This shouldn't just be "questions"; this should be a full-on opposition. Do not give them even an inch, or they'll take a mile.
"debugger vendors in 2047 distributed numbered copies only, and only to officially licensed and bonded programmers." - Richard Stallman, The Right to Read, 1997
I only have Linux PCs (laptops) and servers, 100% of my work and personal stuff is done there (though for work I do need to hop into MS365, Google Workspace, Zoom, etc, hooray for browsers, my final firewall between me and the walled gardens, though we can have a whole discussion on that).
For mobile, we have PostmarketOS, Phosh, Ubuntu Touch. I really must try living in them, is it on me? IDK, our government even has an identity app for iOS and Android. I should not be using it, I should stick to web. But its so much more convenient. I'm just weak, aren't I?
Maybe I should go for Ubuntu touch, with an iPad on the side or something. At least my most personal device is something I control then. Or just keep my Linux laptop handy (or make a cyberdeck!). But I want a computing platform that does not require carrying a bag. It's kinda sad. Even GrapheneOS (one of the most personal and secure mobile computing experiences out there)'s future is in the hands of its greatest adversary, the one that does not want you to have a personal computing experience.
In near future I’d expect locked down phones and pads become more prevalent than laptops/desktops and most people don’t even own something that is not locked down.
Great justification for switching to Graphene OS, more secure, more control, and google has to ask permission to install things and the play store is optional.
You can buy a completely open RISC-V chip and debug to your heart's content. x86 is also completely open, with only special outliers like XBox/PS5 even half-heartedly trying to disable third-party access.
Stallman's fallacy is thinking every system is perfect and unbreakable and that people have a perfect understanding of software and systems (for better or for worse)
People will be running pirated debugger copies if that comes to shove
99.9% of people DNGAF about OSS. They do care about doing what they need on their phone without malware/bloatware/nagware
Also publishing and development are separate activities
This is intolerable. You own the device. You must be able to run whatever you want on it. Locking or limiting your access to the stuff you bought is not only unacceptable, it's basically like saying you don't really own anything. You're basically leasing a device until the OEM decides you can't run anything on it anymore. Would people accept if a car manufacturer prohibited you from driving their cars in certain places?
I used to run Shizuku for my phone to run Hail (an app suspension tool). Now that my credit card bank start checking for USB Debugging I stopped using the app (and now my 3DS OTP has to be over SMS). I believe there's only two banks left in Thailand that do not check for one and it is just a matter of time, because any time these banks could have hired any of those "security" people who will ask why don't we block that.
So I moved to Dhizuku. It's a bit hard to setup, but once I'm done it's felt like untethered jailbreak - I don't have to complicated dance to start Shizuku now. Dhizuku basically make your phone a company phone, except it report to you. To setup a "managed main profile" you'd need to remove all accounts visible in Android account system and type a long ADB command so I don't think it can be maliciously done.
I suppose this will be how we'll use F-Droid in the next year for enthusiasts.
It's your device and you should be able to do what you want. I do want to point out though that in your specific case, your use of such tools, whether Shizuku or Dhizuku does actually affect the security of your device and could easily be exploitable. And yes, even lending the DeviceOwner permission to another app temporarily is not great...
However, it's problematic if the banking apps also block regular configurations on something like GrapheneOS, e.g. by inspecting the initial call stack of an app. There are many such trivial to bypass ways of doing root detection and most are easily circumvented anyway.
It must be left up to the device owner to decide if they want to have side loading app of unverified developer disabled or not. Period. There is nothing more to it. If there can be setting on phone to unlock bootloader, then there can also be a setting for this.
I'm absolutely against this and for similar reasons have boycotted Apple for my entire life on hard ideological grounds, but not everything is "fascist" lol. Don't misuse the term.
In any case, I hope this blows up in Google's face hard, ROMs like LineageOS become as popular they were back in their heyday, and root hiders get extra attention too so banking apps etc work seamlessly as on non-rooted phones. Requiring some developer ID crap is essentially as bad as Apple has it, reason for which I've always considered developers having Apple phones quite unserious.
Already starting on macos. Gatekeeper had setting where you could allow any app. Now it is removed. While still possible to allow individual app (you need to do it after every OS update), trajectory is now clear.
I asked an LLM, so I think I get it but could you try to mention what is meant with "Stallman was right"? The reason I'm asking you and not posting the LLM answer is because it still feels a bit icky to post an LLM answer for everything I don't understand [1].
[1] Feel free to discuss this too, if you want. I'm developing my opinion on it.
I'm all for calling out fascist behavior when it is spotted, but let's not muddy the waters further. This word is already denatured enough.
This is not fascism, this is just a rational move from Google in a market economy. It feels like every time something like this happens, Americans rediscover what capitalism is and implies, then blame it on "human nature", "greed" or "fascism".
Presumably this won't apply to Chinese OEMs, since even though their devices do ship a disabled by default Google Mobile Services (without the user facing Play Store APK), it obviously would not be suitable to require Google involvement for developing internal apps. The OEMs could set up such a debug licensing service themselves, but each of them would have to do it themselves, and then it would be impossible to debug Google-based apps on the devices.
