- cross-posted to:
- android@lemdro.id
- linuxphones@lemmy.ca
- cross-posted to:
- android@lemdro.id
- linuxphones@lemmy.ca
You must log in or register to comment.
Found the 91 Google employees
So now 3rd party app stores need an ADB loopback to work around that.
Not hard to do, but uselessly annoying.
Installing the third party stores would be way harder than it is right now if they do that though. No way the devs of e.g. f-droid are getting a verification on an app that bypasses Google’s new ‘safety measures’
I could imagine something like Sidequest happening on Android.
That’s only if the apps distributed are unverified. Mind, the EU already requires app stores to document the identities of devs, but there are loopholes for Small enterprises. In 2027, manufacturers need to document the identities of their suppliers. There are still exceptions for non-profit open source projects, but that’s not what Google is. Surely, no one here wants Google to avoid regulations by investing in open source.
I believe F-Droid signs the packages it distributes so that creates a painful choke point. Revoke F-Droid’s key and it will break all of F-Droid instantaneously. The only exception for F-Droid’s signing is if the build is reproducible, which is a high bar for a lot of projects, and then F-Droid will use the upstream signature.
Also, they’re trying to close the ADB loophole.
I expect phones in the EU are going to become a lot more locked down in the next 14 months, like Samsung is already showing. But also think that Google will try its best to make developing for Android easy to get into.
I think you can already do that with shizuku and dome fdroid clients. It also makes using 3rd party appstores more convenient just in general.
Get fucked
I normally use ADB anyway, but wouldn’t surprise me if that becomes more locked down as well. For example, I believe Meta Quest requires a developer account with a credit card attached to even put it in developer mode, and I worry that kind of bullshit will become the norm.
You don’t need a credit card for a dev account. You do, however, need to have a “business” attached. Luckily, that business they’re asking for doesn’t need to be verified, so it can be just a random string of letters.
Still bs that you have to go through all of that just to install apps you want.
Google can go fuck itself.
Hopefully this will put some jet fuel into the Linux phone development.
Google can go fuck itself.
Google would much rather go fuck you.
they need thier AI to profit somehow, mining all your data to offeset the cost of those data centers.
I’m checking out Graphene OS next week and pretty pumped about it. This Google ratfucking has been just the push I need to get off Android.
And obviously I haven’t stopped telling people around me haha
Most F-Droid users are NOT custom ROMs.
This means that as long as F-Droid does not get their own developer key - it will become useless. F-Droid is privacy focused - both dev and user, and they oppose requiring devs to essentially give up their privacy and sign the APK with their own dev key.Now, if F-Droid is dead, GrapheneOS becomes useless. Who would want to develop apps for the 0.0001% of the population (i.e custom ROM users)
This.
I am the person you are talking about. I’ve looked into graphene before and I do host some of my own services at home. I also work full time and I don’t want to spend all of my free time managing things. I use F-Droid, but I am on stock android on my pixel.
I appreciate the privacy and FOSS nature of F-Droid, but I use things like Android auto Google maps for work, I use banking apps on my phone as well. I know technically micro G and blah blah blah, but like I said: work full time.
Just FYI, absolutely everything you mentioned works absolutely fine OOTB on GrapheneOS with no tinkering.
GrapheneOS will be fine without F-Droid.
Get off Android to … Android 🤪
Graphene is bult on top of android AOSP, which is owned by google… And of course they are fucking it over.
Check calyxos.org s recent blog posts, it is basically dying (and graphene is the same)
What happened to the Open Handset Alliance?
The what?
https://en.wikipedia.org/wiki/Open_Handset_Alliance
Google doesn’t “own” Android. They (and the OHA) are the maintainers. AOSP is open source.
The pause in Calyx updates has nothing to do with Google’s fuckery, and they are not “dying.” They lost a major lead developer and decided they needed to restructure so no one would be so essential going forward.
Google is messing with AOSP pixel drivers: https://calyxos.org/news/2025/06/11/android-16-plans/ Thats what I was referring to, but yeah, that is also a thing.
