From the post:
> Regardless, the term “sideload” was coined to insinuate that there is something dark and sinister about the process, as if the user were making an end-run around safeguards that are designed to keep you protected and secure. But if we reluctantly accept that “sideloading” is a term that has wriggled its way into common parlance, then we should at least use a consistent definition for it. Wikipedia’s summary definition is:
> the transfer of apps from web sources that are not vendor-approved
The opening two sentences of the linked-to Wikipedia page on sideloading:
> Sideloading is the process of transferring files between two local devices, in particular between a personal computer and a mobile device such as a mobile phone, smartphone, PDA, tablet, portable media player or e-reader.
> Sideloading typically refers to media file transfer to a mobile device via USB, Bluetooth, WiFi or by writing to a memory card for insertion into the mobile device, but also applies to the transfer of apps from web sources that are not vendor-approved.
The phrase after the "but" in the second sentence isn't the "summary definition". It's the part of the definition that best supports your argument. Cutting the Wikipedia definition down to that part is deceptive.
Also in the post:
> Regardless, the term “sideload” was coined to insinuate that there is something dark and sinister about the process, as if the user were making an end-run around safeguards that are designed to keep you protected and secure.
Immediately later in the same Wikipedia page is a paragraph that is literally about how the word was coined:
> The term "sideload" was coined in the late 1990s by online storage service i-drive as an alternative means of transferring and storing computer files virtually instead of physically. In 2000, i-drive applied for a trademark on the term. Rather than initiating a traditional file "download" from a website or FTP site to their computer, a user could perform a "sideload" and have the file transferred directly into their personal storage area on the service.
That's funny. The history of how the word was coined and the post's claim about how it was coined aren't similar at all. Weird.
Wat?
Everything after the "but" is what Google means when they use the term sideload and is the only important part of the definition for f-droid's purposes. The other definition is completely irrelevant and, I would argue, hardly ever used anymore.
Per the original definition, how exactly am I "side loading" if I go to the epic games store and download and install their epic game store APK?
But that isn’t the point people are angry about. The point is that sideload was a misnomer. Correctly Android users were able to install packages and now cannot. This is anti consumer and breaks the social contract.
Anyway this is so disingenuous that I think it’s astroturf. Here’s the meme we should’ve spreading: Chrome and Android should be broken off from Google. Apple should be forced to allow sideloading, at a minimum, same as any other computer. Phones and tablets should be valid targets for custom OS.
Not only has nothing happened yet, but this is also untrue.
This is a conspiracy theory; as there is no evidence that it was deliberately invented to be malicious (it started as a trademark from a company called i-drive). The term almost certainly became popular after the name of the Android Debug Bridge command, `adb sideload`. The adb command naming makes sense considering the phone is plugged into a computer, for installing content externally when the phone could not otherwise "load" the content.
And the fact that `adb sideload` is where the concept originated does nothing to dispel the way the term is frequently used in a derogatory fashion these days. It's wielded as a bogey man to make people afraid of unsigned applications. Despite the fact that many perfectly signed applications are full of malware and dark patterns.
Also, FFS, this is hacker news. Why on Earth would be arguing in favor of Google locking down how I can install software on my device.
I appreciate the fairly high level of review that apps get and I completely back Apple's right to control what runs on the OS they developed. Similarly, if _you_ want to run an OS you got from XDA on your Android device and install random stuff, I'll be the last person to stop you.
Hacker news readers are part of the small circle of people who have probably developed a decent intuition for whether software we download is clean or not. Most folks I know do not have this intuition, and many will not bat an eyelash when their new app asks for access to their contacts, etc. Sideload should absolutely continue to be a term that discourages the average person from doing it.
Praytell, what right is this?
I completely support Apple's right to publish software that makes it difficult for unapproved software to run on it.
Similarly, I support your right to try running something else on it.
Just like my neighbor has the right to publish a browser that makes it difficult to run extensions in it, and I have the right to use a different browser.
Some people would like the phone OS to be regulated like a public utility. I do not support that, and if we _had_ to have it that way, it would be important to have the same standards for everyone and regulate _all_ phone OSes equally. I don't like the thought of what that would do to the chances of any "open" offering.
They didn't argue for that anywhere in their comment.
I think defining sideloading as "the transfer of apps from web sources that are not vendor-approved" is a good definition, because "not vendor-approved" is precisely the part I care about. The owner being able to install stuff without Google or anyone else's approval is a good and important capability for every computing device to have.
In any case, I fully agree with the substantive portions of this article. What Google is doing here is a terrible attack on consumer freedom.
I think users should be able to install whatever software they want, without any charge or other external permissions, but at the same time device and OS makers should be able to make it difficult to do so, within reason. Apparently scam apps are more common in some countries than others and is actually a problem in some countries, although I'm not sure.[1] Google did cite that as the reason for the change.[2] However, combined with the way Google has been locking down Android APIs more and more, (eg. the file system, but other APIs as well) it is concerning. At the same time those changes were also about security. I think every phone should be able to have full root permissions if you go through enough hoops without having to install another ROM. That seems to solve most of the issues here.
[0] https://android-developers.googleblog.com/2025/09/lets-talk-...
[1] see eg. https://techcrunch.com/2024/02/07/google-starts-blocking-use... at the end of the article for some examples
[2] https://android-developers.googleblog.com/2025/08/elevating-...
Your email client from F-Droid has an RCE? Too bad - better hope you update manually!
There's also the problem of some banking apps refusing to work if developer tools are enabled.
I did own a Treo and loved it up to the OG iPhone - I repaired the eff out of it in the hope that something worthy would come along. I kidded myself I would write apps for it. I'd previously played with Simbian tech (and met a very bitter Simbian team dev in London one "eXtreme Tuesday Club" meetup in 2003). I had a Psion Organizer way back and Palm pilot. I thought Palm's WebOS stood a chance. I still own a Ubuntu Phone that I don't use - single script QML apps would have been the killer, but all that's passed now.
You mean Microsoft? No backwards-compatibility with Windows Mobile to begin with (so companies can't reuse their existing investment into line-of-business apps on actually nice modern devices either), then they reset the ecosystem 2 times (once during the WP7->WP8 transition, another time during the Windows 10 transition).
https://stackoverflow.com/questions/4229029/can-you-install-...
At least we got 10+ years of real sideloading on consumer devices thanks to WP7's death.
The UK petition link appears to be broken:
* https://ec.europa.eu/info/law/better-regulation/have-your-sa...
Feedback: Closed Consultation period 17 July 2025 - 24 October 2025 (midnight Brussels time)
What is needed is: Once I have purchased a device, the transaction is over. I then have 100% control over that device and the hardware maker, the retailer, and the OS maker have a combined 0% control.
wild that you seem to think this is a gotcha question. yes, all the software I want on my devices, and only software I want on my devices
Um, yes? Constant push-updates are one of the worst tech trends of the last 10-20 years.
The bare minimum so that I can use the device I bought as I wish, even if the manufacturer later decides to "alter the deal".
Most of the time, software updates remove features, change things around for no good reason (breaking our workflows), or add unwanted features.
We really should separate pure bugfix updates (which include security updates) from feature updates. We nearly always want the former, but not necessarily the latter.
My computing devices are tools I use to do my job and run my life. I don't want those tools changing without my consent.
Except in cases like Debian (or Ubuntu LTS main collection, Redhat distribution...) which assumes the burden of backporting security fixes to a stable collection of software.
Android, in particular, is a finished product. It doesn't need yearly updates. It may need an occasional update to patch a vulnerability, but this whole "we changed the notification shade UI for tenth time because we're so out of ideas" thing has to stop.
