Keep Android Open
f-droid.orgExactly. The fact that we've all internalized "store" as the default distribution model is itself a win for the platform gatekeepers. On desktop, nobody calls a .deb repo or a download link a "store" — it's just software distribution. Android sideloading should be the same: download an APK, verify the signature, install. The entire debate around "alternative stores" already concedes that distribution requires someone's permission.
I have literally never thought about it like this, but I think you are right. In my mind mobile phones were always separate from other devices, kinda like consoles.
Right. Consoles shouldn't be doing it either, but here we are...
This is actually the main idea of Purism, company producing phones and computers: https://puri.sm/posts/foreshadowing-why-the-purism-logo-is-a...
Just to put out what Google actually said in their blog post [0]:
> We appreciate the community's engagement and have heard the early feedback – specifically from students and hobbyists who need an accessible path to learn, and from power users who are more comfortable with security risks. We are making changes to address the needs of both groups.
> We heard from developers who were concerned about the barrier to entry when building apps intended only for a small group, like family or friends. We are using your input to shape a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification requirements.
> Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn't verified. We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months.
It is also true that they have not updated their developer documentation site and still assert that developer verification will be "required" in September 2026 [1]. Which might be true by some nonsensical definition of "required" if installing unverified apps requires an "advanced flow", but let's not give too much benefit of the doubt here.
0: https://android-developers.googleblog.com/2025/11/android-de...
> We heard from developers who were concerned about the barrier to entry when building apps intended only for a small group, like family or friends. We are using your input to shape a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification requirements.
In classic Google fashion, they hear the complaint, pretend that it's about something else, and give a half baked solution to that different problem that was not the actual issue. Any solution that disadvantages F-Droid compared to the less trustworthy Google Play is a problem.
Even restricting the mitigation to "students and hobbyists" is bad.
I should have the right to have parents, friends or anyone use a "free" store that is not under control of Google if the user and app developer wish so. But also, somehow there should be something done to avoid the monopoly forcing to use the Google services. Like major institutions like bank, gov and co being forced to provide alternatives like a webapp when they provide app tied to the Google play store.
> I should have the right to […] use a "free" store that is not under control of Google
Yes, but we also need to stop thinking like we’re trying to please the ghost of Steve Jobs. There is no ”store”. There are installers. You distribute them how you see fit, probably through the web.
These ”alternative stores” angle is a controlled dissent corporate plan B, much like how recycling was propped up by the fossil fuel industry.
We deserve web installs without deep settings menu configurations, scare walls, or onerous processes.
The EU and every other nation with digital sovereignty concerns need to make this happen to both Apple and Google.
These are our devices. The giants are camping.
But unfortunately, it turns out that some people you interact with aren't actually your friend. That guy that seems totally legit and just wants your sister to install his fun little game/app that he wrote is actually trying to get her to install an app that's going to track your location and read all your messages and copy all your photos. To keep her safe from the "actually" bad people, of course.
By default their app cannot though because Android uses proper sandboxing and gated API access. So you actually have to give the app location access, access to your messages and access to your photos.
Well, unless you use one of the many crappy Android devices that never get security updates, are running old kernels, old vendor security patch levels, miss all Android security patches, except applying the backported security bulletins every three months (1-2 months late). Yet, Google is happy to certify them as Android devices.
It was never about security, it is about control. If it was about security, they would have revoked the GMS licenses of pretty much every vendor outside Google themselves and maaaaybe Samsung, until vendors actually started caring about security. If it was about security, there would not be as many scam apps in the Play Store itself.
Back to your sister, the proper solution is to educate her (and everyone else) not to give apps unfettered access when they ask you to, plus let Google implement more security measures that systems like GrapheneOS already have (contact scopes, sensor permissions, network access permissions, etc.).
The tricky bit with that is it would get a monopoly lawsuit from manufacturers with a lot more money to throw around quickly. The biggest problem in improving android security posture is getting manufacturers to have robust security and release updates without getting monopoly lawsuits.
It also doesn't help that mobile carriers can delay updates for months. Thanks T-Mobile.
>going to track your location and read all your messages and copy all your photos. To keep her safe from the "actually" bad people, of course.
The guy's name? Google. ;-)
Actually, what Google does is totally legit because they pester you constantly about "sharing your location/photos/installing Gemini" until you accidentally press yes, and they can say they have your consent. So they are actually the good guys.
I concur, and find it abhorrent. And wish more people would kick up a stink about this. We need a publication or channel that talks about rights like this. I don't know of any that do a decent job. I donate to my local best option.
> That guy that seems totally legit and just wants your sister to install his fun little game/app that he wrote is actually trying to get her to install an app that's going to track your location and read all your messages and copy all your photos.
Is "that guy" in the room with us right now?
So, what you're saying is that Google should work on better privacy controls. Right? Right???
As opposed to the Play Store where you search for "ChatGPT" and end up on a scam app which read all your messages and copy all your photos?
And that example isn't random, I just tried and the first result for me is a counterfeit app with the logo of chatgpt copied .
Let's ban passwords because you could give me your password
Hilarious example to use, because that literally is an effort that’s underway.
Thousands of people get scammed and have their lives ruined every year, so deprecating passwords is absolutely the right move
Yeah, no. The actual solution is
1. Stop requiring computers/phones for everything. Your 91 year old grandma isn't going to make her way through your super cool very intuitive 2FA magic link email confirmation system, and I don't WANT to make my way through your super cool very intuitive 2FA magic link email confirmation system.
2. teach the people who need to use computers, how to use them.
Forced "Log in with a magic link!" wants to say hello
That's why passkeys were introduced. Can not fish them
I'm far from a Google apologist, but at the end of the day don't they have the right to write software however they want it? You have the right to build things the way you want to, fork Android, etc etc. If you're trying to say you have the right to tell Google what the code their employees write can do, well, I don't really agree with that. Sounds coercive, honestly. I wouldn't want them to do that to you and I don't want you to do that to them.
Does a business have right to produce whatever it wishes even if it affects the environment ?
Does a business have right to pay literal pennies per hour if it manages to find people willing to work at that pay ?
Does a business have right to lace food products with addictive substances for repeat customers and profit ?
All these cases are already happening today at some level depending on who you ask. But they don’t tilt to extremes because we have laws in place to maintain balance between business needs and collective good.
This move by Google will tilt that balance forever towards absolute duopoly in mobile computing space. It is time for legislation to avoid that.
Yes they do, unless it limits my right tondo whatever I want we software I bought.
And also monopoly.
This is exactly the thing for which Apple gets bashing. Closed garden.
> I'm far from a Google apologist, but at the end of the day don't they have the right to write software however they want it?
Not after creating de facto duopoly.
No they don't. They couldn't legally write software to hack into the Pentagon and launch nukes at North Korea. They couldn't legally write software that live streams your camera to them without your actual consent.
It is little surprising a lot of smart people somehow miss this simple logic.
Android is massive and extremely popular and I know several people who have been scammed already. It is important that Google makes this harder for scammers.
Google is not doing this to harm developers but to protect their users.
You already get a pretty scary warning when you try to install an app that was downloaded outside the Play Store. If people still install malware, that's the responsibility that comes with freedom. Your line of reasoning can be applied everywhere in life - people should not be able to do their own bank transfers or use a credit card, I know several people that who have been scammed already.
Moreover, there are better ways to protect against malware: 1. educate people; 2. rather than using whitelisting, use blacklisting (similar to XProtect on macOS).
Finally, the argument is not very strong on Google's side, since the Play Store itself has had its history of scams. Which, again is easier to protect against by educating people. No, don't put your banking information in a random app you downloaded from the Play Store (use the app that your bank tells you to). Do not install random keyboards from the Play Store. Etc.
> that's the responsibility that comes with freedom
We live in a dark age where the majority of people would gladly give their freedom so the don't have to be responsible.
This is "think of the children/grandma" logic. There is a different between maintaining a company store where everything is verified, and forcing everyone to use it.
Google shouldn't be able to hold a vertical monopoly, on what apps can run, what os's are allowed and what hardware can be used on devices that run Android, rest solely on this weak excuse that someone might harm grandma.
Oh, and of course, if grandma gets scammed by a app in the Google store, Google isn't in any way held responsible. Such garbage, two-faced bs.
> It is little surprising a lot of smart people somehow miss this simple logic.
Is it that people "somehow miss this simple logic", or is it that they weigh security and freedom differently than you?
I think you've omitted the next section, which seems more relevant. It seems like they will still allow installs, just hide it behind some scare text. Seems reasonable?
> It seems like they will still allow installs, just hide it behind some scare text.
This was already the case for enabling sideloading at system level: it warned you. Nobody really says having this toggle is a bad thing, basically the user shouldn't get an ad network installing apk's just browsing around the web without their informed consent (and android has been found to be vulnerable to popunder style confirmations in the past).
They also already had the PlayProtect scanning thing that scans sideloaded APK's for known malware and removes it. People already found this problematic since what's to stop them pulling off apps they just don't like, and no idea what if any telemetry it sends back about what you have installed. There have been a handful of cases where it proved beneficial pulling off botnet stuff.
Finally, they also have an additional permission per-application that needs to be enabled to install APK's. This stops a sketchy app from installing an APK again without user consent to install APK's.
The question is: How many other hurdles are going to be put in place? Are you going to have to do a KYC with Google and ping them for every single thing you want to install? Do you see how this gets to be a problem?
The whole point of TFA, if you read it, is that they SAID they would do that, but there has since been ZERO evidence that they actually will. This feature is not present in anything they have released since that statement.
On the other hand, blocking installation of non-notarized apps is not present in anything they released since that statement either, as far as I know.
It's already implemented in 36.1:
https://developer.android.com/sdk/api_diff/36.1/changes/andr...()
The API is implemented in 36.1, but the previously proposed notarization requirement is not enforced in any production build, so this error is never thrown. Even if they implement the scare text, this API will still be needed.
If they implement what they said they would implement after the uproar, users will be better off. Previously, if a company wanted to distribute their app on their website, any user who installed it would have to dismiss scare text. Now, they have a way to distribute apps on their website without the scare text, and people who want to distribute apps without any tracking can still do that with the scare text.
It would be foolish to depend on that & far harder to get ridd of it if they put it in place. There needs to be clear statement and verification method to make sure they really are backtracking.
Anything else won't do.
No, because it isn't something that should be up to google's control.
Why not? It's their operating system, and they're trying to balance quite a few competing priorities. Scammers are not a threat to dismiss out of hand (i've had family who were victims).
For it to be truly considered open source, you should be able to fork it and create your own edits to change the defaults however you wish. Whether that is still a possibility or not, is a completely separate issue from how they proceed with their own fork.
> Why not? It's their operating system
It's my phone.
Of course it's your phone, but the whole point of using Android is that it makes a lot of choices for you. It forces a billion things on you, and this is really no different than any of the others. Everything from UI colors, to the way every feature actually works. For instance, should you be able to text message one million people at a time? You might want to, but Android doesn't offer that feature. Do you want to install spyware on your girlfriends phone? Maybe that's your idea of complete freedom, but the fact that Google makes it harder, is a good thing, not a bad thing.
If you don't like their choices, you should be able to install other software you do like. There should be completely free options that people can choose if they desire. But the majority of people just want a working phone, that someone like Google is taking great pains to make work safely and reliably.
> Of course it's your phone, but the whole point of using Android is that it makes a lot of choices for you. It forces a billion things on you, and this is really no different than any of the others. Everything from UI colors, to the way every feature actually works.
There is a difference between making a choice because there has to be something there (setting a default wallpaper, installing a default phone/sms app so your phone works as a phone) and actively choosing to act against the user (restricting what I can install on my own device, including via dark patterns, or telling me that I'm not allowed to grant apps additional permissions).
> For instance, should you be able to text message one million people at a time? You might want to, but Android doesn't offer that feature.
There's a difference between not implementing something, and actively blocking it. While we're at it, making it harder to programmatically send SMS is another regression that I dislike.
> Do you want to install spyware on your girlfriends phone? Maybe that's your idea of complete freedom, but the fact that Google makes it harder, is a good thing, not a bad thing.
Obviously someone else installing things on your phone is bad; you can't object to the owner controlling a device by talking about other people controlling it.
> If you don't like their choices, you should be able to install other software you do like. There should be completely free options that people can choose if they desire. But the majority of people just want a working phone, that someone like Google is taking great pains to make work safely and reliably.
Okay, then we agree, right? I should be able to install other software I like - eg. F-Droid - without Google getting in my way? No artificial hurdles, no dark patterns, no difficulty that they wouldn't impose on Google Play? After all, F-Droid has less malware, so in the name of safety the thing they should be putting warning labels on is the Google Play.
The problem is that step by step ownership of your device is taken away. First most phones stopped supporting unlocking/relocking (thank Google for keeping the Pixel open), now the backtracked version of this, next the full version, etc.
Yes, that is a real problem. But it doesn't justify arguing uncritically or unrealistically in other areas. I think people should be free to do anything they want with their own devices. They should be able to install any software they want. That's very different than demanding someone make their software exactly how you desire. ie. You should be able to install your own operating system, you don't get to tell them how theirs should operate.
There are legitimate concerns being addressed by these feature restrictions.
> demanding someone make their software exactly how you desire
IMO the way this should work is that Google can make their software however they want provided they don't do anything to stop me from changing it to work the way I want.
Unfortunately, they've already done a lot of things to stop me from changing it to work the way I want. SafetyNet, locked bootloaders, closed-source system apps, and now they're (maybe) trying to layer "you can't install apps we don't approve of" on top of that.
> IMO the way this should work is that Google can make their software however they want provided they don't do anything to stop me from changing it to work the way I want.
That's exactly how it is. You're free to get your soldering iron out, or your debugger and reverse engineer anything you want. I don't mean to argue unfairly, but all we're talking about here is the relative ease with which you can do what you want to do. How easy do they have to make it?
As for their software, as delivered, there are literally an infinite number of ways that it stops you from changing it. Maybe you want everything in Pig Latin, or a language you made up yourself. Do they have to design around this desire? Do they have to make this easy to do?
> You should be able to install your own operating system
So you draw the line between the bootloader and the OS. Other people draw the line between the OS and applications. Most (nearly all) people can't write either, so for them it is just part of the device.
> you don't get to tell them how theirs should operate.
I paid for it, and I allow it to be legal in the jurisdiction I (partly) control. So it is not only theirs anymore.
Yes, and it should be 100% legal for you to hack it. Get the soldering iron out, and the debugger, and alter it to your hearts content. You bought it, you own it. But the supplier should be under no obligation to make any of that easy for you.
Just like they shouldn't be required to offer it in pink if that's your favorite color. It's up to you to paint it yourself. And if you want to load random apk's, you'll have to do whatever it takes to figure that out too, up to creating your own hardware and software.
I think you misunderstood me, the software is part of the device I paid for and own.
If I tell someone to install a light switch in my living room and then it occasionally switches states when someone presses another switch at my outside wall and occasionally refuses working, I don't feel like they fulfilled their contractual obligation. Same with smartphones and software.
I would agree with you if I would want additional features, like if I want a filesystem, but there is no filesystem manager yet, or if I want to install a package, but there is no package manager, or the package manager uses another format. But here there is a package manager and the package has the right format, so I tell the device to install it and it just doesn't solely because I am called John Brown and not Alphabet Inc. . That is not right.
You bought the device as delivered. They built it in the best way they know how. If you don't like it you're free to try to change it. But they're under no obligation to make it easy for you.
If the light switch you bought, has a little daylight sensor on it, and turns off when the sun is out, and that's what it does.. you may not like that light switch. You might want one that "does what you want, because you paid for it!" but then you should have purchased a different one, or made a light switch you actually liked. Of course you are free to get the soldering iron out, and try to change the light switch. But the manufacturer is under no obligation to make it easy for you to change the way it works.
That is fair, and right.
> If the light switch you bought, has a little daylight sensor on it, and turns off when the sun is out, and that's what it does.. you may not like that light switch. You might want one that "does what you want, because you paid for it!" but then you should have purchased a different one, or made a light switch you actually liked.
Not sure this analogy works as it gives prospective light switch buyers a choice of different light switch types. What google is doing seems more like forcing EVERY light switch to have daylight sensors, thus forcing you to save power (even if you're pro-global warming and just trying to do your part for the cause), then telling people with vision problems relating to suboptimal indoor illumination or suffer from sunlight frequency melting disorder or think they've got some other random "daylight makes life suck" bullshit to create a student/hobbyist account.
That's really a different issue. There may be only one light switch vendor, and then you're stuck with what they offer, too. There is room in the market for more manufacturers. I'd definitely buy from one who offered a truly open source and customizable option. But I wouldn't get it for my grandmother, she's much better served by what Google offers already.
> They should be able to install any software they want. That's very different than demanding someone make their software exactly how you desire. ie. You should be able to install your own operating system, you don't get to tell them how theirs should operate.
I don't think the distinction exists the way you're trying to describe. If I should be allowed to install any software I want, surely that includes any .apk I want? Conversely, someone could make the exact claim one step down the chain and argue that you don't get to tell them how their firmware should work and if you want to install your own OS you should just go buy a fab, make your own chips, write your own firmware, and make your own phone. And that's absurd, because users should be allowed to run their own software without being forced to ditch the rest of the stack for no reason.
No, I don't think you have the inerhent right to install any apk you desire, if their OS is designed to prohibit it. You should be free to try to alter their OS any way you want, but they should not have to make it easy.
And the argument is the same lower down the stack. You shouldn't be able to tell someone how to design their firmware.
The only problem is where the law prohibits us from trying to undo these restrictions, or make modifications ourselves. It's government that restricts us, and we should focus our efforts there.
> No, I don't think you have the inerhent right to install any apk you desire, if their OS is designed to prohibit it. You should be free to try to alter their OS any way you want, but they should not have to make it easy.
> And the argument is the same lower down the stack. You shouldn't be able to tell someone how to design their firmware.
Earlier, you claimed,
> They should be able to install any software they want.
but it sounds like actually you only mean that users should be allowed to futilely attempt it, not that there should actually be allowed to run software at will. If the firmware only allows running a signed OS, and that OS only allows running approved apps, then the user is not able to install any software they want.
I want maximum freedom, for everyone. That includes developers. We should be free to produce the software as we see fit. If that means we think that our users are best served by having devices that are locked down against scammers etc, then we should be free to produce locked down devices like that.
And as users we should be free to buy only devices that respect maximum capabilities and customization.
There is a tension between these goals, and it's difficult to resolve, so that everyone gets most of what they want. Google seems to be doing the right thing mostly though. Providing both the locked down device, and making provisions for people who want the non-standard option too.
