Android users need to switch to Graphene.
Someone needs to create a Linux based mobile OS foundation - Google's domination is contrary to many large companies interests, and if Meta and many other such companies were approached, they may well donate large sums of money in their own strategic interests.
Google won't ever take a break until we all pay for YouTube Premium. I think this trojan horse is mostly because of apps like New Pipe, Vanced, SmartTube and ad blockers in general.
I use Android because it lets me install whatever I want on my phone, which it does not seem to me, controversial. The phone is either mine or it is not. I don't want Google's protection. Particularly, if I can't refuse it.
I understand the frustration (I'm an avid fdroid user across many many devices). But this article comes off as childish with the virus/trojan/"malware vendor".
With such an article, many (including perhaps google) get the ammo to disregard what fdroid says, by branding them as childish/not to be taken seriously. for eg: no reputable news org is going to post this.
PS: https://keepandroidopen.org/ is better done.
> In computing, a trojan horse or trojan is a kind of malware that misleads users as to its true intent by disguising itself as a normal program. [1]
Google is Trojans all the way down. What is the true intent of almost every Google product? Data harvesting.
Every single product is spyware of some kind. They've even managed trojanize TVs by subsidising manufactuers to ship their spyware.
While attribution is a strong weapon in fighting malicious software, persevering the ability to install and run anonymous software is essential to fight authoritarian regimes and corrupt systems. If we accept that only signed, permitted software can be installed and run on users’ phones, democracy and our freedom are doomed. Regardless if it is in the West or the East, or it’s against an AI overlord.
We can't make arbitrary changes to much of hardware and software we rely on. We can't inspect their designs, we can't reproduce them, sometimes we can't repair them. Sometimes we can't even tell that they're designed to act against our interests, and, if we do, sometimes we can't do anything about it. We are forced to choose between price and privacy, between interoperability with proprietary (or official) systems and liberty.
Android making another step in this direction is bad. But, let's not kid ourselves: we are neck deep in this cyberpunk serfdom, and have been for decades. If we were to get this Android win, it would be only a small win. I'm saying this not to be defeatist, but to remind us of the bigger fight.
How does this feudal goliath meet its end? When is enough enough?
Meanwhile in Luxembourg: Google loses fight against EU’s $4.7 billion Android fine https://www.msn.com/en-us/money/other/google-loses-fight-aga...
This change is so significant that it feels like they are changing the product after it is sold.
Could one stop this by disabling OS updates?
We finally live in an age when I can tell a clanker that I want an app that does something that I need, connect the phone with adb and in half an hour have a working solution for my tiny problem while knowing little about android development. This is something google should embrace, not kneecap.
I'm still a little bit confused why the EU does not take action in this. This is definitely a monopolist overreach which has to be shutdown from the beginning
Emotional talk aside, there's not many good solution to this problem, unless of course F-Droid starts to make their own phones.
But then, Librem 5 Phone was just failed few years ago, telling the story that people who care about their rights are still sensitive to how much they would pay (which is a form of rights too).
Also but, there is the thing, making a phone is not easy. If you reach deep enough, you'll eventually reach the layer where you realize how solid the monopolization has become. The global telecom standards if you read them is in the hands of few companies, Boardcom, Motorola, Huawei, Nokia and such. They'll control whether or not your phone can access the network. Then there's telecom companies who runs the network, and they might have to approve your device/modem as well since they got their channel allocation from the government.
It's not easy, and it's not just the software problem.
Oh and yes, we also have the software problem. Linux, if you want to go that route, cannot be used as a mobile OS, as least not for the public, because the average people don't know how to properly secure their system, and Linux is not a restrictive-by-default system. It will be a malware nightmare if you ship Linux on a phone as is.
The best hope for now I think is for geek vendors to make more mobile/4/5G enabled Fairphone or uConsole-like product to the enthusiast market, and then you can load whatever OS on it as you want.
I just launched an app in the Google Play Store. I did find it a bit weird that I had to provide my physical home address to get my app listed. Not sure what I would do if someone turned up to complain. Make them a cup of tea?
This would be the line for me. If at some point I'm unable to build an .apk and install it on my phone without Google letting me, I'm moving to Huawei.
I wanted to use an alternative mobile OS, but they only support expensive devices like Pixels or outdated models. So I am planning to port some open Android variant. Obviously, all Google Services will be removed and most proprietary apps too. I also want to be able to manually edit permissions and remove Internet access from most of the apps, even open source. It is inconvenient that Android actually has "Internet" permission but doesn't allow the user to revoke it.
I do not need Google Play (a collection of spyware, covertly collecting Wifi points and cell towers location in my country and sending them abroad), I do not need bank apps (I have a laptop for that) so I guess I will be fine. Obviously there will be no developer verification on my device as well, and I mostly use apps from F-Droid anyway.
