To recap the storyline, as far as I understand it: last August, Google announced plans to heavily restrict sideloading. Following community pushback, they promised an "advanced flow" for power users. The media widely reported this as a walk-back, leading users to assume the open ecosystem was safe.
But this promised feature hasn't appeared in any Android 16 or 17 betas. Google is quietly proceeding with the original lockdown.
The impact is a direct threat to independent AOSP distributions like Murena's e/OS/ (which I'm personally using). If installing a basic APK eventually requires a Google-verified developer ID, maintaining a truly de-Googled mobile OS becomes nearly impossible.
I have trouble understanding why this is a threat to AOSP distribution. I would have said quite the opposite actually, I don't see why they would not remove the verification and that's an incentive for people to use their project instead of Google Android.
Tragically, Linux phones have languished and are in an absolute state these days, but a lot of the building blocks are in place if user adoption occurs en masse. (Shout out to the lunatics who have kept this dream alive during these dark years.)
I know banking apps are the typical example, but I've always wondered why. I use my bank's app maybe once or twice a year when I need to Zelle someone, which I only need to do when they don't have Venmo. (Unless we consider Venmo a banking app.)
I only have one bank's app installed, the rest of my banks I only interact with over their website, on desktop.
As for insurance, I've never had an insurance company's app installed.
Am I just an outlier here? Honestly, if I switched to a non standard OS, I'd be more annoyed about losing, say, Google Maps, Uber/Lyft, or various chat apps. Banking and insurance just don't come to mind at all as something I need my phone for.
https://news.ycombinator.com/item?id=46723594 from Emre @emrekosmaz
It is a smartphone that runs Android, launches Debian, and dual-boots Windows 11
Actual link https://nexphone.com/blog/the-tale-of-nexphone-one-phone-eve...
If you can install a linux distro you can flash a custom rom on a well-supported phone.
If it were more mainstream I could see GUI apps to manage all this for people, if they don't already exist. Idk I just use adb.
Yes, that is generally the case. As a general rule with an Android phone reflashing the OS itself or the bootloader carries no risk of bricking the device (meaning making it impossible to recover without specialized hardware and/or opening up parts that were not intended to be opened).
There are plenty of ways to "soft-brick" a device such that you might need to plug it in to a computer, and adb/fastboot can definitely be a pain in the ass to use (especially on Windows), but if you have a device with an unlocked bootloader it's very rare to be able to actually brick the device while doing normal things.
Now, if you're doing abnormal things like reflashing the radio firmware you can absolutely brick some devices there, but you don't have to do that just to boot an alternative OS and generally shouldn't be doing it without very good reason and specific knowledge of exactly what you're doing.
I'm not going to say there are no devices where the standard process to flash an alternative OS is dangerous, but none of the relatively common ones I've ever owned or used have been built that way because OEMs don't want their own official firmware updates to be dangerous either.
tl;dr: It is sometimes possible to brick a device by flashing the wrong thing incorrectly, but the risk of doing that if you are just installing an alternative OS through a standard process is basically zero.
What you're saying should happen, but it will only happen when the government legislates it happens; which frankly they should be doing (along with nationalizing a few other software projects to be fair).
A trillion dollar transnational corporation with massive monopolistic tendencies will never ever do the right thing. Expect to force feed it down their throats.
It won't.
Not even playing devil's advocate, just wondering how many loopholes actually exist.
While MS code signing certs are more circumventable for power-users than Android's new approved developer program, their pricing is far more prohibitive for independent OSS developers and hobbyists, costing hundreds of USD per year.
Hopefully 2026 or 2027 will be the year of the Linux Phone
I understand some amount of reticence with commercial OSes, but there’s no justification for being against it on open Linux based desktops and mobile OSes. We really need to get past the 90s-minded paradigm of everything having access to everything else all the time with the only (scantly) meaningful safeguards coming in the form of *nix user permissions.
I do agree with that, and I strongly believe that the iOS and Android security model is way ahead of Desktop Linux. But what I observe is that nobody seems to care about the security model. A recurrent complaint I see against anything AOSP-based (including Android) is that people "want to be root".