Anyone who thinks they can do better, should enter the market and give us something better. I'd like more options for completely open and hackable phones.
There's a very easy way to achieve maximum freedom: punish people who take away other people's freedom. To achieve maximum freedom, the one freedom people must never be allowed to have is the freedom to take away other people's freedom. Google must be punished for every software module they wrote whose sole purpose is to make you less free.
They didn't make you less free. They protected your phone from scammers. On top of which, nobody twisted your arm and made you buy from them, you're free to change the phone any way you want, get the debugger out and change it. You have everything you need, it's your phone, change it any way you want; and they have the freedom to not help you.
The whole point of using Android for most users is that they have no other choice if they need a mobile phone.
Google killed every other competition via dumping and shady business practices. Sure, you can go to iOS, but that is even more closed and restrictive, not to mention the devices are overpriced.
Google makes it mandatory for your girlfriend's phone to have spyware on it. The spyware is made by Google. It doesn't protect you from spyware.
While we're talking about that, have you heard of Bright Data SDK? A lot of apps on the Play Store include it to monetize. What does it do? It uses your phone as a botnet node while the app is open, and pays the app developer. How is Google protecting you from spyware, again?
100%. If I buy something, it's mine. I should be able to resell it, modify it, or generally work on it however I see fit. Licensed digital media bound to platforms is different (barring some kind of NFT solution?) but an OS that my phone cannot function without (and that cannot be replaced in many cases) absolutely must be under my jurisdiction.
What makes it “yours”?
You paid for it but Google still has the control. I understand that you prefers things to be different (as do I) but the reality is that we don’t have control over devices we paid for.
> What makes it “yours”?
The law. The contract. The money I paid.
> the reality is that we don’t have control over devices we paid for
So, the reality is that a company is exerting ownership rights on things they don't own. If that is exclusive, then that is called theft.
You might choose to not have control. The reason people protest is because we should have more control over the things we own. Sure this might create a better market for alternatives but it is worse for most people. F-droid is spectacular.
> What makes it “yours”?
You answered the question here:
> You paid for it
If you paid for hardware, legally that makes it yours.
> Google still has the control
Therein lies the problem. Google should not exercise such control over devices which are yours, not theirs.
I think it's reasonable for Google to control what happens in their version of Android (which can be installed by default) but it's not reasonable for Google to lock the bootloader (preventing installation of a non-Google OS).
Perhaps this is why Google hardware doesn't have locked bootloaders; Samsung et al can get away with locked bootloaders since it's not Google forcing the consumer in that case.
Whether the bootloader is or isn't locked should be very conspicuous before purchase, for consumer protection.
Microsoft got penalized for way less.
Is anything stopping you from coding your own OS?
Reverse engineering the drivers, to permit you creating your own OS, for your own hardware, is already an area where people are accused of crimes. DMCA Section 1201 isn't something to so easily be worked around, to allow you to place your software in a working state onto undocumented hardware.
So, yes, there is a lot of things stopping you from coding your own OS.
It's their only if they use it.
> We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands.
I've lived through them locking down a11y settings "to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer", and it's a nightmare. It's not just some scare text, it's a convoluted process that explicitly prevents you from just opening the settings and allowing access. I'm not giving them the benefit of the doubt; after they actually show what their supposed solution is we can discuss it, but precedent is against them.
> Seems reasonable?
No. As I said before, any solution that disadvantages F-Droid compared to the less trustworthy Google Play is a problem.
> It seems like they will still allow installs, just hide it behind some scare text.
That describes the current (and long-established) behavior. App installation is only from Google's store by default and the user has to manually enable each additional source on a screen with scare text.
Why is it reasonable that installing software is behind an "advanced flow" what ever that means? I find it not very reasonable at all that the only way to install software on my phone is by jumping through hoops. I don't think it reasonable that the Play Store is the only portal. I don't even find it reasonable to call installing software "sideloading". Downloading and installing software from a vendor's page has been the norm for decades before smart phones came along but all of a sudden when it is on a small screen the user can not be trusted? That's ridiculous and not at all reasonable.
It's not the screen size, it's the demographic shift. By 2000, only half of U.S. households had a shared living room PC, mostly for work and/or games. Everybody having a phone in their pocket later was a change that we did very much have to account for. Non-technical people can be scammed very easily into life-ruining mistakes with a little social engineering and a little bit of access to powerful tools already on their devices.
I remember when big sites started having to put big banners in your browser console warning you that if you weren't a dev and someone told you to paste something there, you had been scammed, and not to do it. They had to do that because the average Facebook user could be tricked very easily by promises of free FarmVille items or the opportunity to hack someone else's account, and those are fairly low stakes bait. Now people bank with real money on their phones.
And yet the Play Store and App Store are the largest vectors of scams and malware out there, to the tune of billions of dollars a year.
We should be prioritizing securing our systems so that they run only what we want them to run, instead of putting all of that trust in gatekeepers who make money when they let you get scammed.
They are the largest vector of scams and malware because they've centralized it and it's hard to deliver malware and scams otherwise. That malevolence will always happen and centralizing it ensures a single avenue that can be controlled and measured and importantly sued when they fuck up. I can't sue f-droid when they allow malware on my device, that's one of many reasons why I don't use it, that's why nobody uses it in real life. Every day on HN I see people who seem to unironically think "enshittification" is a real term normal people use, a generally understood term by people who don't follow links to Corey Feldman's blog.
HN tends to forget that linux is not a target for general malware because nobody gives a single fuck about linux as a real malware target because they're smart, and therefore not the target of most scams. HN has the cute attitude that technology is king and that as long as you inspect it and open source it and care enough and have full control, then that's enough. Often the same people ignoring that AI has made it way easier to fuck stupid people over with no effort at all.
I don't not want unlimited control over the hardware that I buy from vendors like Google but I don't know yet of any better way to keep stupid people from kneecapping themselves other than introducing harder and harder quizzes. If you think it's an advantage that third party vendors like f-droid are absolved of responsibility then you deserve and own the fault when you get hacked and fucked over. Most people don't want that. They have real life to deal with. In real life you can kill people or sue them and it's harder to kill people over the internet.
> I can't sue f-droid when they allow malware on my device
How many people have successfully sued Google because of malware on the Play Store? Ever?
Why would F-Droid be any or more less "absolved of responsibility" than Play Store?
It's deliberately written to be vague and not say anything, and given the original intention, it's hard to believe that means it should be interpreted generously.
> shape a dedicated account type for students and hobbyists.
Even that is a step too far in the wrong direction. Doesn't matter if it's free, or whatever, simply requiring an account at all to create and run software on your own device (or make it available to others) is wrong.
There exists no freedom when you are required to verify your identity, or even just provide any personal information whatsoever, to a company to run software on your device that you own.
The problem with this mentality is that you're not proposing a solution that solves the problem Google and Apple are trying to solve (or are at least stating they are). Rather than just vent about ideals, showing up to the table and listening to the requirements of all stakeholders (even if they differ from yours) will lead to a more productive result. I would not listen to your concerns if you didn't listen to mine.
They aren't actually trying to solve any real problem.
Feel free to cite some sources. I have plenty of anecdotes to suggest the problem exists, although I've not looked for data to prove it either way. However if you would like suggest it's not real you should prove it.
For reference, [0] was discussed here: https://news.ycombinator.com/item?id=45908938
Addressed in the OP
> We see a battle of PR campaigns and whomever has the last post out remains in the media memory as the truth, and having journalists just copy/paste Google posts serves no one.
> But Google said… Said what? That there’s a magical “advanced flow”? Did you see it? Did anyone experience it? When is it scheduled to be released? Was it part of Android 16 QPR2 in December? Of 16 QPR3 Beta 2.1 last week? Of Android 17 Beta 1? No? That’s the issue… As time marches on people were left with the impression that everything was done, fixed, Google “wasn’t evil” after all, this time, yay!
> We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands.
Perhaps this, when shipped, will pave the way for sane regulation of Apple’s practices along these lines, too.
So basically the Apple model but worse.
The judge told Google that Apple is not anti-competitive because Apple has no competitors on it's platform (this all stemming from the Epic lawsuits).
Google listened.
Blame the judge for one of the worst legal calls in recent history. Google is a monopoly and Apple is not. Simple fix for Google...
Google lost because they have all the emails colluding to prevent competition.
If Google had not done that, they wouldn't have lost.
The lesson? Only discuss illegal activity in auto-delete Slack channels
Apple has not competitors and it is not a monopoly? This is exactly the definition of monopoly.
Openness at the OS level matters less if the platform layer above it is closed. Even on Android you're dependent on Google Play Services for payments, push notifications, and maps — all closed. The real battle is at the API and payments layer. The web had a brief moment of openness there, but we ended up with Stripe, Twilio, etc. as de facto monopolies. The next round will be interesting with AI agents that can programmatically switch providers based on price.
The link is to the f-droid blog. The official "Keep Android Open" site is at https://keepandroidopen.org/, and contains good information on how you can contribute by contacting regulators.
Discussed here four months ago: https://news.ycombinator.com/item?id=45742488
I want Google as an app, not OS. Hear me out. Imagine an open device where you can run Google as just another sandboxed app. Inside, they can exert all the control they want. My bank and government can force me to use Google.
Then, at least I control my hardware and my OS.
It's just nasty to have your device and OS controlled by an antagonistic entity.
I see this in people why have used antagonistic software for decades and have become zombified and shellshocked; the idea that software could be on your side is to alien to them. They hate software and technology and just want to get some work done. They tolerate the abuse because they can't fight Google alone; it's pointless to resist.
You have that. Run Chrome browser on Linux. We should be thankful we have Linux.
GrapheneOS is as close as you can get to something like this.
But Google doesn't want you running their app and not their OS, this is the whole idea behind Android and their hardware in general :)
Well yeah that's the problem. The Google monopoly. Google and Apple are the only one out there, in the West at least. It's a huge problem. We have given all the power to two giant corporations. Really the only institution which can compel a change is the state.
Yeah but what you just said is "I don't want to run Android", which, sure, you can do.
> Google as an app, not OS
We ("you") have no power to keep android open. Unfortunately it is in the hands of a company that is building it for profit, in a way or the other.
It's been our choice to drink this glass of wishful thinking while giving that company a solid dominant position in the market.
We ("you") can only make choices that will overturn that trend.
Fully opensource hardware with fully opensource software? Maybe, but also this is wishful thinking.
It's also heavily influenced by businesses. Most employers will happily hand you an Apple or Android phone for work, but I don't think there is a single company out there that would dare to hand normal people an Ubuntu Touch based phone.
We (people who live in a country/confederacy with working antitrust laws) have power to keep large companies from anticompetitive practices such as this one.
> Fully opensource hardware with fully opensource software? Maybe, but also this is wishful thinking.
My smartphone runs an FSF-endorsed OS, PureOS. This is reality. It's not open hardware, but it's a long way from Android in the right direction. You can also get a Precursor, which is open hardware.
A Precursor costs about 1000$ and only does cryptography, not Flappy Bird. Most of these supposedly open alternatives make no economic sense.
It does instead, imho. Commercial phone cost also includes the data value it steals continuously.
If they close things up with no alternative, the free open source software will likely start to catch up. it will take a few years though. This could be a blessing in disguise.
There is just no reasonable way that the open source community can compete with a $3.8T company. And before you say something along the lines of, "But they don't need to compete, they just need to be good enough", that still requires business to put their apps on some open source app store and make them compatible with the open source OS, and there is close to zero incentive for them to do so.
https://en.wikipedia.org/wiki/Linux
MSFT Market cap: 2.951T AAPL Market cap: 3.883T
You've made my point. How many people use Linux as their primary desktop or mobile OS? And that's arguably the world's largest open source project.
> their primary desktop
You're moving the goal post. Linix competed with the biggest software companies in the world in the server world and won. We can do it again in another market.
I'm not moving the goal post. We're talking about a consumer OS (Android). Servers are a completely different ball game with an entirely separate set of tradeoffs. On average, it's much easier for a company to adopt new, unknown tech than it is for laypeople who are not tech savvy.
You said, "There is just no reasonable way that the open source community can compete with a $3.8T company." But, Linux has completely decimated Microsoft's presence in the server and embedded markets. Look at what Microsoft was doing in the mid-2000's, they had a healthy server OS business, and they were spending billions trying to get Windows in embedded stuff (https://en.wikipedia.org/wiki/Windows_Embedded_Automotive)and it was a total failure because they could not compete with open source software, in the end, it wasn't even close.
These are markets far bigger than the consumer desktop licensing market where Microsoft can't even make a dent into Linux's dominance, this represents >$100B in annual lost revenue for microsoft. So yes, Linux already won, and it won big time, despite going up against the MSFT behemoth as you say.
Global Linux desktop usage is at about ~5% and growing while Windows is bleeding out and dying. And Microsoft doesn't care, go read their earnings reports to see why, their consumer desktop business does not matter except for it's ability to generate leads and demand for their actual core products. And geopolitical levers are also in Linux's favor, e.g. EU's desires for tech independence: the moves European governments were already making away from global tech products while funding domestic (often open source) alternatives are going to continue to accelerate:
- https://cordis.europa.eu/project/id/101135795
- https://nlnet.nl/project/index.html
- https://www.linuxjournal.com/content/denmarks-strategic-leap...
- https://www.theregister.com/2025/10/15/schleswig_holstein_op...
And to answer your original question again, yes, open source software can compete, and it often can compete with a comical fraction of the resources of its closed source competitor. It's not a surprise: The open source model works extremely well and is the most efficient way to build software and technology that we know of; human beings have been sharing technology in this way for the duration of recorded history.
Enough. Linux has finally caught on. I literally never use windows or mac and life has been fine.
Somehow, Stallman returned.
It is a disgrace how Google has managed this situation.
To recap the storyline, as far as I understand it: last August, Google announced plans to heavily restrict sideloading. Following community pushback, they promised an "advanced flow" for power users. The media widely reported this as a walk-back, leading users to assume the open ecosystem was safe.
But this promised feature hasn't appeared in any Android 16 or 17 betas. Google is quietly proceeding with the original lockdown.
The impact is a direct threat to independent AOSP distributions like Murena's e/OS/ (which I'm personally using). If installing a basic APK eventually requires a Google-verified developer ID, maintaining a truly de-Googled mobile OS becomes nearly impossible.
If this finally pushes adoption of truly open Linux phones, then this will end up being a good thing, and the greatest favor that Google could do for the open source community.
Tragically, Linux phones have languished and are in an absolute state these days, but a lot of the building blocks are in place if user adoption occurs en masse. (Shout out to the lunatics who have kept this dream alive during these dark years.)
It won't though, because there's a ecosystem of banking/insurance/whatever apps that have bought into the android/iphone lockdown mindsete that people will simply be locked out of. Open alternatives can grow when there is a viable means of slow growth, and cutting off the oxygen to such things is the implicit intent.
> banking/insurance/whatever apps
I know banking apps are the typical example, but I've always wondered why. I use my bank's app maybe once or twice a year when I need to Zelle someone, which I only need to do when they don't have Venmo. (Unless we consider Venmo a banking app.)
I only have one bank's app installed, the rest of my banks I only interact with over their website, on desktop.
As for insurance, I've never had an insurance company's app installed.
Am I just an outlier here? Honestly, if I switched to a non standard OS, I'd be more annoyed about losing, say, Google Maps, Uber/Lyft, or various chat apps. Banking and insurance just don't come to mind at all as something I need my phone for.
My bank sends me an alert when my card is used to make a transaction - handy for spotting fraud.
I get an alert when a payment comes it - handy for knowing if a client has paid.
I can quickly check my balance - handy for knowing if I can afford another round of drinks.
I can repay a friend in two taps - handy if they've paid for dinner.
Is anything essential? No. Is it something people use multiple times per day? Yes!
I can get alerts in email or messages, no need dedicated app for that, I can track there also my balance, so only useful thing app provides are easy wire transfers from phone, which I never do, if I wanna transfer money is much more convenient work big display, proper keyboard and mouse than from phone.
We've cultivated a tech culture that can't stand the slightest inconvenience. People will give up nearly everything if it means avoiding the least bit of effort.
We are so boned
So yes if it weren’t for people wanting convenience the “Year of Linux on the Desktop” would have happened 25 years ago.
What do you suggest? Everyone carry around their desktop computers and our CRT monitors like we did when we wanted to play Quake with friends?
> What do you suggest? Everyone carry around their desktop computers and our CRT monitors like we did when we wanted to play Quake with friends?
The exercise would do people good. Jokes aside though, there is a nuance between completely inconvenient and designed for the marching morons.
You mean 80% of adults worldwide are “morons”? Have you ever thought that they may know something you don’t know?
If 80% of adults worldwide somehow became unable to tolerate the slightest inconvenience, then yes, I'd say they would be morons, but I doubt they are. I'm unsure where you're getting the 80% statistic from.
I used that little convenience of my smart phone and used the internet.
https://www.demandsage.com/smartphone-usage-statistics/
I am sure you are thinking I’m a “moron” because I didn’t drive to the library and use microfiche to find the information…
Or maybe you would have been okay if I used Veronica and searched Gopher sites like I did pre Web in the 90s?
yes, getting emails or text messages instead of having app alerts is luddism.
Get real, dawg
Uhh yes - when 90% of adults worldwide have moved to smart phones - yes you are the Luddite.
Email is for old people has been a meme for two decades
https://www.techdirt.com/2007/11/15/email-is-for-old-people/
You can get email on your smartphone.
No, it's cool tho, worry about being "hip" and enjoy the authoritarian surveillance state that you are enabling because you've been indoctrinated to want "new thing" and to reject "old thing".
Anyone who says "email is for old people" is a fool, at least on that subject.
Yes, because “bigstrat2003” said so. I work for a 1000+ consulting company and no one uses email for internal communications. Even for company wide messages leadership uses Slack.
Heck even when we first start a project we either federate (or whatever you call it) the client’s Slack workgroup with ours or we ask to be on their Teams channel.
Before working where I worked now, I worked for the 2nd largest employer in the US, even there most communication happened over Chime or Slack.
On a personal level you actually email personal contacts - in 2026?
I email my dad documents and photos I need printed (and he uses his work office's laser printer). I forward the billing statement I receive monthly from my family's ISP to my mom via email. And I'm "Gen Z"
And I’m 51 and far from a Luddite. I’ve moved with every technology transition since learning how to program in AppleSoft BASIC and 65C02 assembly. My 83 year old mother is less of Luddite some people commenting here.
She is a retired high school math teacher - been retired for 30 years - and she has used every popular word processor/suite from the original AppleWorks for the Apple //e and she was tutoring friends kids and helping them use GSuite and PowerPoint until 5 years ago.
