I'm going to say something that probably will get me down votes:
Why do we have to beg Google to keep Android open? Seriously. So many open source projects have risen out of real and concrete needs and successfully made their way into our every day lives.
A new platform needs to rise that breaks out completely from Google. I've given PostmarketOS a go (with a PinePhone) and while today I can't say it isn't a daily driver for everyone it is certainly the route that needs to be taken.
I'm still unable to use it because is not easy to break away from Android, but is a platform that I think about almost every day, because I do not want to use Android anymore and I'm willing to sacrifice certain aspects to have an open and friendly platform on my hands. And if it is not PostmarketOS then let it be another project.
We need these kind of projects, not kneeling down to a company like Google and begging for Android to be open. Effort needs to be put elsewhere. That's how major projects like Linux, BSDs and open source projects have flourished and taken the world.
Answer: bank/financial apps, enterprise apps, government apps and copyrighted media (music, video, games, books, ...).
Those are the players that demand excessive control over end-user devices, and thus the ultimate driver behind the problem we're discussing.
It's not that a new mobile platform couldn't possibly succeed. It's an open platform that cannot, because aforementioned players don't want it, and without them, mobile devices lose 90%+ of their usefulness, dooming them to become mere gadgets instead of (crappy, toylike) tools for everyday use.
Back in '99 Linux didn't run Excel/Word/Powerpoint or most games, but I ran it anyway. What others call showstoppers are for me inconveniences.
I have a motorolla edge 2024 that I'll load whatever open source phone OS will work well enough to place calls and browse the web. I'll keep another phone for the rare times some corporate/government overlord requires it. Many folks who refuse to use smartphones, similarly own a smartphone they rarely use for systems that require them.
My recommendation is to put as little time and energy into closed, locked down platforms as you can. Feel free to complain, but don't forget you can make choices.
Technology has a ratchet effect at scale - as a solution becomes widely adopted, it switches from being a convenience to being a necessity, because people start building more stuff on top of it. It's as true of to-the-minute accurate clocks as it is of smartphone banking.
You can still run a version of Word from 2004. It's fine, if all you need is to write some thoughts down for yourself. But the moment you need to collaborate with other people via a Word document, you'll find it difficult without the modern version with all its user-hostile aspects - and more importantly, other people will find you difficult to work with.
Same applies to other software, web and smartphones, and to everything else in life - the further you deviate from the mainstream, the costlier it is for you. Deviate too much, and you just become a social outcast.
Which is why we need to ban together. Libreoffice isn't dominate, but it has enough market share that it can't be completely ignored. Also if you are using it you are not alone - you are an annoying deviation, but there are enough of you that many cannot ignore you. The more people who also use libreoffice the more power we have. If we can get to just 5% market share we cannot be ignored. (it need not be libreoffice, there are other choices that support that file format well enough which is what we care about.)
> Feel free to complain, but don't forget you can make choices.
Of course. I can make a choice. When the choice is between being able to login to secure services with my SIM embedded e-signature, use mobile banking and conduct official business and not being able to do any of these things, making choices are easy.
Running Linux on desktop is easy mode when compared to phones, and yes, I started using Linux on desktop in 1999 too with SuSE 6.0. Phones are way more interconnected and central to our lives now when compared to a general purpose computer running your $FAVORITE_OS.
I booted Slackware from a pile of floppies back then. I thought the Germans had a pretty good offering with SuSE at the time.
Look I get it, even back then, most folks felt Windows was the obvious choice (and still do) for their jobs and so on. Sometimes you have to make do with with the unappealing choice in front of you.
For a little more context, my cracked screen iPhone can still do banking or whatever, but I chose not to pony up $800-$1200 for a new iPhone and bought the cheaper $350 Motorolla. It works for me and I think I'm not entirely alone. There are probably some cracked phones, some handme down phones that folks could use for those situations where you really need to use the closed platform, but otherwise are free to use something more open.
Slackware always brings out the inner teen in me. I feel giddy like in the old days. I need to install and maintain it somewhere some time, just for kicks.
I support FOSS wholeheartedly, and believe that it's possible to have a device which is completely Free (not Open but, Free) from hardware design to firmware and software.
On the other hand, there are some nasty realities which bring hard questions.
For example, radios. Radio firmware is something nasty. Give people freedom and you can't believe what you can do with it (Flipper Zero is revolutionary, but even that's a tongue in cheek device). Muck with your airspace and you create a lot of problems. The problem is not technology, but physics. So, unless you prevent things from happening, you can't keep that airspace fair to everybody.
Similar problems are present in pipelines where you need to carry information in a trusted way. In some cases open technology can guarantee this upto a certain point. To cross that point, you need to give your back to hardware. I don't believe there are many hardware security devices with open firmware.
I use MacBooks and iPhones mostly because of the hardware they bring in to the table. I got in these ecosystems knowing what I'm buying into, but I have my personal fleet of Linux desktops and servers, and all the things I develop and publish are Free Software.
I also use Apple devices because I don't want to manage another server esp. in my pocket (because I also manage lots of servers at work, so I want some piece of mind), yet using these devices doesn't change my mind into not supporting Free Software.
At the end, as I commented down there the problem is not the technology itself, but the mindset behind these. We need to change the minds and requirements. The technical changes will follow.
For radios, the general idea of building radios to a spec and having them certified to be sold in country works pretty well most of the time. It might be nice to have a phone with plenty of flexibility on the radio, but I think most folks would be happy just to connect and send work-a-day packets OTA unencumbered by additional restrictions.
It seems like a hardware security device could act similarly to the radio in that the general OS can ask for service (e.g. a signature), but not have access to the internals of the MCU. I don't see why these systems need to be opaque either, in fact it'd be nice to know what is running on the security enclave or LTE radio, even if folks aren't generally meant to access/modify the internals.
It'll be interesting to see how things develop. In my case, I am looking for more experimentation with the smartphone form factor. I'd like to see better options in the market.
What about when your smartphone is required to verify your identity so you can work / earn a paycheck? What about when it's required in order for you to engage in commerce?
We're headed down a very slippery slope and the destination is a very dystopian reality where those in power can prevent someone from participating in society on a whim. I believe the destination has previously been described as the beast system or New World Order.
We are all definitely going to have to make a choice. That much is certain.
> What about when your smartphone is required to verify your identity so you can work / earn a paycheck? What about when it's required in order for you to engage in commerce?
In some cases, it already is.
We're already far on the path you described, and there is no choice to make on it, not for individuals. To stop this, we need to somehow make these technologies socially unacceptable. We need to walk back on cybersecurity quite a bit, and it starts with population-wide understanding that there is such thing as too much security, especially when the questions of who is being secured and who is the threat remain conveniently unanswered.
We're already there. Attestation is not in your phone, but in your ID card. European passports and ID cards carry biometric data of your face, so you can be computationally verified.
I'm aware of this slippery slope for a very long time, esp. with AI (check my comments if you prefer). On the other hand, I believe that we need to choose our battles wisely.
We believe that technology is the cause of these things, it's not. Remember:
Necessity is the mother of invention.
The governments believe that this is the "necessity", so the technologies are developed and deployed. We need to change the beliefs, not the technology.
The same dystopian digital ID allows me to verify my identity to my bank while I'm having my breakfast saving everyone time. That e-sig allows me to have a practical PKI based security in my phone for sensitive things.
Nothing prevents these things from turning against me, except the ideas and beliefs of the people managing these things.
> Feel free to complain, but don't forget you can make choices.
Except, this not really a choice or a reasonable work around.
Phones are still somewhat expensive, not to mention a time-sink to maintain. Try explaining to your parents or even close relatives that they need to abandon the phone they either spent $$$($) on our spend a $$ monthly on that they should really buy another $$$($) phone and use their "official" device like a company card.
Bingo, this right here. Linux desktop wasn’t a daily driver until one day it was.
Although the only problem with this strategy is that Linux got that way because of a lot of private companies that actually wanted that. Valve didn’t want to be locked in with Microsoft. Many of Microsoft’s direct competitors also don’t want to be locked in. IBM famously switched to Mac, Google has been using Mac and Linux workstations for a long time as well.
Also, web technologies like Electron made porting applications to small user bases Linux easier. If that never happened, I wouldn’t be able to use my commercial apps on Linux. This concept might be a little more of a challenge for the mobile app ecosystem, which is a mix of native wrappers like react native and native apps, and there is a high amount of dependency on native APIs for the extra sensors and hardware features phones have the laptops and desktops don’t have.
E.g., For Linux on mobile to work react native can’t be an incomplete implementation like the status quo.
It's a transient state. Food for thought: how much of Linux being a daily driver depends on you having a modern Android or iOS smartphone?
If you need a locked down phone that passes remote attestation to authenticate yourself to a remote service, then whatever you use to access the service UI doesn't really matter: the only device that's necessary to have to use the service is the one you don't fully control, and which gets to control your patterns of use.
An intuition pump I like: imagine you want to put a widget on your desktop that always shows you the current balance of your bank account. You want it to just work ~forever after initial authentication (or at least a couple weeks between any reauth), and otherwise not require any manual interaction. See how hard it is (if it's even possible), and you'll know how badly you're being disempowered already.