Many Chinese OEMs are not Google certified, so it won't for sure apply to them. Some (Huawei) even had to implement their own app store and replacement for Google services. They are basically de-googled devices, though, sadly, often loaded with spyware from the other camp.
If anything, this is even worse than what Apple does. iPhone users frequently argue that the inability to install arbitrary software is a feature in their eyes, one of the things that attracts them to the platform. I disagree with their argument, but in fairness I must admit Apple has never pretended that an iPhone is a device you control. They have always been very up front that it is a curated experience, their way or the highway. It's distasteful to me but they're honest about it. What Google is doing is a bait and switch to so many users who chose their platform specifically because it was open.
Those questions may make some users uncomfortable, but it's wishful thinking to believe they would make Google uncomfortable. Google doesn't care in the slightest about these issues.
Agreed. PR departments are paid specifically to weasel around questions like this. If anything, it's in Google's interests because it gives them something to claim they're cooperating with.
I'd guess that the main reason Googel has done this is to prevent side-loading of messenger apps, such as Signal, with true end-to-end encryption. Such messengers would be very difficult to surveil at scale. You might ask why not to simply install these apps from Play Store? The reason is Google demands signing keys for all apps, so it can impersonate the developer, inject any spyware, rebuild the app, sign it and make it look untampered. Side-loading bypasses this entirely.
Individual privacy and anonymity matter substantially less when Governments are basically decent and play by the rules, and so it seems there is a tendency to value convenience and utility over privacy and anonymity.
When Government goes bad, suddenly we are faced with the utmost need for privacy and anonymity, but we may by then be in a situation where privacy and anonymity are difficult to obtain, with all the consequences that then flow from that.
Yeah, that's what a lot of us have been saying for decades.
But notice that Google is doing this as the government in its home country is going bad (or at least getting dramatically, qualitatively worse than it has already been).
>The developer of ICEBlock disclosed his identity. In addition to receiving threats of federal prosecution over the app, the developer has faced other backlash, including his wife being fired from a federal government job.
This is the sort of thug behavior you see in CCP China. If the govt can't directly detain overseas dissidents or other "undesirables", it goes after their families back in the mainland.
Android is no longer open-source, with a move like this.
In the past few years, it has become obscene how emboldened the corpos have gotten with how far they are willing to push to mine every last crumb of data, eager to sell it to dangerous government bodies.
You americans are strange. Your government makes arbitrary arrests, illegally searches phones, massively de-funds science and health projects, and only a handful of people demonstrate.
Now a company wants the identity of the companies it works with because it distributes their software, and it looks like a massive "scandal". Well at least I am realistic that the "scandal" is only within certain circles.
Google always knew the identity of companies whose software it distributed (via Google Play), now it also want to know the identity of software developers it has nothing to do with. Get your facts straight next time before writing a snarky comment!
They know the days of the app-store monopolies are ending so they are now implementing apple-style notarisation - which they could have done years ago, but never seemed to need to until now...
IMHO, thats is them still having an unfair control over the android market so the EU will come for them eventually - and no doubt they will implement some other devious bullshit.
Ideally the world will wake up and realise multi-sector megacorps simply should not exist and split them all up accordingly - but I'm not holding my breath.
[+] [-] userbinator|6 months ago|reply
"debugger vendors in 2047 distributed numbered copies only, and only to officially licensed and bonded programmers." - Richard Stallman, The Right to Read, 1997
[+] [-] teekert|6 months ago|reply
I only have Linux PCs (laptops) and servers, 100% of my work and personal stuff is done there (though for work I do need to hop into MS365, Google Workspace, Zoom, etc, hooray for browsers, my final firewall between me and the walled gardens, though we can have a whole discussion on that).
For mobile, we have PostmarketOS, Phosh, Ubuntu Touch. I really must try living in them, is it on me? IDK, our government even has an identity app for iOS and Android. I should not be using it, I should stick to web. But its so much more convenient. I'm just weak, aren't I?
Maybe I should go for Ubuntu touch, with an iPad on the side or something. At least my most personal device is something I control then. Or just keep my Linux laptop handy (or make a cyberdeck!). But I want a computing platform that does not require carrying a bag. It's kinda sad. Even GrapheneOS (one of the most personal and secure mobile computing experiences out there)'s future is in the hands of its greatest adversary, the one that does not want you to have a personal computing experience.
[+] [-] markus_zhang|6 months ago|reply
Even laptops can be locked down too.
[+] [-] sliken|6 months ago|reply
[+] [-] cyberax|6 months ago|reply
So the "Right to read" is still bonkers.
[+] [-] raverbashing|6 months ago|reply
People will be running pirated debugger copies if that comes to shove
99.9% of people DNGAF about OSS. They do care about doing what they need on their phone without malware/bloatware/nagware
Also publishing and development are separate activities
[+] [-] qalmakka|6 months ago|reply
[+] [-] p0w3n3d|6 months ago|reply
It's already happening. The greediness of vendors, the ignorance of users...
