This is why I switched to Android, just for Google now to pull the rug from under my feet again ...
Like most coders, I also prefer the permissive MIT/Apache/BSD licensing for most software projects but incidents like these make me question the direction we are heading towards. They raise fundamental questions about freedom itself - looking at the broader picture, is having a restrictive kind of freedom (GPL) often more beneficial than having full permissive freedom (MIT/Apache)?
Unless, maybe the EU, enforce a right to repair and tinker we'll be at the mercy of these companies with their walled gardens.
Anyone who is already running a rooted Android or otherwise customized OS isn't affected by this, only developers who want to distribute their app to users.
What leverage does a community of engineers have to insist on anything? Android could be entirely closed source. So could Chrome.
It would be naive to assume that the power dynamics in our society can be fundamentally altered by a 10 line software license.
You're right that broadly speaking, there is very little that could be done to stop this but having a culture of "everything GPL" in an organization definitely helps. For example, Sun was farsighted enough, though they couldn't stop Oracle from acquiring MySql, Oracle was still forced to keep MySql under GPL and they were able to salvage MariaDB too.
Similar was the case with Java. Oracle tried everything in its power to control its use and direction including legal means, it's only thanks to GPL that alternative implementations like OpenJDK and Amazon Corretto still exist. We can't even imagine the state of these software today if Sun hadn't licensed them under GPL originally but used some other permissive license instead!
Of course, Stallman strongly eschews the ambiguity and misdirection inherent in the phrase open source, and in this particular instance the considered use of 'free' or 'freedom' is precisely what we're now all upset about the impending loss of.
Freedom cannot exist without discernment.
If you have a free and open society but allow Nazis, because you allow everyone, how long will you be free? Not long. The Nazis will use their freedom to take everyone else's.
Freedom demands a simple rule. We accept everyone who accepts everyone.
Fundamentally, GPL shares this rule. That is the point of it. Our labor, when shared, should be shared just the same when used.
If we were to accept and enforce this rule, billions of followers of some major religions would not be eligible to be part of a free and open society.
It's of course not a perfect analogy since the original Free Software still exists, but since in practice the dependency was from free towards non-free, like in this instance, it still works. Google and its anti-freedom practices are still in effective control of the Android ecosystem even though it's still technically free by way of AOSP.
And just as how some people argue that intolerance of the intolerant by a tolerant society is bad, so do some people argue that things like the GPL is bad because it prevents downstream modifications etc. going from free to non-free. Maybe this will help re-evaluate the culture around this stuff.
People are not stupid.
People aren't stupid, but the fact that Google is in this situation proves that we should have been less naive.
There are plenty of stupid people around.
We interact with them every day.
Most people, might not be 'stupid'; but complacency in the population is enough to drop the guard down.
You can see it again and again in the success of voter suppression acts and the deceitful tactics played by authoritarians.
Arguments only work when both actors respect good arguments.
Seeing him walk my steps 15 years later has been eye opening for the brutal cultural change.
They’re socially conditioned to assume that anything free is a scam or illegal, that every tool is associated with a corporation, and that learning itself is going through certain hoops (by the uni, the certificator or whatever) so that you get permission to earn money a certain way.
As more doors get closed, I fear this process will solidify.
My hope is that LLMs will help open source developers provide reasonable alternatives to the gatekeeping and spyware that corporations are now making their bread and butter. Example: Recent tried to use Unity LTS for a small project - the software is a joke now, basic functionality is broken out of the box. A couple of hours with an LLM and I had all the features I needed using a more lightweight library, monogame. Not an operating system, but I'm hoping the pattern will continue as LLMs get more proficient at code - the moat of "this is hard and laborious to do" will be drained.
For example, try to learn from an online resource and you’ll see that the most popular sources (YouTubers, twitchers, etc) are all preparing a rug pull to a non free resource, slipping undisclosed ads as content or straight up selling snake oil.