She uses her phone for everything and she has up to date computers a couple of printers on her network and two ISPs just in case one goes out. She kept the legacy DSL account that’s not available to new subscribers and she has cable internet.
The overwhelming majority of the population of the developed world now considers the mobile phone as their primary (and often only) computing device. It's always with them, it's more accessible and intuitive than a laptop, and it's how they communicate with everyone. It doesn't matter if you prefer to do this or that on a "real" computer - most people would just do everything through the phone if they could.
It's surprising how we still see posts like these in 2026 on what should be a "future-friendly" forum.
That's great for you but unfortunately the overwhelming majority of people do indeed regularly use these features.
You actually check your email regularly? How much effort does it really take to transfer a balance on a phone?
For Bank Of America it’s:
1. Click on “pay & transfer”
2. Click on “transfer”
3. Click on “From” and choose account
4. click on “to” and choose account
Then type in the amount and and click on the date?
Is it really that much easier on a computer?
"if I wanna transfer money is much more convenient work big display, proper keyboard and mouse than from phone"
You realize how ridiculous this sounds, right?
It reads like he made typos/autocorrect mistakes on his mobile phone!
Which is a pretty funny illustration of the gist of what he was saying… it’s easier to make mistakes on phones.
Could all of these be handled through openbanking?
Yes
You're definitely not alone. I just checked the list of installed apps on my phone and found three different banking apps that I completely forgot about because I never use them. I installed them because I thought it would be convenient for checking things on the go, but I actually just end up using the computer whenever I need to do real banking business. The only finance-related app I use with any regularity is Venmo for e.g. paying back a friend for covering dinner.
Another commenter mentioned needing to get alerts for fraud, but none of the financial institutions i'm currently doing business with have any trouble sending me text messages. In fact I have the opposite problem, I can't get them to stop using text for 2FA codes...
2FA is a requirement in Europe. I can't log into my bank account without my phone being able to run the app.
The "app" is probably a web page written in JS. Rarely its a native app in either Kotlin or Swift but then you have to maintain 2 different apps in 2 different languages with 2 different OSes for the devs. So unless the app really specifically requires something special, its just a web page. Even (and especially) your banking app.
But 2FA is moot if it’s the same device as your bank app, is it not?
Yes. Please tell my bank that.
They know. The EU directive is quite clear that hw tokens are to be preferred over phones. Banks are cheap though and violate it.
Switch bank.
It is in the specific case that you don't have biometric or PIN login set up on the device and you use a password manager that doesn't require authentication. In that case, the only factor is "something you have". Otherwise, it is still a multi-factor authentication because the device itself still represents "something you have", and your device unlock represents "something you know" or "something you are".
Nearly all the security value of 1fa is that it keeps your users from picking the own passwords.
2fa does not mean smartphone. There are other variants too
2FA and Google SafetyNet are two completely different things. Your banking app can implement 2FA without SafetyNet.
It's Play Protect and Play Integrity now, not SafetyNet, in case anyone wants to look it up
I would stop using bank requiring phone app to do banking, simple as that, both my main EU accounts use sms verification codes and extra password, which is fine with me. If they will require an app, they will lose customer.
So what are you going to do when all of them requires it?
> I know banking apps are the typical example, but I've always wondered why
My bank uses the app for 2FA, and that became a sort of a standard in Brazil, AFAIK. Mine at least gave me the option of using an RSA SecurID or sth alike when I asked, but I don't know how much it would cost me.
My stock broker on the other hand does 2FA exclusively on mobile (and only Android and iOS). The same for the health insurer.
My car insurer didn't force me to so far, which I find strange, given their interest in tracking my location and speed.
These were some of the major factors leading me to give up on using a feature phone when I tried, a few years ago. It was a good experience, especially at those times of pandemics and political instability, but the inconveniences were many.
"I'm am just an outlier here?"
No. The "banking app doesn't work" argument against non-corporate mobile OS, raised incessantly is HN comments, is bogus
I want a "phone", i.e., small form factor computer, that can run something like NetBSD, or Linux. But I have no intention of using it for commercial transactions. Mobile banking is not why I want to run a non-corporate OS
I want to use it for recreation, research and experimentation
NB. I have more than one "phone". The choice is not corporate mobile OS versus non-corporate mobile OS, i.e., "either-or". I can use both, each for specific purposes
> I want a "phone", i.e., small form factor computer, that can run something like NetBSD, or Linux. But I have no intention of using it for commercial transactions. Mobile banking is not why I want to run a non-corporate OS
> I want to use it for recreation, research and experimentation
I am a firm believer that phones are personal computers and should have all the end user freedom we have come to expect from personal computers. I am totally behind what your saying. (The amount of irrational anger that wells up in me when I hear someone make the argument that phones are somehow not general purpose personal computers and shouldn't provider their owners software freedom would astound you.)
Personally, I opt out of services that require the use of phone "apps" and any potential attestation they provide. Unfortunately, I just offload those needs onto my wife and her iPhone.
Want to go to a concert in a TicketMaster venue? You have to have a phone. Pay to park in some places requires a phone. Mobile ordering for some restaurants requires a phone.
I don't think it should be this way, but it is. I think we need consumer regulation to insure software freedom on phones and curtail awful user hostile "features" like remote attestation.
Until that happens (if it ever does) there is a realpolitik with needing corporate phones for some activities that can't be denied.
Those things that you mentioned you can do it on the website meaning also a open computer too
> Those things that you mentioned you can do it on the website
No, unfortunately some things can't be. There are venues that provide tickets exclusively via mobile applications, for instance.
"There are venues that provide tickets exclusively via mobile applications, for instance."
Turns out Ticketmaster still has ticket printing machines at such venues
Was at a game at one of them, claimed I had a problem with the app and after some negotiation at the ticket window a millennial printed me a ticket
Why do they still have the printers
The "I'm having a problem with the app" strategy can work in other contexts too. The phone can be configured so that a young person trying to help gives up
"Modern" software is highly fallible and everyone knows it
Ticketmaster is it's own particular problem that needs to be dealt with, even if it is emblematic of a bigger issue with companies demanding users to run proprietary software.
I have recent (October and November, 2025-- venues in Indianapolis, IN and Cincinnati, OH) personal experience with this. With one venue I was able to play the "confused old man" card (via phone) and get the box office to print my tickets and hold them at will call.
At another venue I called prior to my show and tried the same tactic. They told me flat out "no phone, no admittance, tough luck for you" and cited the warnings and terms on the Ticketmaster website that I'd already agreed-to. I didn't want to chance losing out on $300 of tickets I bought so I knuckled under and loaded the Ticketmaster app on my wife's iPhone.
I don't think it's as cut-and-dried as you say it is, and I don't have the stomach to risk being denied access to events I bought tickets for-- particularly at the pricing levels of today's shows.
Well fuck those venues. It's a small percentage. I've never run into one and I live in LA, a city with hundreds if not thousands of venues.
So you only get 98% of the world instead of 100%. That 98% is far more than the the 100% of 10 years ago. Everyone wants perfection when they've already got abundance.
It has been reported that Ticketmaster has exclusive agreements with 70-80% of US venues. It's great that you have all the choices you do. For me, in western Ohio, every major venue for hundreds of miles in every direction is an exclusive Ticketmaster venue. You can't gain admittance to any show in those venues without a phone that can run their proprietary app.
Ticketmaster is bullshit, for sure, but they're just one example of the problem of being forced to use proprietary user-hostile software.
See this is the bullshit I'm taking about. You can print ticketmaster tickets.
So much self victimization to avoid using open alternatives.
> See this is the bullshit I'm taking about. You can print ticketmaster tickets.
So much confidence for an incorrect answer. As cited elsewhere in the thread, some venues are "no app, no entry", and do not have paper tickets.
So the world should cared to your needs when literally almost every adult has a phone even in third world countries?
Before you say “what about the poor people” in the US at least, even poor people can get a subsidized free phone through the UCF (?) government fund
Also see: no I’m not going to waste development time di you can get to a website I develop with JS disabled or so you can use lynx
> So the world should cared to your needs when literally almost every adult has a phone even in third world countries?
The assumption that everyone has a "smart phone" running locked-down Android or iOS is unreasonable. Just as race, sex, religion, national origin, etc, are protected classes, the "phoneless" should be a protected class. Denying people who choose not to use a locked down phone basic interaction with your business should be legally equivalent to posting a "No blacks allowed" sign on your door, and the consequences should be the same.
> Also see: no I’m not going to waste development time di you can get to a website I develop with JS disabled or so you can use lynx
I don't see what this non-sequitur has to do with the exchange. I didn't bring anything up about Javascript.
Oh please, really? As a Black guy whose still living parents grew up in the segregated South. Comparing not being able to use a Linux phone to segregation is really taking it too far. You have not a single clue what it was like growing up in the Jim Crow South.
This conversation is officially done.
Because phones keep tracking us and stealing our attention.
And everybody should have the option of open computer systems
So exactly how do you think an “open phone” will keep you from being tracked when you are tracked and can be triangulated via cell phone towers?
He's referring to his activity ON THE DEVICE. We know you can't stop the location tracking from the carrier. But that doesn't mean give up on everything else.
Worrying about random app tracking you - which is a boogeyman in and of itself on iOS - and nog worrying about the government tracking you is like being concerned about a mosquito bite when you have a bullet hole.
The faraday bag I keep with me in my backpack!
> I know banking apps are the typical example, but I've always wondered why.
It's because Google created this thing during backroom conversations with bank associations from a handful of countries.
Banks often use their app for a second factor auth. here.
Sounds like you’re using Venmo to fill the same role as a banking app (sending and receiving bank transfers).
Many other countries simply rely on banking apps for these things, and don’t have a separate service for this kind of transaction.
Here in NL many banks (not all) require their iOS or Google app to log into their home banking on a PC/browser.
Fair point - but then take national eID apps instead.
Take Denmark, for example: most banking apps use eID for login, so that problem translates 1:1. But other apps who do the same include the national school communications platform (which is pretty much mandatory for a huge chunk of the adult population, who need to look at it almost daily). Also: social security card (including health portal/doctor booking/comms), driver's license, bus pass, parking app, used-stuff-marketplace, ... eID is _everywhere_ because it's a good idea.
Sure, all of this can be done on a computer. If you're near one. Or you can have separate and physical cards, like we used to have. That still works, mostly: more and more services (eg. bus pass) are going digital-only.
Really, what we need is a top-down embrace of open-source-based platforms as being _as_ (or more) secure than the established tech giants. From governments down, organisations _should_ move away from locked-down (foreign) commercial interests.
I'm not holding my breath though.
Have you not had a company block you from doing something on the web and force you to use an app for it?
My main bank is Commonwealth aka CBA (one of the "big 4" banks here in Australia). For a long time, I held out against installing their mobile app (on Android), and managed fine with their web UI (and with 2FA codes via SMS). Then, 2 or 3 years ago, I needed to start using PayID (sort-of Australia's version of Venmo, ie free instant transfers, except it's supported directly by all the major banks here). And I discovered that CBA had (deliberately?) only added PayID support to their mobile app, you absolutely can't use it in their web UI (last I checked). So I had to finally relent and install the mobile app. I started out only opening it on the rare occasions when I needed to send money to someone via PayID.
Then, a while later, CBA pretty much phased out SMS-based 2FA (or they said that if you had the mobile app installed then you can no longer use it?). Only other supported option is in-app 2FA (no support for third-party TOTP apps). So I had to start opening the mobile app every time I needed a 2FA code. Then, within the last year or so, they made a new rule, that in order to log in to the web UI at all (just initial login, I'm not talking about sending money or any other high-risk action), you had to receive a push notification via the mobile app and tap "allow". So now I literally can't log in to the web UI without also logging in to the mobile app!
So, unfortunately, "just keep using the bank's website on desktop" is increasingly and deliberately becoming not an option. I assume there are many similar stories with other banks around the world.
So, leaving aside the discussion about whether someone wants to use their bank's application or not, what's the bank response if their application just doesn't work in your phone? That you must purchase a new phone or be locked out of using your account?
I hope, now that the debate about our excessive reliance on American tech is on the table, that we also put limits on those essential services, like banks, imposing the usage of products from only two companies (Google or Apple) in order to operate. I think that goes at least against the spirit of the European Union.
> I hope, now that the debate about our excessive reliance on American tech is on the table
LOL, you couldn't even place a phone call in Australia without some US technology connecting the call. I should know, we setup the app that calculates your bill. That's from the US too.
I paid someone via payid via the web ui. Was via an email address. It was a while ago though and haven't used it since. Also I've never used the app since the blocked rooted devices, magisk stopped working (cause of safetnet) and moved back to sms "security". I just logged in then without having to enter a code. I do note you need to allow browser fingerprinting to allow the login to work. Otherwise it's some generic error.
I've made a lot of noise about it so maybe they've "unblocked" me to shut me up. Email the CEO so it registers a complaint. Make some noise. Definitely have another bank though as you can't just depend on one.
Some banks' only interface is the mobile app. And in Europe people typically use their banking app for P2P payments (no need for an app like Venmo)
I can't deposit checks over the website, and I use a bank with no physical locations near me.
That's true, but the notion that we're still using paper checks in 2026 is so crazy. And yet they remain the cheapest way to handle many transactions in the US financial system. Like a lot of small healthcare providers still prefer to receive paper checks from insurance companies because the electronic payment processors take a 3% fee.
Why won't they just use Bank Transfers? Using Checks or Credit Cards for Payments between companies sounds completely insane and stupid
Yes, it is completely insane and stupid. Direct bank-to-bank transfers require significant administrative work to set up, and may still incur bank fees. For individual consumer accounts most people can use Zelle but it's not universally available.
Funny how South Africa has a way more sophisticated banking network than the USA.
I think nearly every other country has instant and free/low-cost bank transfers, without relying on some Apps.
I haven't seen a cheque my entire life, and I'm born in the last century
I haven't had issues with the mobile apps of 3 of the most major US brokerages. They run fine on rooted phone. They do everything I'd want a bank to do anyway.
Ditch your bank if they have issues. If their retention department asks why you're leaving, tell them their app doesn't work.
> Ditch your bank if they have issues.
This is what I was thinking as well, TBH. I'm not particularly tied to any of my banks, I already did mostly switch off of BoA because their website was so bad.
Good to hear everyone's responses in the thread though, some stuff I definitely didn't consider.
Country dependent of course, but recently i observe steady push from banks to adopt mobile app. Some have webui neglected and glitchy, some openly announce sunsetting, some already killed web access only allowing app.
And this tendency will prevail as bank can collect way more data this way. Just a month ago one of banks that is often praised here sent me a letter saying “your IP activity doesn’t match your residence” (and i am not even installed their app, they pulled data from web ui usage. Imagine what happens when they get access to data mobile app can supply
The best solution for this is to buy a $30 burner phone at Walmart and use it unactivated, tethered to your main de-Googled device. You can use the burner for only tasks requiring Play Integrity.
Make sure to leave one star reviews on all such apps that you run into.
Yes. However, I already carry a tethered hand-me-down quarantine phone where I install my work apps and undesirable apps like Whatsapp (for those loved friends and family that can't or won't install Signal). Carrying a third phone for "Play Integrity" starts being a bit much.
Anything movement that requires people to routinely acquire a second phone is doomed to failure (in the “this will never become a mass movement” sense)
And if it is not “successful” then it’s literally making your own life more difficult for no real effect in the world
Yeah, it's one thing for a bunch of HN nerds to do it- the masses will not, and the masses are what move the needle.
In theory, it's possible to have a third party (other than Google or Apple) to provide attestation on third party hardware.
You can have a separate core and kernel to run such code. They don't have to be powerful, but they'll need to be small enough to be verified by the said provider. For most of the code that doesn't need attestation, they can be executed on normal hardware.
The provider also has to convince the regulator or banks to trust them. However, if that's solved, the user should feel no difference between pure Android and alternative platform plus attestation.
GrapheneOS supports remote attestation, but banks have to add the fingerprint of the official GrapheneOS verified boot keys:
https://grapheneos.org/articles/attestation-compatibility-gu...
Some banks even do.
I’ve found the mobile websites for a lot of these cases to be fine. Not a great UX but not a blocker
And if your bank only does 2FA via app?
Complain. Mine wanted that, but after complaining they offered me SMS. If not, I'd have closed my account there. At least here in Spain there are plenty of banks that don't force you to use apps. I also leave bad ratings for banking apps from time to time, and bad comments on X.
Since before 2023, MFA has been mandated by the government in Australia [0], for all critical services, including banks.
One without, does not exist, or is in violation of their national obligations and likely to be cut off by the RBA.
The only "effective" complaint here, would be the gigantic effort to lobby for a change in laws entirely.
[0] https://www.apra.gov.au/use-of-multi-factor-authentication-m...
In my country there are regulations in effect too that mandate the use of MFA; however, using an application is not the only way to implement MFA, as I said, in Spain banks can use SMS, coordinate cards, etc., and they are all valid MFA methods. I think what these laws are missing is the obligation for the service (the bank in this case) to provide a MFA device if the user doesn't have one.
Wait till you see how hostile Reddit is when you try and access via a browser on a phone
That’s how I browse Reddit actually. It is a bit janky, but I don’t like ads. Brave is reasonably good at giving you ad free Reddit on mobile
I only use old.reddit.com
Reddit is the epitome of enshittification.
The Wero payment system will cover the entire EU but apparently doesn't have a web portal the way ideal has.
Soon we Europians will only be able to pay using either an iphone or an Android device.
Hilarious
They will say: hey, now you're free from Visa and Mastercard for your payments! (only to be forced into the Google/Apple duopoly, which is far worse).
In that case a two phone approach makes sense. I was willing to try that out, to give Ubuntu Touch a trial on my main phone. This might incentivise it even further for an off-ramp of the Google/Apple duopoly.
So what you're saying is we go after the banking system next.
Decentralized banking is the future!
INB4 someone mentions some edge case like 'grandma got scammed' or refunds.
Don't banks/insurers/whatever have websites that are often mobile friendly?
In EU/UK, some are sadly app only. I avoid those. Many others are pushing apps as a 2FA, even if you use their website. You need to insist to get another authentication system, like TAN. Some governments are also pushing mobile IDs.
The best Linux for phones, SailfishOS, has a fairly good Android compatibility layer that runs many bank apps well. But despite that, it's an uphill battle. The network effect of the duopoly is gigantic.
I’m old enough to remember the days that banking apps required Internet Explorer and didn’t work on Firefox. Eventually, they were dragged kicking and screaming to support all modern browsers.
Microsoft's shit show seems to be pushing Linux adoption
LMFAO what are you doing on your banking app all the time
It only has to be something I need to be able to do but can't once a month to be a dealbreaker.