But both Flatpak and Snap offer this new model from the two biggest desktop players in the Linux world: Red Hat and Canonical.
As the sibling comment said though, being an administrator for your own computer (including a phone) does not mean that you will be running untrusted applications as one: on the contrary, if you assume an administrator role and run an untrusted application, naturally, all bets are off. But even as a power user, I'd love to be able to safely run programs I do not necessarily trust, feeding it only data it needs and no more.
Again, Snap/Flatpak provide this model, but we need to see more application authors take them up to ship their software.
The fact that Android complains and tells any app that asks whether the owner actually, you know, owns the device they paid for is an implementation detail.
A Linux distribution that adopts an Android style security model could easily still provide the owner root access while locking down less trusted apps in such a way that the apps can't know or care whether the device is rooted.
This is not surprising. The desktop Linux community reacted with hostility to the well funded security efforts (selinux, apparmor, grsecurity, etc)
As a datapoint, everything in /dev/input/* is owned by root:input on my Debian Bookworm install, and my main user is not a member of the "input" group either.
Biggest problem with most security hardening for Linux desktop is that it breaks the natural usage pattern: I store my files by their content, not by their format (eg. I might have a folder for my project containing image files, spreadsheets, FreeCAD files, maybe even some code or TeX/ODF files). If programs are restricted to access the entirety of my $HOME though, there is not much benefit to that protection since that's where my most valuable data is. If they are restricted to per-program folder, I need to start organizing my data differently and unnaturally.
Android mostly does not use the "files" metaphor and basically does exactly that (per-app data): coming up with a security model and file management UX that does both is where the challenge is.
It's the same reason I choose to keep my front door unlocked basically all the time - I know my neighborhood, the risk is really low and the convenience is high.
Further... practically everyone agrees that they don't need bank vaults as front doors. It makes zero practical sense: The cost is incredibly high, and the convenience is very low.
There are ALL sorts of wonderfully cool things you can do on a system where applications are allowed to trust each other, and the system is permissive by default.
You can customize behavior more easily, you can extend software more easily, you can add incredibly detailed & functional accessibility support, you can create incredibly powerful macros and commands.
This is so important that fundamental OS design from the early 90s actually prioritized and catered to exactly this style of open, trusted, platform (ex - all of COM in windows...). This is what made personal computing a reality...
All of those fall flat when you try to impose "well funded" security efforts.
Those efforts have a place, in the same way that bank vaults have a place. Whether that place is a personal computer is a different question.
Implying those folks are hostile for no reason is... at best a woeful misunderstanding of the situation, and at worst a malicious mischaracterization.
A solution that's integral to the system and not just loosely taped on is required.
They've for sure had more than their fair share of security issues, but those are bugs, not fundamental design problems as far as I understand?
However, I have 2 Linux phones and Linux on phones is just not there. Massive vendors (Samsung, Huawei, etc) would need to get behind it to make it go anywhere. Also so banking etc apps remain available also on those phones. We can already run android apps on Linux, Windows apps, so it would be a bright future but really it needs injections and support for large phone makers.
I hope the EU/US mess will give it somewhat of a push but I doubt it.
Similarly, Palm Pre, and especially HP Pre 3 was a wonderful WebOS incarnation.
Ubuntu Touch did seem like it had a future, but it was a massive sink for Canonical so it was defunded as well.
The user experience was there on all of these: the apps, not so much.
- AI boom or bust will affect hardware availability - there is a push on its way to revamp phones into 'what comes next' -- see various versions of the same product that listens to you ( earing, ring, necklace ) - small LLMs allow for minimal hardware requirements for some tasks - anti-institutional sentiment seems to be driving some of the adoption
Gaming on Linux took off with Proton. Linux on phones might go the same path.
The reality is that we're lucky to have mostly-good things at all that align with most of our interests.
Yet people get so comfortable that they start to think mostly-good things are some sort of guarantee or natural order of the world.
