What we talk about when we talk about sideloading

Posted by rom1v 4 days ago

What we talk about when we talk about sideloading(f-droid.org)

1504 points | 627 commentspage 4

vezycash 4 days ago|

Everyone developer who worked hard to make windows phone die. Hope you're happy.

Nextgrid 4 days ago||

> who worked hard to make windows phone die

You mean Microsoft? No backwards-compatibility with Windows Mobile to begin with (so companies can't reuse their existing investment into line-of-business apps on actually nice modern devices either), then they reset the ecosystem 2 times (once during the WP7->WP8 transition, another time during the Windows 10 transition).

actionfromafar 4 days ago||

Well put. Microsoft following the "Double barrel shotgun, apply one wad per foot." (Reset ecosystem 2 times.)

rcarmo 4 days ago|||

I was a telco product manager at the time and I can tell you right away that it wasn't developers that killed Windows Phone. This book (https://asokan.org/operation-elop/) tells part of the story, but the telcos I worked for (and competed with) definitely played a big role.

paul_h 4 days ago||

That book is new to me. I wrote https://paulhammant.com/2013/05/07/android-and-the-art-of-wa... on Google vs MSFT and phones before the book. Mine's a perspective that doesn't mention Nokia or its leadership.

I did own a Treo and loved it up to the OG iPhone - I repaired the eff out of it in the hope that something worthy would come along. I kidded myself I would write apps for it. I'd previously played with Simbian tech (and met a very bitter Simbian team dev in London one "eXtreme Tuesday Club" meetup in 2003). I had a Psion Organizer way back and Palm pilot. I thought Palm's WebOS stood a chance. I still own a Ubuntu Phone that I don't use - single script QML apps would have been the killer, but all that's passed now.

terminalshort 4 days ago|||

Let's not pretend that MSFT would have been one tiny bit better here.

Andrex 4 days ago|||

I am, mostly because Windows Phone 7 always did what Google is attempting to do here.

https://stackoverflow.com/questions/4229029/can-you-install-...

At least we got 10+ years of real sideloading on consumer devices thanks to WP7's death.

sergeykish 3 days ago|||

Windows RT "sideloading" denied for ordinary users, costly for Line-of-Business apps (2012).

Microsoft UWP only Microsoft Store. Microsoft backtracked their walled garden Windows plans for a while as result of Windows Phone fiasco.

Yes, we are.

efilife 4 days ago||

I don't understand this sentence. Can someone rephrase?

erelong 3 days ago||

There's a lot of things to be said on these topics, it probably is worth trying to keep android "open" here, but there's also a lot of alternative routes to consider and in the long run I think maybe Android is a lost cause (?) to be abandoned

The big alternative is mobile linux or linux mobile, which is akin to desktop linux in the 2000s maybe in lagging behind the competing operating systems. An influx of interest in these operating systems and related hardware might make this discussion more moot (software like: postmarketos, mobian, ubuntu touch, and so on. hardware like: pinephone, raspberry pi used as a phone?, librem phones, and so on.)

Some progress has been made to have android phones run on linux with projects like postmarketos and mobian. Again, more people just focusing on building these projects, especially with the help of LLMs, might make this discussion less necessary.

F-Droid could also pivot a bit to promoting more linux mobile initiatives.

Apple should be called out as much as Google here for already being closed off.

Both platforms (ios and Android) could probably be appealed to through the incentive of "developer openness being good for business" - it probably helps both companies to make more money by making "sideloading" easy. If they both essentially become closed, this opens up a giant incentive for linux mobile to take over. (Maybe that is something we should root for?)

On the hardware side, we need some ios/android alternative phones. I've seen some people post that you can attach cell dongles to raspberry pis and use those as phones (?). Maybe more diy cell phone projects would be nice to see.

I guess the FSF is trying to create a Librephone; initiatives like this are overdue: https://liliputing.com/free-software-foundation-announces-a-...

Not sure what else to add, the writing has been on the wall that Google and Apple are trying to be closed source systems, so generally linux mobile (and/or *BSD mobile, if that's to be a thing in the future) need more attention.

This is probably a good moment to consider the alternatives and the seemingly predictable trajectory of where things are going.

pabs3 2 days ago|

Librephone is mainly about reverse engineering firmware and other binary blobs, not creating new phones.

https://librephone.fsf.org/FAQ.html

zombot 2 days ago||

This article is written really well and spells it all out. What Google is doing is a travesty and an abomination but the thing about power is, you can do what you want even if everyone hates you for it.

ptrl600 4 days ago||

Will I be allowed to add keys to verify developers over ADB?

qwertox 3 days ago||

I have 3 personal apps, which are not published anywhere, which I have installed on all of my own 10 Android devices. They are the reason why I have not switched to an iPhone/iPad and i absolutely rely on those apps.

