- don't exist
- exist until you get deleted
You seriously prefer the former?
I'll probably end up doing that btw. For now I'm still fighting the "have control on 1 device" battle, simply not using things that require a locked DRM state (no 2FA government login for example, limited bank choices, soon no age verification, etc.) until that's no longer tenable for me. I'll be among the last 0.02% to give in, judging by how it's going today (not even 99% of tech people seem to care that they're not the admin on their own device). We're on the same side with the same goals here, but I'm simultaneously also looking at what realistic remaining options are for my friends, family, and semi-child
> The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.
For example, there is an annoyance that happens sometimes with apps that are distributed in both F-Droid and Play Store related to updates. F-Droid and Play Store will think they both can update the app (they have the same tld.what.ever identifier) but the signing keys only match the store they were installed from. I think F-Droid is now a bit more careful about this and only tries ones it has specifically installed. This is different... but somewhat related.
F-Droid in general is a model good actor as far third-party app stores go, but from the perspective that malicious app stores might exist you would want to try and isolate apps from each other (and prevent unauthorized re-distribution of tampered versions etc). I think what Google is doing forces apps in each store to be cleanly namespaced from each other and prevent collisions (accidental or otherwise). This lets each app store tend and be responsible for its own walled garden.
We don't need a work around. We need Google to stop killing our apps.
Frankly, I don't see why anonymous app distribution is necessary. The "I own my own device goddammit" thing is hobbyist category. Why should it be friction-less to install crap that has no provenance? That specifically seems like a really dumb hill to die on.
adb doesn't help F-Droid, but that's clearly a very different thing (at least as I see it).
Ironically it all started with Cydia and "hacking" the iPhone until executives understood they can make a cut.
The EU did help to some extent by requesting Apple to enable non-appstore apps. but sadly, instead of doing the right thing of simply having a user switch that allows me to decide if I want to put my device at risk, they went with provisioning that seems to be agreed.
So now, we're getting the same slap from Google/Android which I must say very strangely gets blessing from very specific governments:
> The requirement goes into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified device in these regions must be registered by a verified developer.
You can still install via cable or adb but less tricking peoples grandparents to download malware.
Now they need to trick developers to release malware or scam apps which is a little more difficult.
I can imagine crooks paying some random junkie / drunk 100 dollars to become a "verified developer"
But pesky adblockers are malware and thus will get barred.
It's about money, of course.
(Discussion link: https://news.ycombinator.com/item?id=45087396)
> “Installation Information” for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made.
At the moment, the workaround here is that keys can technically just be generated on the fly (with some caveats). With Google's new requirements, that's not possible.
But if you're just a developer who ship software GPLv3 software for Android, you are good because any developer that want to modify your software on their phone can, as long as they register to Google to get these keys. It should therefore be respecting the licenses.
But that's just my interpretation.
Pretty sure the GPLv3 requires you not have any such barrier.
The paragraph cited by GP is from the explicitly about "convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term". So in other words, only if you sell hardware with binaries under GPL.
Also, from reading other comments, it seems it would still be possible to use the adb console to load apps without having signatures? So that should cover it as far as the GPL is concerned.
----
'“Installation Information” for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made.
If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information.'
----
In this context, the "User Product" would be the phone, as defined in the previous paragraph of the license.
However, now that I think about it, the fact that "unauthorized" apps can still be installed via ADB exception may cover this?
As soon as e.g. an Iranian user gets access to your GPLv3 app, you've got a problem. They cannot register with Google (due to sanctions), but you are responsible for ensuring they can install and distribute their modified app just as you have.
That part of GPLv3, commonly called the "anti-Tivoization" clause, only applies if you "convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized)".
This was narrowly written to only cover situations like Tivo, which was a hardware vendor locking down GPL code on the hardware they sold.
Personally, I think that the GPL is still compatible with both platforms, as I've written about before[1]. There's plenty of GPL software on both the Play Store and App Store (Signal, Element, Wordpress, SimpleNote, Bitwarden, Mastodon, Telegram, and Proton Mail, just to name a few), but people tend to feel that iOS is a more hostile environment. The mandatory developer registration requirement may bring a more even-handed assessment of how the GPL and these app stores can live together.
This is not just another technical challenge. If your country is ever in the crosshairs of "American interests" and bears the brunt of its sanctions, it is possible that you cannot install apps from your fellow citizens i.e. your own local government, bank and store apps.
Countries that are likely to face sanctions are also likely to be predominantly Android users, so it affects them disproportionately. Good luck teaching your fellow citizens to root phones their phones(which is getting hard and outright impossible on certain phones) if that happens.
This is a real challenge that countries need to think and plan for.
This. It gives too much freedom to people.
but the same processes that put the orange man there put similar people in other places too
and similar sentiments led to voters preferring authoritarian measures
15 years ago this is exactly what we said was going to happen with the normalization of Apple's locked down ecosystems, and now here we are.
And like I said, I do not believe this move is because Apple paved the way. If they hadn't, Apple would make a similar announcement to Google now in 2025.
One could argue whether Phones with the Google android were ever really open.
As for the really really open phone with alternative OS or Linux based OS, they will continue to exist as before. Perhaps even become more popular after this?
In recent years, you can argue that android has no longer been open. In the early years of Android that argument would be much harder to make. To be clear, I am not talking hardcore FOSS libre open. But meaningfully open for the end user to do what they want on their device without much restriction. Early android didn't have sandboxing, had no permission system, was easy to root, etc.
Certainly with Nexus devices you had pretty much the freedom to what you wanted.
Could it have been more open? Sure, but I feel like it is almost disingenuous to say it was never if we are comparing it to the real world situation we find ourselves in today.
That didn't make the system less open though. The user gets to make an informed (or not) choice.
What was different is that the Play store back then was basically a free-for-all. There was no meaningful approval process. This did contribute to making the system as a whole more open, but at a cost...
* Guessing you have to search for Fennec to get a relatively respectful Browser is one thing; no banking, doctors, taxi apps rules out anyone who has ever run stock.
Jumping from a shark to another is maybe not the solution we should aim for.
I released an app on the Ubuntu Touch store: took a minute to fill in the form and then you get people giving you feedback/help if anything doesn't work (since you can link your source code too).
If you were to pick 3 apps which you needed to have running to switch, what would they be? (if too personal, pick from your top 10)
What's the current state of hardware? Is there a phone that's decent at being a phone, with an OK camera and a battery that last through the day running Ubuntu?
What's the current state of Waydroid? Any chance to get my banking apps running, or at least standard fare like public transit apps?
UbuntuTouch as an OS is quite refreshing as it's not just a copy of Google/Samsung/Apple UIs. I like how they use the sidebars.
Definitely it still needs more work on getting more devices fully supported but that's an ever going effort, since OEM do not provide any help here (for now).
Launching a mobile OS with all that software already available was miles better than what Android can offer today: loads of things exist open source for Debian that haven't been recreated as an Android app (closed or open) because the OS doesn't allow it anyway. Let alone when the project was started in 2011!
Conversely, in the 14 years that Ubuntu Touch now exists, Android developers have been busy and you'll now find mobile software that can do things that laptops can't, e.g. because they're not normally put in a car as a navigation device and don't normally have GNSS built in. So now we're in a state where you'd think: why not take AOSP and run with it? But fourteen years ago you'd think: wouldn't it be amazing if we could just run all of our tried and true software on a phone? (Fwiw, that's exactly what I did when I got my first Android (and still do today): get root and install a Debian userspace to run tools within, such as Restic for backups. I compiled a Bitcoin miner for ARM back in the day just because that would be fun and cool. There's so much you can do when you have a Linux distribution in your pocket!)
So I see your point, but consider the history. My understanding is that this project comes from a time when it made perfect sense. By now, though, I wonder the same. But I haven't tried Ubuntu Touch yet so I can't really speak ill of it and say we should use AOSP instead of them
Yes but the most of the packages are either CLI tools (not really usable on a phone) or tools with desktop GUI (with tiny elements, not usable on a phone). And probably there is a way to port Wayland/Pipewire to Android, which seems an easier task that writing full OS.
For example, take GIMP, or Qucs (electric circuit simulator), or Kdenlive (video editor), or LMMS (audio editor), in their current form they would be unusable due to tiny UI elements. One needs completely new UI for small screens.
> There's so much you can do when you have a Linux distribution in your pocket!)
Maybe but I am not really interested in compiling anything, I have a laptop for that, I am interested in having an open source OS without restrictions, telemetry and backdoors.
I had an iPhone 7 for testing I bought on eBay. I had my icloud account logged into it. One day, I couldn't log in to the account despite having a correct password - "account is locked and cannot be used". It won't let me log off from the account on the device. So now I have an icloud-locked e-waste paperweight. It was an old device so I don't care much but purely on this experience I am not buying an apple device ever again.
I hope there will be more truly open devices in the future eventually... otherwise I will just start considering smartphones being 2FA/banking bullshit proprietary tracking/spying devices and avoid use them sporadically..
This is one of the main things keeping me tied to the Google ecosystem, a lot of services require me to have an app that's only available on the play store.
I don't have any financial stuff on my phone. More secure.
> microG GmsCore is a free software reimplementation of Google's Play Services. It allows applications calling proprietary Google APIs to run on AOSP-based ROMs like LineageOS, acting as a free replacement for the non-free, proprietary Google Play Services (sometimes referred to as the more generic term "GApps"). It is a powerful tool to reclaim your privacy and freedom while enjoying Android core features (although apps you use that take advantage of it may still be using proprietary libraries to communicate with microG, just as they do when communicating with the actual Google Play Services).
Source: https://github.com/microg/GmsCore/wiki
I add the official MicroG repo to my F-Droid using this QR code: https://microg.org/fdroid/repo/
Also, I download apps (like my UK banks) from official Play store using Aurora Store, which connects to Google servers directly to download the APKs, keep them updated, etc. No need to use those dodgy APK websites. Aurora Store is itself also available on F-Droid too.
I guess in time Google will target these apps :(
So, I complete LineageOS installation without MindTheGapps, then install fdroid, add the microG repo, To install any Playstore dependent application use aurora store.
No gotchas?
This comes preloaded with the MicroG settings app, so no need to install the extra FDroid repo. But otherwise yes, Aurora Store gets you access to all necessary proprietary apps.
I haven't tried it but apparently Aurora Store also supports login with your Google account, which means you can download apps you've paid for on the Play store directly.
Of course government, banking, McDonalds and other apps ban non-Google versions of Android, so you might be stuck with either Google or Apple until lawmakers catch up with this situation.
https://grapheneos.org/articles/attestation-compatibility-gu...
It is convenient though and I've used it from time to time. I prefer "APKUpdater" for one-off play store downloads which I think uses the same client code aurora does: https://github.com/rumboalla/apkupdater
My bank provides the APK of their app directly on their website, and it supports updating itself after that. Actually a surprising amount of apps do this!
Other proprietary stuff I either get from RuStore (Russia-specific), or occasionally from APK mirrors / Aurora. At the moment I have no such apps (they're usually for some specific thing, e.g. an airline app that I need for a day or two).
I don't believe that regulation these days can stand against corporate interests. I have seen this happen many times already. So what can I as a consumer do? The two practical options seem to be either Apple or Google.
https://grapheneos.org/articles/attestation-compatibility-gu...
I/We managed to get two apps (banking and eID) to remove SafetyNet attestation through complaining a lot.
Yes. Not sure about "privacy violating" though. But since its not open source I have to trust them...
MyGov, Centrelink, ATO and other government apps all require it.
The "tiny subset", in Australian terms covers, "things you are required to use".
Controlled distribution:
https://onlinesafety.org.au/wp-content/uploads/2025/07/CLEAN...
Controlled hardware:
https://onlinesafety.org.au/wp-content/uploads/2025/07/CLEAN...
Not to be the strings on the pegboard guy, but, it's all looking to be connected, and it's all looking to be the natural outcome of organizing our societal value systems around profit motive and letting gigantic inhuman profit-seeking algorithms (corporations) run rampant and allowing capital to be transferable to political power.
Walkaway by Cory Doctorow seems the most feasible path forward for people that are tired of this sort of society. Modern society seems too prepared to be able to overcome with widespread revolution, and in any case such an overthrow seems too vulnerable to co-opting by bad, authoritarian actors.
What use is this decomposition in case of the undeniable enfascistification of the world, other than giving a set of bullet point excuses for the devil's advocates?
It is, but the longer the general public plays ostrich in the sand and prefers losing their tail feathers one by one to unburying their eyes and admitting where all this has been going, the more enormous it will be.
[^1]: My employer paid for it. I never would pay for the crapware full of uninstallable stuff I don't want. Is Pure Android still a thing if you don't want to pay The Evil Company?
[1] https://www.androidauthority.com/samsung-galaxy-phones-new-u...
1. Samsung hasn't adjusted the product roadmap yet.
2. Samaung plans to modify Android to remove the extra checks that Google wants.
But most of the time it is easy to disable most of the Google apps through the built-in settings without using any 3rd-party tools.