Interesting thought. I’d say a low to medium amount but you’re making a good point here.
Most services offer simple SMS two factor, and then if they offer an upgrade to Authenticator or passkey then I have no iOS/Android dependency.
My bank’s website works almost the same as the phone app, I think the only difference is the lack of mobile check deposit (but nobody’s writing checks anymore).
Some services like Venmo are most popular on apps but still have a website.
My remaining hooks are:
- iCloud shared photo libraries with my family. I can use those on iCloud.com but it’s a bit more of a pain. My paid iCloud storage has been migrated to more open alternatives.
- AirTags and Find My. There just isn’t a competitor that’s anywhere near as good. It’s thankfully not a very necessary product.
- Apple Watch. (AirPods actually work great on Linux, btw, even if they are missing some functionality)
- Apple Home. I could migrate this to Home Assistant.
- Apple Wallet. This is mostly convenience. Most things that use it have some kind of alternative, like printed boarding passes. But there’s…
- Ticketmaster. The mobile website tells me I must download the app or add to mobile wallet. Barcodes are dynamic and screenshots don't work. I think the only alternative is to go to the box office before the event which can be very annoying.
Lots of private companies do not want to be forced to pay Apple and Google a hefty chunk of their earnings either. That's what drove Epic Games and Spotify to fight Apple.
Most of us do not want to carry two phones around. The reality is that there is strong utility for those non-open apps and they will never be replaced by open ones.
In some parts of the world, WhatsApp is as necessary as the phone itself. Official business is conducted via it.
I've not managed to read all the comments in this post, so apologies if I'm repeating other people, I also have only a passing understanding of how Google Play works, but couldn't we have:
Linux based phone, running Anbox to support Android apps running within containers. Effort would then have to put into support Play APIs within Anbox. Not a small amount of work, but I compare it to the state of Linux 20 years ago and how well Linux is doing today.
Google would eventually manage to completely block that. For example, have the app be encrypted for download from the Play Store for the individual Google-approved device key, and the device’s firmware will decrypt and run the app in a way so that the user can’t get hold of the decrypted app blob, and hence can’t possibly run it in any other (non-Google-approved) environment.
The bottom line is, the only way to ensure user freedom here is by regulation/legislation.
Communication is the main issue - If you've got whatsapp/telegram/whatever,and a couple others you can handle your own life differently without human interaction being affected.
The rest is a personal choice, I'm happy to have a bit higher friction to check my bank's balance for example. Maps is an issue but it can be overcome.
Accessibility is a big issue. The accessibility some of the apps like banking provide are compelling. - not totally unlike the difference between stairs and a ramp.
> I'm happy to have a bit higher friction to check my bank's balance for example.
I find this to actually be a great litmus test for the overall problem. Bank account balance is a basic piece of information that's about me, and that I need to keep track of to effectively live in our modern times. I should be able to access that information non-interactively at any time. But I can't.
Ask many banks, you'll get as many reasons for why they can't just allow me to cURL this number off an endpoint with some pre-shared credentials. Most of those reasons are bogus[0]. Now, it's not hard to identify several points where I could observe that information in-flight. There's an API that powers the app. The app itself has UI that could be queried or scrapped; some apps will even communicate this data to other apps when requested.
But good luck getting access to any of that non-interactively.
This is what all those technologies add up to. The bank says I can't have this information unless my eyeballs are physically looking at the screen displaying it - and the whole tech stack conspires to make sure I can't get it otherwise.
It's a trivial and non-critical need, but it's also exemplifying the basic user freedoms being denied to us: the ability to freely process information on my own device.
EDIT: Accessibility tools are often the only remaining workaround here, because those are uniquely hard for services to close. And as expected, accessibility became its special privilege category on modern devices, and is increasingly heavily scrutinized and limited by device vendors.
--
[0] - They're usually some kind of security or stability point, that's just a fig leaf to cover the actual reason: this is the way they can force you to interact with their app or website daily, creating an extremely valuable marketing channel for their financial products.
It's a trivial and non-critical need, but it's also exemplifying the basic user freedoms being denied to us: the ability to freely process information on my own device.
I hate to risk sounding like I'm beating a dead horse, but when I hear this I flash back to Attack Surface by Cory Doctorow. I interpreted his message in that book as something approximately like "you can't out-tech the bad guys", where "bad guys" can mean government surveillance agencies (probably more what he had in mind) OR "big corporations trying to control your life" (this may be me extrapolating). But even if I'm over-generalizing a bit, I think the point still stands.
"We" (open source advocates / hackers / hobbyists / makers / whatever) can't win on just tech alone. We have to use the legislative process, political pressure, social pressure, whatever, to achieve our goals. And so we should use our superior knowledge of technology to support doing that. So don't just think "how can I hack my phone to use an open source OS" but think "How can I help use technology to influence the outcome of the next election, and elect candidates who really represent the things I care about?" or "How can I help use technology to stir up enough activists making enough noise to persuade my bank to let me access my account using a non-proprietary OS", etc.
Now I'm not saying any of this is easy. By no means. Just suggesting that we need to at least approach things with that mindset in view to some extent.
I see your point, but I disagree that you need direct involvement in the legal process.
Companies are moved by money, if your tech is popular enough companies will dance to your tune.
Say that you get to a point where 90% of desktop users are on linux. Is there any doubt that banks, messaging platforms and the like would have their own linux apps? no matter how many hoops you make them pass through, they won't let that piece of the cake go.
The problem is that the current way of doing things will never reach those numbers, because we give up on the tools that companies use. UX, user research, graphic design, marketing and similar roles are pretty absent from these communities; I think changing that is the mising piece.
> we give up on the tools that companies use. UX, user research, graphic design, marketing and similar roles are pretty absent from these communities
Some of the bigger open source communities, like GNOME, do some amount of these things. But I think very few people are excited enough about user studies or marketing to do them as a hobby, unlike writing code. It's hard to see how you could beat Google/Apple/Microsoft at their own game like this without a lot of money. Red Hat is probably the biggest company that might be interested in this, but still about 2 orders of magnitude smaller than the giants.
So what. Enough of us do that it just might be feasible.
I've used Linux for a loong time before some business-critical software ran on it. I had to have a Windows VM for years for netbanking, or before that, dual-boot for gaming.
If we're all too spoiled to give a free alternative a chance because it might be slightly inconvenient, we don't deserve the free alternative.
Stupid question: couldn't we work around that with some VM/container-style solution? They could probably find ways to lock it down with TPM/TEE and similar, but in today's landscape it should be possible if you're willing to accept the performance and battery cost. And if it does get traction, there'll also be more push to keep open alternatives viable. Giving in without a fight is the only way to ensure you'll lose.
Yes and to be honest it's not necessarily unjustified BUT it should ONLY be done when the parts, hardware, software, or both, are not linked to a single proprietary actor.
Need security before doing a $1000 transaction because everything so far was $10? Sure, ask for a physical token 2FA, NOT a YubiKey implementation.
Obviously though if I was working at Google or Apple and paid for the success of my company via incentives, e.g. stock, I would fight tooth and nail to let banks know that only MY solution is secure.
Webapps solve this completely. You login to a service as we have been doing forever. And the control is still on their side when you use a webapp. Almost every single app that is on my phone can be a webapp.
Websites as platform can't solve a problem that's social in nature - that it's allowed and accepted for organizations to have such excessive, invasive levels of control.
The parties I accuse of driving this problem didn't suddenly go rogue when smartphones happened. They always wanted this level of control (and much more) - they just couldn't get it until relevant technologies matured enough.
I'm not speculating here - we have actual empirical evidence to confirm this. A clear example is that there are several countries that, unlike the US and most of Europe, went all-in on Internet banking back before smartphones. Web limitations and conventions didn't stop them from doing the same thing everyone is doing with the phones now - the banks there just force customers to install malware on their computers, so they can do some remote attestation and KYC (and totally no marketing data collection) on their PCs.
Most of the West never had this because of the inverse of leapfrogging phenomenon - big, developed economies had too fast progress and at the same time too much inertia to fully adopt a pre-smartphone solution nation-wide.
My bank had website which I can log in and just use. It does not force me to install anything. I need to type username, password and SMS code, that's about it.
Every org doesn't provide that choice. If your child's activities class only communicates via an app and that is the only option in a given radius, rejecting that will mean you child doesn't get to do their activity. There are other examples that are more way more serious and make avoiding installing apps infeasible.
Because SMS is not considered a secure 2FA mechanism anymore, and hasn't been for a while. If that's the default for that bank, and not GP going out of their way to pick a legacy access path, then they're about a decade behind what's considered industry standard -- which today is querying a second factor not just per login, but also per important operations (money transfers, dispositions, changes in settings), with the second factor being by default a smartphone with hardware and software integrity verified via remote attestation.
I haven't heard a compelling reason why remote attestation is more secure.
The whole point of 2FA was to have two devices that you own. Now the bank is forcing your login and 2FA to be on the same device. Which is the easiest device to steal.
Then literally every US business and government is not trying to be secure. I cannot name a single organization that does not have the option of or requires SMS 2FA.