> Thanks to DMCA 1201, the creator of an app and a person who wants to use that app on a device that they own cannot transact without Apple's approval. [...] a penalty of a five year prison sentence and a $500,000 fine for a first criminal offense, even if those tools are used to allow rightsholders to share works with their audiences.
https://www.eff.org/deeplinks/2020/09/human-rights-and-tpms-...
_____________
In some ways, I think this is even more important than attempting to bar companies from putting in the anti-consumer digital locks in the first place: It's easier to morally justify, easier to legally formulate, and more likely to politically pass. The average person won't be totally stuck lobbing the government to enforce anti-lock rules for them, consumers can act independently to develop lockpicks.
Plus it removes the corporations' ability to bully people using your tax-dollars and government lawyers.
But what's the point of defining these standards now? Is the world where this is the reality still feasible? It seems nearly impossible, unless you're an extremely wealthy and influential individual. What I'm seeing is that we never will move to a world where a device that you bought is truly "yours" anymore. Instead, we'll be renting one of the approved devices, ran by one of the tech megacorporations and overseen by your government. They will give no real way to execute any random code that you want, unless you're also licensed and vetted as a developer. They will be tightly surveilled, all information will be saved, every interaction between these devices will be controlled for the sake of security. It will be an entire web of trust, defined by the powers that be. We're seeing early attempts at it now, but we still haven't hit full centralization. But once we do, what happens then?
So to answer your question: Ubuntu will let you access the next web, and Android probably won't.
If you're talking about developing some brand new means of worldwide communications, this seems extremely improbable if done by the 1% of the rest of us (basically, hobbyists and techy people). The internet required tens of billions of dollars worth of development and infrastructure to get to this point, how will it ever happen without the sponsorship of large centralized entities?
If you're talking about leeching off the existing internet infrastructure to communicate with some brand new protocols over them, who's going to let you do that? Both companies and governments would have incentive to put a stop to this in any way possible, because it drives away customers from the manufacturers and signers of all "secure" devices and lessens the amount/value of surveilled data. It may be allowed at a small scale, but I'm not seeing how anything long-term could be established that could threaten the existing powers in any way.
Fixing that problem might turn out to be cheaper for competitors by making their platforms more open and avoiding the full responsibility as a vendor.
Basically, combine current and future legislation about electronic waste, cybersecurity of IoT and connected devices, and the carve-outs for free software and open source platforms, and suddenly it becomes much cheaper to ship a product that will run for 20 years (say a washing machine) if you as a vendor can guarantee some of this for the warranty period (1-5 years), and open up the platform to consumers and shift the responsibility at that point. Also imagine the case of a vendor going under which needs to be covered too (this would make subscriptions infeasible too).
If legislation demands this (imagine no insecure devices for 20 years), markets will do the rest.
But isn't this also exactly how the pitch will sound for what I proposed? You know, "The internet is too important and random people are allowed to upload and run random dangerous code within it with no oversight, this has to be stopped." The manufacturers will never bear the consequences of their choices, the consumers will. There might be a push to make the internet watertight by requiring all major websites and services to only allow access to "secure" devices and block all other traffic. After all, why spend money on cybersecurity when everyone can only use the (important parts of the) internet with their real names, and developers are de-anonymized?
Will this actually improve security? It seems very unlikely. But despite it, this move seems like exactly the kind of thing that's coming, because it massively benefits both companies and governments.
If i send a golang binary to someone with a mac via signal or other mediums, apple simply displays a dialog that the app is damaged and can't be run.
You need to use chmod to manually remove the quarantine flag to run it.
That for me is something that should be fined ad infinitum, because it is clearly designed to disallow non technical people to run custom apps.
Has this changed? I thought it failed to launch, but if you go to Privacy & Security in Settings it would give you the option to allow it to run?
Though yes, macOS doesn't prompt you to do that, you have to know where to find it.
On your point about security, this kind of aggressivity from the platform owner tend to backfire.
The user was already convinced to open that mail, download that file, and try to run it. Pushing the process to the terminal just means your clueless users now run the provided incantations in the shell instead, and the attack vector now becomes huge (the initial program doesn't even need to be malware)
That wouldn't be perfect, but at least the user could be prompted for a concrete action instead of a vague "this script is scary" warning.
I think it is mostly about expectations, macOS trained people that it is relatively safe to install signed apps. If your app is unsigned, Gatekeeper will refuse to run it.
but macOS lets you override any system determination, iOS does not, and Google is proposing the iOS flavor.
Because it's obscenely profitable for the platform holder to have complete control over app distribution.
Can we stop pretending it's about anything else than that? Just imagine if Microsoft got a 30% commission on every PC software purchase in the world...
But I don't think they're going to do that, ultimately users who actually care about this are an absolute tiny percentage of the market.
And weirdos like us can always just import a Chinese phone that doesn't have mandatory Google verification crap.
I don't feel like giving Google a large amount of my personal information just so I can distribute free games. Why do they need a copy of my lease ?
We would miss out a lot of creative people making software.
What I am saying is:
There is still a few points of course like being able to modify the base system. Just being able to say, kill the built in facebook is a quality of life improvement.
But it just feels like the benefits of a self owned phone os are going away even when you have it, because everything else changes around it and out from under it, so you don't get the functional benefit from it any more even when you have it.
You give up the use of things like tap to pay (would have been nice a couple times when I forgot my wallet) and drm content, hell, I can't use the stupid LG app that controls an air conditioner, and (increasingly) don't get something else important in return.
Today, there is still some benefit, because this latest change is only just now happening. I can use say, open source password manager and totp apps instead of google authenticator, and can use a pandora client that Pandora absolutely does not approve of, because the author doesn't need anyone's approval to produce the app and there is no choke point that Pandora can petition to block it. Hell why am I even talking about Pandora instead of Youtube and Newpipe? In what universe does Google EVER ratify the developer of Newpipe? (Wait, for that matter, what developer? what if there's an ever-changing fuzzy cloud of 20?) Or full-fat ublock origin...or countless other things whos sole purpose and value is to thwart some will of Googles? Or like the game emulator apps that Nintendo shuts down so aggressively, etc. Those ICE tracking or merely documenting apps. Countless...
Will those various authors still bother putting in the time and effort it takes to make these apps so good when only about 18 people will be able to use them?
I imported a Sony phone to the US because they don't sell it here, and no one else sells a current flagship with a headphone jack and removable sd card and high end cameras.
I successfully found and imported the phone, and got it working on a US carrier. Yay me. It's even rootable! Yay me. Yet I still can't run Lineage on it, because there is probably not a dozen other people like me to be an audience for Lineage on this hardware, and it's too much work to do for no audience.
The fact that today most phones are unrootable means that even if you somehow get around that, you still don't get the benefit because you're such a small audience that no one is producing say LineageOS for example for you.
My individual success bucking the system still did not result in me getting what I want.
No, we can't. One of the first countries with that mandatory Google verification is Brazil, and we can't import phones which are not certified by ANATEL, they will be rejected by customs in transit.
Do you know if the Brazilian gov or regulators asked for this first from Google or something?
^: It's less spooky than it sounds, any phone in Chile needs to be compatible with the natural disaster alert system.
If you are asking why the change is happening in Brazil first, the banks cartel met with google and decided to rely on that, for security.
Obviously they'll eventually remove this because Google is hostile to things like ReVanced / some spook wants this power.
I'm definitely not 100% sure about that though, so someone please correct me if not.
- The pairing process is kinda awkward, you need to split screen Termux and the Wireless debugging submenu, if you change windows the pairing IP and code are changed.
- The pair survives a reboot and WiFi change. You can disable the 7day revocation, so the pairing process is a one time thing.
