sambuccid

It doesn't solve the current issue, but in case we don't manage to push back on this, some people might not know that there are various actual linux OSes for mobile:

- SailfishOS: still linux based and seems fairly community inclusive, but the UI part of the stack is closed source. Is the only one officially allowed to run android apps, via emulation. Has existed for a very long time, it's lightweight and I think the most stable/bug-free in this list.

- Ubuntu Touch: fully open source and community driven, it uses snap packages for security, you might be able to run android apps. Last time I run it also seemed fairly stable/bug-free.

- PureOS: fully open source and privacy focused. I think it's the only one that, released with the Librem 5, can avoid using proprietary blobs for interfacing with the hardware. Seems less stable than SailfishOS and Ubuntu Touch. You would need to buy a fairly expensive-but-old phone(librem 5) to run it.

- PostmarketOS: fully open source, focused on being lightweight and revive old phones, has a huge amount of phones it has been tested on, is based on Alpine.

- Mobian: mobile version of Debian, it's fairly new on this list.

There are many more linux mobile OSes, but as far as I know these are the main ones. There might also be some inaccuracies on this post, I tested some of these a long time ago, and I never actually run the last 2.

show comments
pliuchkin

Google won't ever take a break until we all pay for YouTube Premium. I think this trojan horse is mostly because of apps like New Pipe, Vanced, SmartTube and ad blockers in general.

khurs

Android users need to switch to Graphene.

Someone needs to create a Linux based mobile OS foundation - Google's domination is contrary to many large companies interests, and if Meta and many other such companies were approached, they may well donate large sums of money in their own strategic interests.

show comments
nusuth31416

I use Android because it lets me install whatever I want on my phone, which it does not seem to me, controversial. The phone is either mine or it is not. I don't want Google's protection. Particularly, if I can't refuse it.

show comments
anilgulecha

I understand the frustration (I'm an avid fdroid user across many many devices). But this article comes off as childish with the virus/trojan/"malware vendor".

With such an article, many (including perhaps google) get the ammo to disregard what fdroid says, by branding them as childish/not to be taken seriously. for eg: no reputable news org is going to post this.

PS: https://keepandroidopen.org/ is better done.

show comments
willtemperley

> In computing, a trojan horse or trojan is a kind of malware that misleads users as to its true intent by disguising itself as a normal program. [1]

Google is Trojans all the way down. What is the true intent of almost every Google product? Data harvesting.

Every single product is spyware of some kind. They've even managed trojanize TVs by subsidising manufactuers to ship their spyware.

[1] https://en.wikipedia.org/wiki/Trojan_horse_(computing)

alok-g

This change is so significant that it feels like they are changing the product after it is sold.

Could one stop this by disabling OS updates?

sinuhe69

While attribution is a strong weapon in fighting malicious software, persevering the ability to install and run anonymous software is essential to fight authoritarian regimes and corrupt systems. If we accept that only signed, permitted software can be installed and run on users’ phones, democracy and our freedom are doomed. Regardless if it is in the West or the East, or it’s against an AI overlord.

dmos62

We can't make arbitrary changes to much of hardware and software we rely on. We can't inspect their designs, we can't reproduce them, sometimes we can't repair them. Sometimes we can't even tell that they're designed to act against our interests, and, if we do, sometimes we can't do anything about it. We are forced to choose between price and privacy, between interoperability with proprietary (or official) systems and liberty.

Android making another step in this direction is bad. But, let's not kid ourselves: we are neck deep in this cyberpunk serfdom, and have been for decades. If we were to get this Android win, it would be only a small win. I'm saying this not to be defeatist, but to remind us of the bigger fight.

How does this feudal goliath meet its end? When is enough enough?

schnatterer

Meanwhile in Luxembourg: Google loses fight against EU’s $4.7 billion Android fine https://www.msn.com/en-us/money/other/google-loses-fight-aga...