I grew up assuming that a random guy on the internet had always genuine intentions, even those who were assholes. Now the default is either a paid account, a bot, or someone trying to grind for personal gain. Everything’s adversarial.
Made sense to me at the time and they were really into "Android should be open source" vibe, so I supported it.
10 years later, I'm also rugpulled. Their vision has dramatically shifted into trying to build a walled garden on top of Android, but now they are haunted by their open source roots, and the walled garden is just a really tall pile of bricks laid around it.
So many times we've been promised things, only for them to be delivered in a half-baked state with half of the parts open source while other parts were closed only to Google and Google approved apps.
So many times the issue trackers for different parts of the platform ecosystem have changed, that some issues are impossible to debug without using web archive. And just as many times, they have been closed, ignored for years or unnoticed, being ping-ponged among team members until they forget about it.
Yet, even with all of the closed and privatized parts of the ecosystem, they are still not able to deliver on an ecosystem promise.
They control my email, my photos, my cloud, my browser, my phone - yet cannot keep a single thing properly in sync. Still, I download something and I do not know where it went. Still, I cannot Airdrop things without a 3rd party service. Still, I take a photo only for it to appear on the cloud 5 minutes later. Still, I cannot have a "sandbox" account for testing that just works, but have to juggle multiple accounts, causing their auth system to break 80% of the time when testing.
As a developer, I do not plan to support Android anymore. I recently got an iPhone, and am now fully switching to it. Even tho I am long on $GOOG stock, because the money printer go brrr, I will be spending that money in the Apple's ecosystem from now on.
Aside from that, the masses don't care or know about any of this. A couple of HN users don't make a dent in the revenue of any large company. What we can do is work on alternative ecosystems or at least support the small companies and organizations who do with our wallets.
If you don't want to be bitten, get out of the snake pit.
Abrupt abandoning of their Nexus line for overpriced Pixel hardware was the watershed moment. The exact moment when their executives decided to ride free on open source labor.
Well, it hardly works between Apple devices themselves to begin with (sending a bunch of pictures over to a 4 years old iphone works like 1 times out of 10 trial..). At least I can use regular old Bluetooth to send stuff to any kind of device from Android without the cruel gatekeeping of only Apple devices.
So yeah, both platforms have their own ways they suck in.
On Google Play I never, ever had any app be anything close to as successful as on iOS. I think I probably made less than 1/100th the amount I did on iOS back in the day.
Paid provisioning: If you have paid the developer fee, a build will expire based on the amount of time left before that payment renews, so if you build and install an app a month before your developer fee renews, that build of the app (that you installed via Xcode) will stop working in 1 month.
I have no problem with a store having a small admission fee - that's perfectly reasonable and they do have operational costs. It would be nice if they had some way to waive the fee for popular OSS to garner some god will with the devs.
Taking a 30% cut of revenue on the other hand ... both platforms are guilty of this
For someone who is making money from it, sure, but that's exactly who this isn't about. The way they get screwed is by the 30%.
A fixed fee -- in any amount -- is screwing the people who aren't in it for the money. Because to begin with, it's not just the fee, it's the bureaucracy that comes with the fee.
You're a kid and you want to make your first app, but you don't have a credit card.
You live in a poor country and maybe the amount you can lose without noticing when you're rich isn't the same there. Or even if you can get the money, you may not have a first world bank account and the conglomerate isn't set up to take the local currency.
You're a desktop developer and you're willing to make a simple mobile app and give it away for free as long as it's not a bother. The money is nothing but the paperwork is a bother so you don't do it, and now the million people who would have used that app don't have it and have to suffer the spam-laden trash alternative from someone who is only in it for the money.
And suppose the amount is as trivial as you propose. Then why does a multi-trillion dollar conglomerate need that pittance from a million ordinary people?
Because the store gets spammed by million of bot applications ? Having a small fee for store review is probably a decent noise floor.
You can still develop apps on your devices without a dev license - the week long cert is annoying, they probably want to avoid people side-loading via this mechanism (which I am against FWIW).