- After a pair you still need to connect (adb connect localhost:port) and the port changes after a WiFi change or disconnect. I searched for solutions and apparently it's simple as running nmap twice¹
- It obviously doesn't work without a WiFi connection (unless is there some dark magic to connect your phone to its own hotspot).
So a wrapper seems viable if you are ok only installing apps on trusted networks.
[0]: I'm on GrapheneOS but I believe the dev menu is the same.
[1]: https://www.reddit.com/r/tasker/comments/1dqm8tq/project_sim...
EDIT: Even more googling, the whole setup already exists in Obtainium (i.e. F-Droid but with Github Releases) apparently so apps show up as being installed via Play Store and subsequently be usable in Android Auto⁵.
So hypothetically you can install stuff day one on a stock phone after this atrocity is turned on.
[2]: https://shizuku.rikka.app/
[3]: https://f-droid.org/en/packages/com.aefyr.sai.fdroid/
[4]: https://f-droid.org/en/packages/io.github.samolego.canta/
* Search for "Smartphone-1 to Smartphone-2" "adb tcpip 5555" in "Motorola moto g play 2024 smartphone, Termux, termux-usb, usbredirect, QEMU running under Termux, and Alpine Linux: Disks with Globally Unique Identifier (GUID) Partition Table (GPT) partitioning": https://old.reddit.com/r/MotoG/comments/1j2g5gz/motorola_mot... (old.reddit.com/r/MotoG/comments/1j2g5gz/motorola_moto_g_play_2024_smartphone_termux/)
* Search for "termux-adb" in "Motorola moto g play 2024 Smartphone, Android 14 Operating System, Termux, And cryptsetup: Linux Unified Key Setup (LUKS) Encryption/Decryption And The ext4 Filesystem Without Using root Access, Without Using proot-distro, And Without Using QEMU": https://old.reddit.com/r/MotoG/comments/1jkl0f8/motorola_mot... (old.reddit.com/r/MotoG/comments/1jkl0f8/motorola_moto_g_play_2024_smartphone_android_14/)
You have the right to install whatever you want on your computer, regardless of whether that computer is on your desk or in your pocket. That's a hill I'll die on. I'm dismayed to see that this sentiment is not more widespread in this of all communities.
That is not a fact, that is your opinion. Lots of people say "sideload" without trying to convey such negative meanings. For better or for worse, the term has entered the common lexicon and I very rarely see it used with negative connotations attached to it.
Sure, but they effectively do even if they're not trying to. It comes off like you're up to no good or doing something dangerous. Like GP said: deviant.
What specific acts are referring to? Is it just their recent plans to restrict sideloading? This feels circular. "Google is evil because they're trying to restrict sideloading. They're also extra evil because trying to demonize sideloading. How? By restricting sideloading!"
>It comes off like you're up to no good or doing something dangerous. Like GP said: deviant.
Yes, but only insofar as if you're not taking the primary route, you're taking the "side" route. Or you're "deviating" from the intended route. None of that actually implies you're a "deviant" for doing so, any more than a driver taking side streets to shave 30s is a "deviant".
No, it made all the pro-sideloading people (for lack of a better term) find any reason to hate google even more, including flimsy arguments about how "sidleoad" is some sort of sinister psyop. I still haven't seen any evidence to suggest "sideload" has any negative connotations to the average "normie", beyond its meaning of "install from third party source"[1]. All I've seen are endless speculation that it's a google psyop in techie/hacker[2] circles, like this post.
[1] see also: https://news.ycombinator.com/item?id=45738997
[2] as in "hacker" news
https://www.apple.com/tr/privacy/docs/Building_a_Trusted_Eco...
> Lots of people SAY "sideload"
It's almost like you didn't read the post
Can you corroborate this? At least for me, the whole idea that "sideloading" has negative connotations only came up as a result of this debacle, and the only evidence I've seen are some very careful readings of blog posts from Google. The word itself hardly has any negative connotations aside from something like "not primary", which might be argued as negative, but is nonetheless correct.
>You don't "sideload" software on your Linux, Windows, or macOS computer: you install it.
Right, because those devices don't have first party stores. Windows and Mac technically do, as does some Linux distros, but they're sufficiently unpopular that people don't think of them as the primary source to get apps. Contrast this to a typical Android or iOS phone.
And even when people install software on their user's home only, we don't call it anything different.
It's correct to say that "sideloading" was created to emphasize it's a deviant activity. I believe it was created by the people doing it, when they discovered hacks that enabled them. But I wouldn't be too surprised it was created by the companies trying to prohibit software installation.
>And even when people install software on their user's home only, we don't call it anything different.
But even on Android the word used is "install". When you try to install an apk, the button says "install", not "sideload". "Sideload" is only used in the context of google's blog post, where it's there to differentiate between installs from first party sources vs others. This is an important distinction to capture, because their new restrictions only apply to the latter, so something like "installing isn't going way" wouldn't make sense. "sideload" captures this distinction, and is far more concise than something "installing from third party sources". Moreover this sort of word policing reeks of ingroup purity tests from the culture wars, eg. "autistic vs person with autism" or whatever.
Aren't those all considered first party apps? Sure, debian aren't the authors of nginx or whatever, but they're the people building, packaging it, and adding patches for it. It's a stretch to compare them to the play store or app store.
For one, it doesn't contain non-free software, and therefore can't be the primary source of software. Maybe you're a Stallman acolyte who only runs free software, but that's not feasible for the average user.
The average Ubuntu user doesn't even have those one or two non-free programs. After all, Autodesk doesn't provide a version of AutoCAD for Linux in the first place.
sudo apt install vrmsI don't think this is so much a question of sources & corroboration as it is of language.
Regardless of the origins of the term "sideload", the language implies a non-standard practice. The prefix "side-" may be used in some software contexts to describe normal, non-deviant software, but only in cases where the software in question is considered auxiliary. In general, anything described as "side-*" is connoted to be surplus / additional / non-primary at best - adding that to the term "load" & the loading action itself is surplus/additional/non-primary. It's automatically considered non-standard.
> those devices don't have first party stores
This only supports the argument. If somebody felt an alternative term was required on Android because the first-party store was the primary source of software, the only reason they could have for needing such an alternative term would be to explicitly differentiate that alternative source as unofficial/non-standard.
Because it is non-standard. Like it or not, the intended experience is that you get apps from the play/app store, and for most people that's exactly what they do. This is a descriptive statement, not a normative one. Accepting it doesn't imply you oppose the freedom to run whatever code you want. The language of "sideload" or whatever is directly downstream of this. Just because google is using language that reflects the current state of affairs, doesn't mean they're engaging in some sort of sinister psyop with their word choice, as the OP is trying to imply.
It's both. It's not like "sideloading" is a part of natural language that just happened to evolve this way to describe the practice. The terminology was consciously chosen by the same people who designed the OS to describe it. The people who argue against using this term aren't doing it in some accusatory way, like "you use this term, therefore you're an evil brainwashed minion of the enemy", but rather by using language to not set up their argument on the enemy's terms, no matter how insignificant.
It's like how "jaywalking/jay walking" was popularized - the term itself was pretty crass for the time, the word "jay" conjuring thoughts of some kind of drooling, unintelligent yokel. Back when car infrastructure was still in its infancy, how would you argue that cars shouldn't dominate all streets and cities when the government- and industry-approved name for your action was literally "stupid walking"?
That makes sense because as you said, "the word "jay" conjuring thoughts of some kind of drooling, unintelligent yokel". The same can't be said for "side", aside from vague accusations that it's not "official" therefore normies think it's bad, but I can't see how you can get away from that accusation without using meaningless phrases like "type 2 install" or whatever (though I'm certain that would get similar amounts of ire for being "second class citizens" or whatever).