StingyJelly

We finally live in an age when I can tell a clanker that I want an app that does something that I need, connect the phone with adb and in half an hour have a working solution for my tiny problem while knowing little about android development. This is something google should embrace, not kneecap.

show comments
nirui

Emotional talk aside, there's not many good solution to this problem, unless of course F-Droid starts to make their own phones.

But then, Librem 5 Phone was just failed few years ago, telling the story that people who care about their rights are still sensitive to how much they would pay (which is a form of rights too).

Also but, there is the thing, making a phone is not easy. If you reach deep enough, you'll eventually reach the layer where you realize how solid the monopolization has become. The global telecom standards if you read them is in the hands of few companies, Boardcom, Motorola, Huawei, Nokia and such. They'll control whether or not your phone can access the network. Then there's telecom companies who runs the network, and they might have to approve your device/modem as well since they got their channel allocation from the government.

It's not easy, and it's not just the software problem.

Oh and yes, we also have the software problem. Linux, if you want to go that route, cannot be used as a mobile OS, as least not for the public, because the average people don't know how to properly secure their system, and Linux is not a restrictive-by-default system. It will be a malware nightmare if you ship Linux on a phone as is.

The best hope for now I think is for geek vendors to make more mobile/4/5G enabled Fairphone or uConsole-like product to the enthusiast market, and then you can load whatever OS on it as you want.

show comments
wolfi1

I'm still a little bit confused why the EU does not take action in this. This is definitely a monopolist overreach which has to be shutdown from the beginning

show comments
gadders

I just launched an app in the Google Play Store. I did find it a bit weird that I had to provide my physical home address to get my app listed. Not sure what I would do if someone turned up to complain. Make them a cup of tea?

show comments
foxrider

This would be the line for me. If at some point I'm unable to build an .apk and install it on my phone without Google letting me, I'm moving to Huawei.

show comments
codedokode

I wanted to use an alternative mobile OS, but they only support expensive devices like Pixels or outdated models. So I am planning to port some open Android variant. Obviously, all Google Services will be removed and most proprietary apps too. I also want to be able to manually edit permissions and remove Internet access from most of the apps, even open source. It is inconvenient that Android actually has "Internet" permission but doesn't allow the user to revoke it.

I do not need Google Play (a collection of spyware, covertly collecting Wifi points and cell towers location in my country and sending them abroad), I do not need bank apps (I have a laptop for that) so I guess I will be fine. Obviously there will be no developer verification on my device as well, and I mostly use apps from F-Droid anyway.

Good thing about F-Droid is that they build apps themselves and you can always get the sources - unlike Google Play and Apple Store that provide no sources and unlike PyPi/NPM which allows sources to not match the binary distribution.

show comments
geokon

> looming requirement that all Android developers register themselves centrally

Does this somehow also apply to developers in China? Are Chinese OSs (Vivo/Honor/Oppo/etc.) entirely forked off of Google's Android?

Is the solution to just a Chinese phone without the Play Store?

bouncycastle

Does this mean that apks that i've built and installed through adb will stop working? That would be a real damn shame.

3r7j6qzi9jvnve

related: https://keepandroidopen.org/ previously on hn

- https://news.ycombinator.com/item?id=47935853 (2 months ago, 889 comments)

- https://news.ycombinator.com/item?id=47139765 (4 months ago, 378 comments)

- https://news.ycombinator.com/item?id=47778274 (3 months ago, 68 comments)

mghackerlady

I've just stopped using smart phones. If they aren't going to give me more freedom than a dumb phone, I have no reason not to use one

show comments
krunck

Would this also be a strategy to get all Android users to have a Google account? Once you are locked in to using Google's Play Store then can then require login to even install apps. I don't have a Google account. I never will. If I am required to get one to use my phone(Fairphone4, eOS) then I will cease using the phone. There is nothing in my life that requires me to have an Android phone.

show comments
pimeys

Btw. This whole debacle made me to stop installing any Android updates. I've done my best to avoid installing even the security updates, so my diabetes apps continue working in the future.

I really need to take the time and go with Graphene OS in this device. My bank N26 kind of still allows it, but they made it harder and harder to use with certain custom checks. Looks like in the future I need a separate banking phone and my daily driver.

