to find religion & get even basic drivers mainlined.
> Android is such a massive code base, and was designed more for surveillance and consumption
I disagree. I have been using de-googled / de-spywared Android for a decade now and I really love it. Once you remove google mobile services and rely on open source applications Android feels really good.
Also its questionable if projects such as purism or even the pinephone will ever offer such good security and privacy as a de-googled Pixel with GrapheneOS will.
https://grapheneos.social/@GrapheneOS/112712864209034804
>than for privacy&security and the user's interests.
Even if that was true, AOSP is better for privacy and security than any other Linux distro.
By which criterion? This sounds wrong.
As I said in the other thread:
Australian users of alternative app stores should make a complaint to the ACCC: https://www.accc.gov.au/about-us/contact-us-or-report-an-iss...
In the past, they forced Steam to implement proper refund policies, and they are currently suing Microsoft about the way subscribers were duped into paying more for "AI features" they didn't want.
Unfortunately, I think attestation is being pushed by other parts of the Australian government. Particularly ACSC.
[dead]
It's a lost cause. We need to focus on pmOS: https://postmarketos.org/
With both Android and Chromium, we're ultimately at Google's mercy.
btw, does anyone know if Huawei is following along with this in their fork?
This is doubleplusungood. The war on General Purpose Computing is the death of innovation and a direct attack on digital freedom.
If you're in the US, UK or EU, please contact your government.
If, and I do mean if, government is a solution here, its only role is to ensure that app use cannot be required for service ( and we can argue over what services can stay app-only ).
Oh, the irony. I still remember how in the early days of Android vs iOS discussions, the main point was "but it's OPEN!". The word "open" was used as a comma by Google people. It was The Thing. The Difference. Good vs Evil and all that.
It looks like eventually any company will start squeezing customers for what they are worth.
But only once the company is powerful enough. We don't call Google a monopoly, because there is Apple, but taken together they certainly behave as one. Both create expectations, create expected momentum in a certain direction, people build (companies, lives) on those assumptions and boom, you can't get out and now the company changes the deal.
Is it just our assumptions that get us in trouble? Or do we need to do more?
I'm not sure how to regulate this, other than to stimulate open source, as the "for the people by the people" solution. But also that will just lead to poor expensive solutions (the market created some nice FOSS though). So the law it should be... And we're back to the problem of lobbying...
Perhaps there should be contracts: Google advertises Android as open: They should sign a contract: For how long will Android be open? Define "Open". The contract can be enforced. Or perhaps we, the people, sue now, for false advertising, although that will just make them flex their legal and lobbying muscles... And they didn't sign any contracts.
Android has not been really open for a long time now.
- Many APIs have been moved to Google Play Services (which is not open source), and many apps have come to rely on them. You can emulate it partially but not fully, see second point below.
- Some features like device attestation / SafetyNet fail on non-"official" devices, for example many banking or government ID apps refuse to work on open source os like GrapheneOS
This feels similar to Sony and their OtherOS feature.[0]
Many people bought Android phones because of the open capability. Even if you don't use it, just knowing you have an out is important.
And now Google is "altering the terms".
[0]:https://en.wikipedia.org/wiki/OtherOS
> please big corpo overlord do not do what is most profitable for you, pretty pretty please please
A direct link to the UK's Competition and Markets Authority, in case you don't want to go via a blog post:
https://contact-the-cma.service.gov.uk/wizard/classify
It's very simple to submit a complaint.
I've only been interested in Android phones particularly Pixels because I can just flash another OS and do whatever but if Google goes through with this I might consider iphones this time
Between this and a growing number of oems not permitting bootloader unlocking (latest being Samsung with OneUI 8) Android's "open" future is pretty bleak.
IMO the bigger recent issue is that Google stopped pushing AOSP updates timely. As far as I know the QPR1 source is still missing in action after almost two months (!).
Stallman was right.
I wonder, what thing does HN think Stallman is wrong about today (and which in the future we will be proven wrong and Stallman was right).
He usually is, given time.
While I understand the reasons behind this campaign, I have mixed feelings about it.
As an iPhone user, I find it frustrating that deploying my own app on my own device requires either reinstalling it every 7 days or paying $100 annually. Android doesn't have this limitation, which makes it simpler and more convenient for personal use.
However, when it comes to publishing apps to the store, I take a different view. In my opinion, stricter oversight is beneficial. To draw an analogy: NPM registry has experienced several supply chain attacks because anyone can easily publish a library. The Maven Central registry for Java libraries, by contrast, requires developers to own the DNS domain used as a namespace for their library. This additional requirement, along with a few extra security checks, has been largely effective in preventing—or at least significantly reducing—the supply chain attacks seen in the NPM ecosystem.