I think the government and large businesses like it that way, as it makes the mobile network providers as a sort of credit check (or “are you worth dealing with”) mechanism.
South Korea is, the go-to example I've seen brought up on on HN many times over the years. AFAIR, they used to legally mandate ActiveX controls to access banking and government portals, and that practice continues to date even though the legal mandate was dropped. From what I read, there's still a set of applications that are commonly required to access banking and tax filing services, that purport to provide a degree of remote attestation and "security" (firewalls, detection of keyloggers and screen capture), and to access digital certificates.
Brazil is another example - ironically, the software suite that's commonly required for banking is named after the capital of the country I live in :).
Some quick searching now also flags Slovenia and Serbia as places where some banks require custom desktop (or even Windows-specific) software to access banking services.
This works only as long as the webapp allows you to log in using a username/password and/or 2FA which is not tied to a smartphone app. More and more countries are moving to digital identity solutions, and while many of them offer hardware tokens as alternatives to apps, the future looks like one where smartphone apps will be only option.
Banking websites will tell you that you need 2FA. Of course you need to use not just any 2FA you need to use their app and of course you don't need a 2FA if you use the app directly for banking.
My companys equity app does not even want to run on lineageos.
At the moment it looks like a 2 phone will be necessary at some point.
For now, my banking app actually runs on GrapheneOS. My digital identity app that it requires to log in does not, but luckily my government also offers an NFC chip that I can just scan instead.
Two phones is such an unsatisfactory solution because it will be too impractical, too expensive, or both, for the vast majority of people.
Yes, the fact that these 2FA systems aren't based on time-based one time passwords you're probably thinking of. It's a push notification that you need to open and approve in the official app.
They're working hard on shutting that down as well with Passkeys. It's only a matter of time until the only way to log in will be through de-facto proprietary apps.
Being a web app doesn’t mean shit. We already have DRM encrypted web content where the consuming device requires some attestation to decode. I.e. Widevine.
Netflix? Telegram's push 2FA? Any mobile wallet application? The vast majority of dating apps? Any of the app-only social networks? Basically all keyless entry applications?
This is why we need laws and regulation. And the most important thing we need is not governments forcing Android to be open, but laws requiring governments to not force their citizens to use locked down hardware.
My government, Denmark, is one of the most digitized societies in the world. While the government has allocated money to a committee to investigate how the country can become less dependent on American big tech corporations, at the same time they are planning on launching a mandatory age verification solution in 2026 where the only possibly anonymous way of verifying your age to access e.g. social media will be through a smartphone app running on either Google Android or Apple iOS. These nincompoops do not realize that this move will effectively put every open source alternative at a permanent and severe disadvantage, thus handing Apple and Google, which are already duopolies in the smartphone market, a huge moat that will lock out all future competitors form entering the market.
I have written to the relevant government agencies, and while they are nice enough to actually answer questions, their answers reveal that they act as if they are a commercial business and not a government agency that is supposed to act in the interest of the people and preserve their freedom. They argue that they are releasing a solution that will work for the vast majority of platforms and that they are continuously monitoring the market to assess whether they need to add support for other platforms. This is a cost-cutting measure which is maybe okay for a commercial entity targeting a specific market demographic, but it is an absurd way for a government to think.
Before the upcoming age verification we already had a national digital identity solution, MitID, which also comes as an app running on Android and iOS, and which is locked down to require strong integrity using Google Play Integrity. But at least here they also offer hardware tokens so people can use their digital identity without owning a smartphone and running an open source OS like Linux on their desktops. But with age verification this is apparently over, all the while the government is lying about actually making an effort to free us from American big tech - they are instead basically forcing us to be their customers now.
I think this is true for other European governments. The UK is has introduced age verification (although not mandated an app) and is pushing for digital ID. If digital ID meets too much pushback plan B is a boiled frog approach by introducing it for children first (the legislation for that is in its final stages).
Governments say they want sovereignty but not if they have to pay anything for it. They also like the fact that forcing everyone to do everything through a few big businesses makes surveillance and censorship easy. No need to pass laws, just do deals with a few companies. Governments are all about central control, and its more important to them than what they see as obsolete nonsense about sovereignty.
I wonder, if there were an open platform to exist that people use increasingly, maybe that would be incentive enough for at least one bank/financial app to permit that platform just to get a competitive advantage.
In the meantime probably the best that can be done is having a regular phone and a banking phone.
Maybe the answer is to put whatever the banks etc need on something like a smartwatch. Smartwatch + phone is better than two phones IMHO and they're so tedious to use/install anything on that it reduces the attack surface for hackers etc. Tap to pay or digital signatures or identity, passkeys etc via a smartwatch interaction seems like a good use case. Sort of a souped up yubikey. I don't know how good biometrics is on watches nowadays but my Pixel phone has some sort of camera behind the screen to read fingerprints so I can't imagine its impossible. Even adding a capacitive pad on a band seems plausible. Who knows, I don't feel like biometrics have been a real focus of design in the smartwatches I've used.
Personally, I have found smartwatches fairly useless (I do enjoy the activity tracking and notifications but that's not much really) so freeing my phone from bullshit by moving some functions to a watch could increase the value/utility of a some sort of smartwatch. Ultimately, it doesn't need to be that "smart" even.
Doubtful - the costs of supporting it far outweighs any gain they'd have. In case of banks, the costs of supporting aren't just about developing software for an additional platform, but also insurance premiums and managing fallout of hacks (which always eventually happen) - both of which would go way up, as the company would be voluntarily supporting endpoint decides that are less secure than "industry standard" minimum.
So the last possible community response is to bring back "responsive web apps"(tm) in the browser. And make sure a privacy first mobile web browser is installed.
Bank apps: Use an ATM, or a second phone. Enterprise apps: Use a second phone, preferably paid for by work. Government apps: Use a second phone, or refuse to use it (since there's likely elderly whom are not on board yet). Copyrighted media: Piracy.
"just use a second phone" cannot be the answer because 99% of people will just scoff at that. Instead of buying a second phone, why not just buy one that works?
And that's to say nothing of the environmental impact.
> "just use a second phone" cannot be the answer because 99% of people will just scoff at that.
Here we are talking about installing PostmarketOS/Linux on a smartphone. The next milestone is not to get everyone on it. First we need a base of early adopters that are willing to use it despite the drawbacks. The more user those alternatives will get, the more they will be developed, the better it will get.
Sure, for the next years, it will be way behind Android or iOS in terms of ease of use, but that's the price to pay to get back control on the device you own that is probably the main computer you use everyday.
For me that's not worse than using Linux in the early 2000s, and like Linux in the early 2000s, it may even be _fun_ to be an early adopter of Linux on the smartphone.
Now we don't need to migrate everyone to PostmarketOS, we _just_ need an alternative OS for at least the ones who are willing to play with it.
It might actually be a better environmental decision, if instead of buying a new second phone, it is instead about keeping an existing phone in use and not adding to the burning heaps of e-waste. Given the rising popularity of refurbished phones, not to mention the lower costs, it might actually be the opposite of what you claim, at least on those grounds.
And for the rest, well, "just works" for what? With a little time and effort, it may even get to the case of the "just works" part is a siloed unit like a SIM card that is just installed to the device, making it opt-in and user owned...
Not That i want to kick the can down the road, but the ultimate solution (barring actually fighting for our privileges over the systems we buy) is to have that second phone, and control it either via vnc, or via a kvm which presents vnc. I know, its really absurd, complexity wise, what with tunneling and figuring out where to house said setup.
However, the latter is ultimately transparent to the phone, outside of allowing a second monitor/hid to be connected to it. You could, given a VNC client then go ahead and control it via laptop or another phone.
It is the best answer at the moment. You can keep an absolute basic phone with all the banking and such apps loaded and nothing else. You treat it like an appliance. Your daily driver will be separate and can be running PostmarketOS or LineageOS etc.
There are several benefits off the top of my head:
1. Since you only install banking/govt type apps on your "important" phone, it stays more secure vs. putting your random game app along with the banking app on the same phone.
2. When you upgrade your daily driver, you don't need to deal with tons of re-auth steps for banking/govt apps.
3. Your daily driver can be customized to the nth degree because the pesky banking app won't be on it to refuse login because, say, you turned on developer options or rooted the phone.
4. You can even leave the basic phone at home for extra safety, if you wish, without affecting your daily driver.
5. You can root your daily driver and put as much adblocking setup as you want to boost your privacy. Your basic phone won't have enough activity outside banking/govt. to build much of a profile.
There's just one problem: increasingly, everything that makes a phone a "daily driver" is the thing that can only work on the "important" phone. Banking/finance, government services, commerce, work, communications (thanks a lot E2EE), and DRM-ed entertainment - all the major players here are locking their software down and relying on remote attestation to ensure their locks stay shut.
With this being the trend, you're already more likely to leave what you called "daily driver" phone home, and only take the "important" one with you.
Still waiting for someone to make a tiny token sized phone. Unfortunately the smallest around, Unihertz Atom, is both outdated and too low resolution for some apps to work.
Which is exactly my point: once you apply these workarounds, you don't need a smartphone anymore.