There's no point. Remote attestation means your device needs to be corporate owned to be trusted. Even if you had your own linux phone, it wouldn't be able to interface with institutions such as banks and governments. They trust Google's keys, not yours. This doesn't quite end free computing, it just kills it for normal people and ostracizes us hackers who insist on owning our systems.
GrapheneOS supports remote attestation:
https://grapheneos.org/articles/attestation-compatibility-gu...
Some banks have added their verified boot keys. I think it helps that GrapheneOS is well-known by now for great security practices (most likely more secure than all vendor phones out there).
> Some banks have added their verified boot keys.
Seriously?? That was very unexpected... Here's to hoping this becomes standard practice!!
Not sure what gov require, but most credit unions do not use such lockdowns
They will.
Credit unions, at least in theory, are known for caring more about their customers. It'd be worth explicitly giving them the feedback that you use them via their website or via an app that works on an Open Source phone, and telling them that that's one reason you're a customer.
Fraud prevention. If they lock things down, they lose less money to fraud. I think they should just have to suck it up and eat the cost but obviously they don't think that way. Only a small minority even understands and cares about these issues. The money they save by trampling over our freedom is no doubt much higher than the value brought in by us. They will no doubt sacrifice us for increased profits if we force the issue. We have no leverage.
There is no reason whatsoever for a major corporation to not use remote attestation technology. Banks will use it because fraud. Streaming services will use it because piracy. Messaging services will use it because spam, bots. If you're the corporation, the user is your enemy and you want to protect yourself from him.
Governments want this too. Encryption. Anonymity. They need to control it all. Free computers are too subversive for them. They cannot tolerate it.
Until Android is crippled it will continue to take resources away from Linux Phone development and companies that will launch phones for it
I got downvoted heavily about a year ago saying we need to abandon Android and the industry needs to pivot back to just putting GNU/Linux on a phone already.
Of course, now Google is doing what Google was always going to do.
For me as a desktop linux poweruser, I find this potential transition pretty intimidating, I've never flashed a phone with a custom rom let alone switch to a completely different OS, and I am not sure if the phone can even be reset to its original OS, if things go south.
/e/OS at least has a browser based installer[0] for quite some supported phones. I definitely recommend trying it out, installing a custom os on my phone gave me the same feeling when I first ran debian on a laptop struggling under windows (even though the performance gains aren't that apparent in my opinion).
The /e/OS installer is terrible though and often fails, even on their officially supported phones (like Fairphone). The standard recommendation in their forums is nah, just install /e/OS through the command-line.
Also, /e/OS has pretty bad security practices (shipping very old kernels, very old vendor firmware, and missing most AOSP security patches).
Also, be careful to follow the instructions really carefully. For some devices it's really easy to get the phone in a boot loop, where the only resort is to get your vendor to repair it. E.g. Fairphone 6 has downgrade protection and will become a brick if you relocked the phone when the old system's Android SPL is newer than the new system's.
Don't worry if you're not ready, just as on the desktop, there are pioneers ahead of you that will clear the way <3
It's relatively easy. It's basically a command for each step you want to do and it tends to fail gracefully nowadays.
If you can install a linux distro you can flash a custom rom on a well-supported phone.
If it were more mainstream I could see GUI apps to manage all this for people, if they don't already exist. Idk I just use adb.
It's also high risk. I've bricked two phones doing it.
I flash phones almost every other week. And tablets. I have been flashing since Androids came out. But never bricked. But maybe that is why I don't have any problems.
I've been flashing phones for over 2 decades and have never bricked a phone. How did you manage that?
Lots of people brick their phones by relocking the bootloader when the Android SPL before flashing was newer than the newly flashed OS when the phone has downgrade protection (e.g. Fairphone 6). The Fairphone/e Foundation forums are pretty full of people making this mistake. Then the only solution is paying Fairphone to fix it.
Same here. Just follow the LineageOS steps.
Are you seriously implying that flashing phones doesn’t risk bricking them or you’re not aware of that risk are you serious?
"flashing" a phone is largely the same as any OTA update. There's of course always a risk of it going wrong, disk failures are always possible, but it's exceptionally hard to do so accidentally. Especially with custom ROMs where they basically never include a new bootloader, so "flashing" is no different than installing an OS on a desktop system - it's just writing to the boot partition. Which you can always do again since the bootloader is still available.
It is not 'largely the same as OTA' on phones with downgrade protection. Once you lock the device again, it's game over because the bootloader refuses to boot an older version of the OS, and you cannot unlock the phone anymore. Happens all the time in the /e/OS and Fairphone forums.
It really depends on the device. E.g. Pixel is quite hard to brick. Though they do sometimes increment the anti-rollback version:
https://developers.google.com/android/images
In that case you have to be careful to not flash an older version to both slots and lock the bootloader, which is possible, because many non-Google/GrapheneOS images are often behind on security updates.
It is still largely the same, those downgrade protections apply to OTAs as well. Those anti-rollback don't brick the device, either. It might not boot to a working OS, but you can still get back to the bootloader to flash something newer. Unless you blindly lock the bootloader without testing if it boots first and the bootloader can't be unlocked again I guess, but that's quite a sequence of bad choices all around
It is still largely the same, those downgrade protections apply to OTAs as well.
But the Android SPL versions of OTA updates from Android vendors monotonically increase.
It might not boot to a working OS, but you can still get back to the bootloader to flash something newer. Unless you blindly lock the bootloader without testing if it boots first and the bootloader can't be unlocked again I guess,
This is false. As long as the boot loader is unlocked, many phones will boot the downgraded image fine. It stops booting it when you lock the boot loader and on many phones, you cannot unlock it again. You need to boot the OS to enable OEM unlocking again, but you cannot boot the OS because the bootloader refuses to.
The Fairphone community is full of people who though 'oh it boots, so I can lock', locked it and they were in a boot loop and had to send their phone to Fairphone to get it repaired for 60-70 Euro (I don't remember the exact price, but that is the ballpark).
There is an adb command that can fairly reliably detect whether the boot loader can be locked. But I'm not going to post it here, because people have to read the full flashing manual, plus in the past there was a bug where the anti-rollback would trigger even with a newer SPL.
At any rate, flashing is not for most people and it was much easier when there was no rollback protection. Of course, rollback protection does make phones much more secure.
---
I wonder if your experience is based on Pixel or older/other Android devices that do not have rollback protection.
I am seriously unaware of the risks and also flashing brand new phones :)
> Are you seriously implying that flashing phones doesn’t risk bricking them or you’re not aware of that risk are you serious?
Yes, that is generally the case. As a general rule with an Android phone reflashing the OS itself or the bootloader carries no risk of bricking the device (meaning making it impossible to recover without specialized hardware and/or opening up parts that were not intended to be opened).
There are plenty of ways to "soft-brick" a device such that you might need to plug it in to a computer, and adb/fastboot can definitely be a pain in the ass to use (especially on Windows), but if you have a device with an unlocked bootloader it's very rare to be able to actually brick the device while doing normal things.
Now, if you're doing abnormal things like reflashing the radio firmware you can absolutely brick some devices there, but you don't have to do that just to boot an alternative OS and generally shouldn't be doing it without very good reason and specific knowledge of exactly what you're doing.
I'm not going to say there are no devices where the standard process to flash an alternative OS is dangerous, but none of the relatively common ones I've ever owned or used have been built that way because OEMs don't want their own official firmware updates to be dangerous either.
tl;dr: It is sometimes possible to brick a device by flashing the wrong thing incorrectly, but the risk of doing that if you are just installing an alternative OS through a standard process is basically zero.
Potential for a brick varies massively depending on phone model, doesn't it?
it's pretty much impossible to hard brick phone, you can almost always recover it
I'm running custom ROMs for the last 15 years
That describes relatively easy for you, but not for the average person who can’t even be bothered to change the default ringtone.
The challenge I've found when looking for instructions for flashing one of my old phones is the assumption of knowledge some rom builders have, or perhaps an assumption about their audience. This seems like it has the potential to bit someone in the ass because if they're relying on other sources like the lineageOS wiki or forum posts elsewhere for example there's no guarantee it'll stay available, complete, or relevant to their variant over time. It's an added burden for what is a gracious volunteer role, but it's a handicap if they want more people using the fruits of their labor.
Have a look at this post
https://news.ycombinator.com/item?id=46723594 from Emre @emrekosmaz
It is a smartphone that runs Android, launches Debian, and dual-boots Windows 11
Actual link https://nexphone.com/blog/the-tale-of-nexphone-one-phone-eve...
Expecting Google to give up control of one of the only alternative operating systems is right up there with believing in the tooth fairy.
What you're saying should happen, but it will only happen when the government legislates it happens; which frankly they should be doing (along with nationalizing a few other software projects to be fair).
A trillion dollar transnational corporation with massive monopolistic tendencies will never ever do the right thing. Expect to force feed it down their throats.
In general, governments seem to be much more invested in making it illegal to have anything that is too open and too free. Even EU is lusting for draconian control features like chat control where you don't own and operate the software you installed on your device even if, at the same timem, they're trying to gnaw on the influence of Big Tech.
> Even EU is lusting for draconian control features
Even the EU??? Huh? Did you misspell 'especially' there? Because when your governments want to spy on your own citizens more than the big tech companies want to collect data for advertising, you probably have a problem.
Adoption would mean that orgs like the European Payment Initiative behind Wero would adopt Linux phones even other AOSP ROMs. Not seeing that. Banks and streaming platforms that require DRM are keeping most (non-activist type) users locked in.
It may push a minority of users who really care about open source to Linux phones. I expect the majority of users will grumble but cave and re-adopt mainstream Android or Apple.
But there is a lot of resources put into the android ecosystem already. Even open source apps like anki, syncthing etc
The limitation of linux phones is hardware. I have been watching the progress of postmarketOS on the fairphone 4, and looks promising.
No, gnu/Linux is nowhere near usable as a daily driver mobile device for 99% of the population.
Besides having terrible battery life and security, it's just a hobby thing. Android has had millions of dev hours poured into it to be what it is.
In the 90s, you would have said the exact same thing about linux on the PC.
Free software ultimately has time on its side. As long as a project has enough mindshare to keep its momentum, it really is unstoppable in the long run.
https://puri.sm/posts/the-danger-of-focusing-on-specs/
Sent from my Librem 5.
I don't care about specs, I care about functionality and price. The camera on the pinephone doesn't practically work because it is too slow and the quality sucks. You basicially cannot record videos whatsoever. I can't use the device for GPS navigation. I can run whatsapp within waydroid, but it isn't practical due to the battery life and startup limitations that imposes. The GPU on the pinephone sucks, is underpowered, doesn't support OpenGL ES 3 or vulkan, and the user interface is always slow as hell to navigate.
So practically I cannot use it as a daily driver.
Librem 5 does have enough GPU horsepower, a functioning camera, and good pmOS support. But $800 is a lot to ask to test out switching to linux with no guarantee that my workflow will work or I will have enough battery life. It looks like the librem 5 can't record videos or do GPS navigation yet.
I am looking at the librem 5 specs again. The EG25-G is probably a better starting point for the modem now that it has been better documented and reverse engineered as a result of the pinephone project. It is interesting that the L5 has a generic smartcard reader though.
> If this finally pushes adoption of truly open Linux phones...
It won't.
Even if you have linux, there are still third parties that have control over your hardware. Even if you're using graphenos, you can't block the sim or the cellular radio stack, and likely other modules on the SoC, from at-will access to every sensor on the device. You can at least protect your files, unless there's a mitm or other vector that graphenos can't cope with. And at worst, they can simply clone all your encrypted bits and wait on Moore's law or sufficient cubits to go back and crack the copy, on the off chance there's anything they want with your data in the first place.
FYI: GrapheneOS only support devices with isolated radios. These radios cannot access other sensors. More background: https://news.ycombinator.com/item?id=46841033
What a lame and useless doomer POV. Do you refuse to go outside because a lightning strike could kill you at any instant? Why let things that aren't in your control (yet) stop you from taking control of the things you can now?
My phone has hardware kill switches for modem, WiFi/Bluetooth and mic/camera. All three together also kill all sensors.
If it's got a sim card, it's still phoning home and providing location data. You can't escape the panopticon. A faraday bag gets you mostly there, though, but the point isn't that you can maneuver against it, it's that the device and its operation is fundamentally compromised by design.
There's a whole lot of shady crap underlying the infrastructure and the hardware that consumers cannot touch, pinephone / librephone or otherwise. It's not designed for consent. At best you can gain ephemeral relief, but even that is illusory, because by simple process of elimination, differential analysis allows fine grained ID and tracking of people even if they don't have accounts, phones, interact with websites, etc.
It's not a shady cabal of lizard people, it's just the grubby natural alignment of interests by a wide ranging set of companies and regulators and groups who allow it to happen without imposing any accountability, and ensuring that the system remains structured such that no effective accountability can be imposed.
Extorting constant streams of data for adtech is too valuable and the entire thing is too complex for silly things like ethics to interfere.
> If it's got a sim card, it's still phoning home and providing location data
Only when the kill switch is on. I control it.
Also, it's possible to get AweSIM service hiding your data from the mobile operators.
For sure - and you can use WiFi only, set yourself up with a HaLow rig and give yourself a ~10mbps connection anywhere up to 10 miles from your home, suitable for voip and low rate streaming, throw in VPN, and remain completely off-net as far as cellular networks go. I'm actually planning on using a wireless touchscreen and mobile halow/raspberry pi network/storage stack to completely replace my phone, but the bigger issue is automated tracking of everything - if you're the only blank spot in a sea of known individuals, it's just a matter of seconds to id you, since everything everywhere about everyone is tracked online.
We should be enforcing informed consent regulation of network infrastructure, treating privacy and anonymity as synonymous with liberty and freedom. Allowing the system to operate as it does is a choice; those with lots of money get to make it grow by exploiting a constant invasion of privacy with no concurrent return to the society being exploited.
Phones aren't built to be privacy respecting, and kill switches are a mitigation of a symptom, they don't do anything to address the disease.
There is an implicit shame in disgrace but faceless entities have no shame. They'll just put out another press release written in corporate newspeak by an LLM and move on withe the plans anyway. This is standard Google behaviour. They do it with Chrome, they do it with Android, they'll keep doing it with all their captive markets. I fear that in practice even having an "advanced flow" will make little difference as some applications will refuse to work if you have it enabled anyway (in the same vein if debugging is enabled, for example).
Nothing about Android is open except the absolutely minimum amount of linux kernel that's required to boot the thing. Then it's blobs and restrictions all the way to the screen.
The impact is a direct threat to independent AOSP distributions like Murena's e/OS/ (which I'm personally using).
I don't think this is true, right? An AOSP build can just decide to still allow installing arbitrary APKs. Also see this post from the GrapheneOS team:
https://mastodon.social/@GrapheneOS@grapheneos.social/116103...
The enforcement mechanism is in Google Play Services, not AOSP. To laypeople the difference doesn't matter but to folks looking for alternatives it does, so the discussion is often muddied and imprecise. This is like when YouTube removed public dislike counts and it turned into "they're removing the dislike button!"
You can’t really do that long-term as Google will change code that will not match however you are not enforcing this policy
So at the very least you’d have to keep patches up to date.
Long term divergence could be enough that’s it’s just a hard fork and/or Google changes so much that the maintainer can’t keep the patches working at the same pace
I couldn’t read your link as it asks to join mastodon.social
All distributions involve maintaining patch sets. The question is what the marginal burden of this particular patch is.
But that just sounds the big community demanding this has to put together a proper KDE-like team to maintain Android in the way they want instead of waiting on Google's code?
Doesn't require me to sign in or create account...
I had the mastodon app installed and it was doing that. After I uninstalled it opened in the browser just fine.
The patch set for graphene is substantial, this is a relatively minor change.
Good thing restricting side-loading isn't legal in the European Union! Not a problem here. Apple had to enable side-loading on their EU-based phones and so will Google if they restrict it.
Yes it is, and no they didn't. Apple has to allow (heavily restricted) alternative app stores, and I'm not clear on whether any actually exist right now.
What Apple restricts and is legal are not the same. Apple is doing malicious compliance and the legal system ain't buying it. But it takes some time and iterations to shake out.
The legal system has said absolutely nothing about what Apple is doing yet.
My understanding is that how Apple is restricting the alternative app stores is also illegal in EU, so I don't thinkt this is the end of this story.
It's almost two years and they are still doing it. So they are moving mighty slow if that is the case.
Yes, these things move slowly, but they do move =)
They have moved much faster on much more complex plans though. If this is a case of Apple breaking the law then surely they wouldn't need over two years to tell them to stop it? The EU regulations seem largely to be, you need to do X and you need to figure out how to comply by Y date. They aren't gently guiding these corporations to compliance.
So I'm leaning more towards Apple is in compliance and the common perception is incorrect. Which is fairly common when it comes to laws and regulations of any country.
Can you give an example of where a legal matter on this level has been resolved "much faster"?
The kind of "side-loading" of notarized apps outside the manufacturer's app store that Apple allows in the EU is exactly what Google proposed to do for all its Android builds. We don't want that.
How specific is the law? What if side loading requires a "trusted" signed certificate where trusted means from Google Play?
Not even playing devil's advocate, just wondering how many loopholes actually exist.
If a lawsuit tackles this problem in the EU, will we finally also see somebody go after MS for their obnoxious code signing certificates?
While MS code signing certs are more circumventable for power-users than Android's new approved developer program, their pricing is far more prohibitive for independent OSS developers and hobbyists, costing hundreds of USD per year.
Good news: You (as a community) can now finally wake up from your dreams and get some things right!
It's really a shame that you always wait until you really get forced. Particularly in situations when every individual's inability has consequences for the others as well. I really gave up all ideas of a better world. With this community, the best you can hope is that the decay will be slow.
So everyone who would describe himself/herself as a FOSS enthusiast, or at least a friend of a somewhat open system where the user has some actual rights beyond sole consumption, put some pressure towards having actually de-Googled systems. A system that mostly comes from Google, would not fit my definition of that term at all! Even if they removed some parts of it. It's an euphemism. And it's dangerous because you constantly get trapped by these euphemisms. Ever. Single. F'ing. Time.
The only reason I was sticking to Android for years is this. And I think there is no moat for Android. I would rather switch to iOS if both platforms are same restrictive.
You'll miss having a keyboard that works
It'll be sorted in about 9 days.
I did this last year. Reluctantly. And using iOS still hurts. But it’s better than that Google crap.
I developed my own Android ROMs from 2009-2011, complete with my own tuned kernel. I ran the local Android developers MeetUp group and evangelised Android development. When Honeycomb launched I helped OEMs test their beta firmware. For free.