Good thing about F-Droid is that they build apps themselves and you can always get the sources - unlike Google Play and Apple Store that provide no sources and unlike PyPi/NPM which allows sources to not match the binary distribution.
> looming requirement that all Android developers register themselves centrally
Does this somehow also apply to developers in China? Are Chinese OSs (Vivo/Honor/Oppo/etc.) entirely forked off of Google's Android?
Is the solution to just a Chinese phone without the Play Store?
Does this mean that apks that i've built and installed through adb will stop working? That would be a real damn shame.
related: https://keepandroidopen.org/ previously on hn
- https://news.ycombinator.com/item?id=47935853 (2 months ago, 889 comments)
- https://news.ycombinator.com/item?id=47139765 (4 months ago, 378 comments)
- https://news.ycombinator.com/item?id=47778274 (3 months ago, 68 comments)
I've just stopped using smart phones. If they aren't going to give me more freedom than a dumb phone, I have no reason not to use one
Would this also be a strategy to get all Android users to have a Google account? Once you are locked in to using Google's Play Store then can then require login to even install apps. I don't have a Google account. I never will. If I am required to get one to use my phone(Fairphone4, eOS) then I will cease using the phone. There is nothing in my life that requires me to have an Android phone.
Btw. This whole debacle made me to stop installing any Android updates. I've done my best to avoid installing even the security updates, so my diabetes apps continue working in the future.
I really need to take the time and go with Graphene OS in this device. My bank N26 kind of still allows it, but they made it harder and harder to use with certain custom checks. Looks like in the future I need a separate banking phone and my daily driver.
The device works right now how I want it. I don't want anything to change.
Android developer verification program, together with recent reCAPTCHA push [1], and Manifest v2 force depreciation on chrome [2], make one thing crystal clear. When companies like GOOGLE talks about things in the name of "your security", it's a sign that they want you to sacrifice your own things, e.g., privacy, freedom, etc., for their own security. And if you trust them and show your consent by doing nothing, you pay the price.
My Android 15 handset doesn't have com.google.android.verifier process. It could be a Ulefone thing. They're especially pro-user (ex:root friendly).
After many years of Android freedom and choice, this'll likely be the reason I switch back to iOS/Apple. If I'm forced into a walled garden, it may as well be the best one.
If they go through with this, I will make it my life's mission for the coming months to de-google my personal life and break any dependencies on google at work. Done with this nonsense. Shouldn't take more than a month to remove the tumor.
On my android phone:
My own launcher
My own keyboard
My own sync tool for local net
My own net tools to WoL some devices on my lan.
My own tool to control 3 proxmox servers
My own tool that parses groceries slips
My own tool that keep tracks of my vehicles events/lifecycle/purchases etc.
If they break my launcher/keyboard and my ability to use my phone in my customized way, they will NEVER see me as a client again. None of these apps are in the Play Store, they are signed with my own signing keys, which have never been uploaded to google, in fact, no google account is linked to these apps. These apps are also privacy-oriented (even the keyboard, I ship a 1mb dictionary with and it learns my own words, never transmits anything).
I will not give google my ID , neither Persona or anyone else. I'm very happy to go back to using bank card + chip + pin than use google wallet. Trust me I will walk away. I already move 4 family members off of Windows in the last 2 years, I will get them off google too.
I have already migrated my government and banking stuff off Gmail. I'm fine losing my access to HN but Google can't be trusted with serious shit.
This kind of speech will only go with fellow technical users, most folks buying phones at the usual phone operators won't care less.
All talk, no solutions from F-droid. What are they actually doing to solve it? Why not stand up their own vetting system? I'd love some technical solutions, instead this is just childish.
How does this affect the Fairphone? If I buy a Fairphone now (which I've been considering for months now) will I continue to be able to run F-Droid and load arbitrary apps, or does it come with “official” Android that will contain the restrictions?
It would seem to me that the best hse of resources here would be ensuring LineageOS ports to more devices than Pixels ASAP. Yet no one works on that angle.
This is just getting us ready for the coming police state in the US. Choose your ankle monitor: apple or google.
It's high time we ditch evil Android and switch to something libre.
I don't understand how this is legal in the EU under the DMA, does anyone know?
Why not replace F-Droid with a catalogue of links to open-source apps hosted in play store?
As user wouldn't you like knowing there is a non-verified app? Is it restricting And still providing way to override if you choose?
Imo the best way to act against this is promoting custom ROMs like Graphene OS in your circle
The frustrating part is that security features often look like malware from a technical perspective. The intent is different, but the capabilities can overlap.
What Google is doing is shameful. One of the promises of Android was being more open than the restrictive Apple ecosystem.
Now that they reached penetration they do the switch - under the guise of security.
Just let me do with my hardware what I want to do it. Let it be my responsibility to install whatever I want (and stop calling it "side-loading", as if I am doing something shady from the "side").