So… huh, so what’s the alternative then? I guess some other flavour of linux?
For mobile phones that works as a daily driver? Gobbling up iOS. Or gobbling up what’s becoming of Android.
I really wish we had open phones that “just work”. I’d even go with slightly quirky but functional. Unfortunately, that requires strong cooperation between hardware maker and software developers; and it will require a lot of work. But that’s not the main issue. The direction we’re headed toward is “everything need an official app”, and those will mostly only work on “official” phones made by big manufacturers.
Even today, making some bank apps work on non vanilla Android is not always straightforward, and it’s still relatively open and easy to do. The move by Google is going to tighten this even more, and I have no doubt, if they pull through, that this will go in the requirements for the “play protect” validation BS. Meaning if you want that bank app, or whatever state digital ID app (meh) to work, you’ll need a “real” Android or an iOS device. And those apps are becoming more and more mandatory (I can’t log-in to my bank’s online website without their app and proprietary 2FA…).
A niche, open-source OS, Linux or modified AOSP or whatever, will have a hard time filling that gap as things keep moving. Which is really sad.
GrapheneOS isn’t dying. There’s an OEM partnership in the works and they’ll release devices with support for GrapheneOS in a year or two. GrapheneOS still provides updates and while the changes have made some things harder, the project is still going strong.
i wonder if it’s possible for fdroid or another dev to make a linux/windows/osx app which basically uses an adb connection to automatically upload and install applications
Shizuku provides this fully on-device for android 10 or 11 and above, and droid-ify supports using shizuku to install apps.
The one main downside is that it only works when you’re connected to wifi.
Yeah, I’ll switch to absolutely anything that allows open installation of third party apps.
But for such major FOSS development, we usually have to throw money at them in advance, which is the problem.
deleted by creator
Can someone “redpilled by corporate” explain me how this policy actually increase security?
It’s trivial for a malware developer to pay $25 with a stolen card and a stolen id
Look at the “verified” bots on xitter, they didn’t solve the bots problem, rather just monetized it
I presume they are implying that the play store review process will catch compromised apps? Not likely considering how many dodgy apps have been found on play store. It’s just another controlling act.
Google is doing this to comply with EU regulations supposed to increase security. Now imagine that Google was pushing back against this instead of complying. As per usual, Lemmy would be up in arms against Google for failing to protect people’s data and not complying with our laws and culture. You’d be downvoted to oblivion for asked that question and called a corporate bootlicker.
I think these rules come from German legal culture, which traditionally has a strong need to control information exchange and processing.
the way they originally phrased it, it was seemingly because of authoritarian governments like singapore wanting to exert more control (hey google, can you revoke the certificate or doxx this dev for us?) and then they realized that they could make more money if they extended this block worldwide
I’m sure the EU is not the only jurisdiction demanding this sort of thing, but I doubt Singapore has the pull needed to get Google to move.
Brussels effect. Imagine Google were to still allow unverified apps in the US. Most devs would still opt for verification so as not to lose the EU market. The proportion of malware is probably going to be higher among the few remaining unverified apps. Sooner or later, some US scam victims would sue Google for failing to protect them like it protects Europeans. Hard to refute.
It’s not about stopping malware; it’s about being able to act on malware.
Making a new account with a new phone number and new credit card is a minor barrier to entry.
That said, it’s a cool story, but I think they’re looking to stop vanced style patching.
I would assume that you won’t just be able to register with a stolen id and stole card.
if scammers can open a bank account with stolen identities, i’d assume google, which is entirely run by bots without any human oversight, wouldn’t have a better detection
You don’t think Google have better tech than banks?
Oh boy. You have no idea how old and bad the underlying tech that banks work on is.
Corporate needs to have somebody to sue in case of a policy violation. Very especially those debloated apps that float around the web - they need to ensure they have a physical person to pin the blame to in court.
The vast majority of malware isn’t delivered via play store because of the existing measures and protections they have. Same reason you see very little app-store-based malware on iOS. DISCLAIMER: YES MALWARE EXISTS ON APPLE HARDWARE PLEASE DON’T SHOUT AT ME. Talking specifically about anything installed via first party stores on both platforms.