But as Google has become certified Evil, the direction of Android has been very clear. In practice I honestly can’t say it’s now any more open than iOS. Except it has a lot more avenues for Google to mine your data to sell ads. And the quality of third party apps on it is decidedly worse.
I thought long and hard about getting a Linux phone. But I need a good camera on my phone to take random snaps of kids/pets/etc. And the Linux phones just aren’t there.
I hate the shitty duopoly we have ended up with. But I now realise that the openness of x86 and pc as platform really was an accident of history.
Why does there seem to be a growing push to tie real-world identity to nearly everything we do online? The justification is almost always "safety". I know this trend has been developing for years, but over the past couple of years it feels like it's accelerated globally.
Online anonymity makes it harder for TPTB to punish dissidents.
Before we had mainly one excuse: to protect the kids
Later we got a new one: to reveal Russian shills/propaganda bots
Now we also have: to filter out AI slop
Any problem the internet experiences will eventually become an excuse to eliminate online anonymity.
There's strong political backing for it now.
I think people in power have realized the impact of misinformation campaigns. And to be fair, western countries have proved to have the resilience of a wet paper bag against foreign influence and private interests.
I honestly can’t imagine a good solution here. A move back to the early 2000s internet would be the ideal middle ground, which requires separating social stuff from informational stuff, and both from engagement algorithms. I have no idea how we’re supposed to put that genie back in the bottle.
And to be clear I’m not saying this as vouching for the current push, I hate it as well.
Yeah, propaganda works, and the US wants to stop foreign propaganda, but the problem is they still want to push their own brand of US biased propaganda so they can't put in any sort of useful journalistic standards requirements upon media conglomerates or it will tie their own efforts up in court and lawsuits.
I think one major issue is the shortening of people's attention spans. People consume snippets of information that show a tiny fraction of the full story. They don't spend 10 minutes reading an article or watching a video, with a few exceptions. More people probably watch clips of Jon Stewart than actually watch his show. I think we ought to start addressing that issue, and see how it affects the efficacy of misinformation campaigns.
> I honestly can’t imagine a good solution here.
"just stop" is a good solution. Stop asking for ID, stop pushing for apps, just stop the general trend towards https://en.wikipedia.org/wiki/Enshittification .
Yes, misinformation is a problem. Deanonymization is a bigger problem. If you can't say anything anonymously, it becomes much more difficult to fight entities bigger and more powerful than you.
I agree, but that isn’t a good argument to offer to the entities bigger and more powerful than me.
Governments and companies feel a pressing threat of a trump-like populist overtake in each country. They need the bots, fake socials and slop stopped yesterday. An abstract degradation of freedom of speech isn’t going to cause pause.
There is a national security argument that I think is more likely to help, at least for non Americans. Do you want a foreign power to have control over your citizens phones being functional?
The irony in this line of thought is that by stifling anonymous speech and enabling censorship, countries will usher in their own reactionary movements as dark money is globally spent on platforms to push paid advertising advancing reactionary rhetoric. It's already happening in the UK, Germany, France and Spain.
Right-wing populism isn't what's being banned here, it's dissent. Platforms are happy to take domestic and foreign fascists' money and push their agendas no matter where they are globally because it benefits them, too. Those paid placements aren't being banned, your ability to disagree with them and not be identified is.
That’s a very good point, it’s another hole in the sieve.
This “fix” just routes people through official channels but those channels aren’t exactly proving to be worth the term walled garden. My YouTube adverts lately border the quality of early 2000s piracy sites, it’s honestly baffling how little they value their own product in their willingness to take anyone’s money.
"Misinformation" usually meaning information the people in power would rather you don't get to see and make up your own mind about.
Personally I'm excited about the death of Android, now resources can be put toward mainstreaming and maturing the Linux Phone ecosystem
Hopefully 2026 or 2027 will be the year of the Linux Phone
Strong disagree. Linux, its permission system and its (barely existent) application isolation are lightyears away from the security guarantees that Android brings.
Desktop OSes and their derivatives are woefully behind in this regard, and unfortunately the will to bring them up to par is incredibly weak. Of those in mass use (Qubes OS is neat but its user base isn’t even a rounding error), macOS probably does the most, but it’s still lagging behind iOS and what’s been implemented has come with much consternation from the technically inclined peanut gallery.
I understand some amount of reticence with commercial OSes, but there’s no justification for being against it on open Linux based desktops and mobile OSes. We really need to get past the 90s-minded paradigm of everything having access to everything else all the time with the only (scantly) meaningful safeguards coming in the form of *nix user permissions.
> We really need to get past the 90s-minded paradigm of everything having access to everything else all the time
I do agree with that, and I strongly believe that the iOS and Android security model is way ahead of Desktop Linux. But what I observe is that nobody seems to care about the security model. A recurrent complaint I see against anything AOSP-based (including Android) is that people "want to be root".
It comes from a history of using mostly trusted application sources like Debian/Ubuntu package archives with manual review being the norm. And few supply chain attacks.
But both Flatpak and Snap offer this new model from the two biggest desktop players in the Linux world: Red Hat and Canonical.
As the sibling comment said though, being an administrator for your own computer (including a phone) does not mean that you will be running untrusted applications as one: on the contrary, if you assume an administrator role and run an untrusted application, naturally, all bets are off. But even as a power user, I'd love to be able to safely run programs I do not necessarily trust, feeding it only data it needs and no more.
Again, Snap/Flatpak provide this model, but we need to see more application authors take them up to ship their software.
It comes from a history of using mostly trusted application sources like Debian/Ubuntu package archives with manual review being the norm. And few supply chain attacks.
What most of these people do not seem to get is that proper sandboxing does not only protect against attacks from the inside (rogue developer, supply chain attack), but also from the outside. Most desktop apps probably have a good number of security vulnerabilities that can be exploited when they parse untrusted data. On the Linux desktop, most apps still use decades-old C libraries for parsing XML, images, JSON, etc.
Sandboxing also protects against external attacks.
Again, Snap/Flatpak provide this model, but we need to see more application authors take them up to ship their software.
Agreed, though for a lot of technical and social reasons, most apps still need privileges that allow trivial sandbox escapes on Flatpak (I don't know or care about Snap). Strengthening app sandboxing should be a top-priority for the Linux desktop, but only a few people seem to care. The same for fully verified boot, etc. Even things like UKIs only go so far, yet almost no distribution has adopted them.
The general security mindset of the Linux desktop community seems to be stuck in the 90ies, levitating between hahah, they cannot get root (as if that matters on desktop Linux) and secure boot and sandboxing is here to take my rights (on open source desktop Linux, seriously?).
> What most of these people do not seem to get is that proper sandboxing does not only protect against attacks from the inside (rogue developer, supply chain attack), but also from the outside.
The problem is that strict file system sandboxing in particular also breaks a substantial number of workflows that can't be modelled as 'only ever open the exact file the user explicitly' picked. (Any multi-file file formats are particularly affected, as well as any UI workflows that don't integrate well with strictly having to use the OS file picker.)
So you need some escape hatch for optionally allowing access to larger swathes of the file system, or even really everything as before, but that in turn then risks being abused again by malicious actors. And then…?
Plus things like Android's implementation initially using an API completely incompatible with classical file APIs, as well as causing some noticeable performance overhead even today if you need more than simply accessing the occasional single file here and there.
I think had the problem is that the toolbox we can deploy to solve these problems is so empty.
For example, it’s useful for a music player with metadata editing features to have read/write access to the whole filesystem, but that constitutes a significant risk since all we can do is wholesale allow or prevent access to the whole filesystem. What if the system could allow it to access only music files, though? That’d scope the risk back down to almost nothing while also allowing the music player to do its job.
This is the kind of thing I’ve been getting at in the other replies. Nobody has really sat down and given system level security controls a deep rethink.
Agreed. I want to "own my device" as in "being able to install the system I want on it". Not as in "I want it to behave exactly like Desktop Linux", or whatever it is that people complain about AOSP.
On my Desktop I love Linux. But on my smartphone, I want AOSP.
Largely agreed, though I think on the desktop I’d also want AOSP in desktop mode with a traditional Linux distribution in a VM pretty much like Android 16’s Linux VM.
But then on desktop/laptop-class hardware, since the thermal constraints are different and it’s nice to have extensible storage and RAM. Of course, all this on the phone is also nice for when you only have your phone with you.
Then one could use fully sandboxed apps for banks, instant messaging, etc. and the VM for development.
AOSP is getting pretty close to this ideal.
> AOSP is getting pretty close to this ideal.
Yes I can totally imagine that in a few years, most people will only need a smartphone and a dock station. At home, they will plug their phone (iOS, Android, whatever) to their dock station and it will behave as a Desktop. And it will be good enough for everything they do.
Allowing the owner of the device root access doesn't necessarily break the security model. It just means that the user can grant additional privileges to specific apps the owner has decided to trust. Every other app still has to abide by the restrictions.
The fact that Android complains and tells any app that asks whether the owner actually, you know, owns the device they paid for is an implementation detail.
A Linux distribution that adopts an Android style security model could easily still provide the owner root access while locking down less trusted apps in such a way that the apps can't know or care whether the device is rooted.
IMHO, I should be able install the OS I want on the hardware I paid for. What should be illegal is to technically prevent me from installing a different OS, because I paid for that hardware and I should own it.
But that does not mean that all OSes should be open source. I think it's fine for iOS to be proprietary, but there should be enough information for someone to write an entire alternative OS that runs on iPhone. I think it should be illegal to prevent that (is it called tivoisation?).
All that to say, I don't believe that having root on my Android system is a right. But being able to install a system that gives me root should be one. If that system exists, that is.
> A recurrent complaint I see against anything AOSP-based (including Android) is that people "want to be root".
I want to be able to do what I want with my PC or phone. I don't want every app on my PC or phone to be able to do whatever they want, without me agreeing first.
I want to be able to install what I want on the hardware I own. And I should be able to leverage the hardware to its full capacity. Preventing me from adding custom keys and relocking the bootloader should be forbidden, because I own that hardware.
But that does not mean that I should be able to do whatever I want with any OS I install. If I am not happy with Android, I can install LineageOS and modify it the way I want.
I am obviously not a big fan of Google, but I do believe that AOSP is actually a good deal (a lot better than iOS which is proprietary). Google is doing a lot of work on AOSP. That I cannot unlock/relock the bootloader on some devices is not Google's fault.
It's important to keep separate the parts of the security model mobile did well from the parts it got wrong. Declaring that app developers can decline end user access to app files is unacceptable. I get final say on my device. I get to run as root. Hell, I get to run as ring 0 if that's what I want to do.
IMO, the developers choose what software they want to write. If Microsoft Word decided to remove the "export to PDF" feature, that would be their right. And it would be your right to stop using Microsoft Word. If you want to be root on your system, you are free to install a system that gives you root access.
And that's the part that I believe should be a right: if you buy a smartphone, you own that piece of hardware, and you should be able to install the system you want. But if you are not the one developing that system, you don't get to decide what this system does. Just like you don't get to decide whether Microsoft Word can export to PDF or not.
You're saying that the Android security model shouldn't be illegal. I agree.
I'm saying that despite all they get right, the Android and Apple security models, when foisted on the mass market, are socially and ethically flawed. I'm saying that the end user has a fundamental right to tamper with the software on his own system. Those designing an OS that intentionally thwarts the user's will are in the wrong.
Just because something is legal that doesn't mean doing it is a good thing.
Fun fact - on most Linux distros any user program can see almost any event, yes including key presses, by reading from the right /dev/... file.
This is not surprising. The desktop Linux community reacted with hostility to the well funded security efforts (selinux, apparmor, grsecurity, etc)
Do you have any source for that claim? That would be a pretty serious security issue even unrelated to any security hardening (eg. on a multi-user system, one user could read out the password from another user — even with desktop usage, second user could be SSHed in).
As a datapoint, everything in /dev/input/* is owned by root:input on my Debian Bookworm install, and my main user is not a member of the "input" group either.
Biggest problem with most security hardening for Linux desktop is that it breaks the natural usage pattern: I store my files by their content, not by their format (eg. I might have a folder for my project containing image files, spreadsheets, FreeCAD files, maybe even some code or TeX/ODF files). If programs are restricted to access the entirety of my $HOME though, there is not much benefit to that protection since that's where my most valuable data is. If they are restricted to per-program folder, I need to start organizing my data differently and unnaturally.
Android mostly does not use the "files" metaphor and basically does exactly that (per-app data): coming up with a security model and file management UX that does both is where the challenge is.
Security is a tradeoff (fucking always...)
It's the same reason I choose to keep my front door unlocked basically all the time - I know my neighborhood, the risk is really low and the convenience is high.
Further... practically everyone agrees that they don't need bank vaults as front doors. It makes zero practical sense: The cost is incredibly high, and the convenience is very low.
There are ALL sorts of wonderfully cool things you can do on a system where applications are allowed to trust each other, and the system is permissive by default.
You can customize behavior more easily, you can extend software more easily, you can add incredibly detailed & functional accessibility support, you can create incredibly powerful macros and commands.
This is so important that fundamental OS design from the early 90s actually prioritized and catered to exactly this style of open, trusted, platform (ex - all of COM in windows...). This is what made personal computing a reality...
All of those fall flat when you try to impose "well funded" security efforts.
Those efforts have a place, in the same way that bank vaults have a place. Whether that place is a personal computer is a different question.
Implying those folks are hostile for no reason is... at best a woeful misunderstanding of the situation, and at worst a malicious mischaracterization.
Flatpak and Snaps are built to solve this. They do conflict with some expectations from users to be able to play around with things, though, so they do not have the penetration one might want.
They only cover the user-facing app part of the story. The rest of the system needs isolation and safeguards, too, including things like the desktop environment and whatever random daemon.
A solution that's integral to the system and not just loosely taped on is required.
For many services that was solved even earlier: that's why things like Docker, podman and VMs are so popular.
The hard bit is the desktop experience which is not fully there yet, but the technology is.
Docker style containerization technically works, but for desktop use I think is a rather heavy kludge and not really a solution.
It would be much more nice if e.g. daemons could have their privileges pared down to only exactly what they need to function and nothing more with a config file somewhere. This can somewhat be achieved with the user system, but that really doesn’t scale well and doesn’t suit the purpose all that well in some ways.
Flatpak provides very weak sandboxing compared to android. It was more about packaging and distribution than security.
https://docs.flatpak.org/en/latest/sandbox-permissions.html says otherwise.
Most apps not using tight hardening are for different reasons though (files/folders org).
Letting everything I install have access to everything is the core feature I want out of a platform. If I can't have that might as well just use android
Aren't all the necessary pieces for something better essentially in place now that unprivileged namespaces are well-established?
They've for sure had more than their fair share of security issues, but those are bugs, not fundamental design problems as far as I understand?
This might be a strange take in these times, but I feel like the browser largely solved the "I need to run potentially adversarial application code in a sandbox". For native applications, stick to stuff that's vetted and in well-maintained repositories, or well-known open source projects that you trust. All of this technical work just to be able to run hostile native code ignores that you don't have to, and probably shouldn't want to, run sketchy code on your device. Installing random untrusted software is bad, even with the most advanced security model in the world. At the very least it will probably abuse whatever permissions it has to spy on you to any degree it can (which is a lot, even for web pages) and to send you advertising notifications.
This assumes that the mentioned systems are the only security considerations on a Linux system. Clearly this is not the case so I am unsure why you omit other security-related aspects of Linux here.
Android, being based upon the Linux kernel, has all those and its own app permission system built on top. Linux on its own comes nowhere close to this.
The security of Android doesn't mean much to me as long as the front door is left open by design for Google, and therefore the government, to directly spy on you.
What front door are you referring to?
PRISM. The agreements which Google and other major tech companies have with the government.
You can build those things on top of Linux, like Android did. Linux has containerization and all.
Android brings malware apps and security fixes that come after months rather than next day compared to GNU/Linux.
The isolation is nice but not so important once you stop running malware constantly.
Not lightyears. About 20 years, which is how long it took Google to pile on the mountain of complexity and inefficiency to accomplish this.
Well, we've had containers on Linux for more than a decade now and we're still nowhere near where Android was on day 1.
I.. don't think it will happen. For several reasons too. It is not that I don't think Android will change substantially, but the following constraints suggest a different trajectory:
- AI boom or bust will affect hardware availability - there is a push on its way to revamp phones into 'what comes next' -- see various versions of the same product that listens to you ( earing, ring, necklace ) - small LLMs allow for minimal hardware requirements for some tasks - anti-institutional sentiment seems to be driving some of the adoption
I think adoption will hinge on whether existing Android apps will just run on it with something like waydroid/anbox or not.
Gaming on Linux took off with Proton. Linux on phones might go the same path.
I understand why mobile/tablet OSs are so crappy compared to desktop; in the past these devices had no resources cpu and ram wise and had to heavily watch battery consumption (the latter is still true mostly, but that should be up to the user), but my phone is more powerful than my laptop and yet runs crap with no real usable filesystem and all kinds of other weirdness that's no longer needed.
However, I have 2 Linux phones and Linux on phones is just not there. Massive vendors (Samsung, Huawei, etc) would need to get behind it to make it go anywhere. Also so banking etc apps remain available also on those phones. We can already run android apps on Linux, Windows apps, so it would be a bright future but really it needs injections and support for large phone makers.
I hope the EU/US mess will give it somewhat of a push but I doubt it.
FWIW, Nokia did develop a pretty good Linux phone back in the day (Maemo/Meego) with Nokia N9 (it even received rave reviews from consumer tech sites like engadget), but it did get killed off as they got absorbed into Microsoft (we all know that didn't age well).
Similarly, Palm Pre, and especially HP Pre 3 was a wonderful WebOS incarnation.
Ubuntu Touch did seem like it had a future, but it was a massive sink for Canonical so it was defunded as well.
The user experience was there on all of these: the apps, not so much.
Ubuntu Touch is not dead though, I use it happily on my primary device for 8 years. It's working like a charm. And waydroid allows you to run APKs, even if some bank apps may not work.
This is one of the most naive things I see people repeat.
The reality is that we're lucky to have mostly-good things at all that align with most of our interests.
Yet people get so comfortable that they start to think mostly-good things are some sort of guarantee or natural order of the world.
Such that if only they could just kill off the thing that's mostly-good, they'll finally get something that's even better (or rather, more aligned with their interests rather than anyone else's).
In reality, mostly-good things that align with most of our interests is mostly a fluke of history, not something that was guaranteed to unfold.
Other common examples: capitalism, the internet, html/css, their favorite part of society (but they have ideas of how it could be a little better), some open-source project they actually use daily, etc.