An optional advanced security feature targeted at non-typical users doesn't seem like a good indicator of this statement.
(Typing this on my 3rd phone, Sailfish OS. Unfortunately the software lacks sufficient maintenance efforts and the hardware does not suit me for primary phone use)
https://grapheneos.org/articles/attestation-compatibility-gu...
I recently tried to install Thunderbird email on my 17 year old's phone so he could access our self-hosted email for education, jobs, government things that young adults require. After jumping through hoops with age verification it turned out not to be allowed for his age for some unfathomable reason. Increasingly content providers, app stores, os providers etc are coming under chilling industry codes here requiring age verification and age restriction. So I used f-droid so my young adult could start making applications.
What I see as freedom might look a lot like circumvention to regulators.
As all the big commercial services step into line with government codes and turn restrictions to their commercial advantage I am not sure where that leaves those of us who use FOSS software. My apps come from Flathub, arch, debian, f-droid not Apple, Google, or Microsoft stores. My devices come OS free when possible. The volunteers involved haven't participated in the development of industry codes and aren't in a position do all the compliance stuff that governments increasingly demand from tech companies. How much longer will free and open source be tolerated?
There are some compelling reasons to regulate tech companies for the benefit of society and I often have no issue with the intention. The problem is governments invite the industry to design the regulations and it quickly turns into regulatory capture.
If vendors were to start locking out competition or further invade privacy it would upset government regulators but now they can point at another regulatory authority and claim they are forced to do these things to protect the kiddies.
ok, but what does that mean? Identification, and a fee for that service? Is this unreasonable?
If they were to require subscribing and paying a fee to use their required online service to be able to use the hardware, that sounds like https://en.wikipedia.org/wiki/Tying_(commerce)
Also, Tying is usually applied for unrelated, unnecessary, or non-beneficial services. It's not obvious to me that it applies here.
It doesn't matter much, you pay it regardless.
> Also, Tying is usually applied for unrelated, unnecessary, or non-beneficial services.
Yes, Apple and Google charge 30% for basically nothing.
I know some people will complain about that. They will say, "no, they do stuff!"
From what I've seen, they do as close to nothing as possible. Malware makes it through, deceptive apps make it through, nobody gives a single fuck. If you report anything to Apple they will spit in your face. They do not care.
This is less of a service fee and more a of a mafioso "pay me, for your sake" type fee.
I am talking only about this specific developer fee wrt registration and identification, not fees associated with using play store or otherwise.
From what I can tell, it is a fixed, one-off $25 for an account, with a plan to have a free account option for "limited distribution" developers (hobbyists, students, families and small businesses fwict).
What store fees should we be paying just to be able to run our own software, and friends' software, on our own hardware?
I don't see a hypothetical here. It's how Android has always worked
> How much longer will free and open source be tolerated?
I don't think they have a choice. Imagine what would happen to Google if half their software stack was Oracle and the EU had backdoors in to all of the management and CEO's devices and private communication. Why not use Chat Control to verify that they are complying with the spirit of EU law? Turn on the remote microphones while they are at it too.
On one hand we can lament the death of open source. Yet, open source has never been healthier. There has never been more open source software available to use and in development. Even when in it comes to AI, the best open source models are actually really damn good, better than anything that existed roughly 12 months ago. As much as Google, Apple, and Microsoft want to force you in to their closed ecosystems they fear being locked in to their competitor's closed ecosystems even more!
This could be a 10 page comment, but yes, the regulatory environment is a real threat to open source and the open internet in general. Most of those threats have been coming from the EU, with things like Chat Control and PLD. Which is unfortunate, because the future of the free world will rest entirely with the United States (Also possible that the EU will be dissolved, the monetary union will have a very difficult time during the next financial crisis.)
On the other hand, software developers and users, have become too reliant on Android which is functionally a fake open source project now. I can't think of a stronger incentive to stop Android development than telling them you can't develop here without paying us.
The full text training data isn't really shareable though. Since it is copyrighted when it comes to plebs like us reading them.
If I have no options left and must live in a walled garden, I suppose I’ll choose the one with nicer flowers.
A small call to any googler on the thread - put your support towards this internally. I understand the internal dynamics, and it may seem current option is best amongst imperfect choices, but in this case F-droid is right in that closing out anonymous (but good) software is a line crossed with peril for any open ecosystem. Today it's play store, tomorrow it will be the web, and that will have a significant negative impact on Google.
What's wrong about the current situation? Why imperfect?
I have had Android phones starting from G1, and never had any problems with them, that I could install any APK that I wished on my own hardware. There's nothing imperfect for me, as a user. What's "imperfect" is that there are apps like ReVanced and PipePipe that deprive Google of the advertising revenue. But that's imperfect for Google, and perfect for the user. Just charge me 30 bucks for Android OS instead.
I do not agree with your supposition. Like the parent using the G1 as I did (and still have it), never used a spreadsheet app on any of my many, many phones both personal and work. I am/was a systems engineer by trade.
> Last I checked, there was no spreadsheet in F-Droid
The most popular viewer is the LibreOffice one[1], which can handle ODS and XLS (amongst many others) formats. You may have meant editing/creating which I agree they're not around. See item (1) above though.
> largely because it's a relatively small ecosystem, and most Android users still aren't using F-Droid
Or possibly, a large number of users simply do not need or use generic spreadsheet apps on their mobile devices, which is why I disagree with your opening statement as I am a direct counterexample.
1. Cellphones are a kind of personal computer.
2. Numerical computation is something that computers, personal or otherwise, are very good at. Conservatively, your cellphone is ten orders of magnitude faster (ten billion times faster) than you are at tasks like averaging a set of numbers.
3. The spreadsheet user interface is expressive enough for many numerical computations† that are impractical to carry out with more limited user interfaces such as pocket calculators, but it is simple enough to understand that large masses of people can take advantage of that expressivity. (The popularity of VisiCalc on early personal computers such as the Apple ][ is one piece of evidence for this.) It is the "low-code development platform" that inspired all the current no-code and low-code platforms.
4. Such numerical computations are so commonplace in many people's lives that they do them on their cellphones, despite the small display and lack of a keyboard; one reason is that many people have cellphones as their only programmable computers. When they do such complex numerical calculations on their cellphones, they often use spreadsheets to do them.
5. Therefore, we should regard the availability of spreadsheets as a central indicator for the viability of a computer software ecosystem, even on cellphones.
I think all of these claims are obviously correct, stipulating the ones before them, except for #4. As evidence for #4, https://www.youtube.com/watch?v=RCpJ441g-Y4 shows that the Google Sheets app for Android was at the time #7 in their "productivity" category with 793000 ratings and 4.8 stars. https://play.google.com/store/apps/details?id=com.google.and... says that it has been downloaded more than a billion times and has 1.27 million ratings. The fact that people exist who do not use their cellphones for spreadsheets does not constitute evidence against this claim.
What I believe is happening, to elaborate a bit more, is that F-Droid users who need numerical computation that goes beyond what calculator apps can do are mostly just using the Google Sheets app. The radical fringe of F-Droid users like me who do not have Google accounts often make do with Termux programs such as Python, LuaJIT, PARI/GP, bc, Racket, or the C compiler, even though for many purposes a spreadsheet would be much more convenient.
______
† Spreadsheets are also used as simple databases, in fact more frequently than they are used for numerical calculations, but numerical calculations alone are a strong enough argument for my purposes here, and F-Droid does have a number of adequate simple database apps.
When we imagine phone applications, we think messaging, social media, web browsing, and email. That's 99% of stuff people do on their phone.
The statistic of "how many people have this app installed" is fundamentally flawed. Why? Most apps are worthless. Throwaways, single purpose.
Its entirely possible, and dare I say extremely likely, that people install (or it came installed!) Google sheets for one document that was shared one time, then forgot about it.
Or because you aren't especially interested in whether what you're saying is true or false, since it is—to me at least—obviously wrong. And you're surely somewhat aware of how atypical your circle of friends is among, for example, either Malaysians or Texans, and probably both.
I just think using spreadsheets as a measure of an application repository for phones is obviously stupid.
Please bear in mind that things like the playstore aren't android phone stores. They're Android stores. Meaning, they also target tablets and chromebooks.
Now, I'm sure Google sheets on an android tablet is perfectly mediocre. But I can assure you, on a phone, it is downright painful.
It's nice to know that you use spreadsheets all the time.
I use them rarely, and often end up regretting that I didn't write a real program instead. And I'd definitely never see myself using one on a phone; it's too painful to type, and the screen is usually too small.
I'd guess that maybe one percent of mobile phone users have spreadsheets of any kind installed, or would want them. Maybe.
What I'm getting at here is that you seem to have a pretty skewed idea of "fundamentally important".
Admittedly an awful lot of mobile users do have a lot of game and eye candy apps that have no F-Droid counterparts. And some users have professional apps that also don't have F-Droid counterparts. But spreadsheets aren't the center of the Universe.
I also use spreadsheets rarely, most recently three weeks ago, and often end up regretting it, but I do occasionally find them very valuable. I would find them even more valuable if I didn't know more powerful programming languages, which presumably is what you are alluding to with "write a real program".
I agree that cellphone screen input methods are clumsy. On the other hand, I've written probably ten thousand words of prose on this one, plus a fair bit of Python, Lua, and C, so a few spreadsheet formulas would hardly be an obstacle.
Off topic, but I think it's impossible, rather than challenging?
Unless, maybe, if you clone the phone to another physical phone?
Stuff like "do not disturb" that turns on accidentally and makes me miss calls, and is impossible to remove. It's impossible to remove a bunch of trash from the lock screen, and with some workarounds sometimes only the picture is removed, but it stays interactive or affects other widgets, like the audio player, for instance. Lockscreen randomly trying to dial random numbers, especially if I don't answer an incoming call. Also, taking screenshots randomly, so after almost every run I have to spend some time deleting these screenshots.
Now, when it comes to the subject in OP, it's not really about Android, it's about Google's policies around developers and app store. The whole idea behind Android is very similar to MS Windows: oppress the user because the system provider "knows better". Make choices on user's behalf, prevent users doing from useful things jut to blanket "secure" them from some imaginary threat. Manipulate users into doing a thing that's harmful for them, but beneficial for the system provider.
So, the app store managed by Google is one example of such policies. Google doesn't have the best interest of the user in mind. They are maliciously complying with regulations that want them not to abuse their users. They check the applications submitted to the app store, but they check them for the wrong things. Just to say they did.
I ended up using an FTP server app from F-Droid and a file manager from F-Droid because the stuff that was available for the same functionality found in app store is some atrocious predatory trash. It doesn't matter if I can afford to buy an app. Whatever I tried was just garbage. Once you get used to freedom and the approach of free software after you've spent some time with eg. Linux, using Android will make your blood boil because of how hostile both the system and the programs written for it are.
Do you think any single one remained who cares over their payment, stock options, office perks? They care about not getting laid off with the next wave.
I don’t think we should be framing their new rules like this. They are closing out F-Droid, which is not anonymous, due to a technicality of their implementation. At best, they are collateral damage. At worst, it is malicious compliance in response to a directive that was supposed to ensure their continued existence.
>The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications
F-droid does not want to take responsibility for the app.
That's not how I read it. They cannot "take over" exclusive control of application identifiers, that's all. For example, this would prevent a developer publishing the same app to both F-Droid and to the Google Play Store. I see nothing that says that they aren't willing to take responsibility for what they publish.
But per Google policy - they will go to the f-droid if a govt request came in for that apk, as that's what the new policy would have on file. This is hence what f-droid is voicing concern on.
In my experience, it's better to infer on the side of potential abuse when it comes to privacy.
Bad faith commenter.
If you actually reach far into their statement you would have gotten to this part
>Regulatory and competition authorities should look carefully at Google’s proposed activities, and ensure that policies designed to improve security are not abused to consolidate monopoly control. We urge regulators to safeguard the ability of alternative app stores and open-source projects to operate freely, and to protect developers who cannot or will not comply with exclusionary registration schemes and demands for personal information.
>If you are a developer or user who values digital freedom, you can help. Write to your Member of Parliament, Congressperson or other representative, sign petitions in defense of sideloading and software freedom, and contact the European Commission’s Digital Markets Act (DMA) team to express why preserving open distribution matters. By making your voice heard, you help defend not only F-Droid, but the principle that software should remain a commons, accessible and free from unnecessary corporate gatekeeping.
Post author here. This.
Google toyed with a scheme like this a few years ago and reached out to F-Droid, and they were told the chaos it would cause. They backed off. This time, no one has deigned to contact us.
Anyone who wants to talk can reach out to us (board@f-droid.org) or me directly (Signal contact in my profile).
Happy this was setup. Fingers crossed.
Your security model doesn't matter much when the people doing the security are bad actors. Google is a malicious actor - they actively incentivize malware on the play store.
Register your apps: You'll need to prove you own your apps by providing your app package name and app signing keys.