Once again, this is the point.
> it doesn't imply you oppose the freedom to run whatever code you want
But it does.
Let's first look at what's good about "intended experience" & possible legitimate reasons to have a differentiation between "vendor-approved" 3rd-party apps & non-"vendor-approved" 3rd-party apps.
The connotation of an "intended experience" is that the experience is supported by the OS vendor. If you have issues with your experience, these are issues that can be reported & the OS vendor will endeavor to fix. Leaving aside the fact that Google has no user support to speak of, even if they did, this isn't something they would every offer for 3rd-party Play Store apps regardless. So 3rd-party Play Store apps are not doing anything for users to provide them with an "intended experience" that isn't equally available sideloading.
The only other legitimate reason to have a differentiation would be to ensure the user doesn't install malware. Play Protect currently does this with sideloaded apps, so once again there is no difference in the "intended experience" from the user's perspective.
If there are no legitimate reasons to differentiate the experiences, the only reasonable conclusion remaining is that they're differentiates to dissuade user freedom.
It's pretty obvious that they think the distinction is worth having because they can vet apps they signed, rather than random apks from the internet. You might think that's a flimsy justification, but that's not a reason to reject such a distinction exists at all.
>The only other legitimate reason to have a differentiation would be to ensure the user doesn't install malware. Play Protect currently does this with sideloaded apps, so once again there is no difference in the "intended experience" from the user's perspective.
That's purely reactive (you can't scan for stuff that you don't know about), and doesn't ensure identity validation. Again, you can argue how good those reasons are, but there's at least a plausible justification for it.
>The connotation of an "intended experience" is that the experience is supported by the OS vendor. If you have issues with your experience, these are issues that can be reported & the OS vendor will endeavor to fix.
When was the last time anyone got "support" for Android/iOS from Google/Apple? At best you have random forums that google/apple staff check once in a blue moon, if you're lucky.
If you find yourself making a statement only to immediately contradict it, consider whether or not that statement is worth making at all.
Android has an APK installer built in. Opening an APK file launches the installer and installs the application, just like opening an MSI file on Windows launches built-in Microsoft Installer and installs the application.
Google have gradually added impediments to this over this years, such as a requirement to toggle a checkbox in the settings to enable installation, and later some prompts about letting Google scan the package, but calling the system's built-in application installation mechanism "not primary" is absurd.
So you're arguing that because play store installs and random .apk installs both goes through packageinstaller, the concept of a "primary" install method doesn't exist?
If we're using "primary" to mean something like "most popular", then I don't see how the term "sideloading" would make any sense to describe "not primary". Are we side-commenting here, and side-submitting HTTP requests, because we're not posting to Facebook, the primary website?
I mean, I have had instances that controlled resistance with like a manual knob, but these new devices won't let you set levels without some $30+/month subscription. It's like the planned obsolescence of the light bulb cartels of the 1920s on steroids.
Personally, I have a hard time believing markets support this kind of stuff past the first exposé. I guess when you don't have many choices or the choices that you do have all bandwagon onto oligopoly/cartel-like activity things, pretty depressing, but stable patterns can emerge.
Heck, maybe someone who knows the history of retail could inform us that it came to software "from business segment XYZ". For example, in high finance for a long-time negotiated charging prices that are a fraction of assets under management is not uncommon. Essentially a "percent tax", or in other words the metaphorical "charging Bill Gates a million dollars for a cheeseburger".
EDIT: @terminalshort elsethread is correct in his analysis that if you remove the ability to have a platform tax, the control issues will revert.
But yeah agree, this subscription thing is spreading like a cancer.
In fact, they could have chosen the latter just by wiring two lightbulb sockets in series, or in later years putting one on a dimmer.
EDIT: and, shucks, @kragen beat me to it! :-)
[1] https://en.wikipedia.org/wiki/Phoebus_cartel#cite_ref-USvGE-...
My Mum converted her homes down lights to LEDs over a decade ago. Hasn't lost a single one.
I moved into my current house 5 years ago, haven't lost a single one either.
I got one of these free energy audit things which included swapping out up to 30 or so bulbs with LEDs. Whatever contractor did it seems to have gotten the cheapest bulbs they could, and the majority of them have failed by 4 or 5 years later. So far so good on the name brand ones I replaced them with.
This is my problem. My house has a lot of enclosed overhead light fixtures, and LEDs just do not last long in them. And renovating all of them to be more LED friendly would be quite expensive.
It creates a powerful incentive to seek recurring revenue wherever possible. Since it affects things like stock prices and executives and sometimes even rank and file employees often have stock, it's an incentive throughout the organization. If something is incentivized you're going to get more of it.
In the past it was structurally hard to do this, but now that everything is online it becomes possible to put a chip in anything and make it a subscription. We are only going to see more and more of this unless either consumers balk en masse or something is done to structurally change the incentives.
Could literally replace the control software with a potentiometer (a resistor)! :)
Did it "win" more of some metric of perfusion / capital versus the other big two? Perhaps some, mostly not. Who cares. The market is dumb.
What matters here is whether the capability exists at all. When it comes to phones, I'm still leery about linux. Support isn't quite wide enough and for a device that I need 110% reliability out of we ain't there yet.
I do know one thing - the effects of closed ecosystems that caused 99.99999% of servers to use linux, will eventually come for interface hardware. Companies have periodic bouts of psychosis that make their walled gardens inherently unreliable. It's just a whole lot slower in a realm that doesn't iterate at web-speed. Will that mean everybody uses linux phones in the future? Of course not. But I do hope it will mean I get to put my own phone together with an OS I own, someday. That would be an unequivocal good.
It was ported[0] by enthusiasts to literary almost every Android phone. I have it on my $100 Xiaomi.
How much does it cost to build a barebones phone that (A) runs tuxracer and (B) makes phone calls? Librem: almost as much as an iPhone. PinePhone: You have to travel to the moon to find one for sale. FLX1: Not for sale yet (so PinePhone 2.0)
Maybe when I can buy a $100 barebones board that I can hook some AA batteries up to and make calls, and develop a little flappy bird clone, people will take notice of the market. As long as every Linux phone is some dude with too much money in his pocket thinking he'll make the next Android, it's not going anywhere. Even with tech nerds.
If anything, the fact that Google feels the need to disingenuously argue "sideloading isn't going away" suggests to me that the term sideloading has a good reputation in the public consciousness, not a negative one.
Let's just focus on the fact that Google is trying to take away Android users' ability to install software that Google doesn't approve of, and not stress so much about what words people use to describe that.
> and "installing" doesn't work because that doesn't distinguish from installing from the Play Store
You have defined installing to be specifically from play store and sideloading as everything except it.
Google isn't trying to prevent installing, just sideloading works in this sentence because of what you have already defined but you are using this sentence in defense of that....
As OP stated, installing can mean on debian as an example, installing from both apt or either tarballs. Both are valid installations
So it is the same for google/android as well yet google is trying to actively prevent one part of the installing or make it really extremely hard to do so.
It is a dangerous precedent. And I would say that it severely limits what you mean by installing.
I got an PC, and I got internet connection, usually it isn't trying to prevent what I install if I am on linux.
Yet I am on android and earlier it used to do the same but now its a slippery slope where it either requires me to use adb or keep another device at me at all times if I ever want to install software on it.
Not because its not that these phones can't do it, In fact that they already do but they are removing it, simply because they can.
It's a very dangerous precedent, but one that's difficult to discuss without having a name for the kind of installing that Google is trying to prevent.
I feel like you are having this discussion in good faith which is really nice but I just feel like saying that google is oppressing other open source appstores or just using the word installing and later clarifying can make the people feel about how dangerous it really is.