Also: both banks and governments are pushing for 2FA with a mobile device being the primary, and in some cases the only, accepted second factor source.
relative of mine has t1d and they use their phone app to monitor and give insulin, also alarm them when they are low..trusting outside the reliability of apple and google for this type of stuff i imagine would be difficult.
to your point, not exactly a one-to-one, but several discount airlines (e.g., RyanAir, PLAY, Allegiant, Frontier, Spirit, Wizz, Flair, AirAsia) already require an app to check in for a flight, or pay a fee. No app (or the horrors, no mobile), it cannot be done on a regular computer, must go to a ticket counter and pay a fee.
> Answer: bank/financial apps, enterprise apps, government apps and copyrighted media (music, video, games, books, ...).
Those are the players that demand excessive control over end-user devices, and thus the ultimate driver behind the problem we're discussing.
Those work perfectly via a browser, on any platform where the browser can run. As long as a hypothetical open OS has a browser capable with bog standard modern capabilities, it will be fine
I tried to log into a banking website on a full desktop browser recently, one that I had previously used with a password. It literally would not let me login until I downloaded their app and set up a passkey. That is now the _only_ way for me to access those accounts. Presumably, I could call in, though I wouldn't be surprised if the person on the phone also asked that I download the app in order to verify my identity, and even if it wasn't the case, they didn't offer that option when I was trying to login. Many bank websites now also require the phone app.
You're getting downvoted because that's not the point.
You are technically right, we still have access to these services via a web browser today. It doesn't mean we'll have it forever.
With the advent of AI browsers and AI agents, it's not hard to think of a future where LLM chat interfaces and mobile apps are the future, and web apps start getting disregarded as legacy and eventually, discontinued.
Try ordering some food via mobile application and then again via web app. You'll instantly feel the downgrade on the web app. Bugs, glitches, slow experience.
The desktop web is already the 2nd-class citizen for modern startups.
> Why do we have to beg Google to keep Android open? Seriously.
Because the market has failed, and we have a duopoly. There are many reasons for that, but, this is the exact sort of time a govt must step in - when something becomes a utility, it needs to be regulated as such.
I agree, I don't really want to enshrine Google/Apple into law, however if they are makers of an operating system that is used like a common utility, they should be regulated as such.
Unfortunately western governments are moving to impose more and more control over our digital life, and I think they see a locked down commercial platform as a convenient means to that end because they can regulate it. If the EU commission ever succeeds in passing Chat Control, which requires client side scanning on all devices, then it is very convenient for them if people do not use open source operating systems where they can just run clients that don't send data to a third party.
some governments, especially autocratic or authoritarian.
Even govts that may be in some political climates authoritarian can and will want exceptions to this.
There is no world that I see where decisions being made by Google are a good or reasonable choice for all parties, even ones you might think would side with this decision.
Remember, this give Google more control than an authoritarian govt. Sure, there may be a cost of doing business with some countries, however, even in those cases, this is bad for them - Google can just say "sucks to suck" and they either must use their product or develop their own, but if they use their product, *Google still has more control over that authoritarian govt than the people in it*
I'm sure they would love to. They've been trying to make their own app store (Galaxy Store) a thing for over a decade. But cutting ties with Google would mean no Google Apps and no Google Play Store, and that would probably be catastrophic for them.
Legislation is required at this point. Infrastructure companies (including finance and transportation) should be required to provide web apps that have feature parity with proprietary apps. (Enforcement is simple: ban distribution of the proprietary app for 5 years).
I think we going the other way though.
For instance, this recently proposed bipartisan bill would force all (even locally installed) AI apps to repeatedly run age checks on end users, and also adds $100,000 penalties each time the AI screws up when a minor is involved, even for bugs. I don’t see any safe harbor provisions, or carve outs for locally installed / open source / open weight projects, so it’d end up handing a monopoly to ~ 1 provider that’s too big to prosecute:
The most important thing you can do right now is get the democrats to actually field a candidate in 2028 that will restore the rule of law and free markets in the US.
> Why do we have to beg Google to keep Android open?
We don't! Instead, we go to regulators. Though I suspect your question really is "Why bother with salvaging Android at all?"
Mobile platforms are hard - famously, Microsoft failed to make Windows phone a viable platform, and John Carmack successfully argued that Meta didn't need a custom OS. Mozilla's Mobile OS that had OEM partners making real phones spluttered out, and nor for the lack of trying. Both Firefox OS and Postmarket rely on an Android foundation for HAL/drivers, IIRC. Device bring-up is hard, and negotiating with OEMs is harder still, and that comes "free" with Android-supporting devices.
Logistically, the vast majority of people who install apps from non-Play-Store sources do so ok their daily-driver phone, which is running the stock operating system. They are not tech savvy at all
> Mozilla's Mobile OS that had OEM partners making real phones spluttered out, and nor for the lack of trying.
Firefox OS had serious issues.
* Web standards 2013-2017 weren't ready enough.
* 2013-2017 phones still weren't powerful enough for complex JS apps to feel fast.
* asm.js was de-facto proprietary (a new FFOS with wasm would be be another story)
* The UI wasn't so great.
* Their launch devices were slow, cheap, and sucked.
* Their launch devices weren't readily available to developers.
* Their OS provided no real advantages over iOS or Android
The OS is still around as KaiOS (with a couple hundred million devices shipped IIRC) and I believe it still powers Panasonic TVs.
Interestingly, I think a FirefoxOS of today with good React Native and Flutter integration and cutting-edge WASM support could have a shot at success if not completely mis-managed.
> So many open source projects have risen out of real and concrete needs and successfully made their way into our every day lives.
When it comes to consumer hardware or software targeted at end users? I think such cases are pretty rare and far in between. Firefox had a brief stint of being popular in the late 2000s, Valve is doing some cool stuff with SteamOS/Proton but I can't think of much else of the the top of my head.
Otherwise it's usually companies like Google or Apple which use OSS as a base layer for their closed down and proprietary platforms.
PostmarketOS is cool but its a product niche targeted a very tiny subset of consumers (just like Linux on desktop for that matter).
For another platform to rise, there needs to be some heavy market shift. There already were opensource mobile OS: Maemo/meego/Tizen. Heck! I'd even throw phosh and ubports in the pot. But those are about as rare a sight in the wild as lightphones.
Phones have become essential to daily lives and the catch22 is: companies won't support niche platforms for their apps and users won't switch until the apps are there.
Android happened to get adopted before everyone started relying on mobile devices as computer substitutes. Unless a major player pulls out a Valve move and does with waydroid what Valve did with wine, I can't imagine the market changing significantly.
One of the benefits of mobile GNU/Linux distros is that it is possible to run Android apps on them. Waydroid works well. The one catch is that it can be difficult to trick certain picky apps into running on an "unsecured" device.
You can never catch all "bad actors". Sure, you can make a best effort, but govts are not efficient/usually work better at doing one thing, not 100 - they should be regulating the common platform not all actors on it.
Anyways, that's just as bad as what Google's trying to do.
> that, through developer laziness, refuse to launch on alternative platforms.
Android Dev is (relatively) quite difficult. The code and UI elements do not translate easily to other platforms. If a solitary developer (keep in mind, they may be a volunteer doing things in their free time, or just someone scratching a personal itch) does not then go out, purchase multiple other pieces of hardware, and write the application on multiple other platforms, that is not "developer laziness", rather that is a high cost to entry creating practical hurdles.
I think next time I upgrade my "phone" I'm going to get a gaming capable tablet with wireless and give it the steamos treatment. This gives you decent linux/windows/android interop.
I already lug a small backpack around most of the time, I can leave the tablet in the bag and use buds for conversations and when I need an actual computer it'll be way better.
> Why do we have to beg Google to keep Android open?
Because Google and Apple have put themselves between us and everything else.
Until we manage to replace them (by lobbying to everything including governments against them, and by working towards making the alternatives usable), we unfortunately have to resort to this. I'd even say we are entitled to this because we never asked for Google and Apple to become compulsory, they decided this.
I would personally be able to switch to Linux mobile today because I don't rely on anything proprietary (except the interrail app occasionally, damn them - but possibly waydroid would work for this)… if only there was usable and reliable hardware that could run the mainline kernel: decent battery life, decent picture quality, decent GPS, decent calls (especially emergency calls even if I haven't needed to actually make one so far, finger crossed, and Signal would do for most other situations actually).
I've daily-driven the PinePhone for a year. Call quality is awful and calls are awfully unreliable, and SMS are quite unreliable as well. Too bad for a phone. Unfortunately the phone took a big rain and now its modem is unreliable and doesn't come back up very often, but that's something a phone will likely endure in its life. Pictures are awful. GPS never worked well on my regular PinePhone. It somewhat worked on the Pinephone Pro until it died because it overheated. Linux hardware support is okayish, it was nice to run completely free software which was my main motivation for trying it but the hardware is crap to the point of being unusable serious.
The FP5 can apparently run PostmarketOS quite well. It would make an awesome Linux mobile. Camera and calls only partially work though [1]. And that's the main features of a phone.