If only there weren't Android, surely your set of ideals would win and nobody else's.
Agreed that there is a ton of baby in this bathwater.
Also, the open nature of AOSP gave Google its advantage during the early days. Since then, Google has morphed into a company that would likely not make the same decision to create an open-source OS free for others to use and contribute to.
So in the end, what we as consumers actually get, in 2026:
- Google encourages application developers to use hardware attestation to prevent themselves from running on non-blessed, third-party AOSP distributions.
- Google builds basic functionality people care about (including passkeys!) into Play Services, a closed mega-application that happens to require a Google account for most features, and is a moving target for open distributions to mimic.
- Google has closed AOSP contributions to themselves and OEM partners only. AOSP releases are now quarterly source dumps.
- OEMs which traditionally allowed bootloader unlocking (and thus actual ownership of the hardware) have removed it as a matter of policy.
So what exactly is open about Android anymore? Does "source-available OS you can see and not touch" align with your interests? Because it's increasingly not aligned with mine.
> death of Android
death of personal computing freedom, sovereign compute, and probably soon our ability to meaningfully contribute to the field as ICs?
A lot of really bad things are happening to our field, and Google is one of the agents responsible for much of it.
> A lot of really bad things are happening to our field, and Google is one of the agents responsible for much of it.
I mean, breaking news from 2010, but of course never assume things are so bad that they can’t get worse.
I like it, because more and more people see Google as what it is: a ruthless, selfish and extremely greedy mega-mega-corporation. The less we depend on it the better.
>The impact is a direct threat to independent AOSP distributions like Murena's e/OS/ (which I'm personally using). If installing a basic APK eventually requires a Google-verified developer ID, maintaining a truly de-Googled mobile OS becomes nearly impossible.
I have trouble understanding why this is a threat to AOSP distribution. I would have said quite the opposite actually, I don't see why they would not remove the verification and that's an incentive for people to use their project instead of Google Android.
Who could Android be possibly recommended to at this point?
I know iPhones aren't affordable for the layman in many countries. But for anyone with an option, why would you buy an Android? All the "customization" things I cared about when I was on Android are either doable on an iPhone now with better implementation, or something I don't care about.
I was a die-hard until I went through enough cycles of Google deprecating and reinventing their apps and services every year, breaking my workflow/habits, that I got sick of them and moved to Apple everything. And all the changes I've seen since then are only making me happier I got out of the ecosystem when I did. Unlimited Google Photos backups with Pixels are gone, Google Play Music is gone, the free development/distribution environment is gone, etc.
If people can't even develop for the thing without going through the Google process, they're really just a shitty iOS knockoff.
But this thread is about the option to install apps on your device regardless of OS vendor approval, and that's not possible either with iOS nor is iOS open source. And that's what this is all about. If you don't care about open-source and user freedom, then this change wouldn't matter to you anyway.
I switched back to Android in large part for KDE Connect. You can get continuity esque features that work with any desktop operating system. I also get to use real Firefox instead of a Safari wrapper. I still use as few Google services as possible, pretty much just Maps.
KDE Connect works just fine on iOS.
It "works" but it is significantly less useful. Notification mirroring doesn't work, you can't read/respond to text messages, it can't reliably run in the background.
These are all due to limitations imposed by Apple.
Regarding notifications, both iOS and android doesn't support reading and responding to text messages. The feature works on android because of a workaround: apps create a global notification listener and they can also interact with notification - read UI contents and respond.
I know it's still better than not having a workaround at all like in iOS. But just pointing out that Google probably never meant to let others access notification mirroring.
This is incorrect – KDE Connect requests the SMS permission on Android. It does get access to the past messages.
As someone who hates both android and iOS but currently has to use iOS, I definitely hate it more. It lacks so many things one can take for granted on android. Even a usable keyboard is missing from iOS.
I love the Java/Kotlin userspace, even if it is Android Java flavour, and the our way or the highway attitude to C and C++ code, instead of yet another UNIX clone with some kind of X Windows into the phone.
In the past I was also on Windows Phone, again great .NET based userspace, with some limited C++, moving into the future, not legacy OS design.
I can afford iPhones, but won't buy them for private use, as I am not sponsoring Apple tax when I think about how many people on this world hardly can afford a feature phone in first place.
However I also support their Swift/Objective-C userspace, without being yet another UNIX clone.
If the Linux phones are to be yet another OpenMoko with Gtk+, or Qt, I don't see it moving the needle in mainstream adoption.
> But for anyone with an option, why would you buy an Android?
How the heck this is true?!? iOS is just bad.
Its usability is bad, its interface is bad, its apps are just a ton of crap, and it _will_ keep getting worse.
I'm not even talking about its "walled concentration camp" app model.
you're a really vanilla user then.
wake me up when there's an adblocker on an iphone.
There are several that plug into Safari, and Pihole just works. Does Android have ad blockers that do more? It's been a few years since I switched.
I can run proper uBlock Origin in Firefox on Android. Sure something like Pihole works, but I am often on mobile data or other WiFi networks.
Blokada, Rethink, and Adguard just to name a few. Also, the DNS can be set to NextDNS, both via the system settings _and_ the aforementioned apps.
Thankfully you don't really need an adblocker for apps on an iPhone. Your browser could use one, but thankfully those do exist :)
That said, I want off the iOS ecosystem, but Google has basically said guess what? We are going the way of Apple, so we don't care about you either.
So right now there isn't really anywhere else to go. I'm going to keep trucking in iOS for now, but I hope I find something better soon.
> Thankfully you don't really need an adblocker for apps on an iPhone. Your browser could use one, but thankfully those do exist :)
uBlock Origin on Firefox Mobile is significantly better than any Safari adblocker I've been able to find. (1Blocker's the best I've found for Safari.)
I use ublock origin lite in safari
They only share a brand and a subset of filter lists - the implementation and functionality of uBlock Origin Lite and uBlock Origin are entirely different.
When UBOL was released for Safari I switched to it from 1Blocker in hopes of getting a closer experience to the full uBlock Origin, but actually switched back after a few weeks - the filter lists in UBOL were letting through more ads than 1Blocker - and both of them are notably deficient compared to uBlock Origin in Firefox.
> Thankfully you don't really need an adblocker for apps on an iPhone.
That's for me to decide, thank you very much.
who is talking about app adblockers. power android users get their apps from fdroid. You relly are out of touch.
And you know very well, There are only meme adblockers for the browser on IOS.
At this point, I wouldn't recommend Android other than enjoying the much steeper discount with the headset. For me, the only thing that is keeping me on Android is easier access to commas on the keyboard.
I contacted the EU DMA team about my concerns and got a real reply within 24 hours. Not just an automated message, it looked like a real human read my message and wrote a reply. I'd urge other EU citizens to do the same.
Great idea, I just did the same. I encourage other EU citizens to do the same. Keeping at least one of the two major mobile ecosystems open is important.
(And install GrapheneOS, the more successful open Android becomes, the better.)
GrapheneOS is great. But that currently means you have to buy a phone from Google to work around Google looking down Android.
True. I'm really happy that they are working with an OEM to bring an alternative in 2027. Until then:
- A refurbished Pixel works (except some weird Verizon locking that I heard about the other day).
- Pixels get really heavily discounted near the end of the cycle (e.g. 9a currently). Google probably doesn't make much on it if you are opting out of your ecosystem.
When I do this for family I buy a used pixel. Then no dollar goes directly back to Google.
By ensuring that Pixels have significant resale value, you are encouraging consumers to buy Pixel phones.
Still, you are stopping the extraction of analytics, which probably bring Google the much more revenue over the longer term, and it is not possible to disable on regular Android phones.
Remember that on every certified Google Android phone, Google Play Services runs with system-level privileges. On GrapheneOS, it is sandboxed like pretty much any other app (if you choose to install Play Services) and you can make it 'blind' by revoking most privileges.
Same for Pixel Camera, etc., I just block network access.
They say they will announce a partnership with a major OEM manufacturer in March 2026!
Done! I wrote up both my concerns about this and how it affects app/app-store market competition, and how limitations like Play Integrity encourage apps to block usage on non-Google approved devices as well, since that's anti-competitive within the mobile device & OS market (blocking GrapheneOS, Waydroid, etc).
Supporting free competition with and within the Android market is in theory what these teams are all about so hopefully with enough voices they'll push harder on it. I'd love to see a shift here that makes non-Google/Apple-controlled mobile a possible option (even if it's a Linux-on-desktop-style niche for the foreseeable future)
For posterity, what was their sentiment?
Could anyone provide me some clarifications?
If I understood correctly, to "protect" users, Google wants to control what is installed on Android phones. I guess it means the Play store will be the only way to install an app, which in turn means: - That users won't be able to install what they want and that they would need a google account to install apps - That app developers have to go through google to distribute their apps, with identity verification etc. Obviously this is awful and would mean the end of F-droid and Aurora store etc. However, I'm also reading here and there that it is a threat to alternative ROMs. To me it sounds at the contrary as an amazing opportunity, as they can strip this verification and be the only truly open Android, or am I missing something? Why do people link this app verification thing with a possible closing of AOSP?
Also, Mozilla was already saying it 10years ago with Firefox OS but... The web is the platform. 90% of the apps out there could be websites. We have all technologies needed for this including offline with service workers. And it works on every damn platform, even the most obscure OS has a web browser. Don't want to be locked to an ecosystem? Just target the web!
90% of apps are just websites with a wrapper UI.
There's a lot of misinformation here.
> I guess it means the Play store will be the only way to install an app
No, non-Play stores will still work, but developers will need to register a developer account with Google that is tied to some real identity. They already need to do this to distribute through the Play store, but now it'll apply regardless.
This is to make it harder for scam apps to churn app signatures. Kind of like requiring code-signing, but with only one CA.
> That users won't be able to install what they want
No, sideloading will still work, but it won't work if the APK isn't signed by someone in the Google developer registry.
> and that they would need a google account to install apps
Nope.
> That app developers have to go through google to distribute their apps, with identity verification etc.
They don't need to distribute through Google, but they will need to be involved with Google and do identity verification.
> However, I'm also reading here and there that it is a threat to alternative ROMs. To me it sounds at the contrary as an amazing opportunity, as they can strip this verification and be the only truly open Android, or am I missing something?
You're being misinformed. They won't even need to strip the verification. The verification is only for certified Android -- OEMs that partner with Google. Custom ROMs and the OEMs that aren't certified (Amazon, some Chinese manufacturers) won't have verification.
The target audience for verification and who would ever use a custom ROM has basically zero overlap.
I mostly agree with your points.
> > That users won't be able to install what they want
> No, sideloading will still work, but it won't work if the APK isn't signed by someone in the Google developer registry.
So the user can't install what they want. They can only install stuff signed by developers Google has "approved".
Yes, in the happy situation this is everything except for developers that Google has revoked. But technically it is only approved developers.
That's pedantically fair. I broke up a longer statement:
> That users won't be able to install what they want and that they would need a google account to install apps
It was split up because "need a Google account to install apps" is strictly untrue, but "won't be able to install what they want" is more nuanced.
I did clearly say, "it won't work if the APK isn't signed by someone in the Google developer registry".
So, it depends on what the user wants.
If they're running certified Android; otherwise it doesn't matter.
It is only for registered developers, so of course that very much depends on the registration system.
Yeah, I get you. I think the main misunderstanding from the original comment is that the *user* won't need a Google account, only the *developer* (signer to be technical) will.
I remember not long ago arguing that having Chromium become a monopoly was a bad thing, as it would mean Google could totally twist the web standard in something much more closed. I think this is a prime example.
I want Google to lock down their platform. Hardcore locked down. So locked down you can't do anything with it at all. Because people need motivation to do something hard.
Android has been a bloated walled garden for years. It should have been like a PC w/Windows or Linux: anyone should be able to make an app (any way they want), publish it, let anyone who wants to download it & run it. But that was never the plan. The plan was to provide a moat to allow mobile telephone operators (& Google) to dictate what users were allowed to do with their phones. Imagine your ISP having total control over your desktop computer. Or killing a website, or program, because the ISP doesn't like it.
It is insane that we, the people giving them the money and agency to do this, that we've allowed this to be the status quo. We need to do something about it. We need to kill Android. And from the ashes, make a new platform that works for us, and not for a corporation's profits and anti-competition.
It's really a cultural disease to accept this. From my other comment:
> I see this in people why have used antagonistic software for decades and have become zombified and shellshocked; the idea that software could be on your side is to alien to them. They['ve come to] hate software and technology and just want to get some work done. They tolerate the abuse because they can't fight Google alone; it's pointless to resist.
*minor edit in brackets
Reminds me of this scene from Andor:
-----
Luthen: Turning back will be impossible. You knew where this was going. You've always knew. Has anyone ever made a weapon that wasn't used? The network has been built. It's up. It grows or it dies. We've waited long enough.
Mon: Do you realise what you've set in motion?
Luthen: It was time for that as well.
Mon: Palpatine won't hestiate now.
Luthen: Exactly. We need it. We need the fear. We need them to over-react.
Mon: You can't be serious!
Luthen: The empire has been choking us so slowly we're starting not to notice. The time has come to force their hand.
Mon: People will suffer!
Luthen: That's the plan. You're not angry with me. I'm just saying out loud what you already know. There will be no rules going forward. If you're not willing to risk your conscious then surrender and be done with.
---
https://www.youtube.com/watch?v=ao9ARb6dEfc
edited: formatting
> Imagine your ISP having total control over your desktop computer. Or killing a website, or program, because the ISP doesn't like it.
It's not very hard to imagine? Most people don't expect that level of control anymore; their desktop just updates with whatever corporate slopware is pushed out seasonally. Websites come-and-go. It's not a hugely motivating rally-cry for average person.
> We need to kill Android. And from the ashes, make a new platform that works for us, and not for a corporation's profits and anti-competition.
Android is the best-working part of that equation. Microsoft supported Android apps on Windows Phone. Jolla supports Android apps on Sailfish OS. Linux supports Android apps in Waydroid. You don't have to "kill" Android as a runtime or smartphone OS; just force Google to compete with 3rd party ROMs.
> just force Google to
How exactly are you going to force Google to do something?
They way we usually do, by restricting their access to EU markets unless they comply and/or fine them, and/or threats about nationalizing the "EU Google".
What is the US going to do, apply more tariffs?
The fundamental problem is that we are relying on the good graces of Google to keep Android open, despite the fact that it often runs run contrary to their goals as a $4T for-profit behemoth. This may have worked in the past, but the "don't be evil" days are very far behind us.
I don't see a real future for Andrioid as an open platform unless the community comes together and does a hard fork. Google can continue to develop their version and go the Apple way (which, funny enough, no one has a problem with). Development of AOSP can be controlled by a software foundation, like tons of other successful projects.
A hard fork doesn't matter when the vast majority of phones have a locked bootloader.
Yeah, that's the biggest issue. And it all originally stemed from phone carriers wanting to lock customers into their services.
We need some pro-consumer regulations on hardware which mandate open platforms. Fat chance of that happening, though, as the likes of both the EU and US want these locked down systems so they put in mandatory backdoors.
The other big issue is the closed source binary only drivers for almost everything.
Google's own phones do not have a locked booloader. You can buy a Pixel and put GrapheneOS on it in like 10 minutes. But basically no one does this, because no matter what people say in online forums they actually value ease of use and shiny features over privacy and software freedom.
It's the nature of free software.
The reason GNU and Linux won was because they produced software that was sufficient for the market: servers.
The software is also sufficiently good for a PC for software development.
There's almost sufficient software for PC gaming (up against an absolutely insane monopoly that is Microsoft).
Phones are slightly different and for something more than a dumb phone you need great hardware; great software; and great integration.
Employee computers for companies and general home users or tablets? Still a ways to go.
I don't think wanting features and good UX is unreasonable from consumers.
That's probably their next target once android is fully locked down
> no matter what people say in online forums
The people who speak in forums are a minority.
> they actually value ease of use and shiny features over privacy and software freedom.
There's no actual competition so we don't know this on any level.
A google tax which google's grace bestows upon us for as long as its whim want.
Even if locked bootloaders weren't a thing, not being able to just buy a phone with an open Android pre-installed means it would get relegated to the Linux Zone, with a whole lot of "security alert" and "device not supported". Also, low popularity leads to fewer development resources, so it would probably suffer from lack of polish.
People will keep using the OS their phone comes with and that would be Google's Android. It's worse than with Windows PCs and Windows to be honest because phones have a locked bootloader.
People give a lot of flack to the EU, but this is the sort of thing they would regulate.
The Italian digital ID wallet is already in fact banning GrapheneOS and other ROMs [1], the EU doesn't mandate that member states have to allow non-Android/iOS apps [2]
[1] https://github.com/eu-digital-identity-wallet/eudi-app-andro...
[2] https://github.com/eu-digital-identity-wallet/eudi-doc-archi...
Or the fact that you need device drivers for every piece of hardware in a phone.
Yep, exactly why I've always supported the adoption of GPLv3. What point is there to FOSS if you cant use it?
A hard fork is not needed. Non-Google Android do not have to enforce this requirement. It's more important to get as many people on alternatives like GrapheneOS as possible. And fund them by donating to them. If every ~0.5 million GrapheneOS users donated 10 Euro per month, they would be very well-funded.
There is no such thing as non-Google Android. At most you have people applying tiny patches on top of AOSP, but 100% of the code in the underlying project is still Google-approved, and none of the alternatives have control over that.
It's the same as the situation with Chrome/Chromium. There are a million "de-Googled"/"privacy focused" alternatives to Chrome all using the same engine, and when Google pushed manifest v3 changes to block ad-blockers every single one of them was affected.
At most you have people applying tiny patches on top of AOSP, but 100% of the code in the underlying project is still Google-approved, and none of the alternatives have control over that.
You are making an orthogonal point. Yes, Google maintains AOSP. No, that does not mean that AOSP OSes that are not in Google's Android program (calling it that to avoid semantics games) have to adopt this change. If you want to hear it from the experts: https://grapheneos.social/@GrapheneOS/116103732687045013
Unless these different Android flavors all have the resources to indefinitely rewrite AOSP and remove all Google code they don't agree with - no, they pretty much have to adopt the changes (see the earlier Chromium example). And if they do somehow manage this after a point all the patching basically becomes a fork, which is exactly what I started the conversation with.
I see your point, but it all hinges on when you consider the changes to be a patch set and when a fork. I don't think there is a very clear definition, except I don't think most of these projects would call themselves AOSP forks.
At any rate, this particular Google anti-feature does not require a large patch (or maybe none at all).
I think is good to extract the value of billionaire companies, why not use it?
> and when Google pushed manifest v3 changes to block ad-blockers every single one of them was affected.