Couldn't this also be verified with a challenge-response signing, using the key? Why should Google have the ability to sign apps of the developer, instead of it being an end-to-end deal? Perhaps they need to have the ability to slip in some additional code if the government so wishes?
Or perhaps there is actually a legit reason for Google to have those keys or I have a misunderstanding of the requirement?
Maybe F-Droid could relax that requirement if it were feasible to do reproducible builds. Then the developer could just deliver the package to F-Droid, F-Droid would check that it matches what they have, and then publish it. But that's probably not going to happen. Alternatively some deeper proof-based certificate could be devised, but that's even less likely to happpen..
https://support.google.com/googleplay/android-developer/answ...
The main benefits is that Google is able to optimize downloads for individual devices. It also makes the situation where the developer loses a private key and then they can no longer push anymore updates to their app no longer possible. I'm not a fan of this approach of essentially allowing Google free reign to use your key for deploying jpdates.
I don't think Google does the more invasive bit of stripping out non-applicable code protected by API level checks (Build.VERSION.SDK_INT), and otherwise, the simple splitting up of native libraries by ABI, graphics resources by display density and string resources by language (plus any additionally defined code modules for on-demand download of optional features) could have been done wholly locally, too, including signing.
> Select your key: Choose your public SHA-256 fingerprint certificate from a list of eligible keys.
> Complete a cryptographic challenge: You must sign a dummy APK with the corresponding private key and upload it to Android Developer Console. This formally verifies your ownership of the key used to sign your existing Android app.
Play Store on the other hand does require you to share keys, so they can optimize your APK for each device. And maybe inject some state malware if you want to be snarky.
Whoever uploaded/published this didn’t see to review it first.
And again, to quote Benjamin Franklin, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety".
Sadly nobody cares nowadays.
F-Droid's curation saved me at least once when I wanted to upgrade my Simple™ apps and couldn't find them in F-Droid anymore, which led me to learn that SimpleMobileTools was sold to a company that closed sourced the apps[1] and that there's a free fork called Fossify[2].
Had I installed these through Google Play, they wouldn't have cared about this particular change and I would've gotten whatever random upgrades the new owners pushed.
Each app store's policies have their pros and cons, but that's why it's so important to have a diversity of marketplaces.
[1] https://github.com/SimpleMobileTools/General-Discussion/issu...
Indeed we need diversity of the ecosystems.
> Had I installed these through Google Play, they wouldn't have cared about this particular change and I would've gotten whatever random upgrades the new owners pushed.
sheesh. I've spent my whole mobile device life on iOS and am just now learning an Android device. While I feel I have more control over the finer details of my personal privacy and security, this ecosystem is a total minefield if you care about avoiding spyware and malware.
I'm glad I trusted my instincts and only installed F-Droid first before any apps from the Play Store. Just now found the Isolation app so I can create a Work Profile and separate personal life from the life that the relentless data vacuums are constantly trying to pull from the simplest apps these days.
Neither mobile OS is perfect, but I feel like I was correct about Apple having the user's personal privacy still much more of a priority than Google. There was never any question if those were the two options, IMO. But it does seems like now, finally, Android might be ready to deploy as a mobile operating system for the public. I'm fairly certain that this Android ecosystem that's used its users for so long as guinea pigs (not just Android, but the full unrefined and frankly unsophisticated media sphere as a whole that's been figuring out how to effectively work on us) has harmed the last generation or two beyond repair.
This became all too clear when the first thing I did on my first Android device a few weeks ago was install an offline keyboard from devs with my privacy interests in mind. Spent a few minutes thinking about what it would have been like living with this shitty keyboard system on iOS and realized that honestly, I am lucky that I stuck with iOS through all of this and feel like my mental health is much better than it would have been had I been fighting a malware-riddled Android device this whole time.
edit: I'm not saying you shouldn't use Android or that it's a bad idea, I do think that it is solid enough now (and maybe has been for a while, I don't know) that I can safely protect myself after learning. But ask yourself if all Android users would take the time to properly learn? What about kids?
I also don't mind the downvote, but if you would please tell me how you are able to guarantee your Android phone doesn't have malware, please tell me instead of hiding behind a downvote. Otherwise my solution is don't use an Android device.
wow, downvotes on all three comments! thanks, stranger.
Can you do it on an iPhone? (You can't.)
Between android and ios, which platform is considered more secure or safer? It's not easy to find out directly, but bug bounty programs can be used as a heuristic. Guess which one it is, after both being the same for a long time? (It's android).
You can check out https://www.wired.com/story/android-zero-day-more-than-ios-z... and https://cyberscoop.com/ios-zero-day-zerodium-high-supply/
> I also don't mind the downvote, but if you would please tell me how you are able to guarantee your Android phone doesn't have malware, please tell me instead of hiding behind a downvote. Otherwise my solution is don't use an Android device.
The same way you guarantee it on any other OS, be it windows or macos or linux. You do your best, don't download sketchy apps, and don't be a political figure. Of course that doesn't guarantee it, just makes it 99% likely.
> Otherwise my solution is don't use an Android device.
Do you think you can guarantee this on an iPhone? May I ask you how you are able to guarantee this on iOS?
(I haven't downvoted you)
You would probably not be surprised that I would still trust a heavily regulated government that's occasionally broken rather than one that's run in a totally free market by all varieties of selfish interests.
If you had to rank app stores by probability of malware, the lowest probability would be F-Droid. After that it might reasonably be Apple followed by Google Play.
But F-Droid isn't available on iOS, so if you want to use the app store with the lowest probability of malware, it's only available on Android. And more to the point, the safest app store is available on Android only because Android has third party app stores.
To have a single store to the exclusion of all others, that store has to be a big tent, and big tents get full of clowns.
I do understand that I am stuck with the Apple equivalent of the Google Play Store. Android is more like a completely open ecosystem, Apple's is much more closed filled with walled gardens. Still, walls provide protection if the ones building them know what they're doing.
So, I feel like Apple has the edge with what we have, over Google's stance of "do nothing" rather than trying to give users a good sense of privacy. If Apple were fully open and allowed such a thing as F-Droid to exist on their OS, you would have a point.
edit: and both OSes are not perfect. That was also part of my main point, not that Apple's is clearly far superior. All I said was I'm glad I trusted my instincts and explained why.
last edit: I've read back the comments to try and see where the misunderstandings are coming from and hopefully have addressed them. While the most secure App Store does exist on Android, it's taken us a while to get there (I know F-Droid has been around a while as well). I am talking about the time period since very early Android and iOS up until now. If I had been using Android, no doubt I would have tried to do it the proper way, but knowing what I like to do freely on my mobile device instead of feeling like I need to worry about privacy with every. single. app. I pick iOS for my mobile OS from 2008-2025 again and I am glad that I did. None of the exploits, vulnerabilities, etc have affected me and I have to give Apple the credit for at least giving me my money's worth on that.
A historical review of app store security also doesn't have much applicability to the current point of Google trying to raise its garden walls even higher.
Google gives you that freedom (or used to), Apple doesn't. The discussion here is that we Android users want to keep that freedom of choice.
Ok. I am saying GrapheneOS and F-Droid is the answer, but I don't think 17 years of what I would describe as Early Access Android was the way to get there.
And what I'm saying is that they put the walls in the wrong place. They belong around the store, not the platform, so that each store can have its own walls and the user can choose the store independently of the platform.
Suppose a platform wanted to do what F-Droid does, i.e. offer only a manually curated selection of apps and impose high standards for privacy and openness. If that store was the only store on a platform, would that platform be popular? It would immediately have to e.g. reject the Facebook app, so no.
In order to be the only store for a platform, the store is put under insurmountable pressure to compromise privacy in order to sustain the popularity of the platform. Even when the proprietor is as powerful as Apple, Facebook is still there.
Whereas F-Droid doesn't have to do that in order for Android to be popular, because the people who insist on compromising their privacy by installing the Facebook app can get it from Google Play and still use Android, and still have the benefit of the assurances F-Droid provides when installing other apps, and allow people who use only F-Droid to benefit having from a popular platform. And then the iOS app store contains apps that compromise your privacy like Facebook, and F-Droid doesn't.
And I say, windows XP seems more trustworthy to me. Fewer vectors to attack than the latest windows 11, it's the best! And I believe that.
How is this any different from your argument? You are not even providing a reason for your source of belief.
I am very, very concerned about our ability to communicate with each other as human beings these days. Maybe this thread was meant to be an example of that, I don't know. I didn't realize everyone was trying to prove me wrong with this. sheesh.
further, I am seeing why some folks decided to close themselves off completely to stuff like this. I enjoy intellectual curiosity and try to find others who do, but I realize many people don't enjoy it and many even hate it. it's not because it's a lack of intelligence. It's that everyone seems uninterested in the thoughts that made me type that initial comment, they're more concerned with proving me wrong. Am I accurate in this assessment, or can I trust you to not treat this question as an argument, if that is a better way to put it?
Holy fucking shit. What a hive of scum and villany you encounter when searching for the play store. The first link on google launches a full screen PWA that looks _exactly_ like the play store. It took me a hot minute to realize that I was about to install something unsavoury. I almost wanted to dunk the phone in some bleach.
I'm an android user, and I prefer it over iPhone, but the surface area for attacks is way way way too large. Users who are less technically inclined are so damn vulnerable. I don't know how to fix this.
I think those types of people like your MIL represent a very concerning bulk of Android users. So people are walking around with god knows what in their pockets, doing every single thing in their life through them these days. I thought others who had arrived at this thought would be alarmed too, but I'm not sure what to think anymore I guess.
I think there's two different sets of perverse incentives. On the apple side, it's how to trick you into a "small" purchase of 5 dollars. It's just a cup of coffee man, c'mon just a coffee. Essentially banking on some user will just add it to their apple tab for convenience.
On the android side, the expectation is primarily free apps, with paid generally being a premium app. There are some free apps that just do what they say, typically small side hustles from solo devs banking on some add revenue with the option to upgrade(Shout out to GoneMadMusicPlayer, paid for it back in 2013 and the devi is still out there supporting and responding to emails). If they're not that, they'll be spyware infested trap holes.
Fdroid is typically where I go when I'm looking for an app with a unix philosophy. Just do one thing simply. Voice recorder, guitar tuner, etc.
If you consider adware to be malware, which I personally do, then I would estimate close to zero Android phones are operating without malware.
[0] https://www.tomsguide.com/computing/malware-adware/malicious...
I'm not worried about nation-state surveillance. What I am worried about is all the keyloggers on kids' Android phones these days, since I've seen a shady game company or two in my day.
For a very long time, Apple didn't allow installing custom keyboards. And I would still bet a bit of money that they are more restrictive than the keyboards Android allows.
I am sure that you aren't a fanboy but I would be skeptical of any company saying that they value about your privacy when the recent debacle went on.
Like hear me out, Apple encryption was being backdoored and the only reason that it got leaked was by a whistleblower and it was illegal for apple to even discuss it.
So chances are, that if that whistleblower hadn't leaked, I am not sure if he's facing jail time or not and if Apple wanted to live in the UK which I am sure they are, then they most likely would've enforced a backdoor.
Would we be any better knowing it? Like when a company's profits incentives is affected because a country wants them to have a backdoor in secret closed doors and not even reveal to the public...
I wonder how many other backdoors there are that we just don't know of y'know.
So I wouldn't say that they care about your privacy. They show that they care about your privacy because that's become a USP to them and quite frankly, after this whole scene, I am not sure how they can prove that back.
The only thing that's literally not tracking you is open source for the most part. That is the only thing and f-droid takes open source apps.
There are even games on f-droid but yes I know that games are just a weird niche which has a lot of malware/exploitative. I hope that more people can create open source games and we can contribute to them along the way.
Whenever, there is a company involved, Deep down, they care about themselves and not you, they really care about the shareholders,everything else is temporary imo.
But there are some companies run by people who have a moral spine and we need to applaud them/use them but in my opinion apple is too big to have a moral spine when they can repackage the same Iphone for god knows how long, but they are still better than google whose literally an ad company but open source graphene os with f-droid is a better option and you are showing a false dichotomy of sorts.
I hope that I can point you into better direction with graphene os + f-droid, both are open source and they are the only one I would sort of trust with my privacy because its code and the code is generally neutral, it has no incentives to sell me anything most of the times yknow. It is like clippy of sorts lol.
What I am attempting and apparently failing to describe effectively is that this excellent option we have now (GrapheneOS + F-Droid) was in NO way accessible to any general user of mobile phones since their use has become widespread. What we have had since 2008 is two shitty options, and my point was that Apple has actively done more to keep users safe than Google has. No one seems to be arguing on that at all, but there are many people pointing out the failing of Apple's efforts over the years. Does that make them a complete failure? Absolutely not in my eyes, but I'm not going to tell you what to think.
So, I feel like Android's ecosystem set us up for a HUGE minefield from various entry points from an American's perspective by allowing such an open system into the wild. It has been Early Access level of quality up until recently I would argue. GrapheneOS + F-Droid is safe enough to protect idiots from themselves, probably. If not now, then with time.