Linux mobile itself it becoming quite decent (if one can do without the proprietary apps), what we really need is good hardware running it. Then we can begin to imagine a world with it having a decent usage share.
The Librem 5 is awfully outdated now (and so I won't buy it today because I'd worry about it becoming e-waste fast), doesn't have a good battery life, is very pricey, and I'd worry about call reliability (I have no doubt it can be made to work, but reliably, from sleep?).
I'm sure it's way better than the PinePhone, but the Librem 5 is definitely not suitable for the general public, even without considering the Linux mobile part.
> Which OS?
Mobian and postmarketOS
> Did you try SXMo?
Yes, not my cup of tea. I'm happy with a stable Plasma or Phosh; at this point, the GUI is not a concern at all for me. SXMO is a nice project but it will never target the general public, and I think we need to target the general public because I wish the general public's computing were free. It's nice that nerds can be free but it's also not good enough.
I agree and I intend to keep my current phone at least ten years (and I hope it will be able to run Linux at some point, it's very close!), but the Librem was released with outdated specs and that was 5 years ago. It was released with outdated specs because then current hardware was not free software friendly. However, producing outdated hardware today is a huge environmental concern for me.
That current hardware is non-free software friendly is a huge concern as well, and both concerns go by hand: we are absolutely building huge piles of e-waste just because of proprietary / closed hardware.
Anyway; the Librem 5 has been a fantastic thing for the development of Linux mobile. We also won't go anywhere with phones such as the Librem 5 to make Linux mobile a reality for the general public.
I don't understand why individuals expect a corporation like Google, driven by profits, to give a sh*t. I would expect no less of Apple with IOS.
Individuals should look for and support alternatives. I'm currently working on a desktop running Ubuntu because I want an alternative to the duopoly of Windows and macOS.
Additionally, we should support open-source alternatives with our donations. I personally donate money every year to Ubuntu, the Gnome foundation, and Tor.
If you're worried about a for-profit company having sway over your computer, Ubuntu is not really the choice to make. Please consider running upstream Debian; there are very few downsides, but the upside is that it is run by an organization that is not (and never will be) driven by profits. Also, it seems a little silly to donate to Ubuntu, which is maintained by a for-profit company.
Ubuntu controls a big voting block in debian’s organization. They forced systemd in, for example.
Devuan is a good enough compromise for me. The OS is stable, and the only issues I’ve had involve hacking curl|bash scripts that fail to realize they should just install the debian version.
> If you're worried about a for-profit company having sway over your computer, Ubuntu is not really the choice to make.
Why not? The point is not to not have anything supplied by a business. The point is to avoid being controlled by a business.
Ubuntu does not have the same hold over your computer that Google has over your phone. The software is open source. You can switch distros easily as it does not have lock-in.
The OS on desktop situation isn't comparable to the OS on mobile situation. You can buy any PC and expect being able to replace its OS. On phones, you have to look for the ones where it's possible, and depending on the phone, it's possible despite the efforts from the manufacturers for not allowing it.
Also in PC OSs, there isn't a corporation dictating what programs you are allowed to install. In iOS there is, and soon in Android too.
IMO, these corporations have managed to amass an amount of power where there's no longer consumer freedom. Therefore, there's no free market. We have reached a point where the law must intervene to restore capitalism.
Because we can't install that on phones and even if we did, we need to use Android apps to do basic daily things.
Phones are not like PCs, you can't "just install a different OS". You also can't just build a phone from parts like you can with a PC, it comes locked in with the OS, with proprietary drivers and advanced cryptographic DRM measures.
And even if we did get things to the level of desktop Linux, we can't run any of the apps we need for everyday life. Most of these things on desktop are web-based, so you can use them on Linux, but this isn't the case for mobile and many things only come in mobile. Bank apps, government services, digital identification, mandatory companion apps for other devices...
If nothing else, we need to keep Android as open as possible because it makes it easier to port those things to other platforms and maybe one day have a proper alternative.
Oh, and it's not like we have a good alternative. The current Linux stack is completely inadequate for mobile use. An average phone has something like 50 apps the need to be able to react to any of a few dozen different local or remote events at any moment, yet also need to use approximately zero CPU cycles to do that. We need a brand new app paradigm if we want mobile Linux to succeed and it's not looking like that's going to happen any time soon.
The problem is that a new project and even a fork would need buy in buy companies like Samsung. Otherwise a project LineageOS would be much more popular. This is hard to do without serious money.
Yes, agree 100%. It's not only Android the problem. It's the cartelization between them and hardware manufacturers. But then that means that we will be doomed to the current duopoly between Google and Apple.
The very first step I believe needs to be taken is to pass strict laws to allow devices to be reflashed with whatever we want. Until we do not have that in place we will always be stucked like this. Once people can truly install from scratch whatever they want then the game should change completely.
So many good working devices go to waste because no longer supported by Google and the hardware manufacturers. They have good cameras, good wifi etc... we should be able to reflash them and install whatever OS we want on them.
It's becoming more and more difficult to install even Lineage on a lot of 6 or 7 year old hardware.
Why is popularity a concern? I'm writing this on a Librem 5 with PureOS that I've been daily driving for the last few years and which gives me a much better experience than Android could. Why would it matter to me as a user whether it's popular or not? The only thing I can think of is availability of native applications, but this would just hide the actual problem with interoperability and pass it down for the next underdog project to worry about.
Popularity is important when we consider whole societies, but it's not particularly relevant for individuals. I don't need a buy in of Samsung to use GNU/Linux on my phone.
For example because the wait time in the theme park which I visited can be find only in their app for iOS and Android. The same true for ordering food to your table in another theme park. Yeah, there are alternatives, but those cost you time, sometimes hours. And these companies won’t implement anything for an error margin.
We should not be downloading executables and running them from random third parties in order to do mundane tasks. If they absolutely must have an app, it should be a web app, end of.
Here's a question, what if the executable was thoroughly sandboxed? Like Firecracker level with virtualization? And once you're there, what's the difference between that and a webapp?
I don't think apps are going away so users need to have a switch that says, "I don't trust this company with anything". Extremely limited Internet access, no notifications, no background activity at all, nothing. It needs to be like apps for the 2nd gen iPhone: so completely neutered that webapps look like Star Trek level technology.
> but this would just hide the actual problem with interoperability and pass it down for the next underdog project to worry about.
Just consider how this wouldn't happen at all in an environment where no platform dominates in popularity (and it doesn't always happen today either, as lots of things like these are accessible via the Web from any platform regardless).
True, if a new system ever wants to rise, it’s gonna need backing from a major player. But once it takes over the market, it might just become the next “Android.”
Not so, if the next system is mobile GNU/Linux. As long as the components remain free and mostly the same as on desktop, if one or two go bad, they can be replaced. And certainly the core system won't go bad.
The point we are all missing, Google is not going to pull back, they have already invested in this change, it's in rollout phase, infrastructure is in place. It's
not going to be rolled back. The ship has sailed. Keep Android Open is unfortunately dead on arrival, IF we are going to depend on Google.
And, are we going to keep depending on a profit oriented company to follow our bid? If so, then, we are very well have lost already.
I also don't think it is right for Goverment to force companies give up their properties, in this case it is like forcing Google to continue to fund Android.
May be Goverment world wide could all fund the same OSS OS which benefits everyone. But right now I see zero incentives for any government to do it.
It's better to have a billion dollar corp footing the bill for the massive amount of work it takes to maintain Android. If it comes to needing a fork so be it, but if they can be convinced (or strongarmed) to be more supportive of an open ecosystem and FOSS Android projects, everyone wins.
You're right. Especially with the rise of agentic AI. You could have hundreds of contributors, all using agents, working on different modules, according to existing spec and tests, create a new OS, or Web Browser or anything. It's the end of monopolistic control of software.
But, I think the giants already know and accept this. The moat now is compute. A centralization of power back to the server, the rise of thin clients, and fat services.
So, it is a revolution but there's also counterbalancing forces. Still, we should ride that wave :)
> You could have hundreds of contributors, all using agents, working on different modules, according to existing spec and tests
The current problem with "Linux on phones" is the locked down nature of the hardware. For example, looking at PostmarketOS's support device list [0], sensors, Wifi, even phone calls don't work. Would what you're saying enable faster implementation of those support modules? (This would be really cool if possible).
If it's just about building software against suites of tests and spec that already exist, then definitely what I'm saying would make it faster. But if it's a hardware control issue, then no.
In that case (ie, if in order to be free we need to free the hardware, too), we need to create a hardware company that builds a phone from the modem/radio on up and owns every layer.
Obviously non trivial hahahahaha :)
AI is letting the world of bits move faster than before by exponentially reducing rework and sharing around the benefit of network effects from collective human knowledge. It's not touching hardware in the same way, and doesn't give us the same superpower.
edit: I guess the "easier" play is to convince an existing full stack phone hardware company to make us an OpenPhone that we can hack on because they believe in the inevitabilities of trends and consequences from AI and want to invest in that future. That would be cool? Any takers? Reach out cris@dosaygo.com
The difference is hardware. A large part of the explosion around Linux in desktop computing is based on the fact that IBM's patents for desktop architecture expired and IBM clones proliferated in the marketplace. Also, busses like ISA/PCI/AGP and ports (serial, parallel, ethernet, USB) were all standardized.