Such that if only they could just kill off the thing that's mostly-good, they'll finally get something that's even better (or rather, more aligned with their interests rather than anyone else's).
In reality, mostly-good things that align with most of our interests is mostly a fluke of history, not something that was guaranteed to unfold.
Other common examples: capitalism, the internet, html/css, their favorite part of society (but they have ideas of how it could be a little better), some open-source project they actually use daily, etc.
If only there weren't Android, surely your set of ideals would win and nobody else's.
death of personal computing freedom, sovereign compute, and probably soon our ability to meaningfully contribute to the field as ICs?
A lot of really bad things are happening to our field, and Google is one of the agents responsible for much of it.
I mean, breaking news from 2010, but of course never assume things are so bad that they can’t get worse.
I don't think this is true, right? An AOSP build can just decide to still allow installing arbitrary APKs. Also see this post from the GrapheneOS team:
https://mastodon.social/@GrapheneOS@grapheneos.social/116103...
So at the very least you’d have to keep patches up to date.
Long term divergence could be enough that’s it’s just a hard fork and/or Google changes so much that the maintainer can’t keep the patches working at the same pace
I couldn’t read your link as it asks to join mastodon.social
I know iPhones aren't affordable for the layman in many countries. But for anyone with an option, why would you buy an Android? All the "customization" things I cared about when I was on Android are either doable on an iPhone now with better implementation, or something I don't care about.
I was a die-hard until I went through enough cycles of Google deprecating and reinventing their apps and services every year, breaking my workflow/habits, that I got sick of them and moved to Apple everything. And all the changes I've seen since then are only making me happier I got out of the ecosystem when I did. Unlimited Google Photos backups with Pixels are gone, Google Play Music is gone, the free development/distribution environment is gone, etc.
If people can't even develop for the thing without going through the Google process, they're really just a shitty iOS knockoff.
These are all due to limitations imposed by Apple.
In the past I was also on Windows Phone, again great .NET based userspace, with some limited C++, moving into the future, not legacy OS design.
I can afford iPhones, but won't buy them for private use, as I am not sponsoring Apple tax when I think about how many people on this world hardly can afford a feature phone in first place.
However I also support their Swift/Objective-C userspace, without being yet another UNIX clone.
If the Linux phones are to be yet another OpenMoko with Gtk+, or Qt, I don't see it moving the needle in mainstream adoption.
How the heck this is true?!? iOS is just bad.
Its usability is bad, its interface is bad, its apps are just a ton of crap, and it _will_ keep getting worse.
I'm not even talking about its "walled concentration camp" app model.
wake me up when there's an adblocker on an iphone.
That said, I want off the iOS ecosystem, but Google has basically said guess what? We are going the way of Apple, so we don't care about you either.
So right now there isn't really anywhere else to go. I'm going to keep trucking in iOS for now, but I hope I find something better soon.
uBlock Origin on Firefox Mobile is significantly better than any Safari adblocker I've been able to find. (1Blocker's the best I've found for Safari.)
That's for me to decide, thank you very much.
And you know very well, There are only meme adblockers for the browser on IOS.
I don't see a real future for Andrioid as an open platform unless the community comes together and does a hard fork. Google can continue to develop their version and go the Apple way (which, funny enough, no one has a problem with). Development of AOSP can be controlled by a software foundation, like tons of other successful projects.
We need some pro-consumer regulations on hardware which mandate open platforms. Fat chance of that happening, though, as the likes of both the EU and US want these locked down systems so they put in mandatory backdoors.
It's the same as the situation with Chrome/Chromium. There are a million "de-Googled"/"privacy focused" alternatives to Chrome all using the same engine, and when Google pushed manifest v3 changes to block ad-blockers every single one of them was affected.
You are making an orthogonal point. Yes, Google maintains AOSP. No, that does not mean that AOSP OSes that are not in Google's Android program (calling it that to avoid semantics games) have to adopt this change. If you want to hear it from the experts: https://grapheneos.social/@GrapheneOS/116103732687045013
At any rate, this particular Google anti-feature does not require a large patch (or maybe none at all).