How in the world anyone here is saying Google's hands-off approach was the way to go... well it is how we got our acceptable option, finally, but surely you don't think that every mobile phone company with a custom fork of Android kept its users more safe than Apple did?
I mean, yes, graphene is fairly recent getting traction and I can understand why you felt that apple did a better job at saving the end user than google did.
That is partially because imo google is essentially an ads company and there are lots of ads of spyware/malware that google does nothing about and also they are esssentially spying on you yourself for selling ads.
Apple takes a more on hardware approach in the sense that they don't want to spy on you as much because they have less incentives to do so because they don't have an advertisement system aaas much as google y'know, so they definitely took a bite at apple = privacy which has worked for many people.
Google bought android and android was always an open system and it had both its pros and cons. There is also an open system of marketplace called aptoid which was literally apt + android but it also might have malware sometimes and f-droid is the best option for most use cases.
Apple had never really had an open system and it had both its pros and cons and google is seemingly shifting into it which is like a nightmare because now we have very less choices of sorts.
And android has sort of innovated/transitioned into grapheneos for general public privacy imo.
So, yes I do think that we are in agreement that grapheneos is now here to stay and I can understand why you atleast appreciated apple for not being as privacy invading as google for some time which you were pointing out
We are in unison, I agree with your points. Its just that I thought that you were just fanboying over apple for the sake of it in the original comment and glad we understood each other points as really we are talking about the same thing and agreeing at essentially everything.
Thanks for explaining your original comment better through this comment and have a nice day.
Yet we fight over differences and brush over the similarities.
Why? because hate sells.. People are selling hate/internalizing hate/ragebaits.
I had actually written one shit post comment about something echo chambering of sorts or how or why we should love each other and try be discussing of sorts you could say while still bringing action towards thing.
I think that the one thing most people agree over is big tech's oligarchy of sorts and how they can somewhat abuse it and I can think of ways that I can make the right people understand it I suppose too, never tried it tbh.
idk I just want to bring you attention to the one shitpost I wrote which I intented to write a shitpost but I think I wrote really relevant things in there and I am proud of them
https://news.ycombinator.com/item?id=45406430
We all need to be understanding of each other and enlighten us to the real issues that we have the power to solve but we don't because of numerous reasons. Lets make a world a better place because We Do Not Inherit the Earth from Our Ancestors; We Borrow It from Our Children.
Have a nice day.
There were lots of excerpts from your comment that I highlighted and hit Ctrl+C, then thinking "well this would be better to comment on or this would be better or now maybe the other way....". It's not important how I would pick apart your comment (and in a really nice way, I don't mean "pick apart" like criticize down to the last detail... but right there's something that would get lost in communication normally, I expect). This was my favorite part of your comment though, and I was going to say something like, Reagan thought we needed trickle-down economics but what we really need is growth with love, all the way down to the roots:
"Yes we are human but dear reader, I feel like corruption only goes to top if it reeks from bottom too as well. Its messed up but maybe we can all try to acknowledge it and try to just know that we are all gonna die anyway and well, giving a other unique human smile and happiness might be the most precious thing."
Make sure you have a nice day yourself, dear reader.
Also thanks for being more understanding that some things might get lost in the communication as it wasn't really a message that I edited that much. I don't think that I even read it once from top to start and it was like a conversation of sorts.
I sometimes definitely feel like some of my words are noise and there is definitely some signal between them but I just want to get my point across if someone reads it whole like a conversation, preferably.
I am definitely working on my communication. I don't know how to manage between writing things in public completely with no major edit of sorts without feeling like I put on a mask or feeling like I hid something, I don't like hiding things. Maybe I will try to keep a git history of each comment I make and share it with ya lol. Would be funny as this post did take me quite some time to write and was really edited!
I really was gonna end on myself writing a dark note but I really really wanted to end it on a good point and that is why I wanted to give hope.
I certainly can grow my communication style and that is something that I look forward to as well as writing on my own blog someday (I have it but they are scattered into 2 accounts of mataroa and github and HN and discord etc.)
Well, If I can be honest, I am excited about the possibility of growth / growing my communication style so feedback noted!
I do know that you know my intentions are all well and If I can be honest, in this world sometimes..
I am proud of it, like I am proud of who I am. I know I am atleast trying some good % of being best with good intentions and I know I can get better and I got a life to forward too which has just started if I am being honest,so better be rolling with some positive intentions!
> growth with love, all the way down to the roots
Wow, This kind of hits to something that I was thinking/discovering about myself and its been 6 am and I was thinking about it..
Like, it just hit this idea of creating an foundation or any non profit or anything just a mechanism something to spread to people ignorant about things like the goodness of open source (as one of your comments noted), like most people are ignorant about these things and that really lends a lot of things power I suppose when its really easy yet there is ignorance and I don't blame them, I might be ignorant about a lot of things too and so I want to share my enthusiam of open source with ya.
I am in high school right now and I am not sure how it would go to have a career of non profit. I think that I had noted but I am pretty frugal person. These things don't interest me of having a bigger car or whatnot, I am honestly fine with even a scooter and I want a small car and a house(which is gonna be tough in this economy lol).
Money and the things it buy simply doesn't interest me yet I need some baseline of it to survive as well and there are other things like humanist causes/open source that I care about and I just want to make enough while I can yap about open source to students/teachers/offices and I want to tell people about signal and how its so better than whatsapp in a country which just operates on whatsapp mostly and so so many other things like pinta/linux/ even appreciation of bsd and just all the goodness of open source that I have obtained through HN
I really try to show my appreciation to things and I have got 1.5thousand -ish thousand projects starred https://github.com/SerJaimeLannister/ (here is my username)
I know I could be a good enough programmer at a run of the mill job or maybe even my own side hustle but as I said, I just don't see a point. because even if I had the money, I would do what I am mentioning. I used to chase money for financial freedom so that I could do the thing I want but it seems that I have found myself a way or atleast thinking of, a way to do it altogether.
I am definitely sure that I can explain myself better and I would someday, its 6 am right now thinking about open source and how much I just want to replace even microsoft things and what not and showcase all the curious things that people have built in open source and somehow direct people to the severely needed funded of some of these projects and how those donations are better than buying some software sometimes.. and although its not an obligation, it is the obligation of society altogether in some sense otherwise open source might not function well and there are issues right now as well..
Another idea I have is really engaging with the youth, we have so many issues that we are facing and we genuinely don't know a lot of things so I also want this to be a mechanism to atleast help in that somewhere too and definitely integrate youth.
I might sound cheesy but I was genuinely thinking of this before seeing your comment and I wanted to say thank you to your comment saying that it might have changed a bit of my trajectory of my life and so thank you..
I don't know and I am definitely not explaining myself. But I just want to give talks and practical guides to maybe masses about open source. I want to help non profits to migrate over to open source solutions and students/schools/hospitals.
I want to raise awareness about translation/feedback testing and other things too. And this idea of growth with love, all the way down to the roots could be a very neat intrepertation of what I want to do in the sense of sharing the love that open source shared to me and sharing it upwards to other people so that they can also donate to open source projects or benefit from them if they can't donate right now.
I have my own flaws too but I am just trying to live my life in the way that can help a lot of people because I want that to be my legacy. I want to help people. I will go to college also for a CS degree but this idea of non profit for open source atleast in my country is gonna be something that I would try, to share the idea of open source.
If I can be comletely honest, I don't know why someone would donate to me still and its definitely confusing. I don't have much demands and just want to live comfortably and my plan is definitely to keep something like 20k-30k $ as even they are enough for me in country as my income and all the other funds go directly somehow to the expenses of the project I suppose or if there are excess funds I would much rather have them be saved just some and even donate some to red cross or some starvation myself from foundation as I genuinely can't think of sharing open source while some people also starve and I must do atleast a little to help them too.
I want people to be zealous about open source even if they are less technical, I wouldn't say I am a full on programmer myself. Open source has helped me soo much, I almost use open source software so much and they are much easier to find even sometimes yet there was this one time friction that I had that I want to reduce for some people. I want more people in open source, Open source is beyond any company and its the philosophy that I just deeply love.
I want this to be my legacy hopefully and although I can guarantee nothing that this is gonna be the path I chose in life as I still want to think this through, I will try to keep you updated on the process.
Definitely this message could also be improved but I hope that my intentions can reach through :)
Honestly I am just a man who just wants to have a good footprint of himself after dying in hopes that people can remember me for good actions and I really want to do good actions even in darkness as that is what values more to me in the sense that I want to do good actions someday without seeking anything in return without any spotlight or anything just because its the right way. I just want to do some good and learn new things and am figuring myself out in the process.
Also that comment which I had written made me realize that there are only two options, to either have a get into politics for real change which I just .. no its not for me, and the much more lucrative option that I do have a somewhat self made expertise in, Y'know with open source, I know that deep down if I have an idea , I can make things work. I can do anything of sorts. And I appreciate it a lot, word can't express joy that open source has brought me. Its remarkable and I want to share the joy somehow in whatever way possible.
I do feel like I am selling myself a little bit but I just want enough then I want to share to other people more stuff so that they can also have enough and so on.. Like I really want to create a non profit or something regarding it someday, maybe in college, maybe after college. and I want to write things good and I will try to improve how I communicate slowly and gradually too :)
Atleast these are my plans right now but that is only if I think that I feel like that this is something that needs there to be work done on advocating for open source solutions I suppose. Maybe I am doing this because deep down I am scared of death and I want to really leave behind a good legacy of doing good and I just want to have other people do the same and so on but honestly, even that reason is good enough than just not doing anything about it. I am not sure. This second guessing of yourself wouldn't really leave us would it?
But at the same time, how can I say this differently as I have no idea how people who start non profits actually do and how they get enough money to work in correct circles and so on and how that would work, I will still get a degree of course and I am thinking of starting a fundme page with better wall of text than this one as its just me talking to myself..
I will try to write better and start a way so that people might donate if they feel like it like a kickstarter project and if I feel like there might be enough something then I would try to give my best I suppose as I am a bit scared too in that side as this is a big step of life and I would consult many people about this and this is in no means fianl but thoughts, thoughts which might go back too at some moment I am not sure and I would discuss it with things like family, like idk a lot to learn though :) so that's always nice.
My wife works in non-profit consulting and has mostly worked with people who have great ideas but need help learning how to get funding and structure their non-profit for success. I asked her if there is a website to share with you that has good info, and she said your local library should have people who can help you with anything related to getting a non-profit rolling (try the next library over if not). I had no idea they have these resources either, but public libraries are amazing places and here's further proof.
Here's a page from a library where we used to live: https://poudrelibraries.org/business/
Scroll down to the section for "Nonprofit Success" and maybe you can find some ideas that will help you. I think you're on the right track about open source education and evangelizing (the tech world used to call its influencers stuff like "open source evangelist" or ".NET evangelist"... not sure if it's still that culty or not).
Best of luck with everything, and if you have any questions or want to chat I just followed you on Github. You can email me at my-github-username at protonmail dot com anytime, if you have non-profit questions I can ask my wife for her thoughts, she's been doing this for years and seems to have it pretty well mastered from what I can tell. She's built a business by herself from scratch and does so well she's the bigger earner of the family. So anyway, she just helps non-profits and makes a living from it, so you can definitely do something with open source! Work on making your writing and communication more effective and I think you will find the people to help you reach your dreams along the way.
Don't lose hope if you can help it, things like the news and politics are discouraging right now but I find that times like this light a fire in me to make sure I'm doing the right things and help keep us from getting in deeper problems. I get complacent more during less chaotic times, so I try to make the best of it and it usually works out. Take care, friend!
edit: I just realized that from the local times you mention, you are likely not in the United States. I'm not sure if libraries in Europe and elsewhere have this information or not. Maybe it can give you an idea of what kind of information to look for in your local resources.
I didn't know libraries were such a massive way and I don't think we really have libraries here, atleast not in my city that I can think of a non profit library, I might need to search though. and the funny thing is that some people would just have a bunch of sitting rooms and call them library here.
I have definitely thought about this more and the only nuance that comes up is that i haven't even gotten a degree right now and its something that I plan to do. Its just that I want to have an option to have a cs job too if things don't work out, and I personally don't know but as I said I am pretty frugal and I don't know how others feels but I don't know if anybody would even donate or my project would have even value if I am being honest. I am really a pessimist sometimes..
Its just that I would love to do these things but I would also want to just earn barely enough that my parents wouldn't think that I am doing something foolish in my life either and I can be respected enough in the society as well, these feelings really grapple me if I can be honest...
Honestly, I will keep in touch with ya and my first plan of action is trying to write my first draft of a manifesto of sorts on what I want to bring to the table in a similar fashion to how I had written the comment but maybe better...
I have also thought more and I am thinking something like fiscal sponsorship might be the right way atleast right now to not get involved into legal matters right away and maybe try to build a larger presence online because I didn't use twitter thinking it was going to be toxic but I am gonna be more active sharing manifesto etc. in youtube.
