Do not accept the premise of assholes.
I hope we can get the EU to fund a truly open Android Fork. Maybe under some organisation similar to NL Labs.
--- edit ---
Furthermore, the need for a trustworthy binary to be auditable to a certain hash or something would make banning this a simple task if Google would want to go that route.
How are things in the EU on whether it's legal to buy a SIM card without showing ID?
In some EU member states this might be fine, but definitely not all.
> Your local drunkard will be happy to get $10 to buy a SIM card for you.
Buying a SIM card was always the easy bit. Getting it activated may not be, it depends on which country you're in.
https://www.telekom.de/prepaid-aktivierung/en/start
"For the Selfie-Ident you identify yourself with your identity card, passport or residence permit. (Selfie-Ident is currently possible worldwide with the German ID card, residence permit and passport. Alternatively, you can use Video-Ident and identify yourself in a video call with an employee.)
Important: Temporary identification documents are not supported due to internal check. You need a tablet or smartphone with a camera and an internet connection."
And even in that case, doing this for a long period of time violates most roaming policies
In some places your plan will be cancelled for roaming beyond a certain number of days or quantity of usage. Telecom laws and polices vary widely.
https://en.wikipedia.org/wiki/European_Union_roaming_regulat...
The task, therefore, is to convince enough politicians to establish an independent unit that can address this issue without direct political influence.
Fund the unit with enough money so that it can take care of the cybersecurity and sovereignty of all citizens.
A side effect of this would hopefully be that these politicians would then be digitally literate enough to recognize nonsense such as chat control as such and reject it outright. I hope that most politicians would not really want such omnipotent surveillance tools if they could truly grasp their scope.
It varies per country. In some you can just buy one (or more) SIM cards at a supermarket without any ID.
Edit: Google could ultimately use that as a lever in licensing deals with manufacturers. It'd marginalize everything.
Wasn't this kind of solution considered and sort of dismissed (because of too much centralization iirc) by F-Droid (can't find the reference now)? It seems like something that's worth trying, but in the end it's just a band-aid. If it gets any traction Google will shut it down. The real disease is dependence on a duopoly of (quasi)-proprietary OS for the dominant computing platform of our time.
1. The loader will just get banned.
2. The application ID and permissions are that of the loader. To have different applications with separate data and permissions you would need multiple copies of the loader.
3. You miss out on other android security features such as application signing validation for updates.
To me, the attention to these verification changes seems misplaced. We need to defend the ability to unlock the bootloader, pressure Google to revive AOSP and then encourage people to switch to a more user-friendly OS.
You're already unable to install what you want on a stock OS due to Android permission model treating you as a third-class citizen, after Google and OEMs.
Despite that, there are some things that should not be for profit in my opinion. A good OS platform is one such thing.
Android may ultimately win the arms race, but if they want to be evil, we should make their task as tedious as possible.
Google will simply revoke the keys for the "loader" APK. But that's fine for malware, its authors will just use the next stolen credit card to register a new account.
That's also why this has nothing to do with security.
And a day after you release, Google will say "Oh no you don't" and unverify your app, preventing it from being installed or run. Which is you know, kind of the point of this maneuver.
I believe devices I own should let me do whatever I want with them and I agree that the verification is BS, but I'll work around it in the ways I can which means building more for the web.
If that ever drops the open pretense (since both traffic and trust authority are largely centralized and thus easily controllable) then I'll only write for self hosted linux boxes.
We as individuals can only do so much. We'd need actual organization and some measure of political power to do anything more since normal people do not care about this.
The tl;dr is that a PWA implies an app which is based in the cloud. So suddenly you need a server, and you need to store user data, which means costs and dealing with privacy and security.
If something could be built as a native app without depending on a central server, it could also be built as a PWA without a central server. You don't need to store user data centrally at all, just because it's a webapp. You can just have the clients use localStorage or IndexedDB or whatever.
You still have to host the static files for the webapp itself, but that can be made very cheap.
Of course, API feature parity between native and web apps is a separate issue. But the argument about server costs doesn't seem like a good one.
There are other APIs that allow you to store binary data directly (which you'll probably want if you're storing large files) and also to use/request larger quotas.
I'd imagine Google would plug any major holes in their soon to be closed garden, assuming that is their intention. So this and any other fix to the problem of 'install app through not-Google Play' that goes via technical means that Google can just cover up after a month or two doesn't actually move the needle any meaningful amount.
In the same vein, using adb isn't a real solution to that same problem for most people, since having to use adb is a massive jump in required effort that's going to leave all the normies behind, with only the super-dedicated willing to go through the hassle, and an equivalent amount of developer effort is going to be left behind as well, since their audience just got decimated, and they themselves might not even bother to develop something that even their dad or sister is going to bother/be able to install. Anything that's much more complicated than 'go to website, download thing, run thing, click your way through' doesn't solve for this.
The actual problem is to have Google not be knobheads about it, and the only way that's realistically going to happen is through the law, but that's not looking all that likely in my view.
Right back to Symbian signed AppTRK and rolling back hardware clocks. Great.
gruez•7h ago
p_l•7h ago
They don't do it out of goodness of their hearts, which is why it's more solid than relying on goodwill - Microsoft simply has an offering that depends on that for certain high profile clients.
XorNot•6h ago
Frankly they should still be getting sued for the way Edge and Cortana are bundled.
leptons•5h ago
torstenvl•4h ago
jcelerier•4h ago