That's just objectively wrong, both Brave and Opera still support manifest v2 and are committed to continue doing so for the foreseeable future. Even Edge apparently still has it, funnily enough.
Brave does NOT support manifest v2. They have instead hand picked exactly 4 manifest v2 extensions (AdGuard, NoScript, uBlock Origin, and uMatrix) and have hard-coded special support for them. They quite literally say in https://brave.com/blog/brave-shields-manifest-v3/ that all other v2 extensions will go away from Brave once Google fully removes support for them (which may have happened already, since it was posted a while ago).
As for Opera (https://blogs.opera.com/news/2025/09/mv2-extensions-opera/):
> MV3 extensions are the new standard and will offer a more stable and secure experience. Opera itself will shift to an MV3-only extension store.
You're misreading that page, they have special cased the hosting of those 4 extensions, because they do not have their own addon web store and are relying on Chrome's instead. You can still install any manifest v2 addon manually, not that there are going to be many outside of those 4 that care about v2.
As for Opera:
"Today, we reiterate what we said back in October 2024: MV2 extensions are still available to use on Opera, and we are actively working to keep it that way for as long as it’s technically reasonable."
Read: for as long as Chromium allows this via a flag.
addons for firefox were at first a way to test features. we only have devtookls because one person wrote an addon copying ie6 dev tool. next Firefox release it was part of the core browser.
Parent-poster just referenced past/future legislation in general.
The only other options would be convincing users to pay 5 bucks a month for their software, or have some Government fork over the tens of millions required to pay open source developers. And good luck with that.
This is not happening in my lifetime, of course it isn't. But by god does it need to happen.
Every single release is a step backwards.
Android 15 cannot hold a candle to what cynogenmod did on top of android 2.3. And that's objective.
I don't think you understand what that word means.
Regardless, your opinion (and mine) is irrelevant. People want at least some of the features of modern android, and any alternative lacking those is not going to be adopted by most people. Just look at how many people try GrapheneOS and find the minor things to be dealbreakers for them.
And as long as that's the case you can't expect people to vote for a scenario where they'll end up with a, in their eyes, worse product.
For the features you can read here for example what Android 16 changed:
It will cost a lot of money and as long as Google is still doing regular AOSP code drops, what's the point?
(And install GrapheneOS, the more successful open Android becomes, the better.)
- A refurbished Pixel works (except some weird Verizon locking that I heard about the other day).
- Pixels get really heavily discounted near the end of the cycle (e.g. 9a currently). Google probably doesn't make much on it if you are opting out of your ecosystem.
To say they don't owe you nothing seems like a betrayal on the promise that Android was an open platform (and open source).
> You are free to not use their products or start a company to compete
That's not an option as you are making it out to be. For a user switching means buying a new phone, repurchasing apps (if you bought) and maybe apps won't be even available to the new system, for developers that means all their knowledge about the system gone. Building a mobile operating system requires millions if not billions of dollars, years of work and convincing developers and businesses (hardware makers) to use your operating system. The barrier to enter is so high that telling people to just compete with Google is not a realistic solution.
[1] https://blog.google/company-news/inside-google/around-the-gl...
I guess they would not due that if they really believed some questionable synthetic construct like "intelectual property" really existed ?
Party B is allowed to choose not to sell in EU. If you wanna sell in EU you have to comply with EU rules. If you wanna sell in US you have to comply with US laws. That simple.
Tech has a strong tendency to favor outcomes with only a handful large players that make competition impossible due to network effects, etc., distorting the market. The Digital Markets Act was made to address this problem.
IANAL, but Google's Android changes seem like a fairly clear violation of the DMA.
This is typically hard for people from the US to grasp (I saw that you are not originally from the US though). In Europe, capitalism is not the end goal, the goal of capitalism is to serve the people and if that fails, it needs to be regulated.
---
As an aside, the lengths people go to defend a company with $402.836B yearly revenue :).
[1] https://en.wikipedia.org/wiki/European_single_market#Four_fr...