Given the growing threat of such attacks, we need to find ways to mitigate them. I hope that Google's new approach is motivated by security concerns rather than purely economic reasons.
Android already has this strict oversight, in theory, in the form of the Play Store. And yet.
Personally I feel much more safe and secure downloading a random app from F-Droid, than I do from Google, whose supposed watchful eyes have allowed genuine malware to be distributed unimpeded.
Exaclty. Play Store takes a cut from what it is selling, so they should be more strict what can be sold, not lock the whole platform.
I don't understand how you can have mixed feelings about this.
> However, when it comes to publishing apps to the store,
This isn't about publishing apps to the Play Store. If that's all this was about, we wouldn't give a shit. The problem is that this applies to all stores, including third party stores like F-Droid, and any app that is installed independently of a store (as an apk file).
> Given the growing threat of such attacks, we need to find ways to mitigate them.
How about the growing threat of right-wing authoritarian control? How do we mitigate that when the only "free" platform is deciding the only way anybody can install any app on their phone is if that app's developer is officially and explicitly allowed by Google?
Hell, how long until those anti-porn groups turn their gaze from video games and Steam onto apps, then pressure MasterCard/Visa and in turn Google to revoke privileges from developers who make any app/game that's too "obscene" (according to completely arbitrary standards)?
There's such a massive tail of consequences that will follow and people are just "well, it's fine if it's about security". No. It's not. This is about arbitrary groups with whatever arbitrary bullshit ideology they might have being able to determine what apps are allowed to be made and installed on your phone. It's not fucking okay.
If the manufacturer wants to offer verification of developers, this should be an optional feature allowing the user to continue the installation of applications distributed by unverified developers in a convenient way.
Making this verification mandatory is an absolute non-starter, ridiculous overreach, and a spit in the face of regulators who are trying to break Google and Apple's monopoly on mobile app distribution.
If you leave under a dictatorship you definitely don't want to reveal your identity to develop and distribute an app that fights the government.
A year ago I built a React Native Android app for my wife called "Pimp daddy", which she uses to track her earnings as an independent contractor.
The whole concept is meant to poke fun at the idea of me "checking up on her" (I file her tax returns) and the entire theme is 80s pimp styled.
Every time she submits something, she'll get a random pimp remark, like "Go get that money for me, girl!". She just rolls her eyes and ignores it, but it's what made it fun for me to work on it.
Edgy stuff like that could jeopardize my account in the near future. It might just be security now, but an automated "naughty words detector" will be an obvious next step.
I doubt I will invest any more time in hobby app development if I have to deal with some humorless overbearing watchdog telling me what I can and cannot install on my own device. Very sad to see Android following Microsofts anti power user direction.
It’s funny how the “Google doesn’t control it it’s open source” crowd has gotten very quiet as of late. See also chromium and manifest 3
It's finally the time for Sailfish OS / Linux Smartphone OSes!
Given the apple v epic ruling about in payment commision outside the app store, I don't understand this. I assume Google would get the same ruling if they tried what apple did, so why bother with walling off if you can't get paid?
At least with 3p app stores they could have Gpay if the app developer wanted to, but now they will be pissed and can't build a 3p app anyway since users can't install it via 3p app stores.
> why bother with walling off if you can't get paid?
To destroy competitors of Google apps such as Aurora Store or NewPipe.
I bet those are just a rounding error to their profits.
The play store ID process is ridiculous, their AI is making up BS why it wouldn't let your documents pass, clearly no human in the loop.
In the EU we can report this to: comp-market-information@ec.europa.eu
State that: Google is abusing its dominant position on the market for Android-app distribution by “denial of access to an essential facility”. Google is not complying with their "gatekeeper" DMA obligations (Article 5(4), Article 6(12), Article 11, Article 15)
Attach evidence.
Financial penalty is the only way to pressure this company to abide law.
You can't even develop without the paid dev account? I thought it'd just be for distribution. Like, you can build and run whatever you want on an iPhone without a paid account.
You can develop and install via adb, but you can't just tell the package manager to install an APK you downloaded on your phone. Maybe attestation makes sense to allow Amazon App Store or Epic Games Store to be installed without a warning and to allow companies like Spotify to distribute their apps themselves from their websites without using Google Play Store and without a warning. What's wrong is preventing people from installing apps that haven't been attested by Google straight from their phone, even with a warning.