Their main issue is this: dumb people install apks from spurious website and infect their phones. The least controllable and most pervasive factor here is the intelligence and knowledge of the user which cannot be controlled for by Google. So by eliminating the ability to exploit this entirely, it will eliminate that specific vector.
It’s a sledgehammer solution that naturally comes with many downsides like disrupting intelligent and knowledgeable users that just want to hack around with FOSS and such.
Google is relying on It being too expensive for malware creators to have to guide each individual user through adb installation and usage process just to get access to their phone. Most scammers only do that level of interaction to extract actual cash/gift cards from the target.
I am personally and directly affected by their decision in many negative ways, but I’m not so dense as to not understand why they’re doing it.
/corpodronespeak
EDIT: bots help Xitter maintain inflated usage figures which justify people’s jobs, share prices, etc. Bots are a feature, not a bug.
Their main issue is this: dumb people install apks from spurious website
No they don’t. Most people don’t even know what an apk even is.
Most people don’t know what a bootloader is. They still turn their devices on and off every day.
This whole conversation is about adding obstacles to prevent non technical users from doing things they don’t fully understand.
The overwhelming majority of Android users don’t even know where to start to install software outside of the Play Store. If they’re even aware that it’s possible.
It’s actually an incredibly common way that they are infected, especially in places where WhatsApp is the default communication platform
Yes you’re right. If they knew, it would likely come with the knowledge that, if someone asks you to do this, you’re probably being scammed.
That’s what makes them most vulnerable to these kinds of scams.
yes, of course malware is distributed via apk.
But what’s the difference between:
- malware that is signed anonymously and then, when its signature is identified, it’s removed via play protect
- malware that is signed with a stolen identity and then, when its signature is identified, it’s removed via play protect
?
Isn’t exactly the same stuff? Or there’s someone that is actually thinking that criminals will use their real ID card for the verification?
Does not change anything for malware distribution, except bother them for a dozen minutes meanwhile they “verify” their stolen ID
Because it can be invalidated. That’s the difference.
It’s absolutely not foolproof, but nothing is. Most actions corps take for this stuff only slows down the spread. Hackers and bad actors innovate way faster than companies can keep up with. So companies cast a wide net with their solutions. And the cycle continues.
Apks can be invalidated after installation?
No, the certificate can be invalidated preventing future installations for other users. If you already have it you’re SOOL
with the new system, you must go online to check if the license for that app is still valid or revoked. But the current system works almost the same: if there’s an internet connection play protect checks the signature against an online malware db and prevents installation.
From a couple years ago, google has the power to remotely install/uninstall any apk on your phone without your consent
How does this affect termux? Is it going to die or is it only going to be able to have packages that are from registered developers?
That’s actually a really interesting question.
I understand that Apple takes issue with packages that can themselves “take packages”. But historically, I don’t believe that Google has. Of course, Google also hasn’t done the registration thing historically, either.
Termux is already available on the Play Store, so I imagine it won’t be an issue. Sideloading will still be possible, it just requires developers give Google their private information (which is fucking stupid) but you already have to do that to be on the Play Store, so I don’t see why Google wouldn’t verify the Termux team.
look at it from the pessimist’s point of view, they could have killed side loading too!
Yeah I really hope they wont ask termux packages or apps installed through termux to also be verified. Termux is on the play store but it’s not the real version. Termux devs have the actual version sideloaded.
So I guess I’m going to have to learn to use ADB.
Easy but annoying.
I believe side loaders for the meta quest already use it under the hood. maybe there’s potential to make a side loading app store
i bailed on android to join my family on ios, and i hate it. now i cant even go back comfortably. so… linux phones?
it would be nice
I miss my N900 every day.
It had too little memory, but was clearly a step towards phone perfection. I am still bitter that Nokia hired a Microsoft loyalist who killed the Linux line … shortly before killing the whole company.
wdym “killed the whole company”? Nokia was always more than just phones. They are still around and one of the largest telecom equipment manufacturers.