But you can develop on your devices without paying 100$/year
They're a search engine company. They can't figure out how to put real apps on page 1 and spam apps on page 500?
Also, then why are they charging the fee if you use someone else's store?
> the week long cert is annoying, they probably want to avoid people side-loading via this mechanism
It seems like you understand their underlying motives, so then why are you defending them?
It is very unreasonable.
You need to pay $100 to execute code on a device that you own. Without a 7 day time limit. And only if you have the technical expertise to do so. This is not a fee for distribution/integration. This is feudal rent.
1) You can continue to install unsigned APKs via adb with the upcoming update.
2) Signing APKs for sideloading requires a Google development account which is a one time fee of $25, no yearly fees.
So still a free sideloading option available, and if you want to avoid adb it is a one time cost that is 1/4 the annual rate on Apple.
If you want to send your app to a friend to download and install it directly on their phone (without using a computer with ADB), you need to be Google-approved and register your app first.
2) Unless they decide to ban you (they can if you don't show any activity in the developer account for X months) and of course because you were verified you can't simply apply again and pay again, because you were banned!!!!
The solution, I think, would be a regulation that forbids manufacturers of any chip or device CPU from making obstacles to reprogramming the device (using fuses, digital signatures, encryption etc). So if you buy a device with CPU and writable memory, you should be able to load your own program and manufacturer may not use technical measures to stop you. The goal of regulation would be preventing of creating digital waste, vendor locks and allow reusing the hardware.
Of course, features like theft prevention won't work, so the user should be able to waive this right.
Regulation should prevent Google from subsidising manufacturers to use Android. Arguably the recent antitrust legislation [2] applies in this case because they're effectively paying manufacturers to place that horrendous and impossible to remove search bar on the home screen.
[1] https://www.androidauthority.com/graphene-os-major-android-o... [2] https://www.justice.gov/opa/pr/department-justice-wins-signi...
I get that this is in the name of security hardening. And you can make a build that has limited root access and is officially supported. But GrapheneOS isn't the end-all solution to computing freedom. Although hopefully on those devices you will be able to install custom OSes (root capable build of Graphene or otherwise).
I'm secretly hoping that this will be Framework or Nothing.
You will lose DRM-based apps (e.g. Netflix), Payment apps, and bank apps though.
There are societies today (I live in one) where some businesses are starting to accept payment only through a banking or payment app, no cash, no card, nothing else. And these apps will only function in the very narrow circumstances of "I bought a device which runs software from one of two American tech monopolies and follow all their frequently changing rules for using various software that's unrelated to the payment I need to make." This limitation is mostly in place due to the banks believing it will make things more secure. Security is important, but not important enough that you get to start denying innocent people the ability to make payments or exile them from the banking system because they had some kind of dispute with Apple or Google. Governments need to step in with access mandates here, otherwise this problem WILL come to a jurisdiction near you sooner or later.
The argument that this is actually a security benefit is a farce. It doesn't do anything. If the device is compromised then it's going to capture your password and send it to the attacker without attempting any attestation. So the only time the attestation is attempted is when the device isn't compromised.
It's clearly not about real security. It is about control. You follow the rules and get Google's blessing or no SafetyNet for you. These rules include things like ensuring that the user can't access their own data without the controlling app's permission.
I managed to get a US refubished Pixel 2 somehow with a fuselocked bootloader here in Ireland. I bought it second hand but I've no idea how it got that way. But I'm suck on the Pixel image and I wanted to use it for ROM testing etc.
Yes some banks still allow classic clunky 2FA(sms, card readers, sometimes SIM generators) but it'll all eventually go away in favor of "locked and favored" os unless legislation fights against it.
Other manufacturers do the same, where you have to wait a period of like 45 days before being able to unlock, and then have to ask permission on their website to unlock your bootloader.
wandering the web to find an exploit is way beyond my spare time.
Except regulations are now moving in the opposite direction: to mandate device locking.