That's just objectively wrong, both Brave and Opera still support manifest v2 and are committed to continue doing so for the foreseeable future. Even Edge apparently still has it, funnily enough.
Nope, actually "both Brave and Opera still support manifest v2" is objectively wrong.
Brave does NOT support manifest v2. They have instead hand picked exactly 4 manifest v2 extensions (AdGuard, NoScript, uBlock Origin, and uMatrix) and have hard-coded special support for them. They quite literally say in https://brave.com/blog/brave-shields-manifest-v3/ that all other v2 extensions will go away from Brave once Google fully removes support for them (which may have happened already, since it was posted a while ago).
As for Opera (https://blogs.opera.com/news/2025/09/mv2-extensions-opera/):
> MV3 extensions are the new standard and will offer a more stable and secure experience. Opera itself will shift to an MV3-only extension store.
> They have instead hand picked exactly 4 manifest v2 extensions (AdGuard, NoScript, uBlock Origin, and uMatrix) and have hard-coded special support for them. They quite literally say in https://brave.com/blog/brave-shields-manifest-v3/
You're misreading that page, they have special cased the hosting of those 4 extensions, because they do not have their own addon web store and are relying on Chrome's instead. You can still install any manifest v2 addon manually, not that there are going to be many outside of those 4 that care about v2.
As for Opera:
"Today, we reiterate what we said back in October 2024: MV2 extensions are still available to use on Opera, and we are actively working to keep it that way for as long as it’s technically reasonable."
> for as long as it’s technically reasonable
Read: for as long as Chromium allows this via a flag.
which begs the question, why ublock origin is not native on all browser yet?
addons for firefox were at first a way to test features. we only have devtookls because one person wrote an addon copying ie6 dev tool. next Firefox release it was part of the core browser.
Get a large phone vendor to get a flagship phone with Graphene or so on the market. Otherwise nothing will happen. Even starting with the smaller ones like Blackview would do something. But almost no one will do that because users are said to want android; like my parents care... But they will care of course when their banking app stops working... That is the real issue imho.
Google's moat with Android is the same as it's moat with Chrome: complexity. There are very few entities that could fork Android.
What about the Android SDK? I don't think that this is open source, is it? As a developer, when you download an Android SDK you have accept a licence that is not open source, right?
Yeah. It is [1]. Surprisingly, Android Studio is open source too [2].
[1]: https://android.googlesource.com/platform/sdk/+/refs/heads/m...
[2]: https://android.googlesource.com/platform/tools/base/+/studi...
Oh is it Apache 2? That's what I see looking at a random file [1] but there is no global LICENSE file.
And I didn't expect Android-Studio to be open source!
[1]: https://android.googlesource.com/platform/sdk/+/refs/heads/m...
Yeah, they're Apache 2.0. That's how Android and some of its forks handle licensing.
For example, most repos in LineageOS's GitHub org lack a global LICENSE file. Instead, licensing is specified on a file-by-file basis within the comment headers.
This does lead to some ambiguity though. You can't put a license header into binary files like PNGs. In those cases, you can only trust that Google won't sue you for using them.
The answer has to come from anti trust legislation. Android is too big for Google to control.
Under what law is that a legal or ethical thing to do? Why not suggest ios be taken away from Apple as well and windows from Microsoft?
I'd be fine with that too
Those things should also happen. Users shouldn't be forced to choose between 2 dictators to drop their pants for.
Can you be more specific on exactly what "that" you are thinking of which would be illegal or unethical?
Parent-poster just referenced past/future legislation in general.
I also suggest that indeed, if you can't avoid those companies it means it's time for antitrust
Who else is going to maintain and develop it? It's the same issue as with Chrome, even if you force Google to give it to some other company, they're all just as bad. And it's too big and too costly to maintain for anyone else but tech giants.
The only other options would be convincing users to pay 5 bucks a month for their software, or have some Government fork over the tens of millions required to pay open source developers. And good luck with that.
I'm thinking with ever increasing seriousness: let's split any company that grows past a certain size. Each side gets a copy of the codebase and half the assets, no one who's been on the board on one side can be on the other side's board, and neither side can buy off the other. They can use the existing branding for a limited time and with a qualifier (say Google Turnip vs Google Potato) but after that it's on the strength of the new brand which they're each building and for which they're competing against each other and the rest of the market.
This is not happening in my lifetime, of course it isn't. But by god does it need to happen.
Right? We need a "You won capitalism!" award where everybody in the org gets a huge bonus and then the company is split into small pieces and then they start over. On top of it we do what you describe and enforce the split so they can't collude.
I welcome feature stagnation on mobile!
Every single release is a step backwards.
Android 15 cannot hold a candle to what cynogenmod did on top of android 2.3. And that's objective.
> And that's objective.
I don't think you understand what that word means.
Regardless, your opinion (and mine) is irrelevant. People want at least some of the features of modern android, and any alternative lacking those is not going to be adopted by most people. Just look at how many people try GrapheneOS and find the minor things to be dealbreakers for them.
And as long as that's the case you can't expect people to vote for a scenario where they'll end up with a, in their eyes, worse product.
Historical meaning is pretty worthless though. It's like saying CPU's are going backwards because the 386 was a bigger jump. Technology matures eventually and that's not a bad thing.
Android doesn't really work on hardware changes as AOSP doesn't run on a single phone on earth anyways, not even the emulators, this is the goal of the manufacturers.
For the features you can read here for example what Android 16 changed:
What is stopping a hard fork?
The same reason nobody is doing a hard fork of Chromium.
The gigantic task of maintaining and developing a mobile OS that needs to retain compatibility with AOSP/GPS anyway to tap into the huge amount of applications that are available?
It will cost a lot of money and as long as Google is still doing regular AOSP code drops, what's the point?
Periodic reminder (note, originaly posted in 2013): https://arstechnica.com/gadgets/2018/07/googles-iron-grip-on...
At the risk of posting memes to HN: https://imgflip.com/i/akp488
I would caution the decision makers on this. The line between a secure device and a useless toy is perforated and hard to see.
If I can't use banking or my NFC wallets on my phone, it has become 90% useless. The other 10% of usefulness is texting and calls, which every other phone can do.
Unfortunately, this mostly means using the closed android ecosystem.
90% of your usage on your phone is banking apps or NFC payments? That seems hard to believe.
I don't know if it is generational or regional or what, but there is a solid segment of people that live in very close contact with their bank.
On average, people spend 4 hours and 37 minutes on their phone, per day [1].
I find it hard to believe someone would spend 4 hours and 9 minutes _per day_ looking at their banking app or using NFC payments.
Your assumption they used their phone an average time was false probably.
That's pretty much my usage pattern too, including some group texting, the occasional call and sometimes taking photos/videos. Otherwise my phone pretty much stays in my pocket or on my table the entire day. What are you using your phone for that makes that so unbelievable?
Web browsing (like right now), photos, e-books, lots of messaging, music, sometimes video.
I use NFC payments often, but I wouldn't say that amounts to more than a few percent of my total usage.
Everyone uses their phones differently, of course. I don't think your use is unbelievable or odd, but I do think your use patterns are not the common case.
I used my bank app yesterday, but since then I've used:
whatsapp, phone, push authenticator, safari (having followed a link from a message), spotify, slack, mail, calandar, disney plus and camera
Do you not do any of that on a mobile device?
I do use whatsapp, camera and the phone functionality, web browsing very seldom, mostly for "emergencies". Spotify, work chat, mail, calendar and watching entertainment is all stuff I either do at my desktop or on the TV, never use the phone for those things.
I run Graphene on my Pixel and banking apps just work. There is no Google Pay, obviously, since Google dependencies have been stripped out from the system. I just carry a credit card.
Even with the sandboxed Play Store, Google Pay disables NFC payments as it requires hardware attestation against Google's root keys.
No inherent reason all that stuff can't work on an open platform. It works just fine on my Linux box with yubikeys, fido2, and smart cards. Gcloud even let's you authenticate with them only to put a medium lived token in plaintext into a sqlite file on disk.
No inherent reason, just Visa/Mastercard requirements around host card emulation for payment cards.
Sounds like a duopoly that needs to be broken up.
Curve pay works!
Same, some banks even proactively fix things to work on GrapheneOS when customers ask.
No idea why you are even bringing this up. It works just fine right now.
It verifiably does not on open source and free android roms like Graphene. Unsure where you're getting your info.
No one even brought that up. We're discussing being able to install unsigned/self signed APKs. Please stay on topic and take your strawman elsewhere.
The ability to install signed and unsigned APKs directly correlates to the financial institution policy regarding mobile devices and banking apps. Unsure how you've separated these two.
[citation needed]
I run GrapheneOS and use several US-based banking apps. I'll not name them since I don't really want my HN account associated with my financials in any way, but I've got a mix of well-known national bank apps and smaller local credit union apps working.
I'll admit there is a single institution's app I've found that doesn't work, but that is just one of several that I use.
For me, the showstopper would be NFC payments. From what I understand, Google Pay doesn't work on Graphene. I have all my credit cards in GPay, as well as a transit card. I use it for boarding passes when I fly, and any other tickets/passes that support it, since it tends to be much more reliable than the airline or ticketer's app. I've come to heavily rely on it, unfortunately.
I haven't tried this, because I try to minimize Google exposure, but I think Google Wallet (minus NFC payments) works on GrapheneOS. So, tickets, boarding passes, etc. should work fine.
I use GrapheneOS with the Dutch ASN banking app and the ICS credit card app. Pretty much all other major Dutch banks work as well.
https://privsec.dev/posts/android/banking-applications-compa...
Google Pay does not work, but some other NFC payment apps do (e.g. Curve).
>this mostly means using the closed android ecosystem
Maybe, but there's no technical reason for this. As I've mentioned before, I can do banking just fine on my Gentoo machine where the entire corpus of software on it, is FOSS and compiled by myself.
To you.
Laptops exist.
This is a common answer but it does not apply to at least most of Europe. Because of regulations most banks require to install their app either on iOS or Android to act as a 2FA device. One of my banks gave me a hardware device 20 years ago. When its battery dies I'll have to use their app and my fingerprint.
If you really don't have an alternative in Europe, buy the cheapest Googled Android device (less than $100 or euros), and use that as a glorified 2FA device. It's not ideal because you have to pay for it, but on the other hand Android devices with unlockable bootloaders (mostly Google Pixels now) tend to be cheaper than iThings. A Pixel 9a or 10a running Graphene for everyday use plus a cheap Android phone that stays are home are still considerably cheaper than Apple and Samsung devices, and give the users far more privacy and freedom.
When I was still rooting it was possible to bypass this on a rooted device with enough effort. It wasn't unsecure either. Padentic corporate security doesn't really make us more secure. Just more lazy.
Most European banking apps work fine though on a relocked GrapheneOS phone.
https://privsec.dev/posts/android/banking-applications-compa...
I'm using my GrapheneOS phone to log on to their web app without issues (though I typically only do banking on my phone, much more secure).
How do you install the bank app if google does not allow you to install APKs manually / with a 3rd party store? You have to go with Google Play. Which requires a Google account. So I can't do it. That's the whole point of this thread: it would not be possible to use Android without a Google account.
Yes, that's the endgame, an Android device in a drawer at home. But what do I have to carry on my pocket to use the minimum amount of apps? Firefox, WhatsApp with video and audio calls, Telegram no video no audio, a mail client, a YouTube client (possibly not from YouTube), a maps and navigation app (for cars), phone calls, SMS.
YouTube on Firefox is a much better experience than the official YouTube app, so you can drop one from the list.
I'm using NewPipe and PipePipe. Both are better than the browser app.
Have you talked or met anyone born after the 90s? Everyone banks on their phone, it's the norm not the exception.
Edit: Someone also made a good point, one of my CC's I can barely even manage without the app since the website barely works.
The line between a phone and a computer is what has been perforated. What I need is a modem. I don't need the modem baked into a computer that has a permanently affixed screen and battery. That then pretends to be some kind of secure enclave for my deepest secrets.
"Security."
As if I'm in the government or something. Why can't the people who need military level security get their own platform? Shouldn't they just have that already?
This isnt going to be a popular post because the HN crowd is very much a "China bad" crowd but I hypothesize China will likely step in and offer a fork that's compatible with open ecosystems not under the direct control of the us state department. This might be in the form of commits and investment in fdroid and pinephone, or a tiktok like alternative to the wests walled garden.
Edit: this will likely exist "uncensored" in other markets but conform to the PRCs standards and practices domestically, similarly to how tiktok operated prior to selling a version specifically taylored to US censorship and propaganda.
Not a chance. A fork that is under China's control, maybe, but not an "open" fork. They don't even pretend to have that as a value.
You may theoretically find it advantageous to use such a system anyhow. To a first-order approximation, the danger a government poses to you is proportional to its proximity to you. (In the interests of fairness, I will point out, so are the benefits a government may offer to you. In this case it just happens to be the dangers we are discussing.) Using the stack of a government based many thousands of miles/kilometers away from you may solve a problem for you, if you judge they are much less likely to use it against you than your local government.
But China certainly won't put out an "open" anything.
Not sure if you have been following the LLM space or even the emulator handhelds space, but Chinese companies have been doing great with putting out open source software lately.
Or the TikTok space - TikTok got worse privacy/data collection wise after the US government intervention/acquisition.
The irony is that software coming from China is a lot more open than western software. Biggest examples are huggingface models mostly coming from Chinese institutions. Its also strategicaly wise for China to go this path.
> China will likely step in and offer a fork that's compatible with open ecosystems not under the direct control of the us state department.
Where you been? They already had Huawei get kickbanned by Google and made their own OS (it's not more open): https://en.wikipedia.org/wiki/HarmonyOS
Maybe a shift to Huaweis HarmonyOS with its android compatibility layer or SailfishOS if they play their cards right.
As far as HarmonyOS i dont see many uptakes outside strict US free requirements as the other OEMs are lazy and also dont want to be locked into a competitor.
SailfishOS looks like its your time to faceplant once more , by not having a proper stratergy on monetizing on the many missteps from the current monopoly.I thonk at this point they need a leadership/biz stratergy overhaul - the tech is nice and polished, user demand is off the charts for an alternative . And they are just .. missing. Not even in th e conversation.
As of version 5, HarmonyOS doesn't have the Android compatibility layer. There are emulators that allow APKs to run, but they're a bit clunky.
Ah if they can get the emulators to the level that Rosetta worked on OSX would be acceptable for hardto port apps.
Pinephone is tragic, bought a bunch of Pine64's devices (PP, PPP, PB, PBuds, arm tablet, eInk tablet) but old tech, missing drivers, can't blame em no money no drivers... Still the community on Discord is great/helpful people.
I don’t think China will do that at all. They’ll move to HarmonyOS.
As far as I know, China forbids open bootloaders on its territory so it's not where you'll see any open ecosystem.
Not Google controlled for sure but also not open.
> a "China bad" crowd
Government bad. Big government worse.
That'd be great but I'm not feeling like the Chinese market is too worried about open development. I got a Huawei Watch 5 as a gift and I liked it enough to try to develop my own apps (their app store is a wasteland) but to my surprise Harmony OS is not Android compatible (just Android based somehow). The watch's developer mode is useless. Trying to register a developer account is almost impossible and it seems they only allow chinese nationals and there's no plan to open registration. I couldn't even download their custom IDE (something like Android Studio) without an account.
Maybe it's just my experience.
Competition needs to come from somewhere due to lack of antitrust enforcement in the US. If not China then hopefully elsewhere.
The US system is dying from lack of competition.
I would rather put my phone in the microwave than run Chinese Communist Party OS.
Half, or more, of the world thinks exactly the same in regards to the US
If 50% of the world started running the CCP backed fork and 50% of the world ran the US backed fork, which one would you choose for your phone?
Whatever one that lets me install what I want
If there were truly no other choice, CCP without a doubt. At least they claim to have good intentions, whether that's true or not
Chinese of course. Never used it. Can't wait to test out something different.
The Chinese one, obviously.
Why? If I had to choose, I'd much rather use a phone controlled by a jurisdiction in which I don't live or have any business.
Meanwhile the NSA and Mossad can see you fapping on your phone and scan your face in real time and you're implicitly fine with it
This is what lack of options does to a MF
Yeah, I’m amazed at how far the western surveillance apparatus has been able to coast on plausible deniability. Folks, please don’t stick your head in the sand domestically just because there’s an even more obvious or egregious example abroad.
Say it with me: “Living in a police state is bad no matter who’s running it”.
This made me laugh cause of how true it is.
I'm just imagining the poor intern at the NSA having to sit in a dimly lit room with an array of 64 x 64 monitors mounted on a wall, watching the O-faces of thousands and thousands of fat, balding, middle age men for hours straight.
Nah, that can't be true. Just imagine the traffic peak the first day after NNN if they're streaming from your phone in real time.
The shift towards locked-down ecosystems is concerning for developers. Openness isn't just about freedom; it's about the longevity of the hardware we own. If we can't side-load or audit, we're just renting the device
A good opportunity to donate[1] to the GrapheneOS[2].
As long as it will be pixel-exclusive, it will remain useless to the vast majority of android-capable phone users.
Does this block something like Obtainium?
https://f-droid.org/packages/dev.imranr.obtainium.fdroid/
This is sad as there’s been a real resurgence of gaming devices (Ayn Thor/Odin, Retroid pocket devices, Ayaneo, etc) moving to Android from Linux variants (Batocera, Arc, Garlic/OnionOS).
It’s sad but more of an incentive for folks to finally take Linux as a viable alternative, and build on efforts made by Valve with SteamOS.
The government has to step in and regulate. In China the regulation specify that Google cannot preload a whole bunch of apps on the device. It's perfectly reasonable. The government is picking the side of huge corporations ahead of people. So the people need to make some kid if a mass movement to rebel.
Maybe stupid question, we keep seeing "LLM figures out math problem humans couldn't, LLM finds security vulnerability by looking at hexdumps for 6 months straight. How hard or expensive would it be to let some LLMs loose on reverse engineering all the proprietary driver binary blobs?
People mentioning forking Android is hard, how easy do LLMs make this?
Does the AI boom help with this? Can we donate enough token-budget for GrapheneOS to maintain a fully functional fork?
You are overinflating how useful AI is. Moreover most FOSS people actually don't want any AI written code unless the human driving it has done equivalent amount of work understanding and designing it from scratch.
Good luck, no bank will touch a non-Google blessed platform with a 10 ft pole.
How do Google and Apple plan to deal with the immense influx of personal apps that AI will help non developers build?
Recently, I was thinking that AI might force Apple to open their devices, because if Apple’s competitor allows sideloading, then the creatives and builders most likely to build their own apps will migrate to the platform providing less friction to getting custom apps onto their device. But apparently THIS is the time that Google has chosen to start locking down their devices as well?!