Especially when that ability has been established practice and depended upon for decades? And the gate-kept device in question is many users' primary gateway to the modern world?
There's nuance here, of course - I'm not morally obliged to help you run Doom on your Tamagotchi just because you want to do so. But many people around the world rely on an Android device as their only personal computing device (and this is arguably more true for Android than it is for iOS). And to install myself as an arbiter of what code they can and cannot run, with full knowledge that I could at any time be required to leverage that capability at the behest of a government those worldwide users never agreed to be dependent on? That would be a morally fraught system for me to create.
> especially as engineers who make their living by creating intellectual property and probably wouldn’t want to see control of it seized randomly
If these people try to use their intellectual property to control my device and hence my ability to do things, I want to have a say what they do. Yes, that is what software is: directions to machines. I own the machine, hence I want a say what it does. You are free to keep your intellectual property for yourself, if you want to.
(This obviously simplifies things, but ultimately we as humans still haven't found the one and only true philosophy or moral, and maybe that's not possible (I'm no philosopher))
It should be clear that having a small number of companies murder all competition and personal freedoms (like doing what you want to do with something you own like a phone) are in contrast to these basic values.
---
Or the alternative, more blunt answer: it does not require a moral justification. EU citizens directly elected the EP, the EP ratified the DMA. So Google can either comply or leave the EU as a market (which they wont do because it's too large and others would be happy to take it).
When 99% of government/banks/etc require you to use a certain service to access basic services, you need some way of ensuring you don't have to sell your soul to use it. Alternatives would be really great, but Google is part of a duopoly.
Just because you build the rails doesn't mean you get to decide who gets to use the trains.
It is though. They are actively working on increasing their marketshare. That doesn't happen by accident. They have chosen to place the interests of the corporation over the interest of their fellow people. They are fine to do that, because we separated that responsibility. Corporations can only chase for profit, because we have governments, that make the rules, so that chasing profits is in the interests of the people.
Maybe you don't like that, and that is fine for you, although I don't like that you don't like that. Maybe you want a society where might makes right. However a lot of people don't feel that way, hence why we outsourced that world model to the government.
People don't like that their neighbor is stronger than them and takes there stuff, so they pay feudal lords. Then the feudal lords want some security, so they outsource that to elected emperors. After a while the feudal lords misuse their power, so parliaments are invented. Eventually people have enough and demand voting rights. The elected leaders betray the people by sending them to war, so they created multinational institutions, that try to prevent this (EU). They haven't used their power to betray the people enough, so we are still fine with them.
"Wealth comes with obligations" is literally in my country's constitution. You, may don't like that, but I do. I think a lot of other people do as well. It is of course always for discussion how much.
When rephrased like the above, I think what you’re describing is pretty common in history. Many industries and assets have been nationalized when it serves the state’s interests.
IMO the moral justification is that there is no ownership or private property except that which is sanctioned by the state (or someone state-like) applying violence in its defense. In this framing, there’s little moral justification for the state letting private actors accrue outsized power that harms consumers/citizens.
This is kind of a "solved*" thing in theory, not so much in practice of course.
*solved meaning we have a proper process established
The truth is, I gave party C money for a product. Party B does not get to say anything about what party C gave me. And they absolutely do owe me something, and that is the use of the product they gave me for my money. Whatever their terms of service say about licensing versus owning should not trump the fact that I made a one-time purchase and I have physical ownership that they cannot revoke. This is not a car lease where I have a contract with the dealership and they can reposses the car if I don't make the payments.
Tell that to the locked bootloader.
> What you want is access to further intellectual property they develop (updates, features), that just so happens to be able to run on your hardware and ability to shepherd it in a direction you want and they don’t.
Well yeah, I am paying them with money (and data) and thereby with power and expect them in turn to provide directions for my device, so that is does what I want. That's kind of the deal. If they don't want to provide that, then they can just not accept my money (and data). They can of course produce devices, that to what they want, and want me to carry them around, but then they better pay me.