Let me be really clear. If Google can prevent sideloading and the only feasable way for 99% users is their play store which uses their policy terms which can be ever changing, chances are, that they can also prevent people from downloading your app, and can remove your app etc. as well so they can very definitely prevent installing in general as well
The only escape hatch is maybe adb but please, for the 99% of use cases, I doubt how many people would operate a computer open up the terminal and try to use adb or other scenarios, but in all ways, I think that speaking of it as an installing itself isn't so bad after all.
If Google can genuinely go ahead and do this, it would definitely prevent installation of certain app in and in of itself because play store is also controlled by google and they can also remove/prevent apps installs from there too.
I would still recommend to you / the community to say it as an installation as earlier I was also used to saying sideloading but it was only while writing this comment when I realized of how google can actually prevent installation from play store as well since they own it, its an effective lock/restriction in installation itself for all purposes.
Have a nice day.
If one limited the ability to "install from Play store", while keeping the ability to "sideload", would you say it's fair to say "installing is restricted"?
It's convenient because now we can say "Google is killing sideloading" as a very succinct way to describe what's happening when we're arguing against it. "Blocking users from installing apps not approved by Google" works equally well but is a bit more wordy. I personally prefer the latter because I think it's a little more precise, but trying to imply people have to phrase things that way or they're part of some conspiracy does nothing but alienate your supporters and distract from the real issue.
> You have the right to install whatever you want on your computer, regardless of whether that computer is on your desk or in your pocket. That's a hill I'll die on
I feel like there are some phones, I will say my honest experience, I had a xiaomi phone which required me to unlock the bootloader for me to root it/ remove the spyware that I feel it has, I never felt safe really (maybe paranoia?) but I wanted an open source operating system on it and that required me to unlock my bootloader
Which required me to create an MI Unlock / MI account which then later required me to open up a windows computer and try to do things with the windows computer
I didn't have a windows computer, I am a linux guy and I didn't want to touch windows and I tried any option available on linux (there was a java thing and some other exploit too but both failed)
Later, I tried to actually install win-boat and tried to install the mi tool in it after so many nights of work and I tried and it actually opened but it asked me for the otp to sign up but I don't know if I overwhelmed their system or not but their OTP just straight up didn't show on the phone's sim I had registered on.
That OTP not coming after 5-6 tries, I am not sure if they had detected it was win-boat or what, but idk, that effectively locks me out of ways to unlock the device and remove some spyware functionality I think it has.
I feel like this case made me feel as if although I had a device, it feels like a license when you think about it. This is true for many other consumer devices as well and thus, people accepting the fact that their devices have become similar to licenses, not hardware which they own, but rather software which they rent
> I'm dismayed to see that this sentiment is not more widespread in this of all communities.
I feel like your message is in the right heart, and its honestly okay, sad even, that some part of the community didn't respond to your message in agreement.
But Honestly, please don't lose hope because of this, You and people/foundations like f-droid,linux etc. inspire a sense of confidence for a good future while actively working on it. I was thinking of trying to host some f-droid mirror but I didn't personally because I was a little skeptical of getting any notices or anything after the f-droid team had created a blog post about something similar.
Also one thing, I would try to tell you is that you are trying your best. And that's all that matters. What doesn't matter is the past or the future or how the community responds but rather doing what you think is right with correct intentions which I think you do a perfect job in.
Doing the right thing can be difficult but maybe in a world where doing the right thing isn't rewarded as much in even mere appreciation or sharing the sentiment whereas doing the wrong thing is financially rewarded. its a complicated world we live in, but hopefully, we all can try to make it a little more beautiful for us and our future generations by trying to do things the right way no matter how hard they are, just because its the right thing.
I may speak these things but I myself regularly contradict these. So I don't feel the best guy speaking this stuff but I just want to say that f-droid really means a lot to me, a recent example is how I ditched that xiaomi phone, used my mum's old moto phone, tried to install termux from playstore but it couldn't download for some reason from play store because it was android 8 yet theoretically it should work, but I then opened up f-droid and installed it from there and I am running a termux/gitea server on it now :)
Please, have a nice day, F-droid/you deserve it, I just hope that you recognize that there are people's lives that you have touched (like my termux thing and there are countless other stories as well) and how impactful the project is.
Lets use this comment as a way to show our appreciation to f-droid in whatever ways it has touched our lives and how effectively google's recent moves are really gonna impact f-droid/ hurt us as well. How I wouldn't have been able to run git server on my phone if it wasn't for f-droid and so much more.
You write:
> “Sideloading is Not Going Away” is clear, concise, and false_
But isn't Google saying that you will still be able to sideload via ADB? Which would mean their statement is true, and that your claim that Google's statement is files is itself false?
I'm so confused why you never even mention ADB or its relevance to sideloading, which they refer to rather explicitly in their blog post. At the very least, if you think ADB doesn't change anything, you could mention it and say so. Could you explain this seemingly critical omission?
It's really sad that Apple and Google (and to some extent MS though they're just behind in this race to the anti-consumer bottom) happened upon this "solution to malware" (note: not a real solution) of "OS vendor vets and controls all software." It's a lazy way, it's an ineffective way, and it has made computers - incredibly flexible, programmable devices - more like cable boxes or telephones from past decades, that you had to rent from a monopolist and had no control over.
They want to punish customers for electing regulators who care about consumer protections.
This is large scale abusive boyfriend behavior, doubling down.
Anyone who defends google/Android has been heeled in fear.
Unless any government powerful enough has reason to make Google reject developers. Hell, doesn't even have to be a government. Do anything that annoys Google, goodbye rights for your app to be installed on any Android. Why would you ignore the obvious and main caveat? It doesn't matter what store it "continues to work on". Google can revoke privileges overnight with little to no recourse for the developer, regardless of the merit of such action, the usefulness of the app, or how much people want/need that app. This is literally heading in the direction of Kafkaesque.
If there's some ADB command that one can issue to install unsigned APKs for now, it's a temporary reprieve at best. Two Android versions later, the update from Google will read "Only 0.02% of users installed apps using adb, but the corresponding malware incidence rate was 873% more than the Play Store. Due to the outsized risk, we're disabling adb installations going forward"
Of course _maybe_ at some point google will also force you to submit your debug key to them. But I don't believe that's the case now.
0. Developer has valid signatures and in Google's good graces, and application hasn't been installed on more than 16 devices
1. Oh, you CI/CD signing infra won't let you? You better fix your workflows to match the Google way.
This is so far from a realistic and acceptable substitute that I question the honesty of anyone who claims that "adb will still work, so no problem!"
I hope that explains my seemingly critical omission.
If I recall correctly (I might be wrong, because this was 10+ years ago), but Apple did exactly this when the iPhone was first released. When the iPhone first came out, Apple released its XCode devtools for free, including an iOS emulator that you could use to test your iPhone app. But you had to pay a $99 USD per year "developer program" free in order to use the devtools to test the app on your physical device.
If Google is also blocking preventing you from loading your own software onto your own phone with adb unless you pay a free, then this would be a very important thing to call out explicitly.
The adb workaround for Android is essentially on par with being able to use Xcode's tooling to install apps on an iPhone: technically possible without paying a fee, but enough friction that no one would seriously consider as an alternative solution for publishing their apps to a general audience.
Note: Apple restricts apps uploaded with Xcode, (depending on how it is signed I believe) to 7 days or 1 year. adb currently doesn't have this limit.
But what if they find that somebody made 'sideloading' 'too easy' again. E.g. somebody could come up with the idea of running adb or an adb emulator on another phone, or even a small hardware dongle, integrating it with a pretty UI that looks like a regular app shop. Then their currently proposed new rule would become ineffective and due to whatever thought process they arrived at their current conclusion, could place similar limits on adb.