In short, Linux was possible because the underlying hardware was open and standard.
> A new platform needs to rise that breaks out completely from Google
After many many years and many forks, yes. This is still clearly the right answer. Google didn't succumb to Apple and just accept things, they acquired Android and invested heavily in it. We are all grateful for that. BUT, we must also acknowledge that the time of the two horse race is over. And while OpenAI and many others are attempting to do various things, we can continue to invest and back alternatives that create a more fragmented market. Maybe they will not replace Android, that's fine, but you're not going to fix Android's problems without suing Google, which people are doing, or actively working on alternatives, which again people are doing. Change is coming.
If people have to put the tiniest bit of effort into using a different platform, they won't. This is the sole problem with alternative platforms. I agree with you that the ideal solution would be to break away from Google entirely, either with a hard fork of Android, or something completely different. But you'll have to make the transition absolutely seamless for the masses, or it won't happen.
I agree with you, but that only works if people value it and are willing to pay for it.
Look at email. It’s technically open, but in reality there are a few large players who control the majority of it.
The only way open source phone software succeeds is if there is real money behind it and there is an attractiveness to it that makes people pay for it.
Because money. Yes Android is open source, but Google is spending billions of dollars a year paying engineers to develop it. If you want Android to be "free" find alternate funding, with no strings attached.
I used to have a Jolla phone which ran a pretty cool linux OS on it but it only worked because it had an alien dalvik android vm so I could still run apps like those from my bank, whatsapp etc..
It's nearly impossible to live in the modern world without either an iphone or android without making some major sacrifices e.g. I'd love to not use whatsapp but it's not an option because all of my friends and family use it
Most if not all large, successful open source projects are funded by commercial interests, not just consumers. The resources it takes to maintain something like Android far exceeds what can be funded solely by donations and volunteers.
> Most if not all large, successful open source projects are funded by commercial interests, not just consumers.
Right, the key point here is most of the fundamental projects were never commercial in origin and had grassroots community or academic roots. Android is built on top of a student's hobby Unix clone.
> The resources it takes to maintain something like Android far exceeds what can be funded solely by donations and volunteers.
Um, no duh a corporate project requires corporate funding. Android was never a grass roots community effort.
Problem is the hardware vendors often very much like closed systems. And banking apps too. We sadly have a much less open hardware ecosystem compared to the PC landscape. And even here driver problems are more pronounced the more exotic the OS platform.
For me mobile OS are a broken mess, irrespective of Apple or Google, so I would love to have an alternative. Mobile phones are powerful devices that are severely handicapped by bad software. Restrictions are sold as security and there are a lot of people that even buy into these crap argument. So much so that even legislation has adopted them to some degree.
But for hardware vendors to jump on another train, a new OS must probably offer something shiny. And the average user has no idea how easy it could be to interface your smartphone with other devices without needing some ad riddled vendor specific apps. I mean you can install an ssh client on your phone, but meh... That is more or less the only app I install these days.
Why? Because I want to run bank, OTP, streaming, and other crap apps that requires certain level of trust that a 100% open source version of AOSP made by some guy in a basement doesn't provide, that's why.
We need both. Open source alternatives are great, but they don't replace tight regulation of large corporations. Just because Linux exists doesn't mean we can give Microsoft, Apple and Google free reign.
I agree, F** Android, the website should me MakeLinuxSmartphoneReady.org and PostmarkeOS + Gnome Mobile is in good shape but a few smartphones support it.
Google has been gradually becoming more restrictive on Android openness, slowly but surely strengtening the thumb screws.
On the long term, the best thing to happen is for them to bang make it proprietary [1] while it is still free and liberal. The shock effect will be big, and the initial changes big, too. Such will motivate the right people. Open source devs, governments, legislators, people with executive powers within other companies.
But Google is too sneakily clever for that. So they go slowly, gradually. There won't be a shock effect, or if it happens it'll be a done deal.
This is how you turn a country into fascism, too. Slowly but surely, and then bang. It is all the small steps beforehand which matter, and this is why the Execute Order 66 quote from Star Wars is so such a beautiful example in popular movie SF.
You can see how failed efforts for coups in democracies have failed recently because of checks and balances. South Korea is a recent example, but looking at the details it was a close call. In my opinion, the same was true for USA, and I don't know enough about the Brazil example.
[1] Yes, I realize Android is proprietary and AOSP is FOSS.
Because you cannot own or operate a cellphone. The cell phone modem is not licensed or controlled by you. It cannot be, it is the telecommunication company's. And this reality is intruding more and more into everyday life. You will not be allowed to control your smartphone. They are terrible computers because of this. A smartphone's legal purpose is now basically just banking, shopping, and navigation. Other things that interfere with commerce will not be allowed.
Just use your phone as a hotspot with a real computer for computing that you can and do own.
Because smartphones are designed such that I cannot put whatever OS I want on them. I'm stuck with whatever proprietary flavor of Android the manufacturer loaded it with.
If I'm really lucky one of the opem source Android forks will support my device. But my current phone is not supported by postmarketOS or GrapheneOS.
I don't want a world where the market can only support a dozen devices across 4 or 5 manufacturers.
Good luck funding the development of a competing mobile OS by FLOSS nerds that can compete with Google's trillion dollar market cap.
Even if you could get some traction, you're gonna have a bad time getting banks to support this OS, at which point it will be useless for most users, preventing you from ever becoming profitable.
> Even if you could get some traction, you're gonna have a bad time getting banks to support this OS
This already happened. Banks here in Brazil like to require an invasive piece of software (a browser "plugin", though it installs system services) to access their online banking websites. For a long time, this invasive software was Windows-only, so those of us using Linux had to either beg the banks to enable a flag to bypass that "security software" for our accounts, or do without online banking. The same for the government-developed tax software, which was initially DOS-only and then became Windows-only.
But nowadays, there is a Linux variant of that invasive banking "security" software, and that tax software became Java-only (with Windows, Linux, and MacOS installers, plus a generic archive for other operating systems). So things can change.
The real problem was never solved to begin with: all mobile devices require proprietary drivers to function at all. Because these drivers are proprietary, the only people in a position to make them compatible with an OS are the manufacturer's dev team; and they are only interested in compatibility with Google's proprietary Android fork.
When Google starts to release versions of its proprietary Android fork, any open Android fork (or other alternative OS) will have to reverse engineer that proprietary Android fork in order to match its compatibility with proprietary firmware blobs. This will need to be done for every device.
Imagine trying to find your way through a building while wearing a blindfold. It's much easier if you are able to study the original floor plan that building was modeled after, even if the building itself has a modified design. Google is taking away that floor plan.
The situation is already medium-bad: it would be trivial to use an alternative OS if drivers and firmware were open source. It would be relatively easy if drivers and firmware had open specifications. It's difficult, but feasible in the current situation, where drivers and firmware are closed spec, but designed to be compatible with a close fork of an open source codebase. It will be extremely difficult (and technically illegal in the US) to do when drivers and firmware are closed spec, and designed to be compatible with a closed source codebase.
Back in the 2007 or when it came out in Sweden I bought the iPhone and started developing for it. This was cool, new and exciting and it was fine as long as my company was paying the $100 fee every year. But then I switched jobs and worked at a company which produced mostly open source code. Suddenly I would have to pay $100 every year just to be able to put my own software on the phone ...
This is why I switched to Android, just for Google now to pull the rug from under my feet again ...
This situation would have been avoided if we, as community of engineers, had insisted on full and uncompromised open source (Stallmanist or GPL way) right from the start instead of going the ESR way of half-hearted open source where it's technically open but corporates get to have a free lunch and make abuses.
Like most coders, I also prefer the permissive MIT/Apache/BSD licensing for most software projects but incidents like these make me question the direction we are heading towards. They raise fundamental questions about freedom itself - looking at the broader picture, is having a restrictive kind of freedom (GPL) often more beneficial than having full permissive freedom (MIT/Apache)?
But Linux is GPL. That didn't stop Google from using it as a basis for something that is not GPL and in fact not even open source (Google Play Services).
What leverage does a community of engineers have to insist on anything? Android could be entirely closed source. So could Chrome.
It would be naive to assume that the power dynamics in our society can be fundamentally altered by a 10 line software license.
The Linux kernel is a separate system layer here, it's the AOSP parts like the Dalvik Runtime (equivalent of JRE) and components built on top of it (such as Play Store) which are being subject to permissive licensing abuse. If AOSP itself was GPL licensed, it'd have been difficult for Google to create something closed like Play Store as it'd have been considered derivative work.
You're right that broadly speaking, there is very little that could be done to stop this but having a culture of "everything GPL" in an organization definitely helps. For example, Sun was farsighted enough, though they couldn't stop Oracle from acquiring MySql, Oracle was still forced to keep MySql under GPL and they were able to salvage MariaDB too.
Similar was the case with Java. Oracle tried everything in its power to control its use and direction including legal means, it's only thanks to GPL that alternative implementations like OpenJDK and Amazon Corretto still exist. We can't even imagine the state of these software today if Sun hadn't licensed them under GPL originally but used some other permissive license instead!