I’m not sure why you did that. android still gives you more freedom and is still better
Also: Torrent clients are available on Google Play (for now, at least), Apple never allowed them.
Thankfully I have root, I’ll just simply hook into it runtime via Xposed to bypass this nonsense.
Seriously anyone who doesn’t have root on their Android devices these days and age, well may Google have mercy on you lol
Are you certain you’ll be able to do this? Do you have more info?
Recent AOSP repo added lines of code to Package Installer to handle enforcing restricting whether Package Installer installs an APK file or not based on dev signatures, as well as denying installation if internet isn’t available so it can’t contact Google’s servers for dev signature verification.
So this is enforced by Package Installer, which is already how Google enforces their ridiculous minimal SDK version requirement for installing APK packages, as well as for blocking app update with an APK package with mismatched signature or blocking downgrading an existing app with an APK package, which I already have bypassed via Xposed this way.
Besides, rooting gives YOU total control over your own device like when you have sudo on Linux, even if Google tries some new BS there will be a way to counter it when you have root
The crux of the issue is not as many people will do this so app devs will be less inclined to release the good OSS
And not as many people ever even care about doing this is exactly how we got to this point.
Don’t say that on XDA. Half the people there will say you don’t actually need root to do what you want and the other half will demand you justify why you specifically need root before they even entertain the idea that having full privileges on your own fucking hardware is a valid desire.
XDA is dead, and you just described one of the symptoms of a forum being dead.
That said there are still a small amount of people posting detailed posts for rooting Xperia phones, for how to flash OS updates with unlocked bootloader without losing your user data, for how to bypass carrier restrictions to get international model to work with the 5G bands in the US via build.conf edit and baseband flashing, etc. There are perks of a community being small and niche, and I guess not everyone is brained washed by Samsung’s propaganda they use to justify permanently locked bootloader on their phones lol
I used to root every phone, but by 2025 I’ve given up. Hard to unlock bootloaders, random apps (especially banking) thinking you will get hacked and stops working, the entire community around rooting and mods is like 10% of what it used to me, hardly any modern phone still gets custom roms, etc… Recently saw some statistic about custom roms - on average, around 50 phones 5-8 years ago had support for custom roms. By 2025, that number has fallen to 4.
Android is not what it used to be
You said it like banking apps will be happy to work with a Linux phone lol, the banks always have their interests inherently conflict with user control anyway. And rooting and getting a custom ROM (one which exists or otherwise) are two completely different things that have nothing to do with each other, and you shouldn’t support manufecturers who choose to make it difficult to unlock bootloader anyway.
By 2025, rooting still empowers you to make your own Android device however you like it to be.
Also not many people care about custom ROM these days because Android stock ROM got much better in average, so there’s much less a need for creating a brand new ROM just to get basic features. Why making a brand new ROM instead of modding the pretty good one you already have now. And root empowered ROM modding tools that are developed as Magisk module or Xposed modules still have a pretty big community, there’s a long list of pretty big repos with hundreds of modules each, and with how sophisticated Magisk and Lsposed have evolved it’s easier than ever to write your own mods
I hope google fails as a whole in the near future and gets dissolved once and for all. Sick and tired of tech companies trying to be sources of authority, working with authoritarian governments, and dictating what you can and can’t do.
I’ll be honest, tech got us by the balls… and they know it.
No they don’t. There are viable, open source alternatives for 99% of the software/services we use. The fact that people are not aware of it is already like half of the real problem.
I’m not saying you’re wrong, but I’m saying it doesn’t seem like it will matter.
Say that to my banking and credit card apps (some of which don’t even have a web version for seCuRitY reasons)
I’d say ‘change banks’.
For a multitude of reasons, that is a silly suggestion.
The open source alternative to those is currently doing quite well.
Y’all can come in here with a suggestion, too. I’m just saying we are all ears.
What is it ?
What the heck is the open source equivalent of being able to manage the direct debits of one of my specific current credit cards?