No, it will not. Nothing will install an application without a Google approved signature on it. They will remove ad blocks from your Android and you will like it. "The beatings will continue until morale improves" sort of behavior.
I'm hopeful that the mystery OEM that GrapheneOS is targeting is in fact Sony Xperia. If it isn't, I'm just going to stop carrying a smartphone when all my installed apps stop working on it.
I believe f-droid strives to be a simple platform of from-source builds for non-Googled apps that anyone can use.
> Google’s message that “Sideloading is Not Going Away” is clear, concise, and false
Given your(and my) definition, this statement is false. Google isn't taking away sideloading, you can still use adb. I'd say using adb to load an apk from another device is the proper use of "sideloading".
What Google is doing is much worse, they are taking away your ability to _install_ software.
And yes, HN loves splitting hairs. But if it wasn't for the hairsplitting, there probably would be be much discussion. Just most people agreeing with you and a few folks who would prefer to give up freedom for security.
I did make a comment in this thread about the historical usage of the term sideload, although for my purposes, I was noting a historical quirk frim a unique time in the history of the internet rather than disputing any premise in your post. It was the first and only comment at the time I posted it and I was not anticipating such an unfortunate backlash that seized on terminology for the purpose of disputing your point, or for otherwise missing your point.
But it is indeed missing the point. Requiring developer registration to install is exercising a degree of control over the software ecosystem that's fundamentally out of step with something I regard as a pretty important and fundamental ideal in how software is able to be accessed and used.
1. Laptop
2. Phone
3. Car
4. Washing machine
5. Handheld GPS
6. E-reader
7. TV
Is there some intrinsic different between a device where the manufacturer has programmed it using an ARM/x86-based chip vs a microcontroller vs some other method that means in the 1st case I have the right to install whatever I want? Because that feels like what's happened with cell phones: manufacturers started building them with more capable and powerful components to drive the features they wanted to include, and because those components overlapped what we'd seen in desktop computers, we've decided that we have an intrinsic right to treat them like we historically treated those computers.
Then consoles started shipping with recognizable internals, and we had waves of people very frustrated at things like Sony's removal of OtherOS, or Nintendo's attempts to squash the exploits that enabled Wii Homebrew.
I'm asking why taking a device that uses a microcontroller and making a new model with an ARM chipset and a Linux-based OS seems to suddenly make people treat the ability to install custom software on it as a fundamental right.
Phones get a lot of attention in this regard because they've replaced a large amount of PC usage, so locking them down has the effect of substantially reducing computing freedom.
> I'd say that if you figure out how to run software of your choice on them the manufacturer shouldn't be able to legally stop you.
That's already the case. The manufacturer can't come after you for anything you do to your device. They can:
1. Set up their terms of service so that things you do to alter the device are grounds for blocking your access to cloud/connected services that they host on their infrastructure
2. Attempt to make it difficult to run software of your choice.
3. Use legal means to combat specific methods of redistributing tools to other people that compromise things they do in number 2.
My washing machine could be programmed to do all of those things you're worried about without any writeable memory. Why does the parts the manufacturer puts into it turn it from an appliance that washes my clothes to a computer that I have a right to install custom code on?
Maybe in theory your washing machine could be programmed to do those things without writable program memory. Like, if you fabricated custom large ROM chips with the malicious code? And custom Harvard-architecture microcontrollers with separate off-chip program and data buses? But then the functionality would be in theory detectable at purchase time (unlike, for example, Samsung's new advertising functionality: https://news.ycombinator.com/item?id=45737338) and you could avoid it by buying an older model that didn't have the malicious code. This would greatly reduce the maker's incentives to incorporate such features, even if it were possible. In practice, I don't think you could implement those features at all without writable program memory, even with the custom silicon designs I've posited here.
If you insist that manufacturers must not prevent owners from changing the code on their devices, you're insisting that they must not use any ROM, for any purpose, including things like the PLA that the 6502 used to decode instructions. It's far more viable, and probably sufficient, to insist that owners must be able to change any code on their devices that manufacturers could change.
Likewise, I'd be fine with banking apps on phones requiring some level of trust, but it shouldn't affect how the rest of my phone works so drastically.
For all intents and purposes, a laptop computer and a smart phone are one. This is, for example, evidenced by the fact we run general purpose "applications" on them (not defined ahead of time), including a most general app of them all (a web browser).
For other device types you bring up, I would go with a very similar distinction: when you can run an open ended app platform like a browser, why not be able to install non-browser based applications as well? Why require going through a vendor to do that?
I'm not saying I dislike the concept of being able to run my own code on my devices. I love it. I do it on several devices, some of which involve circumventing manufacturer restrictions or controls.
I just don't think that because manufacturers started using the same chips in phones as computers, they magically had new requirements applied to them. Phones had app stores before they were built using the same chips. My watch lets me install apps from an app store.
Legislation like EU Cybersecurity Act hopefully pushes things into more of a fundamental rights thing by demanding that devices don't go into the trash pile as soon as the vendor stops issuing security updates by mandating an ability to keep operating these devices without negatively affecting Internet at large (by, for example, becoming a part of a botnet).
This is already possible with many general compute devices by putting a version of up-to-date GNU/Linux or FreeBSD or... on it. And for a smaller subset of GC smartphones, with AOSP-based Android.
The plea Google makes against so-called "sideloading" always refers to "malware"
But how much malware has been distributed via F-Droid versus "Google Play Store"
It could be that smaller, independent "app store" might be better managed than Google's
That is essentially the assertion that we made in the prequel to this post (at https://f-droid.org/en/2025/09/29/google-developer-registrat...).
> But how much malware has been distributed via F-Droid versus "Google Play Store"
There's been only a single case of malware that we know of that has slipped into distribution on F-Droid (through a supply-chain attack on a transitive dependency), and it was caught within a day. So if we were feeling glib, we might have made the claim that "there is over 224 times as much malware on the Play Store than on F-Droid".
Because Google is suggesting that "malware" is a motivation/reason/justification for their new "sideloading" policy
It can be useful to show that Google's alleged justification is bogus
It's not about immediate safety, it's about safety in the long run.
I too am flabbergasted at the utter lack of integrity some show and vocally proclaim in this of all places… corporate shills every last of them.
No morals can be expected from publically traded companies. Finding a "PR firm" willing to do the lowly dirty job of going on HackerNews, MacRumors or wherever people are and blatantly lie and make stuff up shouldn't be too hard either, I can imagine.
.. A grateful F-Droid supporter and user.
There is an authoritarian slant on HN because the authority has always been on their side. They cannot understand the horror of oppression and having no choice and no exit. They have always had choice the second something is uncomfortable. This poem sums up most of HN's politics on control structures.
First they came for the Communists
And I did not speak out
Because I was not a Communist
Then they came for the Socialists
And I did not speak out
Because I was not a Socialist
Then they came for the trade unionists
And I did not speak out
Because I was not a trade unionist
Then they came for the Jews
And I did not speak out
Because I was not a Jew
Then they came for me
And there was no one left
To speak out for meThis surfaces in many types of discussions, including discussions where they may be prompted to defend the locked down nature of mobile devices.
I say it's just pockets. A vocal pocket. It's not everyone here. But it elicits comments justifying that stuff, which can feel surprising for those who don't share those views.
Perhaps you meant Leviathan instead of superego?
agreed, but i'm not going to die on any hill. i don't see much point in this discussion, these corps will do whatever they like. for me it is simple: iphone never was an option precisely because of this reason, and i've been quite content with android, but i don't think my current smartphone will run android for much longer, and the next one will definitely not.