[0] https://droidian.org/ [1] https://www.notebookcheck.net/Lenovo-ThinkPhone-by-Motorola-...
Why would you make essential security features illegal? Do you want to fly on a plane where the flight control software was maybe overwritten?
>So if you buy a device with CPU and writable memory, you should be able to load your own program and manufacturer may not use technical measures to stop you.
The problem is Google and Apple locking down their Operating System, this is not a technical limitation on hardware.
I don't understand it. Whoever owns the place can replace any part of it, including computers. So being able to overwrite software doesn't change it. Furthermore, plane computers are not a consumer hardware.
You could make a better example with patched car software.
> The problem is Google and Apple locking down their Operating System, this is not a technical limitation on hardware.
The initial ROM bootloader contains hard-coded signature which prevents you from replacing Apple/Google software.
No need to strip out every wall, we just have to think about the problem and put doors at necessary places so we can enjoy both freedom AND security.
But long-term, Android is such a massive code base, and was designed more for surveillance and consumption, than for privacy&security and the user's interests.
I think getting mainline Linux on viable and sustainable on multiple hardware devices is warmer, fuzzier foundation. (Sort of a cross between Purism's work on the Librem 5, and PostmarketOS's work on trying to get mainline Linux viable on something else.)
You just have to somehow speedrun the decades of development that went into Android to make it decently run on mobile hardware.. never really understood this "throwing out the baby" direction - the UNIX userspace model simply doesn't work on mobile (I would wager it also doesn't work on desktop anymore), has no security (everything runs as your user which made sense when you ran some batch job on a terminal with multiple other users, but nowadays when a single user has as many processes as all the user had back then it effectively means no security between any of those programs), there is no real resource control, no lifecycles, so the device will burn scorching hot and have terrible battery life.
On Android (and iOS) apps were always living in a world with lifecycles so if they wanted to operate correctly, they had to become decent citizens (save state when asked, so they can be stopped and resumed at any moment). This also fits nicely with sandboxes and user permissions, etc.
So without developing an alternative user-space for "GNU-Linux", it's simply not competing with android in any form or shape.
And even if you do, now every GNU app has to somehow be ported to that userspace API (you can't just kill GIMP or whatever Linux process)
Isn't this mainly due to proprietary drivers and firmware?
Android devs actually backported a bunch of work to the mainline kernel with regards to low-level energy management, but that's only one half of the story. The other is your phone stopping unused apps gracefully, and being able to go back to sleep regularly.
I switched from Windows to Linux it's been 2 years. One of the few things I missed on Windows, was the native WhatsApp app, as the Web WhatsApp it's horrible. Then a few months Meta killed the native app and made into a webview-app :)
e.g. HellDivers 2 didn't work well until recently on Linux. If you are playing certain factions it is a very fast paced game and I would frequently experience slow downs on Linux.
So if I wanted to play HellDivers 2, I would have to reboot into Windows. Since running kernel 6.16 and updates to proton it now runs better.
And the latest gen finger print scanner only works between 10-50% of the time depending on the day, humidity, etc., no matter hof often you re-enroll a fingerprint, enroll a fingerprint multiple times, etc.
And the battery drains in 3-4 hours. Unless you let powertop enable all USB/Bluetooth autosuspend, etc. But then you have to write your own udev rules to disable autosuspend when connected to power, because otherwise there is a large wakeup latency when you use your Bluetooth trackball again after not touching it for one or two seconds.
And if you use GNOME (yes, I know use KDE or whatever), you have to use extensions to get system tray icons back. But since the last few releases some icons randomly don't work (e.g. Dropbox) when you click on it.
And there are connectivity issues with Bluetooth headphones all the time plus no effortless switching between devices. (Any larger video/audio meeting, you can always find the Linux user, because they will need five minutes to get working audio.)
As long as desktop/laptop Linux is still death by a thousand paper cuts, Linux on the desktop is not going to happen.