Why on earth do I need to register with Google to use them?

funOtter 4 days ago||

After Google implements this, will I still be able to "side-load" (install any software) on Android-derivative OSes like GrapheneOS?

kuratkull 4 days ago||

Currently it seems that Google is pushing for hardware attestation, so you might be able to install Graphene/Lineage if your phone manufacturer allows you to unlock your bootloader, but many Play Store apps won't work as they'll detect your root. It's actually gotten pretty insane how every low-value app considers themselves the centre of the world and unable to run on a rooted device.

Example: the loyalty card app for a local store chain - there's no money in it, I can just get some discounts when I use it. So an attacker would have to steal my phone, somehow unlock it, and then they can use my loyalty card (btw which is free to obtain for anyone and there are no tiers) to get some discounts. And for that, they have implemented a pretty decent root checker which i had to put in some effort to overcome. And there are many more like it.

Andrex 4 days ago|||

There might be insurance and bank contracts higher up the chain that classify it as a financial dealing and thus require stricter conformance. I'm speculating tbh I have no idea for sure.

AlgebraFox 3 days ago|||

> as they'll detect your root

A small clarification, neither GrapheneOS or LineageOS runs as root. Rooting is different from "installing an alternate OS".

zb3 4 days ago||

Yes (but see my comment about the permission system), however, the future of bootloader unlocking and AOSP is uncertain... :(

With one switch, one nasty update (disabling bootloader unlocking on Pixels), Google could kill GrapheneOS..

nhumrich 4 days ago||

As a power user, and software creator, I absolutely hate this decision. Side loading and power features are a main reason I use android.

That being said, as a grandchild, I also completely understand where google is coming from. A surprisingly high percentage of users do need protecting from themselves. They are so technology illiterate that someone random tells them to install something, "it will say it's not safe, but it's actually okay, just click approve" and they will. This is why HSTS exists, to prevent uneducated users from getting pwned, by preventing them from disabling safeguards.

So, having some system of "no really, I am a power user" makes sense, even if I hate it.

hakube 3 days ago||

It's not "sideloading". It's called installing software on your own device!

nashashmi 4 days ago||

Is this seeking Google’s approval for the app? Or is the condition app be signed by a verified user? The latter means side loading is still viable for apps from known developers. This way anyone who is known who may create malware and will not be free from prosecution

blueg3 4 days ago||

It is the latter. The app has to be signed, and the signer has to register "real" identity with Google. Approval of the app itself is not a part of the process.

Yes, sideloading will still be viable from known developers.

Probably malware developers will still be free from prosecution -- what moron is going to distribute malware with their own identity attached to it? But it means when the malware gets caught (which it does) you can't just roll a new APK with a different signature. You've burned a developer identity and need a new one. Those are harder to come by, and so it rate-limits malware distribution.

Andrex 4 days ago||

Fwiw I've been getting random email offers over the years to buy my old dev account for like $100-300. Dev accounts are going to become a prized commodity on the black market with this move.

(I didn't sell my acct, for the record.)

altfredd 3 days ago|||

Approval is tied to individual apps. From https://developer.android.com/developer-verification:

> You'll need to prove you own your apps by providing your app package name and app signing keys

Needless to say, Google will throw out NewPipe, ad-blockers and anything else that might endanger their profits. For example, Google does not allow F-Droid to be published in Google Play (distributing competing app stores is against their ToS). This policy was in action as long as Google Play/Android Market existed.

sfRattan 4 days ago||

> The latter means side loading is still viable for apps from known developers. This way anyone who is known who may create malware and will not be free from prosecution

Important corrections:

This way anyone who is known to create malware or any software which interferes with Google's current or potential future revenue, strategic interests, and unpredictable whims will not be free from prosecution in the case of distributing malware, nor from digital exile and unpersoning in the case of causing inconvenience to Google.

lutusp 3 days ago|

You're all missing the point! This is not about whether an app can be installed on an Android device, it's about whether the device's owner has any say in the matter. It's about freedom of choice.

Over the decades, from the Apple II to the present, I've owned every imaginable kind of computer. And yes -- I owned all of them -- I had the right to use them as I saw fit. They were extensions of my intellectual creativity. I've written dozens of Android apps, including TankCalc, used in industries across the world to measure and control storage containers. TankCalc is useful, it's free, and it's about to die.

I tried meeting Google's demands, but over the years I realized that wasn't possible, because Google refused to take "yes" for an answer. This is true for all my Android apps -- all would require constant maintenance to meet Google's endless compliance demands.

We're witnessing an extinction of personal expression, of defending the rights of individuals, and the sideloading issue is a symptom of a deadly disease, one that shifts control away from individuals to giant corporations.

Sideloading is just an example. Samsung has updated its already-sold refrigerators to begin showing ads to powerless consumers. Car makers Mercedes-Benz and BMW have starting charging monthly subscription fees for access to features already present in people's cars. Farmers can no longer repair their John Deere tractors.

It's an unprecedented historical shift. Instead of being crushed by an army that invades and takes over, we pay for things that own us, body and soul.

More comments...