The device works right now how I want it. I don't want anything to change.

show comments
RandyOrion

Android developer verification program, together with recent reCAPTCHA push [1], and Manifest v2 force depreciation on chrome [2], make one thing crystal clear. When companies like GOOGLE talks about things in the name of "your security", it's a sign that they want you to sacrifice your own things, e.g., privacy, freedom, etc., for their own security. And if you trust them and show your consent by doing nothing, you pay the price.

[1] https://news.ycombinator.com/item?id=48067119

[2] https://news.ycombinator.com/item?id=48555244

show comments
WarOnPrivacy

My Android 15 handset doesn't have com.google.android.verifier process. It could be a Ulefone thing. They're especially pro-user (ex:root friendly).

show comments
binarysneaker

After many years of Android freedom and choice, this'll likely be the reason I switch back to iOS/Apple. If I'm forced into a walled garden, it may as well be the best one.

BatteryMountain

If they go through with this, I will make it my life's mission for the coming months to de-google my personal life and break any dependencies on google at work. Done with this nonsense. Shouldn't take more than a month to remove the tumor.

On my android phone:

My own launcher

My own keyboard

My own sync tool for local net

My own net tools to WoL some devices on my lan.

My own tool to control 3 proxmox servers

My own tool that parses groceries slips

My own tool that keep tracks of my vehicles events/lifecycle/purchases etc.

If they break my launcher/keyboard and my ability to use my phone in my customized way, they will NEVER see me as a client again. None of these apps are in the Play Store, they are signed with my own signing keys, which have never been uploaded to google, in fact, no google account is linked to these apps. These apps are also privacy-oriented (even the keyboard, I ship a 1mb dictionary with and it learns my own words, never transmits anything).

I will not give google my ID , neither Persona or anyone else. I'm very happy to go back to using bank card + chip + pin than use google wallet. Trust me I will walk away. I already move 4 family members off of Windows in the last 2 years, I will get them off google too.

show comments
noisy_boy

I have already migrated my government and banking stuff off Gmail. I'm fine losing my access to HN but Google can't be trusted with serious shit.

pjmlp

This kind of speech will only go with fellow technical users, most folks buying phones at the usual phone operators won't care less.

1970-01-01

All talk, no solutions from F-droid. What are they actually doing to solve it? Why not stand up their own vetting system? I'd love some technical solutions, instead this is just childish.

show comments
Timwi

How does this affect the Fairphone? If I buy a Fairphone now (which I've been considering for months now) will I continue to be able to run F-Droid and load arbitrary apps, or does it come with “official” Android that will contain the restrictions?

show comments
economistbob

It would seem to me that the best hse of resources here would be ensuring LineageOS ports to more devices than Pixels ASAP. Yet no one works on that angle.

t1234s

This is just getting us ready for the coming police state in the US. Choose your ankle monitor: apple or google.

mindaslab

It's high time we ditch evil Android and switch to something libre.

stavros

I don't understand how this is legal in the EU under the DMA, does anyone know?

show comments
xylon

Why not replace F-Droid with a catalogue of links to open-source apps hosted in play store?

show comments
slayernominee

Imo the best way to act against this is promoting custom ROMs like Graphene OS in your circle

show comments
jzer0cool

As user wouldn't you like knowing there is a non-verified app? Is it restricting And still providing way to override if you choose?

show comments
johnathan101

The frustrating part is that security features often look like malware from a technical perspective. The intent is different, but the capabilities can overlap.

linuxhansl

What Google is doing is shameful. One of the promises of Android was being more open than the restrictive Apple ecosystem.

Now that they reached penetration they do the switch - under the guise of security.

Just let me do with my hardware what I want to do it. Let it be my responsibility to install whatever I want (and stop calling it "side-loading", as if I am doing something shady from the "side").