Java and MySQL were already out in the open as open source projects when Oracle acquired Sun though.
I don't know much about Android's history but if Dalvik was created exclusively by Google and they had no intention of open sourcing it fully... it'd be akin to a closed source Java app on top of the open source OpenJDK... which would be allowed.
I have a "weakly held strong opinion" on this subject. I think open source has been a disaster for the state of software for normal people. On the one hand exploited developers making peanuts or nothing for their hard work. On the other hand exploited users losing control of their devices and social networks.
The era when people paid an affordable fee for software they could use however they wanted was much better. But it got squeezed out by free software on the one side and serf-ware on the other.
The proof is in the pudding and the pudding is rotten.
Edit: then again maybe it's unfair of me to blame the decline in paid for software on open source.
I have been involved in open source projects with various structures and sustainability models. Open-core Enterprise software startups, unfunded or underfunded middleware/libraries and underfunded end-consumer software/apps. A real problem that I have with lots of open source is a mismatch between technical talent to produce software, an open ethos/philosophy (finding true believers in a much more open future), AND the most important often missing piece, a product mindset and willingness to do work that isn't just software dev. So many FOSS projects I have seen, with capable engineers spending years of their lives working on them, are lacking product management, a willingness to let users actually push the project in a direction that is more approachable to a mass audience, and the willingness to do the hard boring work of making software run everywhere. Lots of stuff falls into this general gripe, and a bunch of it isn't news to anyone. Lots of open source has shitty design/UX, every damn one of us that lives with desktop Linux knows exactly why it's not the year of the Linux desktop. The sleep function on the laptop I am writing this comment on doesn't work right (when booted into Linux), and every few months you have to find terminal wizardry to fix normal shit that should have a GUI config interface to un-fuck it, but "real software people don't touch their mouse unless they absolutely must". This comment got a bit off the rails, anyway, long live FOSS!
> The era when people paid an affordable fee for software they could use however they wanted was much better. But it got squeezed out by free software on the one side and serf-ware on the other.
Charging for free and open-source software is not only possible, but encouraged Stallman himself.
Yes but how do you build a consumer software business on top of a licensing scheme that legally allows anyone to share their copy of the software with anyone else, and allows other businesses to resell your software at half the price?
I charge for copies of free software I wrote, an AGPLv3+ desktop application, and earn about $2k MRR from it. Most people don't care about your choice of license, they just want software that conveniently solves their problem(s). If they want to share it, that's fine. They're giving it to people who wouldn't have bought it anyway. If those grantees ever want an official copy, with updates and support, they come back to me.
You see the same effect mirrored in illicit distribution of copyrighted works. Sharing movies increases box office revenue. Sharing albums increases music sales.
The people who get a copy for no charge weren't going to buy a copy in the first place. When you expose them to the product, some percent go on to become fans, advertising the work, and perhaps giving money to support it.
Read through my past comments from last year to find more info.
Yes but notice how all of those are B2B? I was responding in the context of B2C, on one hand we know that people are willing to pay for convenience - Steam has largely beaten piracy by simply offering a better service.
But that wouldn't hold up if games were released under a FOSS license. There would be nothing stopping me (maybe trademark law? I'm sure there are workarounds) from setting up "SteamForFree", rehosting every game with the same user experience as Steam, and offering access for a small monthly fee to cover hosting costs and make a tidy profit.
I'd like to offer source code, allow modifications for personal use, while prohibiting redistribution and certain types of commercial use (e.g. companies over $x million in revenue). That's a pretty fundamental mismatch between what I feel comfortable with in order to protect my income and what FOSS licenses allow.
I do think though that disallowing "certain types of commercial use" is a poison pill that would prevent your project from getting any significant adoption.
I think a better option would be something like GPL but with the "you can redistribute copies of this to anyone you like without paying me" part stripped out. (Maybe replaced with a provision that allows transferring your license to someone else, but then you're not allowed to use it afterwards.) The goal being to protect consumer freedom to exercise ownership rights over their software (including the ability to modify it) without simultaneously trying to abolish the copyright system and killing your own funding mechanism in the process.
Charging for open source software is possible but improbable, and I respectfully say it is naive to think otherwise.
Every open source product that takes in real money sells services and support, or they sell closed "premium" features. Oh, and the third bucket, philanthropy.
the people saying gpl cannot sell software is always bsd users, who always work for some company contracting with Boz allen Hamilton and such. It's never an honest opinion.
Of course, Stallman strongly eschews the ambiguity and misdirection inherent in the phrase open source, and in this particular instance the considered use of 'free' or 'freedom' is precisely what we're now all upset about the impending loss of.
GPL doesn't help you one bit in this particular situation, because "regular users" would still be using the locked-down stock Android that came with their device. So they still can't install your app.
Anyone who is already running a rooted Android or otherwise customized OS isn't affected by this, only developers who want to distribute their app to users.
Many Android devices are unlockable, you can run your own software, and yet we still have a problem. This problem exists irrespective of what you can technically do with the hardware due to the vote by corporations to favour device "security" over user freedom. A phone is useless to most people without the apps they depend on.
Google is the modern Microsoft spiritual successor to Embrace, Extend, Extinguish. Look at all the people who use gmail, youtube, etc all from a web app that Google wholly controls.
"Restrictive Freedom" as you call it, is simply freedom.
Freedom cannot exist without discernment.
If you have a free and open society but allow Nazis, because you allow everyone, how long will you be free? Not long. The Nazis will use their freedom to take everyone else's.
Freedom demands a simple rule. We accept everyone who accepts everyone.
Fundamentally, GPL shares this rule. That is the point of it. Our labor, when shared, should be shared just the same when used.
"Tolerate" might be a better word to use for their analogy. I can hate you and all you stand for, but I can still tolerate you. Meaning, I let you be and don't try to curtail your actions according to my personal beliefs.
Nah. The error is the royal "we". We tolerate <subjective judgement>, We enforce <subjective judgement>. And above all, We require everyone to be nice and cultured.
The actual power-wielder who regulates these things is a government (or rather its justice system), a warlord, nowadays maybe an AGI, but definitely not society and not "We, users of orange social media". These mechanisms work for thousands of years, paradoxes gonna paradox.
What you quoted is just the person restating the paradox of tolerance. It's totally nonsensical once you get past "one-dimensonal evil" cases (or perhaps cases like software, a category is more narrowly and cleanly delineated).
He's right that freedom requires restriction. The problem with the paradox of tolerance is that it masquerades as a meaningful principle while leaving the actual restrictions unnamed.
P.S. it also is worth noting that, to the extent that the GPL works, it's precisely because it doesn't rely on vague principles. It's specific about what's restricted, when, and how.
I don't think the Paradox of Tolerance intends to be a principle. It is a statement of the problem, for which principles could be proposed.
If there is anything prescriptive to it, it's the implication that no principles will ever suffice. In which case you need to find a way to reframe the problem.
Yeah, this is pretty much the rationale behind the Paradox of Tolerance, which you alluded to. Just as a tolerant society cannot tolerate intolerance without eventually just becoming intolerant, this clearly demonstrates that the same is true for Free Software. If we tolerate the use of Free Software for the use of the non-free software, eventually one loses the freedom in Free Software.
It's of course not a perfect analogy since the original Free Software still exists, but since in practice the dependency was from free towards non-free, like in this instance, it still works. Google and its anti-freedom practices are still in effective control of the Android ecosystem even though it's still technically free by way of AOSP.
And just as how some people argue that intolerance of the intolerant by a tolerant society is bad, so do some people argue that things like the GPL is bad because it prevents downstream modifications etc. going from free to non-free. Maybe this will help re-evaluate the culture around this stuff.
I think a better critique is that these cold-war political basis vectors don't adequately describe today's political landscape (and neither do the revolution-era idea of the left wing vs the right wing; arguably they didn't back in 1950 either).
Best example of how the communist/fascist/liberal democracy triad completely falls is looking at China, which has facets of all three and none at the same time.
This makes it difficult nigh on impossible to have a real political discussion, as they fail to amount to more than connotative terms to be applied to outgroups, and do not map to political reality in any meaningful sense. Anyone can turn into the fuzzy outline of a nazi if you squint really hard.
Nuances needed to make any sort of sense of 21st century politics, especially its newer entries, are the tensions between cosmopolitarianism vs communitarianism and technocracy vs populism.
The problem with using such an outdated political map is that many of our contemporary problems are missing from it, and go unresolved until enough frustration builds that there is an ill-conceived popular upheaval that forces the issue. Rather than addressing the technocratic European Union's lack of accountability to its citizens, we get Brexit instead, which could likely have been avoided if the political map wasn't so out of touch.
American politics at this point is practically defined by being afraid of the other group. The groups themselves have little cohesion, and contain bitter rivals, but they trust each other more than their hated enemies.
Which becomes self-reinforcing: attempting to save yourself is perceived by the other as oppression.
I don't mean to simply blame all sides here. Facts on the ground do exist.I think I can justify how some players are worse than others, and that there might be a way out of the vicious cycle when some individuals say "no, that assertion no longer seems reasonable."