I get that requiring attestation for downloaded apps is wrong too, it's just this website says "it will no longer be possible to develop apps for the Android platform without first registering centrally with Google" which seems incorrect from what you're saying.
Edit: Oh I get it, "develop for the platform" means develop and distribute. Maybe it's just me, but seems like an important difference.
I think it is and it doesn't just end there. It's develop and distribute binaries.
Everyone is still free to develop and distribute source code.
Does it also mean that developers in "bad" countries will not be able to create installable Android apps?
The idea of offering something for free then later deliberately restricting and or reducing its scope after securing enough takers to maximize benefits and advantages for those making the offer ought to be unlawful as they are knowingly and deliberately manipulating human nature. Those who accept such seemingly appealing offers often end up disadvantaged or harmed. And here with Google's latest Android edict we have yet another instance.
Manipulation and deception tactics are particularly relevant in internet age and they are Big Tech's standard modus operandi because its found them to be such financially successful business models. Laws need to enacted to prevent such exploitation as it is unreasonable and unacceptable for the psyche/reasoning of ordinary citizens to be pitched against such psychological might.
As so often happens with such authoritarian and manipulative dictates, this Google edict comes wrapped in the usual paltry excuse of security. Even Blind Freddy knows this excuse to be bullshit and that the real beneficiary is Google. The time has come for Android to be decoupled completely from Google.
It's tragic that despite a monopolistic finding against Google the Law didn't recognize the fact.
never been a better time to donate to postmarket os, mobian or friends.
Are there any alternative mobile OSes actively developed? I remember Ubuntu Touch was the thing and something from Firefox, but not sure if they are continued?
Ubuntu Touch is still a thing.
We also have PostmarketOS (alpine base) and Mobian (debian base) as frontrunners. Supposedly Arch Linux for ARM and openSUSE Tumbleweed are also used by some on mobile.
I just bought a fairphone6 hoping this phone would last me a decade with security patches and lineageos support. Naively I was assuming Google would keep Android open for that period. Now I might as well switch to Apple so I'm in sync with the rest of my family. Ugh.
You will probably run some kind of community Android distribution on that phone, like Lineage or Graphene, and those will likely not include this limitation. The world will be worse off, but you and I will be unaffected. Worst case is that future Google will decide to kick us out of the Play Store, but there has been plenty of workarounds for that before.
Unfortunately the feedback period for the European Digital Fairness Act has been closed since October 24th. Does anyone know of another way to appeal to my European overlords^H representatives?
Write to your mep
Whats also an issue is that Android seemingly has stopped publishing the source code for Android (AOSP). Android 16 QPR1 has been out for months but still no source code released.
Every company is open when they gain from it and closed when they gain from it. The idea of free general computing needs a different sponsor. Like a country or regulations. I don’t think open source projects and private companies can defend this idea adequately.
Kill it so we get a chance to see a new competitor.
have you seen the stupidity that is trying to develop for ie qualcomm soc if you are a small fry?
It won't get better if nothing changes.
If people working for Google had a conscience, they would be working to break the system from within. At this point it's leaving the confines of anti-consumerism and entering into a gray area of basic human rights abuse. It's clearly a cartel market with the other big players (Apple and others to a lesser extend) that needed to be broken 10 years ago(if it were possible).
It reminds me a bit of the book "The Constant Soldier", depicting Auschwitz guards and staff enjoying their carefree holiday at a nearby lake resort, before going back to burning people. Might seem like hyperbole, but I think we're rushing towards an ugly plutocracy.
Has anyone seen Andy Rubin publicly comment on Google's stewardship of Android? I wonder what he thinks about his creation and the way its evolving.
Considering Andy Rubin is a massive creep, let's not have him publicly comment about anything at all, ever: https://www.cbsnews.com/news/andy-rubin-google-settlement-se...
I've got my Linux smartphone running and ready to go. VWYF, folks. I'll take shitty software and poor battery life over digital authoritarianism every single time.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
Which brand do you suggest ?
Google wants my apartment lease to let me distribute free games, so I just won't support their platform.