I have read more about other projects like fsf & https://sfconservancy.org/ and sfconservancy has caught my eye but the open source intiative seems something nice too and I want to do as much stuff that I can do to promote open source and other ideas as I sort of consider right to repair really tangetial to open source but just for hardware of sorts y'know..
I am currently working on a manifesto but the theme would definitely be growth with love, all the way down to the roots or something similar. I have some knowledge that I want to share in the world that might help people to pick better options which can enlighten them to donate back to the open source projects which so desperately need fundings. My purpose is to educate people about alternatives as I know that most people in my community don't know linux, they don't know signal yet they can use these softwares. My dad used my kde linux just for browser and he couldn't really tell the difference of sorts.
It is so nice to know that your wife does work in non profits and can make a living in it as that is exactly what I want to know more in how to live my life in such a way and I will definitely need her help! I just don't know if there is even a demand for something that I was proposing, I know people might say this online but maybe not so much offline. But I will try my best to work through things while being realist :)
Thanks a lot and I will definitely always keep in touch with ya through the mail. I know that I can still not explain myself clearly through these texts on what sort of emotion I feel as they are really complex and nuanced. Still, I would love to just discuss them with you. Definitely going to send a mail to ya and once again, thanks.
EDIT: just had another thought. You mentioned the FSF and the Free Software Conservancy, you should email them if you haven't already and ask them for some ideas about what you can do or how you can help their organizations. They may have something specific ideas for your area too, there are people like us everywhere. Get in touch with those folks for sure!
I've decided right now that the best step forward is definitely to focus on my studies right away as the exams are getting closer and to me, just skipping college might seem so big of a gamble but it was definitely fun thinking about being an advocate and it is definitely in my plan and I will have 4 years to study about foss and maybe fiscal sponsorships etc would be nicer and I don't want to remove my blow of college and just being focused between two very different things right now can cause a lot of dissonance like right now and my main priority is college and once I get into a decent college, I will focus on foss (activism) a lot, that is a compromise to me that seems the best of all.
I definitely still feel like a lot of other discussions definitely pessimize me too thinking of my generation as a lost cause sometimes and how it frankly boils down to the issue of lack of interest. Nobody seems as interested in these things even if they are important, they can be as easy as one click for things like signal yet nobody is even interested for things like that for most places. It is definitely sad but like, my idea right now is to still try my best just because losing hope makes me sad. We can still try things, no matter the odds.
That being said though my exams are definitely stressing me out and I had tried to give a whole day to writing a manifesto and it is funny how the mind becomes blank of sorts.
And I need to work on myself a lot if I am being honest too which I am going to do, it still excites me but my honest plan thinking about this has to go to college and then maybe really spread the word from there and also a good thanks for telling me to mail them...
I am just still confused, sometimes sad of the state of open source and I don't know what to say... I don't know if I was just being optimist back then and in reality, what would really happen, I have messaged you on email and I also have signal and I would prefer it if you could message me on signal if you could, since I do want to talk about this situation, I am just a little confused on how I can even bring change when I thought about it... when nobody cares. It would seem that my words would be noise to them unless I can understand them better and the state so I definitely need to have a fallback of college degree so that I don't feel regret in life as well... Hope ya understand as my plans are just postponed untill I get into a college, I have written the manifesto though..
Its just I am a little confused in life and I don't know what to say which is why I don't like to keep promises, I don't know but my other discussions of open source has made me atleast feel like there is very little that I can do and I discussed it with people my age and there is definitely this thing that you can't expect others to be encouraging to you in a discussion if they simply don't care and make snarky comments and you definitely need to read the room of the temperature I suppose. https://anonplusplus.codeberg.page/
I am just confused mate on how I can spread the message effectively of open source when it seems that the algorithms will work against me and the system will work against me and when it seems that everything you do nothing matters, you are gonna have all opinions on every front and in that people are going to drown and simply be ignorant,
The problem to me seems to be overwhelming, open source seems overwhelming for beginners not knowing where to start, not knowing what are some things that they should do.
What I am thinking right now is to create an actionable guide on whatever software I know about and to share that and host them myself and see the pain points...
I don't know man I am a bit tired I had created a project of sorts and I had shared it in a place which to me was really open and the response there was to have the discussions to ban me for sharing something with zeal when nobody cares... and for me to read the room, I don't really know why but that gave me a real reality check of the situation and I am still going to work on maybe spreading the word of open source but it definitely requires a sense of community and its very nuanced to say the least...
I am thinking of creating a community on something like matrix and guides about softwares in my past time and to make videos for any fixes or any showcases just trying my best and also I just feel a little overwhelmed if I can be honest.
So in all, I have just postponed my thoughts in the future when I get into a CS college hopefully and I would love to be in contact with you and discuss more things before taking any bigger steps as well and just discuss things in general too so please message me on signal if my message didn't reach on proton mail as I had sent it.
Everything's just confusing to me right now if I can be completely honest and I am definitely in the sad part of the sin curve of my emotion roller sin wave. I don't really know I have a lot of flaws and I think that I might have made a too big promise here if I can be honest when it was just meant to be proposed of as a thought that I am thinking when I want to focus right now on college and for the 4 years in college to focus extremely on foss so its mostly just a postpone till that and my college is just coming up in 3 months and I doubt that I can do much itself in 3 months but I might still be a decent bit active as a relief from studies and I am just not sure as I said, I hope ya understand
I hope you can keep in touch with me on signal if the mail isn't working, its on my about me in HackerNews.
On this particular issue, no. But I also make a habit of not leaving old apps that I don't use lingering around on my phone. And I'm pretty sure I know all of those haven't been bought out by a data predator, apart from 23andme.
I just trust what Apple has done in other areas for my personal privacy and security, and I know they have insanely high and probably unreasonable standards for their app stores. and I don't install obviously predatory garbage apps. I feel like I could have only achieved this level of confidence in my mobile device with iOS. And to be clear that's just an opinion :)
(to me, if some os is unable to have both freedom of installing apps/sideloading and security (with help of malware checking and other measures that keep bad stuff away), and only able to achieve that "security" only by completely locking down what apps can be run and how apps are obtained, it seems like either a failure to accomplish actual security there, or rather just a pretense to keep a platform locked down.)
Like, while it may sound annoying and nitpicky, android is not just "one option of the two", it has a bunch of versions/flavors/forks/whatever you wanna call it, that vary between manufacturers, and also alternative distributions that can be installed on devices, situations that iphone just does not have, at all or to that extent. (quite linuxy in that way if you squint real hard.) I'm struggling to worry about this whole debacle with google floating about whatever they're floating about (currently it's that vague) all that much, when android is that malleable.
There are also actual Linux phones and distributions, postmarketOS, environments like Phosh and Plasma Mobile, Ubuntu Touch, Sailfish, and so on. These can also end up being treated as a "third option" when it's a bunch of different options, or even treated as non-existent, but these options are out there, available, modern, with phones you could just buy. The only case where "one option" is actually just one option is with iPhones.
I agree completely with you about the Android forks. That does allow for people do things right more than the way Apple does it. But it also allows people to do things wrong, and how many predatory mobile phone companies would see an opportunity to spy on customers if they won't notice? Just like none of us would buy a computer and use it without formatting and reinstalling the OS first, there are tons of people who didn't reinstall the OS and kept installing shitty malware. That's the case that I'm worried is much more prevalent among the American population than we realized. Tons of factors go into it, but I think the fact that we distilled all of our information received regularly down to something that's processed thru two operating systems before reaching human eyes and ears is something worth looking more into. Or at least I think it's a damn good reason to start over and begin with doing things the right way, given everything that we know now.
While regular people probably aren't going to mess with custom roms on android and it's kind of self-selecting situation there, they very much might pick a Samsung phone, or Motorola phone, or some other phone, that will have different flavors of android, and may have some meaningful differences and will have some amount of control over them that phone makers have be spread out between their manufacturer and not just google.
Some people also aren't really gonna be any less susceptible to scams that aren't tied to app stores or apps at all. Might as well lock down the browser and phone app then as well.
edit: Pixel ordered and GrapheneOS incoming, goodbye iOS.
[2022] https://lifehacker.com/great-now-the-apple-app-store-has-mal...
[2022] https://www.darkreading.com/cyberattacks-data-breaches/malic...
[2024] Fraudulent LastPass-impersonating app allowed in App Store: https://blog.lastpass.com/posts/2024/02/warning-fraudulent-a...
[2024] "Scammed by the top result for 'Bitcoin wallet' in Apple App Store": https://news.ycombinator.com/item?id=39685272
[2020] Scam subscriptions: https://blog.lockdownprivacy.com/2020/11/25/how-to-make-8000...
[2015] Thousands of malware-containing apps built using infected version of XCode slip through App Store review: https://www.bbc.com/news/technology-34338362
Those all fall under the category of shitty apps I would never install on my iPhone or Android phone. So, Apple's privacy standards and policies, and walled gardens for better or worse, kept me closer to what I was looking for regarding personal privacy and security than I could have gotten with Android. Who knows if anyone checked those same apps I use to see if the Android versions are different or contain malware, but my sense is that it's much easier to slip it in the Play Store than Apple's App Store.
https://old.reddit.com/r/apple/comments/672xcq/nytimes_how_u...
Uber did this and didn't get abruptly terminated from Apple developer program...
Walled garden - 0
3rd Party store - 1
> Apple's privacy standards and policies, and walled gardens for better or worse, kept me closer to what I was looking for regarding personal privacy and security
Apples privacy policy allowed bad actors into the App Store. Considering the levels of Kafkaesque pissing about we see reported on here from devs for non-issues, on a weekly basis, you should have a zero tolerance.
A couple of months ago I noticed Little Snitch complaining about the app making new connections to malware domains. Thankfully I can run the app on macOS and noticed it.
When confronted with how this violated their Privay Policy, they gave a condescending reply. When I contacted Apple about this new update to the app, they ignored my report.
So… no, we're not safer on iOS. Perhaps the barrier to entry is a bit higher to discourage some low-hanging fruit, but Apple does very little for the 30% commission it takes.
(satirical post)
I paid for Prime Video to remove ads only to find that now they'll play skipable ads again at the start of a movie and this time I don't even have the option of paying again..
I'm not against big profits, and I'm definitely not in favor of more regulation to attempt to fix it but I am against mico-maximization of profit with obviously consumer-unfriendly behavior. The way to fix it, IMHO, is to start over with yet another small guy that comes in and does it right. Angel Studios is doing pretty good and although the content selection is much more limited, the overall vibe is great, feels safe to leave children around for more than 2 minutes (unlike youtube kids).
As someone who is diligent about staying on top of these things, I thank you for sharing this because this is what I'm talking about: it is not clear at all to an average user who is trying to do task X with their phone (note that's *not* "do task X securely while protecting personal data").
I figured Apple didn't do a whole lot, but I still feel the policies must do something. Please do tell if you know specifics though. And I am very disappointed with all the near-literal shit that's flooded the iOS app store the last few years. Overall, my opinion about it all is that we need to take some time to think about everything we've learned and rebuild something new from the ground up. GrapheneOS seems promising.
That has been the problem with Apple, a lot of feeling inspired by nice UI design, and a lot of screw-you-over in the background (draconian dev policies, nonsense security requirements that make you less, not more, secure, and money grubbing that doesn't make the users any better off)...
Maybe in a world with Steve Jobs, it could have been different, who knows. I don't get the sense that Tim Cook "gets" it.
This morning I ordered a Pixel phone after realizing they are available in my price range after all (thanks to this discussion, specifically one of the few who didn't try to argue with me) so GrapheneOS is what I would personally recommend if anyone was thinking I was trying to say "iOS is better, prove me wrong". I was more looking for others to share similar thoughts, not attempt to shut me down, but such is life.
The one thing Jobs didn't account for[0] was that iOS apps were going to take off and thus owning the signing keys to iOS would be extremely lucrative. Jobs' original iOS development mandate was "webapps only", at least until the jailbreak developers embarrassed him enough to change his mind. Even then, he genuinely thought 30% was going to just barely defray the costs of running the App Store.
The actual difference between Jobs and Cook is that Tim Cook isn't nearly as charismatic. Jobs had the "reality distortion field" - the ability to confidently lie so hard that the engineers believe the lie and actually make it true. It's the sort of authoritarian manifestation that Donald Trump is desperately trying (and failing) to tap into.
[0] In Jobs' defense the last SDK they'd shipped for portable devices was iPod games.
Jobs wasn't a nice person, as it's been documented. And if he was surrounded by MBAs and PMs trying to make a career, the results might be similar to what we have.
I do think Cook is a terrible CEO on the product side. But he's made Apple richer than ever. I'm not upgrading to the 26 version of the OS'es (btw what a stupid version bump).
For reference on Nara, it tries to connect to domains such as dewrain.*, vaicore, akisinn, etc. (many TLDs) Little Snitch was the only way I'd know. Sadly it means we're unsafe on iOS and Android, so we've stopped using any features that might be or leak PII. Just milk and sleep.
This unnerved me so much that I'm building an app for parents on the side. I can't believe our options are free with trackers or expensive (with trackers). And Nara was clean before the update around March.