We need to resist this! Alas, from the broader response it seems that most people just do not care.
So, what's a good Linux tablet? I was thinking of trying an old Surface Pro.
So wait ... Google intends to enforce this on old versions of android?
A threat being masqueraded as protection is a deception. I now think this has been Google's modus operandi the entire time.
I think it's funny that they look at the phrase "malware or other harmful applications" and then only have an issue with the definition of "malware" rather than "harmful". Like, wouldn't "harmful" be FAR easier to apply in literally any case you feel like? "malware" sounds like it'd need some proof of malicious intent but "harmful" needs no such thing and is much looser.
isn't this like the ps3's otheros thingie? Where the advertised functionality of the device was crippled after the customers bought them?
Maybe I've too much faith in Google, but a part of me wonders if Google doesn't want to get sued for this change. After all, their competitors have similar systems. While Microsoft's is circumventable with a few click-throughs, it's particularly nasty in that their code-signing certs are comparatively brutally expensive, too much so for hobbyist projects generally.
If Google is looking at a world where all of their competitors are using first-party-controlled signing, it makes sense for them to wonder "why not us". And if they get sued for this, that would set the precedent for all of their competitors too.
At that point the playing field would be level and platforms would be properly open.
While I hate how user-hostile stock Android is (and it's getting worse, all because of Google's ad business model), these reactions are so blown out of proportion they might only teach Google to do it the subtle way, or use such changes as a smokescreen..
24 hour waiting time? Big outcry.. Anticompetitive permission system where apps can do not that much more than websites? Nah, it's fine..
Unless you unlocked the bootloader, you were NEVER able to install apps you want, as Google had the final say what those apps could do (the anticompetitive permission system where user is the third class citizen, vendors are second-class citizen and there's only one first class citizen - Google). We need to fight for the right to unlock the bootloader and then not be restricted by the actual malware that is Play Integrity.
This is more than enshittification, it feels like purposeful brand destruction.
Are governments going to institute more lockdowns? Is this some topdown control thing?
I will root this POS android phone I have and forego any Google Play services and just use it as web browser and a phone. Fuck these guys!
> Disguising itself as the innocuously-titled “Android Developer Verifier” (ADV) process, this trojan horse runs surreptitiously in the background as a system service with full root privileges, quietly awaiting an activation signal. The service cannot be blocked, disabled, or removed. Unlike a commonplace bit of malware, this extraordinary strain won’t be detected and neutralized by Play Protect (the malware scanning and remediation service that is installed on all Android Certified devices). In fact, Play Protect is itself the vector through which this virus is transmitted and installed.
> That is because it is Google themselves who is propagating ADV. And once activated, this malevolent process has exactly one goal: to block you from running software by developers who haven’t been approved centrally by Google.
The rest of the article is a claim that Google's new terms of service amount to "malware is any software we [Google] don't like."
It seems like Google is aiming for its own walled garden.
The temerity of Alphabet to claim to protect users from malware/spyware, when they are known to share all of your personal information and communications with the US government (Snowden revelations), is the epitome of hubris. And, also, in the world we live in, just another Thursday.
But even ignoring this - it is not for Alphabet/Google to decide whether, and how, I want protections. I want to be able to pick a sequence of bytes and install that as an application on my phone, without Alphabet having any say in whether that happens or not, and in fact without them knowing about it. It's my phone, not theirs, and the software should help me do what I need/want, not help them provide me their often-questionable services.
I've already disabled Play Protect ages ago because it kept removing apps I had installed through F-Droid. Actually, I almost only install apps via F-Droid. I wonder if the ADV will install with Play protect disabled ?
It doesn't solve the current issue, but in case we don't manage to push back on this, some people might not know that there are various actual linux OSes for mobile:
- SailfishOS: still linux based and seems fairly community inclusive, but the UI part of the stack is closed source. Is the only one officially allowed to run android apps, via emulation. Has existed for a very long time, it's lightweight and I think the most stable/bug-free in this list.
- Ubuntu Touch: fully open source and community driven, it uses snap packages for security, you might be able to run android apps. Last time I run it also seemed fairly stable/bug-free.
- PureOS: fully open source and privacy focused. I think it's the only one that, released with the Librem 5, can avoid using proprietary blobs for interfacing with the hardware. Seems less stable than SailfishOS and Ubuntu Touch. You would need to buy a fairly expensive-but-old phone(librem 5) to run it.
- PostmarketOS: fully open source, focused on being lightweight and revive old phones, has a huge amount of phones it has been tested on, is based on Alpine.
- Mobian: mobile version of Debian, it's fairly new on this list.
There are many more linux mobile OSes, but as far as I know these are the main ones. There might also be some inaccuracies on this post, I tested some of these a long time ago, and I never actually run the last 2.