1. It's your damn phone and you should be able to install whatever the hell you want on it
2. Having an approved channel for verified app loading is a valuable security tool and greatly reduces the number of malicious apps installed on users devices
Given that both of these things are obviously true, it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store. 99.9% of users would never see the warning either because almost all developers would register their apps through the official store.
But there is a reason why Apple/Google won't do that, and it's because they take a vig on all transactions done through those apps (a step so bold for an OS that even MSFT never even dared try in its worst Windows monopoly days). In a normal market there would be no incentive to side load because legitimate app owners would have no incentive not to have users load apps outside of the secure channel of the official app store, and users would have no incentive to go outside of it. But with the platforms taxing everything inside the app, now every developer has every incentive to say "sideload the unofficial version and get 10% off everything in the app". So the platforms have to make it nearly impossible to keep everything in their controlled channel. Solve the platform tax, solve the side loading issue.
I would instead say that having a trustworthy channel for verified app loading is a valuable security tool. F-Droid is such a channel; the Google Play Store is not. So Google is trying to take this valuable security tool away from users.
By default, F-Droid provides only the applications that they themselves have verified and built from source. They also allow the user to add other sources from other parties who the user trusts (e.g. GuardianProject, IzzyOnDroid, and others[0]).
Google provides any application uploaded by any anonymous third-party who signs up as a developer (and in future, provides the required ID).
This is what has made Linux distributions the go to for secure OS to run on your server: even if malware or bug leaks in, you have a full security trail about when and how that happened right in the open.
That's close enough to how Android already works. Google wants to additionally prohibit installation of apps unless they're signed by a developer registered with (and presumably bannable by) Google.
> Having an approved channel for verified app loading is a valuable security tool and greatly reduces the number of malicious apps installed on users devices
These are claims that Apple and Google make to justify their distribution monopolies, and you are repeating them as fact. I don't think it's true, and cite as evidence both major app stores and the massive amount of malware in them.
Don't parrot anti-competitive lies from monopolists.
> Given that both of these things are obviously true, it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store.
Google already does this. They've always done this, and it has always been a bad thing because it disadvantages app stores that try to compete with Google Play. Imagine you want to sell an app, and your marketing materials need to include instructions on how to enable "side loading" and tell people to ignore the multiple scary popups warning about vague security risks and malware.
> because they take a vig on all transactions done through those apps
This has already been litigated and federal judges ruled that they must allow devs to use third party payment processors. Look up the Epic Games cases against Apple and Google.
> In a normal market there would be no incentive to side load because...
This is nonsense. "sideload" just means to install something outside the Play store. In a normal market, there would be every incentive to do so, as consumers would be able to choose from multiple app stores. Users don't care where an app comes from, as long as they can figure out how to get it.
This is true, but it's also not the main vector of attack. The primary threat is that the user is intending to download $WELL_KNOWN_APP and instead downloads a compromised binary from a malicious third party and is instantly compromised. The app stores make the probability of this essentially zero.
It is an obvious solution, and it's a good first solution. This popup already exists.
A problem in security engineering is that when people are motivated (which is easy to achieve), they will just click through warnings. That is why, for example, browsers are increasingly aggressive about SSL warnings and why modifying some of the Mac security controls make you jump through so many hoops.
The usual take on HN is take the attitude that the developer is absolved of responsibility since they provided a warning to the user. That's not helpful. Users are inundated with stupid warnings and aren't really equipped to deal with a technical message that's in between them and their current desire. They want to click the monkey or install the browser toolbar. The attitude that it's not my problem because I provided a warning they didn't understand doesn't restore the money that was stolen from them by malware.
That said, your point about messaging is really good, and so many times I see security warnings I roll my eyes at how badly the message is written.
However, we need a better solution than pop-up warnings. I guarantee that you have clicked through a pop-up warning that was standing between you and the thing that you wanted to do (as have I, and everyone else who has used a computer for more than a day). We very quickly learn that most warnings aren't going to affect us, and that they're just saying "are you sure" to things that we're already sure of.
We've all selected a file, hit the delete key, got the pop-up saying "are you sure you want to delete wrong_file.txt", hit "yes" (because we always have to hit yes after hitting delete), then looked at the outcome and thought "oh, that was the wrong file" too late...
I don't think it's like "MSFT didn't dare to try", but rather "MSFT was too stupid to come up with the idea". They didn't have the ability to manage it either (and till this day their Windows Store app still sucks with tons of bugs). Not to mention that Windows was already wide open, never with a restriction "you can only install these approved apps" to begin with.
Basically, not that Microsoft didn't do it, but it couldn't.
Android already does this. It's the thing that's going away.
With one switch, one nasty update (disabling bootloader unlocking on Pixels), Google could kill GrapheneOS..
Example: the loyalty card app for a local store chain - there's no money in it, I can just get some discounts when I use it. So an attacker would have to steal my phone, somehow unlock it, and then they can use my loyalty card (btw which is free to obtain for anyone and there are no tiers) to get some discounts. And for that, they have implemented a pretty decent root checker which i had to put in some effort to overcome. And there are many more like it.
99.9% of people who use Android have never, and never will, install apps outside the Play Store, and aren't even aware that they can do so.
I'd guesstimate that close to 50% of Android users know how to install an apk.
In the US maybe. In Europe, not so much. With Apple having a market share of "only" about one third and WhatsApp being the de facto default messaging app, this discussion never happened here.
Therefore your argument doesn't apply to Europe at all. Android is more than the "hacky" part. Albeit I'd really love to keep that.
As a person that tried the Pine64 ecosystem and not being able to will drivers/C++ apps into existence (like I can with web/cross platform), I did not contribute much other than buying the device/doing some videos on YT. (I bought: PP, PPP, PineBook, PineNote, PineTab)
It depended on few people working on it eg. through Discord communities
Anyway point is I saw Expensify I think they have these GitHub PRs which have $ values on them, would be interesting to take that approach, just pay for it literally eg. a GoFundMe for a feature.
Features aren’t rights, if you want a phone that let’s you run whatever you want, buy one or make it yourself.
What you’re trying is to use the force of the state to make mandatory a feature that not only 99% users won’t use, it vastly increases the attack surface for most of them, specially the most vulnerable.
If anyone were trying to create a word that gives a “deviant” feel, they wouldn’t use “sideload”, and most people haven’t even heard the term. There’s a world of difference between words like “pirate”, “crack”, “hack” and “sideload”.
If anything I’d say it’s too nice of a term, since it easily hides for normies the fact that what you’re doing is loading untrusted code, and it’s your responsibility to audit it’s origin or contents (something even lot’s of devs don’t do).
If you want to reverse engineer your devices, all the power to you, but you don’t get to decide how others people’s devices work.
"Features aren't rights" > see: Consumer Rights.
"Force of the state making sideloading mandatory is bad" > ...Except we have antitrust laws? The Play Store becomes the only source of apps, all transactions are routed through Google Billing? Not a problem for you?
"99% users won't use" > Except for when Google demands that transactions happen exclusively through Google Billing, which resulted in the release of the Epic Games Launcher for the world's highest grossing games by download.
"Sideloading is too nice" > Listen, either it's the case that "sideloading" is a threat to normies or it's not. Are normies your 1% or 99% of users? I thought according to you 99% of users won't sideload.
"You don't get to decide" > That language ties in pretty well with your fear of the use of the 'force of the state'; that tells me that you support freedom. Great-- you're right, why not let corporations be corporations and do anti-consumer things, they'll be very good to us (while they lobby the state).
Consumer rights aren’t features, and they’re very intentionally written to not be.
> "Force of the state making sideloading mandatory is bad" > ...Except we have antitrust laws?
Then sue them over those.