I had a feeling about what you described with GrapheneOS would be the case, and that's what kept me from really considering it as a replacement for my iPhone until talking with some folks in this thread. I really don't see myself getting out of using an iPhone as my "main phone" tied to my phone number since my wife is neck-deep in the whole Apple ecosystem (and I truly believe that being flexible in this regard is worth it and makes our lives a whole lot better, even when the issue in question is what I would consider a simple moral non-negotiable, securely protecting my and my family's personal data. just means that I have more solving to do before the solution).
My solution for now is to always run everything through a trusted VPN and NextDNS on the iPhone, or as much as iOS will let me I guess, and using this as my new Pixel's gateway to the internet when I'm away from a trusted connection. I will also be running everything through the VPN when I'm using GrapheneOS, so when I am out and about I'm not treating my not-entirely-trustworthy iPhone any differently than a Starbucks hotspot. Sometimes the convenience really makes a difference, not all the time but it does matter occasionally.
What I've been trying to do is have the critical apps on the iPhone, which stays home; then take the Graphene around as much as possible. It's making me use the phone less as well, since my Pixel isn't very interesting.
Now to convince more family members to connect via a VPN… hmm. No wonder we lost the war on privacy.
Maybe check that your partner has Advanced Data Protection on. iCloud without it is what got us all these iCloud leaks in the past.
And thank you for the kind words :)
They usually have someone more mature watching over them as there are also other dangers in life except malware on their phones.
(Also, when I was a kid there was no one to explain me the internet, so I learned on my own and understood it better then those responsible for me.
But it was a different internet back then. )
Made me learn pirating which went into more and more technical untill I think nowadays I dabble in playing pirated games in linux and linux scripting and just general coding.
There was no mature watching over me. I was downloading everything dude, heck I had once downloaded hollow knight as an apk to play it and I am pretty sure that it was a malware which i had quickly deleted as it wasn't working but now yes we've even migrated over from the phone.
So in a way my mature watching over me was saying, Idk learn it yourself, fuck around and find out.
I kinda think that grapheneos would be really nice for protecting your phone from something like malware from what I've heard.
What worries me though is that maybe we weren't the norm, maybe we were the exceptions.
I recommend it to every of my friend who comes to me begging me to download X or Y or pirate it.
I remember those links where you had to go through the entire article and it would give a (1 of 2) and you have to do that again and again for them to finally get to the final download.
Yes downloading them were indeed a hassle but idk i guess those feelings are really compensated by me playing pokemon, like I genuinely have forgotten some of those popups but I do know that they were really shitty.
here's what I would recommend anybody now:
r/piracy is your best friend, try to read it and prefer to get the goated version of things use brave browser if you don't want ads/ librewolf/firefox with ublock on pc.
I am not advocating piracy because well, I just can't pay for products and my frugal living doesn't really find it to have peace. I would much rather donate to them directly with a thank you message but maybe that's my ideal.
The only game I was thinking to buy was silksong but my brother has a ps5 and he would've had to download it seperately and I wanted to split even 20$ lol.
I wanted to buy silksong as a way of saying thank you to the devs for finally making things cheap enough and making me feel like my money is worth it even if I am frugal y'know.
I feel like everyone iscammed by 70$ games bro, I am never paying them.
One time, idk what i downloaded, but it was prob malware in the sense that even if no app is running/removed that app, it would still open up browser and open up some link automatically sometimes..
And pop ups on websites were a nightmare to dodge, pop under ads yeah. I remember it all now. it used to take me definitely 15 minutes or more to download a rom but that was compensated by the hours I used to play bro.
I love pokemon johto with my ampharos of level 75, it used to one shot everything except rock/steel. Electric was goated in johto. And I had a water type pokemon too/there was one fighting type move that I taught my ampharos. I think I even defeated red from gen 1 ( I am talking about the actual gen 2 pixelated game and not the next silver games, I think it was the crystal or silver or gold, I am not sure mareep was only available to play in one of these games and dude mareep is goated and makes me remember my childhood)
Regardless, if I had to give them a device, it'll definitely be a Linux-based one.
If you don't use the editors (or if you're using the non-Pro Simple Gallery) then you should probably switch to Fossify now.
If you do use the editors then you should probably disable automatic updates in Google Play, so you get a heads up if they ever push a shady update.
I checked out five different apps, each with millions of downloads. Every single one was riddled with data collection prompts and stuffed with ads.
Fine, I thought, I’ll pay to remove the ads. But the options were:
- “Free trial” that defaults into a $5/month subscription
- Or a $19 “lifetime” purchase
It’s so clearly designed to trick people into a recurring subscription for what’s essentially nothing. These apps are just wrappers around existing Android libraries. And if you check the reviews, they’re obviously bought.
This was literally the first time in a year I tried to download something from the Play Store, and the experience was so bad I just gave up and solved it faster in the browser instead.
But also I suppose that f-droid doesn't have paid reviews or well, everything in f-droid is mostly open source, so I am curious if there are apps in f-droid that could've well suited your need.
I just search on whatever I want on duckduckgo,"open source X android app" or "open source alternativeto Y" or just directly trying to search it in f-droid too.
And that's before we consider the much stronger user control presented by the open web. I can run an extension like uMatrix and take back control of my browser. On mobile now I can't even proxy and inspect the network requests that the apps are making without resorting to insane hackery tricks.
The more these things evolve, The more against native apps I am becoming.
This isn't unique to mobile vs desktop, but from my experience people use those different device types with different levels of care. It's possible app stores play into this by giving people an incorrect sense of security about aspects of application usage and updating that they don't actually provide.
My personal hypothesis is this is the reason that app stores are filled with so much trash. The app store provides a mechanism of discoverability that would otherwise never be available to such apps.
And this then leads to what you're talking about, which is the stores actually feel less safe than the open web.
This isn't a good app store for the majority of app developers, since they wouldn't be able to publish there out of their own accord.
[0] https://f-droid.org/en/contribute/ [1] https://f-droid.org/en/docs/Submitting_to_F-Droid_Quick_Star...
https://f-droid.org/packages/mobi.omegacentauri.SendReduced
https://f-droid.org/packages/com.caydey.ffshare
Oh, and also, specifically for PNG optimization: https://f-droid.org/packages/com.wrmndfzzy.atomize
[0]: https://f-droid.org/en/packages/de.kaffeemitkoffein.imagepip...
It also has a bunch of other features
Another option is to block ads using Netguard.
It's funny how the more one gets burned the more one becomes the kooky old fart the cliche requires us to be...
If we go down this path, I will stop all development on android (and at work too, as it is up to me how we deliver, coincidentally). I implore all other developers to resist this. This will completely lock down the platform forever, there will be no going back.The entire reason why android is so attractive is because we have linux in our palms and all the amazing benefits of that. If google wanted to do the right thing, they would go in the opposite direction and make it easier to gain root access on mainstream devices instead of locking it down further.
It seems the only last bastion left is Firefox, so I will be focusing on making all my tools work well on Firefox (mobile & desktop) instead of app ecosystems.
I freaking hate gradle with a passion, as every other week I have to reconfigure my ide, again. As it cannot seem to just chill out and do its work, it demands blood every week or two.
Is there a Googler here that can enlighten me what makes Android so unique as to break IDE between every release?
Not in some cases, in most cases. Clicking shared Google maps link easily opens correct spot on Web, but redirects me to the App Store for God knows reason why on iOS. If I ever need to interact with a new resource, I go check if there's a web site first. If there's no website but there's an app and I don't really need the resource I just drop it altogether without checking the app.
The only apps, besides built-in ones, that I use are chat, bank clients and some home app automation tools that would be problematic to operate as a web app.
The examples they list of such features are offline support (PWA already allows that), push notifications (browsers already support that), integration with hardware (not applicable), mobile-optimised UI (really?)... all nonsense.
I know they're not strict about this policy as I can name many local apps that are just wrappers of the web version, but I abandoned by idea immediately as it's not beneficial to me in any way to prioritise one particular platform over the others.
Modern web is a platform.
If you mean that it won't work offline, websites apparently can. I've not seen it done reliably yet but in theory that's there and I'm sure we can work out the kinks if needed
Web apps have become unavoidable. Native is beating a dead horse.
https://arstechnica.com/tech-policy/2025/02/firefox-deletes-...
I meant more in a technical sense & openness.
We really stuck it to those bastards at Google, and they conceded that we could continue allowing the interfaces that efficiently enable adblocking, and still be conformant with the new Manifest V4. We'd just have to put every new add-on through a simple process to make sure that they weren't abusing that privilege.
I mean, they long ago disabled unsigned add-ons in everything but developer nightly iirc? It can't even be considered an entire step to say that only add-ons signed by Mozilla will run; more like a slight lean.
Until Ladybird is ready (which may take years) for all the Mozilla’s scandals there is not a lot better around.
Phones are as much a burden as benefit in 2025, and our behaviour towards them should reflect that. Mine is currently off and in the drawer of my desk. I'll turn it on again when I need 2FA, some service provider's app, or when I'm likely to be out of the house for an extended period. I'll turn it off again when I don't need it.
My smartphone is used for interacting with systems that I expect to surveil me anyway - my bank, my navigation app, and so on. Serious work is done using serious machines.
General-purpose computing was always for nerds, and always will be. There will only ever be a tiny proportion of people who find this stuff interesting enough to actually learn how to engage with it on its own level. Everyone else needs it to be packaged in an idiot-proof way so they can use it to get on with their day.
Not for long, remote attestation will put and end to it.
Two words: Secure Boot.
The only reason we still can run operating systems without Microsoft's approval on these devices, is that alternative operating systems like Linux were already popular enough when Secure Boot was introduced, so to prevent the risk of antitrust enforcement Microsoft allowed (and AFAIK required) that firmware has an option to disable Secure Boot or enroll your own keys, and Microsoft also signs the bootloader of several Linux distributions (as long as they meet some stringent requirements).
But this can change, since all of that is part of Microsoft's hardware requirements for running Microsoft Windows (which hardware makers must follow if they want their devices to run Windows). And it already has, at least twice: some ARM-based laptops were shipped without that option (the hardware requirements back then were that you must be able to disable Secure Boot or enroll your own keys on x86-based hardware), and a class of devices (the so-called "Secured Core" devices) comes with the "third-party" key, which Microsoft uses to sign Linux distributions, disabled by default. Nothing prevents it from being locked down even further in newer versions of Microsoft's hardware requirements, in the name of "security".
Also, current UEFI implementations allow for disabling Secure Boot. If that changes, we can discuss that when it happens, because I'm not terribly interested in getting all het up about imaginary things.
You can't share an app you develop without first paying Apple and Microsoft a recurring fee and also get their explicit permission for every update to it.
At any point, for any reason, they can decide they don't like you and Gatekeeper and/or Defender will block your app from running on nearly every computer.
Open source operating systems are closer, but there are still PCs that have locked bootloaders.
All the pieces are in place, all vendors have to do is flip a bit and you'll never run anything without permission again. And it will happen because think of the children/national security/hackers/scammers/trillion dollar companies' bottom lines.
If this goes through, I'm taking my sim card out and putting it into the cheapest dumbphone I can find, using the smartphone strictly offline for OSMAnd navigation and media, uploaded over USB cable.
Then came Android. The freedom to sideload any `.apk` on any device was magical. And now we've come full circle.
Except that Symbian wasn't source-available, so there was a bigger hope for a successful rebelion.
Not if you want to run banking apps on that device.
That's why a dedicated device for them is going to be my workaround. I could see myself having GrapheneOS on my primary device and having that act as a hotspot for my small "certified" device that I do my banking on.
I don't understand. It's unsafe and inconvenient.
You also need it to receive the PIN for the credit/debit/bank card that allows you to pay for things in stores, or to withdraw money from the ATM if you'd rather use cash.
If you'd like to send money to your friend, for example to split a bill or for any other reason, then you either need to do that in the app, or do it on the website but with 2FA on the app.
---
This is the norm for all the banks here, citing PSD2 compliance. I'm sure it's not the only way they could have complied, but it's the lowest effort and banks are nothing if not conservative, so once one bank gets the OK for a given solution, they all follow suit.
But yes, the banking and streaming apps too (regardless of their existence being good or bad or even justified) are yet another nail on that coffin.
How does this work with Chinese ROMs - that don't come with Google Play Services? How do it affect secondary app stores? A developer releases their app on Vivo's app store - and he has to register with Google's ID procedure?
If you're running some old Android version and you block Google Play Services from updating, will the Play Services stop working entirely and brick the kiosk phone/tablet?
If this was a change required in the next version of Android, then I could kind of understand. You buy a new phone and this is the Faustian bargain you choose to accept. Google's search ad cash cow is dieing. Time to milk all their assets. Google obviously doesn't want people making money off of their Android work - to me this was inevitable. But the fact they're forcing this down the throats of existing users.. this seems messed up and maybe illegal?
People using LineageOS, Calyx or alike will be unaffected. The other 90% of western android users will be affected.