I really wish it was seamless and good, but it just isn't (and frankly it's a bit embarrassing it isn't given desktop environments for GNU Linux have been in development for 20+ years).
For example the laptop I had from my previous employer (a pretty beefy Dell) was failing to go to sleep, I had to unplug the charger and the HDMI cable on my desk each night, otherwise every second night it was keeping my monitor lit on the lock screen; when low on battery it clocked the CPU down so much that the whole system froze to a grinding stop not even the mouse pointer was moving, and even after putting it back on the charger it remained similarly unusable for a good 10 mins..
Like I have been using Linux since the Xorg config days when you could easily get a black screen if you misconfigured something, but at least those issues are deterministic and once you get to a working state, it usually stays there. Also, Linux has made very good progress in the last decade and it has hands down the best hardware support nowadays (makes sense given that the vast vast majority of servers run Linux, so hardware companies employ a bunch of kernel devs to make their hardware decently supported).
I moved to Mint almost 4 years ago at this point, running it on a now fairly old Dell G5 from 2019. Runs as smoothly as ever.
I had one problem during this 4 year run (botched update and OS wouldn't start). Logging to terminal and getting Timeshift to go back to before the update did the trick. Quick and painless. I could even run all the updates (just had to be careful to apply one of those after a reboot).
I have no idea what you are talking about. Maybe I am just very lucky with Linux.
Well, show me that magic OS that works on "just about any computer", because I am sure Windows ain't that. OSX only works on their select devices, and Windows have its own way of sucking. Let's be honest, there are shitty hardware out there and nothing will work decently on top. People just try to save these by putting Linux on top and then the software gets the blame.
IME a lot developers don't even use Linux on their desktop machine. I've met three developers that use Linux professional IRL. A lot of devs have a hard time even using git bash on Windows.
I am always called up by people at work because I am "the Linux guy" when they have a problem with Linux or Bash.
Sure, there are a lot of people that use Linux indirectly e.g. deploy to a Linux box, use Docker or a VM. But if someone isn't running Windows, 9 times out of 10 they are running a Mac.
More generally the thing that has paid the bills for me is always these huge proprietary tech stacks I've had to deal with. Whether it be Microsoft's old ASP.NET tech stack with SQL Server, AWS, Azure, GCP, what pays the bills is proprietary shite. I hate working with this stuff, but that what you gotta to pay the bills.
I think what it fundamentally comes down to is that for consumer-oriented Linux to see widespread adoption, it needs to succeed on its own merits. Right now, and since forever, Linux exists in a space for the majority of consumers who consider it where they think "I might use it, because at least it's not the other guy". A real contender would instead make the general public think "I'll use this because it's genuinely great and a pleasure to experience in its own right". And that's why I have absolutely zero faith in Linux becoming a viable smartphone ecosystem. If it were truly viable, it would have been built out already regardless of what Android was doing. "Sheltering Android refugees" is not a sustainable path to growth any more than "sheltering Windows refugees" is.
I have zero faith in a Linux smartphone. What will happen is that there will be some GNU/FSF thing with specs that are 15 years out date and you will have to install Linux via a serial console using Trisquel and the only applications available will the Mahjong (yes I am being hypobolic).
I realised a few years ago when one of my friends didn't know what the browser was on her phone, that any notion of people caring about the OS outside of branding is pretty much non-existent.
In corpo-world. Everyone is using Windows. If they are using Linux it would be through a VM or WSL. I guarantee none of those people are using Linux at home.
So for every developer you know that is using Linux, there are many more people using Windows supplied to by their IT department.
Many developers would need some help to get offline functionality and updates right though.. And it would be really nice if these apps didn't require parsing megabytes of JavaScript libraries on startup.
One can dream! :-)
Making a guess: nope. Same underpowered SoC, in order to save $5.
another tailwind might be in the gaming scene. I have the general sense that SteamOS has been an interesting gateway for technically-minded folks to be impressed by this Linux thing. A similar model for mobile phones might be a tailwind (like a SteamOS for ARM?) The reason why that's perfect is because it undermines the Google monopoly and creates an app ecosystem that people will absolutely flock to, at least for games ($$).