If they use the power I gave them against me, then I will demand my power projection as a service provider (aka. the government) to project power in my interest.
the hardware is specifically locked down with "trusted computing" features to facilitate this. It's not a random coincidence. The problem here lies in the network effects and the use of trusted computing. If my bank app mandates that I use "real deal 100% certified android", then I can't just develop my own OS. So it's an antitrust situation.
If every company in the world teamed up with MegaCorp and made their services contingent on wearing a MegaCorp shock collar powered by trusted computing, would you wear it? You are free to not use the collar... and starve to death in the woods I suppose.
I don't usually even care about intellectual property. It's a hack to grant a temporarily exclusive monopoly as a way to incentivize R&D. The R&D in this case is just solving the question of "how do we establish a larger monopoly". So why should the public be forced to uphold it?
Asking me if I am willing to violate intellectual property in this situation is like if I was being lowered into a pit of liquid hot magma and in order to get out I had to break the flag code or jaywalk or something.
> how would you feel if you were on the receiving end of such a dictum?
I continue to be astounded how people still just flat out assume that everyone must be a capitalist.
If I were on the receiving end of a dictum aimed at stopping immoral behavior, I would cease my immoral behavior. But I'm not going to be on the receiving end in the first place because I don't aim to do immoral things in the first place.
> We appreciate the community's engagement and have heard the early feedback – specifically from students and hobbyists who need an accessible path to learn, and from power users who are more comfortable with security risks. We are making changes to address the needs of both groups.
> We heard from developers who were concerned about the barrier to entry when building apps intended only for a small group, like family or friends. We are using your input to shape a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification requirements.
> Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified. We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months.
It is also true that they have not updated their developer documentation site and still assert that developer verification will be "required" in September 2026 [1]. Which might be true by some nonsensical definition of "required" if installing unverified apps requires an "advanced flow", but let's not give too much benefit of the doubt here.
0: https://android-developers.googleblog.com/2025/11/android-de...
In classic Google fashion, they hear the complaint, pretend that it's about something else, and give a half baked solution to that different problem that was not the actual issue. Any solution that disadvantages F-Droid compared to the less trustworthy Google Play is a problem.
I should have the right to have parents, friends or anyone use a "free" store that is not under control of Google if the user and app developer wish so. But also, somehow there should be something done to avoid the monopoly forcing to use the Google services. Like major institutions like bank, gov and co being forced to provide alternatives like a webapp when they provide app tied to the Google play store.
This was already the case for enabling sideloading at system level: it warned you. Nobody really says having this toggle is a bad thing, basically the user shouldn't get an ad network installing apk's just browsing around the web without their informed consent (and android has been found to be vulnerable to popunder style confirmations in the past).
They also already had the PlayProtect scanning thing that scans sideloaded APK's for known malware and removes it. People already found this problematic since what's to stop them pulling off apps they just don't like, and no idea what if any telemetry it sends back about what you have installed. There have been a handful of cases where it proved beneficial pulling off botnet stuff.
Finally, they also have an additional permission per-application that needs to be enabled to install APK's. This stops a sketchy app from installing an APK again without user consent to install APK's.
The question is: How many other hurdles are going to be put in place? Are you going to have to do a KYC with Google and ping them for every single thing you want to install? Do you see how this gets to be a problem?
For it to be truly considered open source, you should be able to fork it and create your own edits to change the defaults however you wish. Whether that is still a possibility or not, is a completely separate issue from how they proceed with their own fork.
It's my phone.
If you don't like their choices, you should be able to install other software you do like. There should be completely free options that people can choose if they desire. But the majority of people just want a working phone, that someone like Google is taking great pains to make work safely and reliably.
There is a difference between making a choice because there has to be something there (setting a default wallpaper, installing a default phone/sms app so your phone works as a phone) and actively choosing to act against the user (restricting what I can install on my own device, including via dark patterns, or telling me that I'm not allowed to grant apps additional permissions).
> For instance, should you be able to text message one million people at a time? You might want to, but Android doesn't offer that feature.