Where are you getting your information btw?
No idea if they'll also decide to enforce it with the Play Services at some point.
It will be a long tough uphill battle, but digital freedom is possible.
Purism is for example providing the Librem 5 phone with PureOS. Closing the app gap is big challenge, but I use the Librem 5 as my daily phone. Yes, I may have some inconvenience, but I have freedom, and the software is getting better and better.
For more info see also:
* https://puri.sm/posts/googles-new-sideloading-restrictions-w...
* https://puri.sm/posts/closing-the-app-gap-momentum-and-time/
to where? Everything else is either worse or non even remotely close to matching Android's features and accessibility.
Before it was Linux and now it's Ubuntu Touch, sure it's not perfect but it's a very much usable system which needs more people to try it out as their daily driver. I made the shift a month or so ago because I don't want to have to choose between two evils.
You don't need to be using Android to run Android apps.
Other people who paid over $1,000 got their shit out of date phones before me! Fuck Purism. They can go die in a fucking cesspit.
That would be illegal in Germany, and probably also in other EU countries. Only the gouvernment and banks are allowed to make copies of IDs. Alle others aren't. Can get you in serious legal trouble. Not that a data hog like Google would care.
I'm a bit worried by their lack of focus, though - looks like they are spreading themselves a bit thin, they are trying to build a lot of different gadgets all at once (keyboards, speakers, laptops, headphones, etc). Building a phone is hard enough, trying to build all other things might dilute the valuable development resources.
I'm curious if you know of any reason to buy Shift besides specifically supporting German economy instead of the Dutch one
And would you know why they don't work together? At least on the software side that's easy to do remotely. I know Fairphone has been struggling to catch up with the machine learning and other services other vendors are adding on top of e.g. the camera sensor to get good photos. They seem to be doing better now but Shift seems to still have a lot of software bugs, eyeing their forums
You're not looking far ahead enough. Use of these alternatives will be banned.
I already cannot use any of these alternatives: all cell phones must be certified to be imported into Brazil, and so far I could find none of these alternatives certified by ANATEL. My only options are Android, Apple, or non-smartphone "feature phones" (they still exist). Yes, Brazil is one of the first countries on the list for this change from Google, and Apple already does something similar.
But can you elaborate on how this is enforced? Probably by requiring IMEI registration? (supposedly with a carve-out for tourists, something like "a new IMEI can be used for two weeks without registration, after that it stops working")
If it's IMEI-based, then probably you can still have an alternative phone that will use WiFi hotspot from the "certified" one. Speaking from experience here - we had a problem in Indonesia where we were unable to register a phone due to bureaucratic shortcomings, and so we bought a cheap phone to serve as a hotspot. Inconvenient, true, but still workable.
Also, I don't know how IMEIs are implemented at hardware/software level. Maybe there are ways to spoof them somehow?
The import is rejected by customs. Yes, this means there's the small loophole of traveling to another country (which is usually a long travel, this country is huge and the ocean is wide), buying the phone there, and bringing it back with you.
I don't know whether the carriers do reject phones with IMEI pointing to a non-homologated model used with a SIM registered to a Brazilian carrier (that is, not roaming).
> If it's IMEI-based, then probably you can still have an alternative phone that will use WiFi hotspot from the "certified" one.
That takes me back, it's exactly how I used my pre-smartphone PDA, tethering to my phone through Bluetooth. Yeah, that would work (it's exactly how I use my laptop when I can't use the normal Internet connection), were I able to import the thing in the first place.
I'm a frequent traveler, so I tend to overlook that not all people have that option, apologies for that.
But in many countries where there are some restrictions or crushing import taxes, I saw that there usually quickly appeared a flourishing network of people that utilize the travel loophole to bring in the necessary items - some even build sort-of-a-business out of that. Many just ask their travelling friends to bring them phones they desire (I've been such a friend on multiple occasions).
If it's the latter, buying a pixel to run Graphene might be a particularly solid counter.
(Also, losing to competition seems to be the only way companies nowadays can perceive loss of users' trust)
In the meantime, I guess it is time to return to degoogled Android, for me at least.
Another good example of Google's worst instincts, though: backups. The backup API can only be implemented by things which are included at build time, so apart from e/OS/ I've never seen an option except Drive. (e/OS/ supports nextcloud as a target)
In my opinion, Google is doing that to keep control as there is now the European regulation that said that they can't force manufacturer to install exclusively what Google asks them to "to be certified". So, in theory there could have been big brand smartphones with only the vendor or alternative app store by default anytime soon without this change.
We really need to get off these abusive rent-seeking spyware platforms and go for something similar to how Linux distros or various BSDs work. The main hurdles are the hardware, drivers and essential applications like banking and transportation. The hardware is an even bigger problem than the OS platform itself. But this is getting desperate. We really have to start moving in that direction before we're left with nothing else.
- you will have to obey corporations
- sooner or later everything will work using digital ID, or some other IDs
- sooner or later phones, PCs, browsers, will be locked in
- majority of populations will have no problems about that, aka golden cage
- I do not such a future exists when it will not look like this
- I am uncertain what is the future of open source. I think it also will be regulated by accounts, digital IDs. You will not be able to participate in open source without verification
This is the deepest root of the problem. Decades of psychological conditioning took effect.
No future is 100% predefined, my friend. Please do believe.
"Dear citizen,
Thank you for contacting us and sharing your concerns regarding the impact of Google’s plans to introduce a developer verification process on Android. We appreciate that you have chosen to contact us, as we welcome feedback from interested parties.
As you may be aware, the Digital Markets Act (‘DMA’) obliges gatekeepers like Google to effectively allow the distribution of apps on their operating system through third party app stores or the web. At the same time, the DMA also permits Google to introduce strictly necessary and proportionate measures to ensure that third-party software apps or app stores do not endanger the integrity of the hardware or operating system or to enable end users to effectively protect security.
We have taken note of your concerns and, while we cannot comment on ongoing dialogue with gatekeepers, these considerations will form part of our assessment going forward.
Kind regards, The DMA Team"
The DMA is in fact cementing their duopoly power, the opposite of the objective of the law.
1. You cannot expect a public body to take a legal conclusion with significant financial impact on the basis of a single citizen report or in reply to that report. This takes analysis, technical and legal work, etc. So your expectation that they respond to your message eith something akin to "of course, you provide evidence of a breach. I, the single case officer responding, confirm the facts are true. Thanks for telling us we will now fine them 5 billion" is a bit unreasonable.
2. I don't see how even inadequate application and a non-committal response leads to the conclusion that this is intended to (or even just allows) to entrench the Android/IOS duopoly.
Both judging or supporting are conclusions. The message is more supporting than necessarily required and that also can have a significant financial impact. If there is even some unclarity, they should just state that they are investigating it, while noting that DMA may allow this. Otherwise this creates foothold for Google, which is not fair either.
I find it rather infuriating, to get treated like a low rightless peasant, as if to say: "How dare you speak to us above?"
It is the difference between people doing their job and being transparent about it. An answer like: "Thank you for reporting, we currently are already looking into this and are taking your report serious. Please note, that drawing legal conclusions takes time, but that we will keep you updated, when we reach a conclusion." would already be great. To know, that one didn't just waste ones time, but that actually people there hear and look into things.
That is, assuming, that there actually is something significant at hand. If it's rubbish, then no need to get processes started.
But my initial reading of F-Droid's explanation was "hang on, Google are going to get slammed for the same thing Apple got slammed for" so I hope they do come to the same conclusion and do it quickly, before F-Droid is entirely dead.
Maybe that's Google's intention - that the time lag on enforcement is going to be long enough that they achieve half the goal anyway.
> that the time lag on enforcement is going to be long enough that they achieve half the goal anyway.
Everything hinges on what "strictly necessary and proportionate measures" effectively are and the EU has yet to state if notarisation is ok. I personnaly doubt it will be considering the spirit of the law but the currently German dominated and mostly focused on German interests commission is spineless so who knows.
If you want actual change, pressure your MEP to fire Von Der Leyen and stop voting for the PPE.
Power centralization is a key component of control and we live in times of unprecedented control being exerted on citizens.
I'm from India and I cannot import any of these devices (due to extreme import tariffs) so I went with an unlocked Redmi Note 10 which I found on the used market and flashed postmarketOS on it, so that is an option as well.
[1] <https://volla.online/en/operating-systems/ubuntu-touch/>
$550.00 and 6.7" 1600x720 Eesh.
Some days it's rather depressing to think how most people would just gladly sign themselves up for slavery.
There are plenty of providers, even if you steer clear (as you should) of the big monopolies of gmail and microsoft.
But to address the specific comment,
> Try setting up a SMTP server for youself. You'll instantly get added to a spam blacklist.
I do and no. I run my own email infrastructure, including delivery. Works just fine.
it was created, and exists entirely to centralise power
[1]: the organisation itself, not the countries in it
Apple has required developer "notarization" since the very first App Store in iOS 2.0, no?
>Thank you for your email in which you raise concerns that some browser extensions are not allowed by Alphabet in its Chrome Web Store or are removed as unwelcomed extensions after they have previously been available. As you may know, the European Commission has designated Alphabet as a gatekeeper for a number of its core platform services on 5 September 2023 under the Digital Markets Act (DMA), including its browser Chrome. As a result, Alphabet must comply with a set of obligations as from 7 March 2024. The Commission has not designated its online intermediation service Chrome Web Store, since it does not meet the criteria under Article 3 DMA, to be designated as a gatekeeper. We would like to thank you for the information brought to our attention and assure you that the Commission will monitor compliance of gatekeepers with the applicable obligations as well as monitor any other core platform service that may meet the criteria to be designated as a gatekeeper under Article 3 of the DMA.
So this doesn't surprise me at the slightest. DMA, DSA and GDPR only strengthen the big american companies because they have infinite money in complying with this bullshit while smaller plays get shafted. You will never be able to "just install an IPA" on an iPhone, mark my words.
I could imagine lobbyists have been trying to do a classic motte-and-bailey there, painting the picture of some poor granny whose phone is instantly taken over by a malicious third party app, because without Google's loving oversight, every dodgy candy crush clone would of course immediately get root and bootloader access.
So they managed to get in a "common sense" exception, which they're now trying to use for things that are entirely not common sense.
At least I would find it hard to argue that a measure is "strictly necessary" to ensure the "integrity of the hardware or operating system" if everything has been working without problems for decades without this measure.
I'm considering that the UK did not take a bad decision of leaving the EU. The EU is demonstrating itself as a more and more corrupt institution that is not democratic (in the sense of doing what the people want it to do) at all.
They are also shooting themself in the foot: the USA impose to us tariffs, we make laws from which benefit 2 big American companies, instead of pushing for developing alternatives to these companies.
While I agree that democracy could be strengthened at the EU level, representative democracy for better or for worse doesn't imply the representatives' decisions have to match the public's opinion at all times.
> I'm considering that the UK did not take a bad decision of leaving the EU.
That's ironic, given that the UK has always seemed way ahead of the EU when it comes to mass surveillance.[0]
[0]: See https://www.eff.org/deeplinks/2023/09/uk-government-knows-ho... for a recent example.
"Gatekeepers"? "Ongoing dialogue"? Tell me more!
From a developer's perspective, this stipulation is obviously intended to ensure that the existing on-device protections (sandboxing, entitlement enforcement, signature checks, etc) are not permitted to be circumvented by third-party app stores. But the anti-DMA brigades have twisted their interpretation to imply that that gatekeepers are permitted to ... keep on gatekeeping.
Apple still requires that all software be funneled through its app review (they call it "notarization", but it is the exact same thing as review: developer fees and T's&C's, arbitrary review delays, blocking apps based on policy, etc.) before it is signed, encrypted, and re-distributed to third party marketplaces like AltStore. And now Google is going to introduce its own new gatekeeping for all software on Android-certified devices, which covers 95%+ of all Android devices outside of China.
The lack of alarm has been, for me, quite alarming. Every piece of software installed on billions of mobile devices around the world is going to be gate-kept by two US companies headquartered 10 miles away from each other and with increasingly authoritarian-friendly leadership.
If you have an Android device, install F-Droid today and make it be known that you won't give up your right to free software without a fight.
I'm pretty sure fraudulent marketing is still illegal.
> Telling users that your platform will allow them to run any software they like
That is mere puffery, no reasonable person could belive it....
Back then, the claim was that Android was both open and open source.
"No reasonable person would ever believe us"
The one in Utah that was already signed and the one in California plus the looming federal bill? The ones that make app stores verify kids' ages and request permission from parents?
How is F-Droid planning on tackling this?
https://docs.google.com/forms/d/e/1FAIpQLSfN3UQeNspQsZCO2ITk...
Using reproducible builds allows developers to publish apps on F-Droid using their own signing keys [1]. Those signing keys can then be verified by Google.
In 2023 already, 2 out of 3 new apps used this approach [2].
With this in mind, F-Droid should be able to continue functioning after this change by mandating reproducible builds.