We'll finally get our ecosystem diversity back when the next geopolitical happening happens and Google bans Chinese android apps on bullshit pretexts.
Wait a few years more.
Sure some apps won't work for whatever reason & HN commenters will have incredibly scathing things to say about that, but I bet there's a lot of folks who'd be cool with missing an app here or there.
It sucks to be losing Android, but IMO it's an ecosystem in free-fall. Bootloaders are locked more and more, there's literally zero AOSP hardware buyable now, and the roms scene has diminished not grown over time.
I totally think theres a Steam Deck moment waiting around a corner, where what seemed impossible a year ago shows up and is dead obvious & direct, and we all wonder why there were so many doubts before.
IMO, I think Microsoft gave up on running Android apps on Windows because they read the writing on the wall: Google will use Play Integrity/Protect to ensure Android apps only run on Google-approved devices/operating systems and nothing else.
I think this is the ultimate fate for Waydroid, as well.
I disagree. The Android security model is better than the Linux one. I am very happy with GrapheneOS, I don't have much to complain about.
The problem is that Google sucks and nobody enforces antitrust laws. But it's not just Google: how many Android manufacturers don't suck, really? Do they contribute to AOSP at all? Probably not. Do they build reasonable devices that could run something like GrapheneOS? Nope. Just relocking the bootloader is often a problem.
GrapheneOS has apex modules disabled and never had the need for that.
It felt at the time like there was positive progress, more bits getting mainlined at a trickle but at least steady trickle rate. But it feels dark now. At least the GPU drivers everywhere have been getting much better, but I get the impression Qualcomm couldn't even ship a desktop/laptop after years of delay, is barely getting that in order now. It feels impossible to hope for the mobile chips anywhere to find religion & get even basic drivers mainlined.
I disagree. I have been using de-googled / de-spywared Android for a decade now and I really love it. Once you remove google mobile services and rely on open source applications Android feels really good.
Also its questionable if projects such as purism or even the pinephone will ever offer such good security and privacy as a de-googled Pixel with GrapheneOS will.
Even if that was true, AOSP is better for privacy and security than any other Linux distro.
Australian users of alternative app stores should make a complaint to the ACCC: https://www.accc.gov.au/about-us/contact-us-or-report-an-iss...
In the past, they forced Steam to implement proper refund policies, and they are currently suing Microsoft about the way subscribers were duped into paying more for "AI features" they didn't want.
If you're in the US, UK or EU, please contact your government.
But only once the company is powerful enough. We don't call Google a monopoly, because there is Apple, but taken together they certainly behave as one. Both create expectations, create expected momentum in a certain direction, people build (companies, lives) on those assumptions and boom, you can't get out and now the company changes the deal.
Is it just our assumptions that get us in trouble? Or do we need to do more?
I'm not sure how to regulate this, other than to stimulate open source, as the "for the people by the people" solution. But also that will just lead to poor expensive solutions (the market created some nice FOSS though). So the law it should be... And we're back to the problem of lobbying...
Perhaps there should be contracts: Google advertises Android as open: They should sign a contract: For how long will Android be open? Define "Open". The contract can be enforced. Or perhaps we, the people, sue now, for false advertising, although that will just make them flex their legal and lobbying muscles... And they didn't sign any contracts.
- Many APIs have been moved to Google Play Services (which is not open source), and many apps have come to rely on them. You can emulate it partially but not fully, see second point below.
- Some features like device attestation / SafetyNet fail on non-"official" devices, for example many banking or government ID apps refuse to work on open source os like GrapheneOS
With both Android and Chromium, we're ultimately at Google's mercy.
btw, does anyone know if Huawei is following along with this in their fork?
Many people bought Android phones because of the open capability. Even if you don't use it, just knowing you have an out is important.
And now Google is "altering the terms".