We need to resist this! Alas, from the broader response it seems that most people just do not care.

show comments
paulnpace

A threat being masqueraded as protection is a deception. I now think this has been Google's modus operandi the entire time.

nsim

So, what's a good Linux tablet? I was thinking of trying an old Surface Pro.

spwa4

So wait ... Google intends to enforce this on old versions of android?

show comments
LoganDark

I think it's funny that they look at the phrase "malware or other harmful applications" and then only have an issue with the definition of "malware" rather than "harmful". Like, wouldn't "harmful" be FAR easier to apply in literally any case you feel like? "malware" sounds like it'd need some proof of malicious intent but "harmful" needs no such thing and is much looser.

vrighter

isn't this like the ps3's otheros thingie? Where the advertised functionality of the device was crippled after the customers bought them?

show comments
Pxtl

Maybe I've too much faith in Google, but a part of me wonders if Google doesn't want to get sued for this change. After all, their competitors have similar systems. While Microsoft's is circumventable with a few click-throughs, it's particularly nasty in that their code-signing certs are comparatively brutally expensive, too much so for hobbyist projects generally.

If Google is looking at a world where all of their competitors are using first-party-controlled signing, it makes sense for them to wonder "why not us". And if they get sued for this, that would set the precedent for all of their competitors too.

At that point the playing field would be level and platforms would be properly open.

zb3

While I hate how user-hostile stock Android is (and it's getting worse, all because of Google's ad business model), these reactions are so blown out of proportion they might only teach Google to do it the subtle way, or use such changes as a smokescreen..

24 hour waiting time? Big outcry.. Anticompetitive permission system where apps can do not that much more than websites? Nah, it's fine..

Unless you unlocked the bootloader, you were NEVER able to install apps you want, as Google had the final say what those apps could do (the anticompetitive permission system where user is the third class citizen, vendors are second-class citizen and there's only one first class citizen - Google). We need to fight for the right to unlock the bootloader and then not be restricted by the actual malware that is Play Integrity.

dwoldrich

This is more than enshittification, it feels like purposeful brand destruction.

Are governments going to institute more lockdowns? Is this some topdown control thing?

I will root this POS android phone I have and forego any Google Play services and just use it as web browser and a phone. Fuck these guys!

slowmovintarget

> Disguising itself as the innocuously-titled “Android Developer Verifier” (ADV) process, this trojan horse runs surreptitiously in the background as a system service with full root privileges, quietly awaiting an activation signal. The service cannot be blocked, disabled, or removed. Unlike a commonplace bit of malware, this extraordinary strain won’t be detected and neutralized by Play Protect (the malware scanning and remediation service that is installed on all Android Certified devices). In fact, Play Protect is itself the vector through which this virus is transmitted and installed.

> That is because it is Google themselves who is propagating ADV. And once activated, this malevolent process has exactly one goal: to block you from running software by developers who haven’t been approved centrally by Google.

The rest of the article is a claim that Google's new terms of service amount to "malware is any software we [Google] don't like."

It seems like Google is aiming for its own walled garden.

einpoklum

The temerity of Alphabet to claim to protect users from malware/spyware, when they are known to share all of your personal information and communications with the US government (Snowden revelations), is the epitome of hubris. And, also, in the world we live in, just another Thursday.

But even ignoring this - it is not for Alphabet/Google to decide whether, and how, I want protections. I want to be able to pick a sequence of bytes and install that as an application on my phone, without Alphabet having any say in whether that happens or not, and in fact without them knowing about it. It's my phone, not theirs, and the software should help me do what I need/want, not help them provide me their often-questionable services.

show comments
wazoox

I've already disabled Play Protect ages ago because it kept removing apps I had installed through F-Droid. Actually, I almost only install apps via F-Droid. I wonder if the ADV will install with Play protect disabled ?

scotty79

My iOS using friend told me that he can't even use the iOS software that he has written on his own phone. He can run the software but it expires in a week so he'd have to redeploy every few days to keep it running.

Is that right? Is that the future of Android as well?

scotty79

As a user how do I opt out? Can I root my phone and excise this crap with some tool?