I don’t imagine that paradigm going away at all anytime soon or ever
I have hope. Last time they got hit with an anti monopoly lawsuit that should’ve forced them to sell away chrome, but unfortunately they got bailed out. Here’s hoping next time they aren’t so lucky
So… Will the ADB let me do this? reVanced specially, YouTube is completely unwatchable otherwise.
I haven’t used revanced in a while, but Fennic + ubo + sponsor block should get you to basically the same place unless they’ve added new features since I used it last.
No separate app required.
That’s what it sounds like.
They’re doing the same thing Apple has been doing for years, I used to run a self-signing application which ran every week or so by itself.
Workarounds are going to exist plenty, it’s just a slap in the face. Especially because the Play Store is filled with malware. Apple’s strict rules are horrible for developers, but at least it’s not as riddled with malware.
All APKs will require a signed developer certificate.
I doubt they will be signing keys for developers who circumvent Google’s services, or that violate their ToS.
They’re copying this scheme from Apple in Europe, when it was forced to allow other app stores.
In that case, Apple revoked certificates for apps it didn’t like, such as P2P/torrents. Mind you, these were NOT apps that were not hosted on Apple’s App Store.
But ADB bypasses it.
(for now, at least)
I suspect this is designed to block revanced entirely. It won’t be able to install the apk it compiles or downloads, so apps won’t be able to update even if you have it installed via adb to begin with.
Revanced won’t be able to install, but you could still install manually the apk it creates. That’s what I do (not through adb though).
After this you won’t be able to install it manually
Shizuku + Obtainium might still be an option.
I wouldn’t count on it. I’m 100% expecting them to follow up on this in another update, blocking devices from wirelessly debugging themselves for “security” reasons.
All APKs will need a valid Google developer signature.
Doesn’t matter if it’s installed from GitHub or F-Droid, no signature, no installation.
Shizuku is installing via adb
but directly installing apks on the phone should still be possible then, right… riiiight?
wireless debugging, you can connect the phone to itself via a wifi network, then send adb commands to itself. loopholes lol
i somehow skipped the “non-” part of the headline. thanks for the info though - when i came across this a couple of months ago, i couldn’t really think of any good use for it
Wait… what? Tell us more details…
Shizuku
Google hit by EU lawsuit in 3… 2… 1…
EU wants to read all your online communications so, no, they will not be saving you from this. This furthers that goal
how convenient, GOOGLE wants all your data too.
Well, some countries in the EU are pushing for this on EU level.
Big gov and big corp are essentially the same thing. And while the people jump ship to be at the mercy of the “better side”, the elites are sharing a cocktail in secret.
The scale still remains, however one side tilted more so than the other.
“big gov” can be influenced by citizens. meanwhile, “big corp” is controlled by shareholders, the average person has zero say in how the corporate is run
Not true, vanguard sends me vote notifications. Basically, vanguard will vote on the board the way the vanguard shareholders do
Yuuuup. The state and capitalists collude against the working class. Neither one nor the other can ever be trusted to put the interests of workers first, though they will each make empty promises to do so. Then they will privilege the ruling class every time.
Luckily it’s not the same body in the EU who’s in charge of enforcing AND setting up proposals.
The EU is not a “one opinion” government body.
This is basically the same as Apple’s notarization scheme for direct app installation on iOS in the EU. I do not believe the EU has sued Apple over that yet, and they’ve had plenty of time to do so.
They usually sue if the practice doesnt stop for over a year. They do send warnings before anything official comes out FYI.
But I dont know if they want to do anything though. No one but them and Apple knows for sure.
This is forced by EU regulations. I doubt Google would have introduced this on its own. If they wanted to do this, then why wait until forced?
A few months ago? Yeah, I’d be with you. Today? It’s the wet dream of the current EU leads. Closed devices, where they can run spyware without risk of it being hindered by custom OS with proper permissions and process separations? So good. For them.
The law EU created looks like it has a loophole which allows manufacturer to prescreen side loaded apps (like what? What’s the point of sideloading then?) it is what Apple exploited and Google is going the same direction.