AI is not yet at the point where non-developers could use it to build useful apps. I've tried. It gave me a good start that saved me a ton of time setting things up but the result was buggy and had a lot of bad code, so I still had to read and understand it all and fix the issues.
Never has evil yielded when you appeal to it.
If they go through with this I am switching to iPhone because there at least I am told up front and am tried less like the a product to be sold to advertisers.
it's becoming ever more clear to me that i'll have at least two devices: one running software i trust, one running software corporates trust, with a very narrow pipeline connecting the two, if it all. my demon-haunted device can stay offline in my bag and get hotspot'd in to my trustworthy device as necessary.
not happy about it, but i don't see a path forward that lets one participate in the wider ecosystem and maintain their own sovereignty and sanity.
The biggest surprise I had in attempting to distribute my first Android app is how difficult it is to get beta-testers through the "standard" channels. It requires a 1 week review and 25 beta-users invited by email addresses
In contrast, Apple has a ~48 hour turnaround for reviews before you can upload to TestFlight and distribute a beta with a link
Not sure if I am in some "trusted developer" cohort on iOS but not Android - but the difference was enough for me to stop trying on Android
Amusingly, if Microsfot didn't have a such an awful reputation ( both recent and old ), their newly announced phones could have actually been a viable competitor.
I've finally started de-googling and removing google from my life as much as I can. It's difficult with how much of everything is soaked in Google. I'm sure other's here have gotten much further, but everything you do to reduce their monopoly control helps.
I question whether an OS that has always been controlled by Google has ever been open.
Sure parts of it were, but Google has always remained in control of Android. Anyone who expected that to change (in favor of more openness) hasn't been paying attention to the actions of tech companies for the past several decades.
The relative openness is the reason I gravitated towards Android and Google. I've never really taken advantage of it, but it's nice knowing it's there and that my phone (a Google Pixel) is something I have more control over than with other vendors.
This is where I wish someone like MKBHD and others with big Android followings would speak up and say they will both blast this practice and not review any new Android phones/(Google) apps unless there's a full walk-back of this position.
the frustrating part is that the "advanced flow" alternative Google mentioned still doesn't exist in practice. the media ran with the reassurance headline and most people think the issue was resolved.
So how is Ubuntu touch doing these days? I keep meaning to try it, but never get around to it!
Mobian and postmarketOS are more advanced and work more like GNU/Linux.
EU should fork Android
Whats Andy Rubins take on this ? The original developer/contributor to android os itself
Since smartphone apps are often times required to do banking or identifying yourself now and there's tons of special apps in order to use appliances, and by that I mean really the only way to use modern appliances is by a smartphone app, emulating an Android environment on a laptop or PC with a bluetooth dongle is essential if you want to leave that smartphone era behind you for good, but still be able to function in this society.
I need to check if Aurora Store still exists/works.
What people forget is that the real monopoly is in how the AOSP hardware OEM contract is written....
Remember how hard Amazon had it to attempt an Android fork?
I was due to OEM SOC access being locked out due to those contracts....
Any open source mobile OS attempting to complete with AOSP needs access to mobile OEM soc providers not touched by AOSP contracts and currently that is somewhat hard.
Should device manufacturers be worried about this direction? Could they eventually be locked out too?
APKs were the only reason why I was using android in the first place
The Control Society is way lamer than I could have imagined. Deleuze! I demand a refund!
What would it take for Linux phones to gain the ability to run Android apps?
Android was never open. User apps are limited, only system apps can do X which means third party apps can't compete with Google and this is not a coincidence.
Let's focus on making it possible to use really open Linux systems on smartphones.
There are some functionality limited to google play services, but it really is not too much in my opinion.
The amount of open stuff that was migrated into the Play Services closed source blob over the years just keeps growing.
I still can't comprehend why they implemented FIDO/WebAuthn support in Play Services. Passkeys are extremely difficult to support in apps that don't depend on Play Services client libraries.
I'm not sure what you're referring to, but I was talking about the whole permissions system where the user is a third class citizen. Device manufacturers are second class citizens (restricted by Google via CDD/CTS) and the only true winner on that system is Google.
Regarding some concrete examples - Google can deeply integrate Gemini, but a competitor can't do this and users get no final say here either. Competitors are restricted by the permission system, Google is not restricted at all.
While rooting can alleviate this to some extent, Play Integrity is there to make sure the user regrets that decision to break free..
The number one problem is locked hardware
Why doesn’t the market respond? If people don’t like Android, it seems like a market opportunity to make another OS. People love to complain about Apple and Google’s “monopoly,” but doesn’t that present an opportunity for someone to build their own thing and if enough people want it, they will be able to sell it?
>But Google said… Said what? That there’s a magical “advanced flow”? Did you see it? Did anyone experience it? When is it scheduled to be released? Was it part of Android 16 QPR2 in December? Of 16 QPR3 Beta 2.1 last week? Of Android 17 Beta 1? No? That’s the issue
A bit ironic to not believe Google is doing this. The same questions have same answers when asked about when Google is locking down side loading. A bit self-serving to pick and choose which things you want to believe are happening.
Google made the first move with their initial plan to lock it down, so the onus is on Google to calm the fears they caused if they don't want people to distrust them.
But they did. That was the announcement that they would still allow sideloading. If you are still afraid then that's kind of on you. Seems silly to expect Google to put out info about enabling sideloading for a system they haven't even released yet. It could very well be in there day 1. Nobody knows.
Google needs to put hard evidence that they are doing it. Sorry but just saying something isn't enough proof. Talk is cheap show us the code.
Just like Microsoft screwed up Windows, Google will screw up Android and people will move to Linux on PCs and some open version of Android, or Harmony, or whatever new mobile system comes up, on their phones.
Nothing lasts for ever. The sooner you make the switch, the better off you will be.
I wouldn't hold my breath:
https://arstechnica.com/gadgets/2026/01/windows-11-has-hit-1...
On desktop, unknown OS cannot be anything else but Linux, so that's 20% altogether(16%+4%). But that does not matter. The shift has started last year when W10 support ended and due to how bad W11 is and it is just getting stronger and stronger. Watch increase in YT videos about moving from Windows to Linux, or social networks in general. You cannot miss it. I've been on windows since 95, before that DOS. So that is three decades of being a loyal customer, so to speak. Even though I tried Linux in the past, Windows just works so I had no reason to switch.
With W11, that is not the case. Therefore, it becomes inevitable. Worth mentioning is that companies, governments and whole countries are ditching Microsoft altogether - for various reasons(some are geopolitical, due to sanctions and tariffs, others are technical).
Lenovo, Dell and HP are slowly ditching W11 as well in favour of linux. If you look up definitions of malware and spyware, windows 11 falls into both of them. It's that bad. So again, I'm not a linux fanboy by any stretch of imagination, but the writing is not just on the wall, we've passed the point of no return. Or rather, Microsoft has.
Now that linux supports 95% of games, there is little holding people back as gaming was always the biggest hurdle when it came to linux. And Adobe, too, is no longer what keeps people stuck on Windows - either because they ditched it due to their horrible pricing practices, or because there are now solid alternatives.
Of course many people will switch to mac as well. But windows in general, i think, is done. It had a good run for few decades, but they dropped the ball so hard that there is no going back or fixing it with w12.
All these points are brought up all the time but the upshot is, based on reporting from Microsoft and StatCounter, Windows marketshare actually grew.
Point is, we techies might chafe at and complain about all these anti-consumer shenanigans (Meta and privacy, anyone?) but it does not affect their business momentum, probably because the rest of the world just doesn't care.
What is the advantage of moving sooner vs. moving later when rough spots have been smoothed over?
You keep hoping things won't get too bad, but they will. You just keep delaying the inevitable. So it's better to switch now to get the initial hurdles of such a big change over with as soon as possible. It's not easy, getting used to completely strange behaviours and new things in general. Abandoning what worked for you for years for something completely foreign. You have to force yourself to withstand the first few days or week(s), but then it becomes the new normal and you'll be fine.
Personally, I am still on W10 and and delaying the move, so i'm not holier than thou. It's tough. But I also am a programmer/power user and am on my PC 24/7, sort of, so this disruption must be timed properly for me to make the move, which is not necessarily the case for most people/average users.
Phone on the other hand, as long as it works and does not limit me, I have no need to use different ROM, it's more of a want. But i do not see me doing anything until the system stops being supported or it breaks or something else. So it depends on how you use it.
We need viable Linux on phones now more than ever. I'll keep using GrapheneOS in the meantime.
Crazy idea: when companies change their product, they have to change the name.
Do you ever feel like the same food item doesn't taste the same it did 10 years ago? Maybe it's your memory being faulty or maybe the company got new management which decided to cut costs while keeping prices, extract the differential value from customer inertia and move on when the product stops being profitable.
Android is the same. Certain freedoms were a part of the offering - a part of the brand name. They no longer are. Not only should lose their trademark[0], they should be legally forced to change the name.
[0]: The purpose of which is to identify genuine product from counterfeits - in this case, the counterfeit just happens to be by the same company which released the original product.
> We see a battle of PR campaigns and whomever has the last post out remains in the media memory as the truth
You must find truth. Lies will find you.
Looks like I'm staying in my custom ROM lol
From a marketing standpoint it seems like a baffling decision on Google's part.
I own a Pixel and while the hardware seems decent, I've had a buggy and annoying experience with Android, and it's been getting worse lately.
Are Google so high on their own supply that they think people use their phones out of preference for the OS? Because frankly it's not very good. That's like Microsoft thinking people use Teams because of its merits.
People buy Android phones because they can be had cheaper than an equivalent iPhone and because in spite of the buggy and inconsistent mess of an OS, you aren't beholden to Apple's regimented UX. Locking down Android will not give it a "premium experience"... It'll always just be "Temu iOS" at best.
Have you considered Graphene since you own a Pixel? It's a huge upgrade over the stock OS in terms of security, privacy and general reduction of bloat.
Yep it's definitely on my list but my Pixel is on its last legs and I'm considering going back to iOS.
Having just gone from an iPhone as my main phone to a Pixel with GrapheneOS, GrapheneOS is such a breath of fresh air. No constant push of AI, iCloud services, etc. plus I actually feel owner of my phone and not living on some feudal landlord's plot.
GrapheneOS is great!
I urge you not too. iOS is fully locked down -- Apple won't allow you to exert control over the hardware that you bought and own, it's shocking.
I've owned iPhones before, they're fine.
If by fine you mean "they work," then sure. But since it is a closed platform controlled by Apple, you are always one law away from client-side scanning of your conversations, emails and any other content on your Phone. Of course, this will be done to "catch terrorists and protect the children," and Apple will obviously comply.
> "Temu iOS"
Come on, that's absolutely laughable.
There are several topics where Android is significantly ahead to the point that iOS is just a toy, and there are areas where the reverse is true.
And I say that as a recent convert, so it's not like I have a decade out of date view of any of the OSs. In my experience I had more visual bugs in case of iOS than android (volume slider not displaying correctly in certain cases when the content was rotated as a very annoying example).
>Come on, that's absolutely laughable.
It's not, though. Google phones are not going to suddenly become luxury devices.
It's going to remain at the same level of polish (i.e. mediocre), except now without the major selling point of being able to run your own apps and have alternative app stores, etc. Back around Ice Cream Sandwich or thereabouts they got rid of "phone calls only mode" and forced us to rely on their half-baked "priority mode" that's an opaque shitshow.
When my wife is on call she gets random whatsapp notifications dinging all night, whereas when I had an iphone I could set Focus mode and achieve proper "phone calls only".
Android is not good. I use it despite its flaws, because of the trade-offs, not because it's better.
> Google phones are not going to suddenly become luxury devices
Pixel Fold disagrees.
> When my wife is on call she gets random whatsapp notifications dinging all night, whereas when I had an iphone I could set Focus mode and achieve proper "phone calls only".
You can do that with do not disturb.
> Android is not good. I use it despite its flaws, because of the trade-offs, not because it's better.
That is your opinion. My opinion is different.
> Android is not good. I use it despite its flaws, because of the trade-offs, not because it's better.
Android is good, but Googled Android is not. You should check out GrapheneOS to see what Android done properly looks like.
You can definitely make a "phone calls only" mode: create a mode, allow certain apps to interrupt, and add only phone calls to the list.
I do think they should offer more pre-configured notification modes by default, if only to show people what they can do with the feature. Perhaps "phone calls only" should be one of those.
I'm talking about the OS though.
Me too. The OS sucks.
People buy high-end Android phones like crazy, I don't know what bubble you live in. Samsung Folds and Flips are the luxury phones, not the iPhone Pro Max S eXtreme Edition 32 GB that looks exactly like the base model but has a slightly better camera. People show off their S Pen and perfectly stabilised 100x zoom lens, not their liquid ass. Multi-window and DeX are features for professionals who need to Get Shit Done^TM, iPhones are the toys kids use to send memojis to each other.
And yes, I can also click one button and go into phone calls only mode. I can even set it on a schedule or based on my calendar. I don't know where you're getting your half-baked Android, mine Just Works.
You might not agree with every one of those points, but you can't seriously think everyone thinks like you. Go outside your bubble some time.
Putting "Samsung" and "luxury" in the same sentence is lunacy. Their proprietary Android is even worse than Google's.
Where do you live? I've literally never seen anyone using a Fold or Flip device, ever. My kids are at the age where some of their peers are starting to get phones. All those kids have iPhones.
If your plan is to keep saying unsubstantiated bullshit, take that to Reddit. Go to a store and try modern OneUI - it's just AOSP with a slightly different layout and more features. The apps are worse than Google's, but the OS is better. Both are miles above iOS in features, especially for power users. Split screen, windows, chat bubbles, DeX, notification categories and history, vendor-neutral PC integration and TV casting, ...
And I don't quite see your point about your kids' friends using iPhones. I sure as hell wouldn't give a kid a "luxury" phone. I'd take the cheapest thing that does the job and lasts a long time. An iPhone has a very long software support window so the cheaper models actually end up cost-competitive with budget Androids.
As for folds and flips, I've mostly seen people in suits using them, along with a few techy power users and some kids with rich parents. That's a luxury phone in my book.
babe wake up new hn copypasta just dropped
> Are Google so high on their own supply that they think people use their phones out of preference for the OS? Because frankly it's not very good
Honestly having gone back and forth between iOS and Android every three years or so, both OS are the same. It's not like the grass is really greener on the Apple side. The UX is virtually identical for anything that matters. Personally I put material Android above liquid glass iOS. The alleged polish of the Apple UX was lost on me when I had my last iphone.
The reason Google's moves are surprising has more to do with them embracing being a service player more and more with the arrival of Gemini and them having regulators breathing down their necks everywhere.
I guess they did it after the truly baffling US decision in the Epic trial but it's very likely to go against them in the EU.
The rumors that I have heard (and one government document I read that was poorly translated from Thai) is that there are some countries who are pressuring Google on this to combat info-stealing malware. Apparently, account-takeover/theft is very prevalent in SE Asia where most banking is done via Android phones.
Maybe but lobbying is extremely strong in SE Asia. It's hard to distinguish from governments putting pressure for something and companies suggesting it would be a good idea.
Capitalism is the privatization of human needs. As long as these tech platforms are owned privately they will be used to police and make money.
This view NEEDS to be central to the tech freedom rhetoric, else the whole movement is literally just begging politicians and hoping corporations do the right thing... useless.
Aren't the politicians or their appointed bureaucrats who'd be making all the decisions if these needs were government owned? Why would state control lead to less policing? What incentive structure would lead to innovation without a profit motive, when even the modern communist world relies on capital markets?
(these are honest questions and not "gotcha")
> Aren't the politicians or their appointed bureaucrats who'd be making all the decisions if these needs were government owned?
Well that would be true under a capitalist government.
> Why would state control lead to less policing?
Its not just "the state runs it", its "we actively become the state".
Collective ownership through peoples councils, peoples courts with a world view that keeps it all open: socialism.
The world view of not allowing individual ownership over collective goods, the world view of socialism, is the life line of the movement. The actual practice of daily democracy, of running production and of deciding social functions is everyones responsibility and it should not be left to what has become a professional class of liars.
Public office members, which should only exist where absolutely necessary, should be locals and serve as messengers with 0 decision making power. All power should be in the local councils. We can mathematically implement this today (0 knowledge proofs).
Every single book on socialism is on theory and practices of acheiving this. Thats what the "dictatorship of the proletariat is", the dictatorship of working people, collectively.
> What incentive structure would lead to innovation without a profit motive, when even the modern communist world relies on capital markets?
We've been innovating for hundreds of thousands of years before capitalism. You dont need to generate money to innovate, the innovation itself is the driver, AKA a better life. No need to lock and limit production behind the attaining of profits of those who lead it.
Thanks for responding.
Yeah, dude thanks for the good faith.
A lot of people are allergic to this rhetoric and will just assume I have a deep irrational bias, but I was actually a staunch free market supporter before.
Once I decided to be more intellectually honest with myself and read more about what both sides meant historically and currently, it really just made sense.
I'm so exhausted of the partisan "my team vs your team" politics in the US that shuts down conversation, overlooks the blatant hypocrisies on either side, simplifies every issue to a single label to plaster on your opponent, etc etc.
I take honest conversation where I can get it, even when I don't agree. And to be clear I don't agree with most of your points and think it's idealistic and couldn't work in the real world. But I appreciate the spirit of what you're arguing for (in my interpretation) power with the people vs power with corporations and government and I think that's a very fundamental principle that is very important common ground.
edit: clarity
Copyleft fixes this.
They have the incentive to never chose this.
If we force it upon them by begging politicians, corporations still have the incentive to find a way to remove it or circumvent it.
Youre playing the cat and mouse game because you've been taught that solving it is too extreme (thats not a coincidence).
We dont need to endlessly fight a whole class of people, capitalists, for them not to use the things we require against us. Only socialism can solve that.
I visited change.org to sign the petition for them, only to get spammed by far-right extremist propagandas supporting nazism like this: https://imgur.com/a/E6LMUcB
I regret giving my real name and e-mail address to that website now.
It's time to say goodbye.
I wish.
I love postmarketos, but there is not even one "Main" phone with all of the hardware feature supported.
https://wiki.postmarketos.org/wiki/Devices
Fairphone 4 looks close, hopefully fairphone 4 support will continue to improve at this rate. Pinephone is another close one, but underpowered hardware and camera support kills it.
I am not even that intensive of a phone user. but there is no way I could daily drive pmOS.
Good thing
>F-Droid Basic Great, now they can spread themselves even thinner. Just revert the entire trash rewrite from years ago. Problem solved