This is not about security, it's about control.
gonna say: the pinephone has been hell over the last few weeks. Phone auto-boots whenever power is applied (either by their keyboard case or via USB-C), then the battery dies very quickly, and you need a minimum charge to boot the phone, so that means you have to swap an SD card in there with JumpDrive just to charge the darn thing. There are some mitigating factors (larger battery, Tow-Boot + loading OS from SD card, potentially some SMT soldering shenanigans), but I genuinely feel like this is a fire hazard. I -do not- recommend inflicting this on others.
someone suggested (I can't lost the link) flipping the script with a GLiNet Mudi hotspot with SMS forwarding (to e-mail); I really like this idea. It would be suuuper neat to play around with the tethered model: make SIP calls with a hacked Switch with Android installed / dedicated ruggedized VoIP phone for emergencies, or justify making and carrying a cyberdeck.
Personally, I'm hoping to revive my 3DS because I fell in love with the darn thing again (and its near infinite battery life). I heard you can make calls on the original DS with SvSIP, so suuurely that can work on the 3DS too. As a fellow gamer and android dev I'm sure you'd appreciate the idea.
I don't want a phone owned and controlled and spied on by governments and mega corporations. I want a Gibson-Neuromancer style obelisk disk blob thing that does Internet, Telephony, and Computer stuff and uses whatever I tether it to as the human interface.
This is not about security, it's about control.
Of course we know, but they always spin it as being about security.
They are just careful not to say whose security.
It's not a lie if it is to secure their cashflow.
One man’s security is another man’s control.
Edit: and to be clear, I’m against this change by google. I think there is value in protecting grandma from sideloaded apps (if that even happens in the real world) but this isn’t about protection of consumers, it’s about centralised control of what you can and can’t do, in preparation for handing over the reigns to an authoritarian government. ‘Security’ either to protect you from scams, protecting YouTube from third party apps, or preventing nation state hacking or similar will inevitably be the driving narrative.
i've had a positive experience with OnePlus 6 and Mobian, but if you want something more modern with a business behind it, check out https://furilabs.com/
If you're cheap like me a used Pixel3a is a grand device.
My primary for the time being remains GrapheneOS, which, ironically enough, only runs on Pixel hardware for now (though the GOS team is working with an unnamed major Android OEM to produce a handset that meets GOS's strict platform requirements).
My Linux phone is a PinePhone pro, which I believe is no longer being sold. It's not great. Phosh could generously be described as "in progress" last time I used it. UIs for many applications aren't built for small touchscreens like that.
I'd have to review the hardware market again if I were going to make a fresh recommendation. Librem looks cool conceptually, but they're a bit pricey, and their framing of a "Made in USA" variant as a premium feature rather than a red flag, a reputation risk, and a supply chain risk make me skeptical of whether Librem is a trustworthy entity at all, or might just be controlled opposition. That could just be me erring on the side of paranoia, though.
>VWYF, folks
Volkswagen Your Face
Vincent Wants Yummy Fries
Viewing Worked Yesterday, Frank
Voyeur Whom You Fuck
Veiled Widows You Fancy
Vore Website? Yes, Free!
You can still run an Android build that doesn't require a Google signature for apps. You'll just lose access to Play Integrity APIs, which you wouldn't get from non-Android Linux phones either. A better technical solution is to set up a federated replacement for Play Integrity that third party ROM developers can opt into and a library that can use that or Play Integrity for app developers that want it to use.
Banking apps will not work then.
That's a bit overblown. Almost all banking apps work fine. You might be one of the unlucky few of course, but there's no need to scare others from running free software.
I think the "one smartphone for absolutely everything" era is over. Either switch banks (there are many who don't do this nonsense) or have a dedicated Android/iOS device for banking.
This works now, but good luck in 10 years time when the radio chip requires a digital signature from the host OS signed by google or apple and your current phone is deprecated by 6g or whatever.
when the radio chip requires a digital signature from the host OS signed by google or apple
China will never let that happen.
I remember, when DVD players were required to show mandatory, non-skippable sections of video, chinese players violated the standards and international agreements and allowed skipping those sections, and they also sometimes illegally ignored regional restrictions.
I think times were different back then. Modern times are more like China selling Playstation 5’s with mod shops: to my knowledge, they currently don’t. Even if it ever becomes a thing the PS6 is only a few years away and will be even harder to break.
Google, Apple, or CCP. Problem solved.
I mean, the actual implementation will be that CCP signs Google DragonFly Global Root CA cert, and Apple runs Google signed firmware, but those are just minor implementation details.
5 eyes governments would be able to mandate this to stop against the ‘persistent evils of China’
The irony, software freedom is now dependent on China.
This is worst thing ever happened to humankind.
[dead]
[flagged]
If you care about it, then buy Android phones that will support sideloading. Financially reward companies that are doing what you want.