If this is disseminated through Play Protect, does disabling Play Protect prevent triggering this?

shevy-java

It is time to dismantle - and subsequently forbid - Google. Too much Evil is now concentrated in this greedy adCompany. Mass-infecting so many devices on purpose is beyond compare now.

huxflux

We can't let this shit roll boys.

modzu

how is graphene these days, or is there a better alternative that can run map apps that depend on google play services (like waze)?

show comments
RIshabh235

we need to create a new os

show comments
matejzvikl

ghuu

matejzvikl

ghhj

TZubiri

>Should a developer — contrary to our recommendation — elect to register themself with Google as a “verified” developer, they should expect to sign up for an account and pay a fee, surrender detailed personal information and upload government-issued identification

Again, there is a tradeoff between protecting consumers and protecting vendors. If you protect the privacy of vendors, you do so at the expense of increasing risk to the consumers.

I don't want to be polarizing, but narcissistic is the best word to describe the position of this article. I'm assuming that when they are consumers, they would find it reasonable that their vendors provide due diligence and be held to higher standards. When they go to the pharmacy, and they buy aspirins, would they choose a tablet of aspirins from a pharmacy that doesn't ask where the aspirins came from or who the distributor or producer is? If such privacy of the producer were respected then the market would open up to actors that provide low quality, counterfeit, or malicious product.

You can't have it both ways. If you are a vendor, you are no longer an anonymous consumer. Installing a VPN, paying with cryptocurrency, using firefox and duckduckgo to avoid tracking, that's not on the table for you once you decide to be on the other side of the production market.

If you want to make software and distribute it anonymously, go ahead and submit it to one of the many malware riddled distributors that don't do any due diligence like npm, github, AUR, why must you insist on being let in a club that doesn't want you? Is it perhaps because the reputation of such club is higher because it doesn't have malware because it performs such due diligence?

At least if you are going to complain about this, do it with standard language don't co-opt cybersecurity terms, adding noise to whoever cares about actual security. If this is really a problem you wouldn't need to exaggerate or plain lie about it.

show comments
transcriptase

I think the most fun part with Google is that if some wayward algorithm decides it doesn’t like you, along with nuking your app and developer account it will probably nuke your 20 year old gmail, your kids Google Drive accounts, your wife’s YouTube premium, the Adsense account of some company you worked for in 2008, and disable your Nest cameras.

And you’ll never reach a human to sort it out.

show comments
yunohn

While I sympathize with the general negative outrage towards this change, I truly believe that people here fail to empathize with the mainstream users of Android phones.

I personally have seen every single older relative and non-tech friend, end up installing bloateare, spyware, and malware inadvertently - because they have no idea how anything in the tech domain works. And given the widespread popularity of Android (globally 70% vs iOS at 30% market share) and even moreso in lower income demographics, it also leads to rampant piracy of obviously non-essential apps like games and streaming (eg Spotify). In fact, even here on HN, almost everyone who has given their parents an iPhone has extolled the virtues of a secured AppStore/device and the peace of mind it brings.

While there may someday be a way to support both the average user and the HN power user, we are not there yet. It’s hard for me to outright reject Google/Android attempts to secure people’s devices.

show comments
mpfect

This is exactly why I use Android over iOS, for software freedom. If Google forces ADV and locks out F-Droid, they remove the single biggest differentiator between the two platforms. Making Play Protect into a forced gatekeeper instead of an opt-in security scanner is a massive bait-and-switch for users who care about digital sovereignty.

ranger_danger

> How long before they designate all ad-blocking software as malware, block installation on all Android certified devices worldwide, and permanently designate all developers of this class of software as malware creators?

Classic slippery slope fallacy.

https://en.wikipedia.org/wiki/Slippery_slope

History shows that when a "slope" appears... regulation steps in, technology evolves to solve the problem, or the culture shifts to reinterpret the thing.

In almost every case, the feared "bottom" of the slope was never reached because humans constantly built ramps or bridges along the way.

show comments
charcircuit

This is not malware. It's an official part of Google Play Services.

show comments
skybrian

I understand not being happy about what Google is doing, but it seems like F-droid can’t be trusted not to heavily spin things.

show comments