There's a difference between not implementing something, and actively blocking it. While we're at it, making it harder to programmatically send SMS is another regression that I dislike.
> Do you want to install spyware on your girlfriends phone? Maybe that's your idea of complete freedom, but the fact that Google makes it harder, is a good thing, not a bad thing.
Obviously someone else installing things on your phone is bad; you can't object to the owner controlling a device by talking about other people controlling it.
> If you don't like their choices, you should be able to install other software you do like. There should be completely free options that people can choose if they desire. But the majority of people just want a working phone, that someone like Google is taking great pains to make work safely and reliably.
Okay, then we agree, right? I should be able to install other software I like - eg. F-Droid - without Google getting in my way? No artificial hurdles, no dark patterns, no difficulty that they wouldn't impose on Google Play? After all, F-Droid has less malware, so in the name of safety the thing they should be putting warning labels on is the Google Play.
Google killed every other competition via dumping and shady business practices. Sure, you can go to iOS, but that is even more closed and restrictive, not to mention the devices are overpriced.
There are legitimate concerns being addressed by these feature restrictions.
So you draw the line between the bootloader and the OS. Other people draw the line between the OS and applications. Most (nearly all) people can't write either, so for them it is just part of the device.
> you don't get to tell them how theirs should operate.
I paid for it, and I allow it to be legal in the jurisdiction I (partly) control. So it is not only theirs anymore.
IMO the way this should work is that Google can make their software however they want provided they don't do anything to stop me from changing it to work the way I want.
Unfortunately, they've already done a lot of things to stop me from changing it to work the way I want. SafetyNet, locked bootloaders, closed-source system apps, and now they're (maybe) trying to layer "you can't install apps we don't approve of" on top of that.
That's exactly how it is. You're free to get your soldering iron out, or your debugger and reverse engineer anything you want. I don't mean to argue unfairly, but all we're talking about here is the relative ease with which you can do what you want to do. How easy do they have to make it?
As for their software, as delivered, there are literally an infinite number of ways that it stops you from changing it. Maybe you want everything in Pig Latin, or a language you made up yourself. Do they have to design around this desire? Do they have to make this easy to do?
I don't think the distinction exists the way you're trying to describe. If I should be allowed to install any software I want, surely that includes any .apk I want? Conversely, someone could make the exact claim one step down the chain and argue that you don't get to tell them how their firmware should work and if you want to install your own OS you should just go buy a fab, make your own chips, write your own firmware, and make your own phone. And that's absurd, because users should be allowed to run their own software without being forced to ditch the rest of the stack for no reason.
And the argument is the same lower down the stack. You shouldn't be able to tell someone how to design their firmware.
The only problem is where the law prohibits us from trying to undo these restrictions, or make modifications ourselves. It's government that restricts us, and we should focus our efforts there.
> And the argument is the same lower down the stack. You shouldn't be able to tell someone how to design their firmware.
Earlier, you claimed,
> They should be able to install any software they want.
but it sounds like actually you only mean that users should be allowed to futilely attempt it, not that there should actually be allowed to run software at will. If the firmware only allows running a signed OS, and that OS only allows running approved apps, then the user is not able to install any software they want.
You paid for it but Google still has the control. I understand that you prefers things to be different (as do I) but the reality is that we don’t have control over devices we paid for.
The law. The contract. The money I paid.
> the reality is that we don’t have control over devices we paid for
So, the reality is that a company is exerting ownership rights on things they don't own. If that is exclusive, then that is called theft.
You answered the question here:
> You paid for it
If you paid for hardware, legally that makes it yours.
> Google still has the control
Therein lies the problem. Google should not exercise such control over devices which are yours, not theirs.
I remember when big sites started having to put big banners in your browser console warning you that if you weren't a dev and someone told you to paste something there, you had been scammed, and not to do it. They had to do that because the average Facebook user could be tricked very easily by promises of free FarmVille items or the opportunity to hack someone else's account, and those are fairly low stakes bait. Now people bank with real money on their phones.
Anything else won't do.