Which Android phones? If I understand correctly this will be a requirement for certification, so any devices that do not enforce it will not pass integrity checks. Goodbye banking apps, etc.
Chinese phones, ones with GrapheneOS, new ones created to fulfill the market demand Google is creating.
>will not pass integrity checks
Those apps can add support for other integrity APIs. Operating system owners can fund this work to help their operating system gain marketshare.
This affects all Android devices with Google Services.
99% of malware with real world consequences of people losing much or all of their money is from unverified developers.
This is a step in the right direction to keep people safe in my opinion. Most people around the world don’t understand the risks.
Having a trustworthy channel for verified app loading is a vital security tool. F-Droid is such a channel; the Google Play Store is not. F-Droid inspects the source code of the applications they build, removes malware and other antifeatures from them, and compiles them from source to ensure that the binaries they deliver correspond to the source code they've inspected. The Google Play Store doesn't do any of those things. Consequently it's full of malware.
The topic here is Google nuking F-Droid from orbit, probably because it has NewPipe.
I'm not sure about the NewPipe angle, as Grey Jay exists (Backed by FUTO/Louis Rossman) on the Play store, which has ad-block and sponsor block incorporated into it. Google is just being malicious towards opensource and privacy, under the guise of security
Not neccesarily a guise of security, but perhaps a different means of security. E.g. securing stock investments, profits, monies, etc. Nothing is 100% secure, you can't be in the void and still call it a void, etc
AFAIK most of the victims actually fall for social engineering in combination with legit apps. If you force developer registration criminals will simply find other attack vectors.
You are restricting a fundamental digital right in exchange for a minuscule reduction in risk.
The ability to 'sideload' is already off by default, and warns you before turning it on. Maybe just a bigger or sterner warning? I mean there's only so much you can do there...
This won't be true for much longer iiuc. Look at the outcomes of the Epic lawsuit. That's probably why Google is changing how they tackle this problem.
When was the last time you read articles about malware in F-droid? When was the last time you read articles about malware in the play store?
What those "people-who-don't-understand-the-risks" will do then, with more money left? I think they will give their money to all sorts of political populists, who will cause danger not only to themselves, but everyone.
The malware boogeyman is really paying off tangibly for Google. They've got actual fans of their profit-motivated paternalism.
Anyone who has lived through the windows PC era knows it's a legitimate problem. Google has tons of data to show malware exists for Android as well. Being able to prevent that malware from affecting the lives of Android users is a moral imperative for Google. I understand why folks are skeptical, but it's worth trying to dig into the fact rather than just react blindly.
Akshually 99% of malware with real world consequences comes preinstalled on your phone.
A ton of malware is pushed through Google's adsense network, which already requires some level of verification afaik. It doesn't stop jack shit. You are naive if you think more verification is somehow going to stop this.
That's rich knowing that both Apple and Google get most of their store money from dubious casino like games which I'm uncomfortable giving to my family.
Before they are allowed to make any comment on scams, they should clean up their own store first.
99% of all malware with real world consequences is caused by unverified developers, ergo, all unverified developers should be removed from app stores.
99% of all car accidents with real world consequences are caused by licensed human drivers, ergo, all licensed human drivers should be removed from roads.
Same argument. It's true, and simultaneously, it skips right past all of the ramifications of the proposal, even when the ramifications conceivably result in more harm than the original problem did.
https://en.wikipedia.org/wiki/G._K._Chesterton#Chesterton's_...
YOU should be kept safe.
EDIT: apologies I misunderstood that this is limiting third-party distribution. I am of course, in favour of this.
Original comment:
I don't want this. The App Store on iOS has its flaws, but it's a curated system that has a lot of checks in place to prevent malware. I have never felt unsafe on iOS and it's the primary reason I've not joined Android and the Play Store's wild west.
I can't emphasize this enough, your comment is 100% wrong.
This is about only allowing play verified apps. Play store will remain whatever you think of it regardless of this move.
What this has to do with the topic, if you're on iOS?
Because I'd actually be interested in an Android phone if Google locks down the play store to legitimate actors, increases the barrier for entry and improves the quality and safety of submissions. Which this looks to be doing?
This is not Google locking down the Play Store, it's them restricting distribution outside the Play Store, which you don't have to do in any case.
Apologies. I did _NOT_ gather that from reading the OP.
Why would you be interested in Android?
Isn't iOS a pinnacle of UI/UX loaded with most innovative features in the world backed by the most genius CEOs of all times?
You should just check submission link contents before commenting. This just locks down apps outside of google play.