[1] https://f-droid.org/docs/Reproducible_Builds/
[2] https://f-droid.org/2023/09/03/reproducible-builds-signing-k...
It's quite scary that there's no such idea being floated in the post. Apparently they're ready for F-Droid to be relegated to the realms of Google-free devices that nobody, outside of a few hardcore privacy activists, is currently willing to use. Maybe that'll change, but I doubt significantly enough for governments to reconsider which OSes and third-party stores they need to support
Thanks, Timmy Tencent.
1) Put google in control of what you can install.
2) Get google to block it.
Noting that making it harder to install does most of the job as you need you contacts to use signal before you can.
Signal is today's thing the security state in Europe & the US clearly hate and want to backdoor and destroy. So let's speculate they'd rather be able to make sure that no app, for any purpose that they don't control can survive or succeed?
https://www.kitklarenberg.com/p/signal-facing-collapse-after...
https://yasha.substack.com/p/signal-is-a-government-op-85e
https://bigleaguepolitics.com/court-docs-show-fbi-can-interc...
F-droid is essential for many apps.
I think US gov wouldn't a care about this, do we really cant do anything about this??
The Right to Run
If you own a computer, you should have the right to run whatever programs you want on it.
I always thought that this was something natural yet Google is doing the developer registration and spotify is dmca'ing/suing? revanced team just for skipping some lines of code.
it is my computer and if I want to run a open source software from f-droid, I should be able to without one of the largest companies in the world meddling in the way.
If I want to run spotify in revanced, the developers shouldn't be sued for just skipping some lines of code. Theoretically it breaches on my rights to run software.
Its my computer,my phone, my devices and I want to run whatever I want with it. I paid for it completely and I want to use it completely.
Yet more and more, its becoming as if your device is becoming something similar to license, like they are making us think that we haven't bought a phone, we have licensed it and there is a big difference.
They might want to slowly extract into even more of our rights to somehow sell a phone as a subscription even after buying it and what not, god.
Imagine google packages up a developer service where for 5 bucks we could side load the apps, that WE ONCE COULD DIRECTLY.
This isn't far off. But we have made almost our hardware like a service and that saddens me/violates my rights and I want to fight against them. Fuck big corpos. Fuck google.
Its my damn computer and none of your damn business saying what I have to do with my own computer. I paid for it completely and I am gonna use it completely.
It sucks, but it's not the end of everything...
I can have my phone right now which has f-droid and download apps directly without requiring any other device anywhere as long as I have internet access to download the apk or I have the apk
With adb, I would need to have another specific device with me which can get real uncomfortable/ be a real breaker for a lot of times.
On top of my mind, I see myself being in the metro downloading games on f-droid to see the state of open source games, I couldn't imagine myself having a laptop in that time, and neither did I have a laptop. I just had a pc back then.
Also a huge % of people who are using f-droid right now would just not do things like adb etc. which are a huge breaker I suppose and in the end it is a huge net negative for the community/ecosystem/still goes against the right to run as I had mentioned.
But I also didn't know that adb was still enabled, I had actually thought that you genuinely couldn't run any app except google's developer registration AT ALL.
but this is also a slippery slope and what prevents them from blocking that too. unless we fight against this, it sets a really really bad precedent for them to follow/essentially dictate my hardware in the future.
And how does Google enforce this? With the very same copyright laws they ignore to train their AI.
They are just gonna be given a fine and does crime just suddenly become legal of sorts as it maybe bucket change for these companies.
I'm in the market for a new phone, and I'm going to buy a Pixel 9a this week for GrapheneOS if I can reliably get notifications on it. (I already have an A05 for banking apps)
But Signal can also fall back to websockets, which I use on my personal phone and that's working great without any battery loss so I don't know how to tell the difference
Would e-os fit your use case? https://e.foundation/e-os/
Consumers desperately need specific legal rights to do what we want with the electronic devices that we've purchased, rights that cannot be overridden by the decisions of any vendor.
Apologists have always said, "Apple has a right to do what it wants with its platform." Well guess what, by that principle, so does Google. Don't worry, though, because you have a "choice" between two collaborating duopolists.
Of course they can block root access I guess...
It's my understanding that what's included in open source Android (AOSP) is FAR from a complete product and there is quite a bit of Google closed source/proprietary software that goes into the mix before it's shipped as Android (think Google Services.)
So, while you could fork AOSP and try to use that as a basis for and alternative mobile OS, it would require quite a bit of work on top of the AOSP code. This is what's done by custom ROMs like GrapheneOS (ironically Pixel devices only) or LineageOS for example.
LOS/AOSP/whatever users are a VANISHINGLY small minority of users, so "an app that only works on them" is an app that only works for a tiny minority of people. This would disincentivize developing FOSS apps altogether. A lot of projects will likely eventually die, and a lot that could have started will not.
Other companies like Motorola require you to phone home to unlock the bootloader and we saw how well that worked out for LG where once they shut down that effectively preventing devices from running custom ROMs and having root access. The biggest hurdle is that the overwhelming majority of users don't sideload software. So they aren't concerned about this at all. So all Google has to do is hold against some power users and hope there isn't a mass exodus to LineageOS or GrapheneOS. Which is highly unlikely.
The trouble is, I'm like a 5% of 1%. Most people don't run their own e-mail/calendar/contact servers. We're a tiny breed and there are very few Linux phone alternatives (e.g. PostmarketOS, PinePhone Pro .. Purism is a scam company that hasn't refunded hundreds of thousands of dollars and can go die in a fire; fucking scumbags!).
The Ubuntu Edge failed to get funding back in the early 2010s and very few devices run Ubuntu Touch.
The SoC/ARM model (no standard architecture, some DeviceTrees if companies fell like it, random pins soldered to random chips) makes it very difficult to get Linux adoption on mobile devices like what was possible on PCs.
It's a mess. The US failed by not forcing Alphabet to split Chrome or Android. The anti-trust suit results were a joke.
Last week I discovered the Geolocation API's coordinates.speed param.
Tested it with a few bike rides, it just works to display the current speed.
How many apps are there on stores to display the device's speed ?
How many people in 2025 will search for a Web app (hidden in bullshit articles) instead of downloading apps full of trackers on the Play Store ?
That might be transparent, but where is the "accountability"? There's no identification of who is involved, how are they held to account?
We have a great example of such approach on desktop: while some people decry Steam for being a monopoly, it is totally different. Users aren't forced to use it, but choose to use it, and nobody prevents them from installing epic store or whatever. This will stop monopolistic anti-user abuse in their tracks and greatly improve conditions for everybody (except Google and Apple, but after all these years, they kinda deserve it).
By the way, if that is truly implemented and not bypassable using some methods such as some developer option, I think that I will return to running a custom ROM (hoping that they would not start restricting also the possibility to unlock the bootloader, fortunately that is up to the manufacturer and you would still find phones with unlockable bootloader, or just get an older phone).
But of course it does nonetheless: https://developer.android.com/reference/android/content/pm/P...
What are someways that we can be active about this and have support for these apps everywhere. I'm in Europe . For banking apps, sure ok, I can still go tho the bank but what if that becomes unavailable for me to do. Our countries can't build software based on evil companies like Google.
Silicon Valley's so-called "tech" companies, e.g., Alphabet's Google LLC, also "prey on users through attempts to monetize their attention and and mine their intimate information through any means necessary, including trickery and dark patterns."
There is ample evidence of this behavior from a long litany of litigation where Google unsuccessfully attempted, or did not attempt at all, to rebut the evidence
It seems that app developers producing "malware"^1 would be in direct competition with these Silicon Valley companies such as Google
1. What is "malware". It could be defined as software that works against the user's interests. If so defined, the definition could vary from user to user, depending on each user's particular interests. Certainly "malware" can vary in terms of possible criminality and severity. Not all "malware" is criminal in nature, nor does all "malware" pose the same level of threat
"Do you want a weather app that doesn't transmit your every movement to a shadowy data broker? Or a scheduling assistant that doesn't siphon your intimate details into an advertisement network?"
If using "Google Apps" that come pre-installed into Android, then one can be assured that Google is using them in its round-the-clock efforts to collect such information
Google, too, is an "app developer"". For some users, Google's surveillance and data collection may be in competition with other "malware"^2
2. Using the definition of "malware" above, i.e., "software acting against the interests of the user" as F-Droid puts it, we are assuming there are users who interested in avoiding surveillance and data collection
"While directly installing - or "sideloading"[^sideloading] - software can be construed as carrying some inherent risk, it is false to claim that centralized app stores are the only safe option for software distribution."
When evaluating Google's strategy to allegedly "protect users from malware", one could ask, "Is there another way to do it?" The answer of course is yes
"We do not believe that developer registration is motivated by security. We believe it is about consolidating power and tightening control over a formerly open ecosystem."
By identifying app developers and forcing them to pay fees (consideration), these developers are entering into legally enforceable contracts with Google. Consider that the app developer, as stated above, may be in competition with Google for user attention and data collection. With few exceptions, the relative bargaining power of the parties, app developer versus Google, is overwhelmingly one-sided
Like "YouTube creators", the app developer becomes essentially an unpaid independent contractor. Payment, if any, is not in return for the contractor's work (the software). And any payment comes from advertisers. Google is only an intermediary (middleman) that takes a cut
From a user perspective, where the user is interested in avoiding targeted surveillance, data collection and advertising, is the threat of "malware" from non-Google app developers greater than the threat of malware from app developer Google. Avoiding Google's surveillance and data collection is considerably more difficult than avoiding surveillance and data collection by non-Google app developers^3
By using open source apps from F-Droid a user can easily avoid surveillance and data collection by non-Google apps. Using an app from F-Droid such as NetGuard it is trivial to avoid unwanted remote connections, surveillance and data collection initiated by non-Google apps.
Arguably app developer Google poses the greatest threat in terms of surveillance and data collection. This is in part because app developer Google also controls the operating system, the DNS settings, endpoints used by apps, major websites that most users visit, in some cases the user's hardware, and so on
Dear <Congressperson>,
I am writing to you out of deep concern regarding Google’s recent decision to require all Android developers worldwide to register directly with Google by providing personal government identification and other sensitive details as a condition for distributing their applications. While this policy may appear to be framed as a security measure, its consequences would be far-reaching and detrimental to digital freedom, competition, and privacy.
For over a decade, the F-Droid project has demonstrated that safe, secure, and privacy-respecting app distribution is possible without central corporate gatekeeping. F-Droid and similar open-source platforms provide verifiable builds, transparent review processes, and applications free of hidden trackers or predatory monetization schemes. By contrast, Google Play has repeatedly hosted malicious apps, showing that centralization is not the same as security.
The new registration decree effectively forces independent developers to surrender their personal identities to Google, erecting unnecessary barriers to participation in the software ecosystem. Worse, it would prevent alternative app stores like F-Droid from continuing to operate, depriving millions of users of trusted open-source applications and their ability to freely choose how they use their own devices.
This is not only a matter of consumer choice, but of civil liberties. Forcing creators to register their identities with a single corporate gatekeeper in order to distribute software is analogous to requiring authors or artists to register with a private company in order to publish their works. It strikes at the heart of free expression and innovation.
I respectfully urge you to take action to prevent this consolidation of control. Whether through competition oversight, digital rights protections, or support for open-source distribution, Congress has a role to play in ensuring that security justifications are not abused to restrict user freedom and entrench monopolistic power.
Please help preserve a healthy, competitive ecosystem where developers can create freely and users can choose openly — without unnecessary corporate barriers.
Thank you for your attention to this urgent matter, and for your continued service to our district and the nation.
Respectfully,
-<Your name>
I wonder, excluding the freedom/device control and the price, what makes someone choose Android over iOS?
vinibrito•4mo ago
whatshisface•4mo ago
rtpg•4mo ago
Not that I want that future, but it's not like China has banned all user-administrated devices from the web. Seems odd to say this is necessary when, axiomatically, China has China's level of internal control over communication.
There's a part of me that really wishes that we could have policies around things like age verification that implictly understand the existence of workarounds and accept them. If we're going to have these policies, anyways.
dudisubekti•4mo ago
Well mostly, aside from some exceptions like (allegedly) Apple's AirDrop limitations.
Many Chinese brands still support unlockable bootloader: https://github.com/melontini/bootloader-unlock-wall-of-shame...
Although going forward, there's a strong incentive for manufacturers to follow Google and lock their devices.
anonzzzies•4mo ago
g-b-r•4mo ago
whatshisface•4mo ago
asmor•4mo ago
jonathanstrange•4mo ago
shirro•4mo ago
There are draft documents across a range of services including search, social media and internet carriage.
The most relevant ones for Android are:
- app distribution services https://onlinesafety.org.au/wp-content/uploads/2025/07/CLEAN...
- manufacture supply of devices (including operating systems) https://onlinesafety.org.au/wp-content/uploads/2025/07/CLEAN...
The future is looking bleak for open computing and open hardware. They have gone from being a place of education, freedom and empowerment to a loophole in regulation.
3abiton•4mo ago
pjmlp•4mo ago