That describes the current (and long-established) behavior. App installation is only from Google's store by default and the user has to manually enable each additional source on a screen with scare text.
I've lived through them locking down a11y settings "to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer", and it's a nightmare. It's not just some scare text, it's a convoluted process that explicitly prevents you from just opening the settings and allowing access. I'm not giving them the benefit of the doubt; after they actually show what their supposed solution is we can discuss it, but precedent is against them.
> Seems reasonable?
No. As I said before, any solution that disadvantages F-Droid compared to the less trustworthy Google Play is a problem.
Even that is a step too far in the wrong direction. Doesn't matter if it's free, or whatever, simply requiring an account at all to create and run software on your own device (or make it available to others) is wrong.
There exists no freedom when you are required to verify your identity, or even just provide any personal information whatsoever, to a company to run software on your device that you own.
Edit: this will likely exist "uncensored" in other markets but conform to the PRCs standards and practices domestically, similarly to how tiktok operated prior to selling a version specifically taylored to US censorship and propaganda.
You may theoretically find it advantageous to use such a system anyhow. To a first-order approximation, the danger a government poses to you is proportional to its proximity to you. (In the interests of fairness, I will point out, so are the benefits a government may offer to you. In this case it just happens to be the dangers we are discussing.) Using the stack of a government based many thousands of miles/kilometers away from you may solve a problem for you, if you judge they are much less likely to use it against you than your local government.
But China certainly won't put out an "open" anything.
As far as HarmonyOS i dont see many uptakes outside strict US free requirements as the other OEMs are lazy and also dont want to be locked into a competitor.
SailfishOS looks like its your time to faceplant once more , by not having a proper stratergy on monetizing on the many missteps from the current monopoly.I thonk at this point they need a leadership/biz stratergy overhaul - the tech is nice and polished, user demand is off the charts for an alternative . And they are just .. missing. Not even in th e conversation.
Where you been? They already had Huawei get kickbanned by Google and made their own OS (it's not more open): https://en.wikipedia.org/wiki/HarmonyOS
Not Google controlled for sure but also not open.
Maybe it's just my experience.
The US system is dying from lack of competition.
This is what lack of options does to a MF
Say it with me: “Living in a police state is bad no matter who’s running it”.
Google listened.
Blame the judge for one of the worst legal calls in recent history. Google is a monopoly and Apple is not. Simple fix for Google...
It's been our choice to drink this glass of wishful thinking while giving that company a solid dominant position in the market.
We ("you") can only make choices that will overturn that trend.
Fully opensource hardware with fully opensource software? Maybe, but also this is wishful thinking.
MSFT Market cap: 2.951T AAPL Market cap: 3.883T
Unfortunately, this mostly means using the closed android ecosystem.
I find it hard to believe someone would spend 4 hours and 9 minutes _per day_ looking at their banking app or using NFC payments.
I use NFC payments often, but I wouldn't say that amounts to more than a few percent of my total usage.
Everyone uses their phones differently, of course. I don't think your use is unbelievable or odd, but I do think your use patterns are not the common case.
whatsapp, phone, push authenticator, safari (having followed a link from a message), spotify, slack, mail, calandar, disney plus and camera
Do you not do any of that on a mobile device?
https://privsec.dev/posts/android/banking-applications-compa...
Google Pay does not work, but some other NFC payment apps do (e.g. Curve).
I run GrapheneOS and use several US-based banking apps. I'll not name them since I don't really want my HN account associated with my financials in any way, but I've got a mix of well-known national bank apps and smaller local credit union apps working.
I'll admit there is a single institution's app I've found that doesn't work, but that is just one of several that I use.
Maybe, but there's no technical reason for this. As I've mentioned before, I can do banking just fine on my Gentoo machine where the entire corpus of software on it, is FOSS and compiled by myself.
Laptops exist.
https://privsec.dev/posts/android/banking-applications-compa...
I'm using my GrapheneOS phone to log on to their web app without issues (though I typically only do banking on my phone, much more secure).
Edit: Someone also made a good point, one of my CC's I can barely even manage without the app since the website barely works.