[+] [-] jasonfrost|6 months ago|reply
[+] [-] whs|6 months ago|reply
So I moved to Dhizuku. It's a bit hard to setup, but once I'm done it's felt like untethered jailbreak - I don't have to complicated dance to start Shizuku now. Dhizuku basically make your phone a company phone, except it report to you. To setup a "managed main profile" you'd need to remove all accounts visible in Android account system and type a long ADB command so I don't think it can be maliciously done.
I suppose this will be how we'll use F-Droid in the next year for enthusiasts.
[+] [-] cuu508|6 months ago|reply
I don't have a banking app installed on my phone. When I need to make a bank transfer I sit down at the computer.
[+] [-] sureglymop|6 months ago|reply
However, it's problematic if the banking apps also block regular configurations on something like GrapheneOS, e.g. by inspecting the initial call stack of an app. There are many such trivial to bypass ways of doing root detection and most are easily circumvented anyway.
[+] [-] pixelii|6 months ago|reply
[+] [-] sschueller|6 months ago|reply
Shame on Google and Apple, it was always clear this was the end goal and next up is also your PC.
Right after will come the removal off apps they don't like and there is nothing you can do about it.
Stallman was right
[+] [-] pjmlp|6 months ago|reply
[+] [-] maxlin|6 months ago|reply
In any case, I hope this blows up in Google's face hard, ROMs like LineageOS become as popular they were back in their heyday, and root hiders get extra attention too so banking apps etc work seamlessly as on non-rooted phones. Requiring some developer ID crap is essentially as bad as Apple has it, reason for which I've always considered developers having Apple phones quite unserious.
[+] [-] enriquto|6 months ago|reply
Even the language we are using to describe the situation is problematic. Why do we say "side-load an app"? It should be just "run a program"!
An OS that doesn't let you run programs of your choice is laughable.
[+] [-] timeon|6 months ago|reply
Already starting on macos. Gatekeeper had setting where you could allow any app. Now it is removed. While still possible to allow individual app (you need to do it after every OS update), trajectory is now clear.
[+] [-] mettamage|6 months ago|reply
[1] Feel free to discuss this too, if you want. I'm developing my opinion on it.
[+] [-] unknown|6 months ago|reply
[deleted]
[+] [-] thrance|6 months ago|reply
This is not fascism, this is just a rational move from Google in a market economy. It feels like every time something like this happens, Americans rediscover what capitalism is and implies, then blame it on "human nature", "greed" or "fascism".
[+] [-] j-krieger|6 months ago|reply
[+] [-] notpushkin|6 months ago|reply
Discussion: https://news.ycombinator.com/item?id=45030967
[+] [-] morpheuskafka|6 months ago|reply
[+] [-] xyzal|6 months ago|reply
[+] [-] swe_dima|6 months ago|reply
[+] [-] bigstrat2003|6 months ago|reply
[+] [-] bambax|6 months ago|reply
[+] [-] Disposal8433|6 months ago|reply
[+] [-] BrenBarn|6 months ago|reply
[+] [-] n4r9|6 months ago|reply
[+] [-] kstenerud|6 months ago|reply
https://en.wikipedia.org/wiki/Epic_Games_v._Apple
If Google controls verification, then Google - not Epic - controls who can distribute Android apps on the Epic store.
[+] [-] Andrex|6 months ago|reply
But I was wrong about them even ever attempting something like this so who knows.
[+] [-] akomtu|6 months ago|reply
[+] [-] blueg3|6 months ago|reply
[+] [-] casenmgreen|6 months ago|reply
When Government goes bad, suddenly we are faced with the utmost need for privacy and anonymity, but we may by then be in a situation where privacy and anonymity are difficult to obtain, with all the consequences that then flow from that.
[+] [-] Hizonner|6 months ago|reply
But notice that Google is doing this as the government in its home country is going bad (or at least getting dramatically, qualitatively worse than it has already been).
Some people see features where others see bugs.
[+] [-] eviks|6 months ago|reply
Not really, there is no discomfort from something they can easily ignore.
[+] [-] curt15|6 months ago|reply
This is the sort of thug behavior you see in CCP China. If the govt can't directly detain overseas dissidents or other "undesirables", it goes after their families back in the mainland.
[+] [-] m00dy|6 months ago|reply
[+] [-] Varelion|6 months ago|reply
[+] [-] jerome-jh|6 months ago|reply
Now a company wants the identity of the companies it works with because it distributes their software, and it looks like a massive "scandal". Well at least I am realistic that the "scandal" is only within certain circles.
[+] [-] lII1lIlI11ll|6 months ago|reply
[+] [-] supermatt|6 months ago|reply
IMHO, thats is them still having an unfair control over the android market so the EU will come for them eventually - and no doubt they will implement some other devious bullshit.
Ideally the world will wake up and realise multi-sector megacorps simply should not exist and split them all up accordingly - but I'm not holding my breath.
[+] [-] pastage|6 months ago|reply
[+] [-] sdex|6 months ago|reply
[+] [-] unknown|6 months ago|reply
[deleted]