> Listen, either it's the case that "sideloading" is a threat to normies or it's not. Are normies your 1% or 99% of users? I thought according to you 99% of users won't sideload.
I meant that 99% of users aren’t afraid by the term “sideloading”. That you’re not using something doesn’t mean you’re afraid of it, it just means you don’t want it.
> you're right, why not let corporations be corporations and do anti-consumer things, they'll be very good to us (while they lobby the state).
Because corporations tend to die when they do anti-consumer things, but governments keep doing anti-citizen things without much trouble.
"Then sue them" > My point was that the force of the state is a necessary evil to ensure fair competition. Yours implied that the force of the state is overreach, but if you warrant that, then you wouldn't enjoy protections against corporations afforded to us by antitrust law.
"That you're not using something..." > For you to claim that sideloading presents additional threat surface to the normie consumer, you need to also claim that normie users are sideloading. This means that if 99 percent of users are not sideloading, there is no threat surface.
"Because corporations tend to die when they do anti-consumer things, but governments keep doing anti-citizen things without much trouble." > Absolutely not. The paradigm has changed from the time when you could vote with your dollar. You and I are economically and legally irrelevant (where is Congress, anyway?), and corporations like the Big G are too big to fail. They are -already- colluding with government to do both anti-consumer and anti-citizen things.
Nominatively, this is why both the government AND google do not want you to side-load software outside of their control.
Perfectly reasonable. It's important that people can decide how their devices work for themselves. No one else should decide for them.
But I'm genuinely curious how you see this principle working in practice when there's effectively a duopoly. What's the path for someone who wants to still have any choices for their device? I'm not seeing an obvious answer, but maybe I'm missing something.
Nowadays it’s not even that hard to build your own phone, but it’s not going to be a slick smartphone for sure
Yes, sideloading will still be viable from known developers.
Probably malware developers will still be free from prosecution -- what moron is going to distribute malware with their own identity attached to it? But it means when the malware gets caught (which it does) you can't just roll a new APK with a different signature. You've burned a developer identity and need a new one. Those are harder to come by, and so it rate-limits malware distribution.
(I didn't sell my acct, for the record.)
Important corrections:
This way anyone who is known to create malware or any software which interferes with Google's current or potential future revenue, strategic interests, and unpredictable whims will not be free from prosecution in the case of distributing malware, nor from digital exile and unpersoning in the case of causing inconvenience to Google.
I think we should focus on defending the slowly-vanishing ability to unlock the bootloader and fight for the core parts of Android to stay open source.. without these two, installing an APK will mean less and less until it might eventually become synonymous with installing a PWA.
Thankfully there's the likes of GrapheneOS, however, with Google's recent changes, unless their OEM partner pulls through, their days are likely numbered.
I guess if it was, people would be turning off the network permission of all the "apps that perform a trivial function, but with ads", like I always do.
-- edit --
Apparently after checking this term in the internet, I am not so sure that this process had been called this way. Maybe I'll leave it here to provoke a correct answer according to the internet rule #1 - to learn what is the correct answer, just post an incorrect answer in the internet and wait
Install LineageOS or GrapheneOS?
I feel that the root problem is that there aren't enough highly skilled low level developers willing to spend their time writing free software for mobile phones. Why do we have Linux and things around it? Because a lot of very skilled developers decided to work on it and offer it to the world.
Of course, if they could do this with Windows, Linux et al they absolutely would. And general purpose computing will, eventually, be closed and locked down, much like what we are seeing with the internet and ID laws. People would have, and did, think such ideas would be unthinkable 10-15 years ago. Yet little-by-little the screws are being ever tightened. The government wishes to tightly control the information flow and decide what is 'best for you' to see. Preferably their chosen propaganda.
Work-arounds that exist today will likely be closed and forbidden in the future. VPNs to bypass age laws, ADB to bypass install-blocks will all be obsolete. You will be required to identify yourself at all times. I half-expect Google to deprecate and remove the concept of VPN's/ADB on Android entirely and laws will be passed to that affect (restricting the apps themselves, or access to the APIs to verified Android devices/Google accounts). If you don't believe me, you only need to see [1] for the direction of travel.
There is little interest from the regulators to stop this. Perhaps the useless CMA will 'investigate' in 5 years time, decide Google perhaps abused its monopoly and then do absolutely nothing because they have no real re-course over an American company. It's likely governments support this position and will not do anything to influence a change of direction.
Eventually, Linux itself will go the same way, people are just waiting for Torvalds to retire from the project to make their moves, but make no mistake, open general-purpose computing is under threat and there is going to be little we can do to reverse the current trends towards closely monitored and controlled computing.
[1]: https://developer.android.com/google/play/age-signals/overvi...
This will most likely be expanded in the future to limit access to certain 'dangerous' APIs like ADB/VPN's etc. This can also be used 'in app' and across the entire OS to shape your experience of what you can see and do. I wouldn't be surprised if 'unlocking bootloader' required an 18+ verified device.
Nah. The only reason Google has decided to lock-down Android is because they think they can get away with it. They would have done it from the first minute except that not doing it gave them a competitive advantage in the market over Apple - back when pretending to be into FOSS and to "not be evil" was a major part of their marketing. They're ready to make the move. If it fails, they'll try to make the move again a few years from now. They don't give a shit about ICE or whatever.
https://keepandroidopen.org/ is about sending messages, which I have done and will continue to do. But I want to open my wallet.
When you install Git Bash, Vim or GIMP on Microsoft Windows, you are side loading.
Whenever you side load anything, you are robbing someone's app store of income. You are not visiting their portal to be exposed to ads, you are not seeing ads in the middle of an application, you are not paying for anything.
Or at least, not paying to them. The only streaming service I pay for in my household is Japanese TV, which uses a side-loaded application. I'm freeloading on the Android TV platform because I only paid for the hardware, and for a streaming service not related any Google revenue funnels whatsoever.
That's what it's about.
It's either a derogatory term for "software loading" or an euphemism for "freeloading", or both.
I'm not sure if your comment is satire. So I'll respond as is.
"Not providing potential further income" is not "robbing"... what is being stolen from them? Something they never had in the first place? When I lose a bet I willingly entered, am I being "robbed" of the gains?
Furthermore, who is losing if I go to F-Droid to install an open source app people wrote with no expectation of income? If Google had a better app, I would have installed it from there. Too bad everything is riddled with ads detracting from the core purpose.
There's just no way at this time in which a single computing device can run software with high reliability expectations (emergency calls), high security expectations (controlled calling/texting, banking, money transactions) at the same time as random crap from the internet and keep the user safe and secure.
The HN community is far to fixated on their own use cases to properly understand this issue and its implications which can potentially upset a person's entire existence.
The version of the your view that we are actually getting is _incredibly_ paternalistic and condescending to the general populace. The kind of society that is capable of protecting everyone from every conceivable harm comes with the kinds of tradeoffs that no one, not even the people who actually need the protection, are going to want.
Look, I'm not saying that this outcome is ideal and I hate the idea of a single, almighty platform gatekeeper. But with the world being what it is right now, draconian device lockdowns of some kind are the best option that is immediately available.
That being said, as a grandchild, I also completely understand where google is coming from. A surprisingly high percentage of users do need protecting from themselves. They are so technology illiterate that someone random tells them to install something, "it will say it's not safe, but it's actually okay, just click approve" and they will. This is why HSTS exists, to prevent uneducated users from getting pwned, by preventing them from disabling safeguards.
So, having some system of "no really, I am a power user" makes sense, even if I hate it.
glenstein•7h ago
I also recall a time in the nascent era of web file hosts, like Rapidshare.de and Mega upload, and some others that came and went so quick that I don't even remember their names, some services offered the option to "sideload" (as opposed to download) straight to their file server.