But given that it's gotten monotonically worse for decades, I don't see that happening any time soon.
Yes. And society with good education has fewer stupid people. You don’t stop “bad” ideologies by outlawing them, you stop them by arguing for a free society and education.
American education isn't great, but it's not radically worse than many other rich nations. The difference doesn't seem sufficient to justify the extreme separation of ideologies. (That is, I'm not arguing in favor of one or the other, but the level of hatred between the two implies that at least one is wildly off base.)
“Never believe that anti-Semites are completely unaware of the absurdity of their replies. They know that their remarks are frivolous, open to challenge. But they are amusing themselves, for it is their adversary who is obliged to use words responsibly, since he believes in words. The anti-Semites have the right to play. They even like to play with discourse for, by giving ridiculous reasons, they discredit the seriousness of their interlocutors. They delight in acting in bad faith, since they seek not to persuade by sound argument but to intimidate and disconcert. If you press them too closely, they will abruptly fall silent, loftily indicating by some phrase that the time for argument is past.” - Jean-Paul Sartre
It's not about outlawing them, it's about not giving them a platform allowing them to rise, like the current major media platforms are doing right now. Social media should be held responsible of the content they publish.
You are arguing as if the two sides are acting in good faith. Authoritarianism almost always isn't. Greed and corruption is is inherently tipping the scales unfairly against the fair system to be imbalanced against the good actor.
You can see it again and again in the success of voter suppression acts and the deceitful tactics played by authoritarians.
Arguments only work when both actors respect good arguments.
Im a millennial dev which happens to have a Gen Z brother who also chose this profession.
Seeing him walk my steps 15 years later has been eye opening for the brutal cultural change.
They’re socially conditioned to assume that anything free is a scam or illegal, that every tool is associated with a corporation, and that learning itself is going through certain hoops (by the uni, the certificator or whatever) so that you get permission to earn money a certain way.
As more doors get closed, I fear this process will solidify.
> They’re socially conditioned to assume that anything free is a scam or illegal, that every tool is associated with a corporation, and that learning itself is going through certain hoops (by the uni, the certificator or whatever) so that you get permission to earn money a certain way.
To be fair, there are also legit reason for why it evolved this way. It's mainly for quality and reliability. There is so much crappy sloppy work from unqualified workers, and it used to be even worse.. The easy available free knowledge really helped to rise the standard even for people without proper education in an area.
I don't fully agree with that, IMO it's a multifaceted problem.
There's the obvious fact that tech has become the new path to high salaries, and culture changes when people are pursuing the money rather than the trade.
There's the centralisation and capture of resources - app stores in mobile, message boards moving to reddit then being astroturfed, hardware closing to repairs for water resistance/ form factor reasons...
There's also the death of piracy limiting access to resources. Apps, courses and books were files pirated massively, online services kinda stopped that.
I don't think free/open source resources failed to catch up in quality, but I do think they failed to soften friction and remove the barrier of access. Consider mastodon vs twitter, creating a website vs a facebook page, sideloading an app vs app stores, reading a manual vs an influencer course.
> I don't fully agree with that, IMO it's a multifaceted problem.
It always is.
> There's the obvious fact that tech has become the new path to high salaries, and culture changes when people are pursuing the money rather than the trade.
There is nothing new about this. Education and skills have always been a path to salaries. Even a thousand years ago, craftsman and artisans had a better career than any random farmer. And with education, there is will always follow standardization and certification at some point, because where money flows, scam grows, and societies have to protect their interests.
This is all nothing new, or harmful by itself. The problem is that all those legit interests, can also be too overprotective or even abused for someone's greed. It's always a balanced battle between legit interests and someone's greed. But many countries seem far to much leaning to the greedy and abusive side at the moment.
> There's also the death of piracy limiting access to resources. Apps, courses and books were files pirated massively, online services kinda stopped that.
Piracy is not dead. It's always been a battle of life and death of individual sources.
They're right. Embrace, Extend, Extinguish and Enshittification have been the core experiences of digital life with corporations in charge of platforms.
My hope is that LLMs will help open source developers provide reasonable alternatives to the gatekeeping and spyware that corporations are now making their bread and butter. Example: Recent tried to use Unity LTS for a small project - the software is a joke now, basic functionality is broken out of the box. A couple of hours with an LLM and I had all the features I needed using a more lightweight library, monogame. Not an operating system, but I'm hoping the pattern will continue as LLMs get more proficient at code - the moat of "this is hard and laborious to do" will be drained.
An issue is that it’s not only the corpos, there’s also an increase of individuality that has become the norm.
For example, try to learn from an online resource and you’ll see that the most popular sources (YouTubers, twitchers, etc) are all preparing a rug pull to a non free resource, slipping undisclosed ads as content or straight up selling snake oil.
I grew up assuming that a random guy on the internet had always genuine intentions, even those who were assholes. Now the default is either a paid account, a bot, or someone trying to grind for personal gain. Everything’s adversarial.
Yeah, I don't understand why people put up with Apple for this. I would love to write small personal apps for my iPhone. But, I don't want to use a mac, I don't want to pay a fee every year and I don't want to use the apple store (yes there are convoluted work-rounds for the last one).
Ironically, somewhere around 2014, Google was doing the exact same style "keep Android open" campaign, recruiting developers around the world - including me, to help lobby for keeping Android "open" and tell the horror stories of issues that random OEMs caused by forking Android, breaking compatibility and security.
Made sense to me at the time and they were really into "Android should be open source" vibe, so I supported it.
10 years later, I'm also rugpulled. Their vision has dramatically shifted into trying to build a walled garden on top of Android, but now they are haunted by their open source roots, and the walled garden is just a really tall pile of bricks laid around it.
So many times we've been promised things, only for them to be delivered in a half-baked state with half of the parts open source while other parts were closed only to Google and Google approved apps.
So many times the issue trackers for different parts of the platform ecosystem have changed, that some issues are impossible to debug without using web archive.
And just as many times, they have been closed, ignored for years or unnoticed, being ping-ponged among team members until they forget about it.
Yet, even with all of the closed and privatized parts of the ecosystem, they are still not able to deliver on an ecosystem promise.
They control my email, my photos, my cloud, my browser, my phone - yet cannot keep a single thing properly in sync. Still, I download something and I do not know where it went. Still, I cannot Airdrop things without a 3rd party service. Still, I take a photo only for it to appear on the cloud 5 minutes later. Still, I cannot have a "sandbox" account for testing that just works, but have to juggle multiple accounts, causing their auth system to break 80% of the time when testing.
As a developer, I do not plan to support Android anymore. I recently got an iPhone, and am now fully switching to it. Even tho I am long on $GOOG stock, because the money printer go brrr, I will be spending that money in the Apple's ecosystem from now on.
Apple pisses off many HN users who then swear to switch to Android, Google pisses off many HN users who then swear to switch to an iPhone – so for both companies, in effect, nothing changes.
Aside from that, the masses don't care or know about any of this. A couple of HN users don't make a dent in the revenue of any large company. What we can do is work on alternative ecosystems or at least support the small companies and organizations who do with our wallets.
> 10 years later, I'm also rugpulled. Their vision has dramatically shifted into trying to build a walled garden on top of Android
Abrupt abandoning of their Nexus line for overpriced Pixel hardware was the watershed moment. The exact moment when their executives decided to ride free on open source labor.
> Still, I cannot Airdrop things without a 3rd party service
Well, it hardly works between Apple devices themselves to begin with (sending a bunch of pictures over to a 4 years old iphone works like 1 times out of 10 trial..). At least I can use regular old Bluetooth to send stuff to any kind of device from Android without the cruel gatekeeping of only Apple devices.
So yeah, both platforms have their own ways they suck in.
I can see why they add the fee, but they would both garner so much goodwill by giving free accounts if the app you publish is open source. I don't think it would be that hard to automate by requiring a GitHub link.
Those days are over. Being evil means there is no goodwill to begin with unless you can exploit it financially wise. Google stopped being not evil, they specifically deleted it from the code of conduct.
Ofc, being evil is subjective. But also this is the first excuse of evil players!
See I was similar but the big difference back then was a random little 99c app on iOS would make you several thousand dollars a month, so the $100/year fee was nothing for a long time. It was only after around 2012 that things changed.
On Google Play I never, ever had any app be anything close to as successful as on iOS. I think I probably made less than 1/100th the amount I did on iOS back in the day.
I don’t know what it was like back then but in today’s world you do not need to pay Apple any fees if all you’re doing is writing software in Xcode and deploy it to your own device. You do need a developer account, the free version of one, but you only need to pay the fee if you’re going to publish on the App Store.
Free provisioning: If you do not pay the developer fee an app installed via Xcode will work for 7 days. Afterwards the app on your phone will *stop working*, and you must open Xcode on your Mac again, and push a new build to your phone if you want to keep using it.
Paid provisioning: If you have paid the developer fee, a build will expire based on the amount of time left before that payment renews, so if you build and install an app a month before your developer fee renews, that build of the app (that you installed via Xcode) will stop working in 1 month.
I've been doing it that way for years on the free account, never seemed like a bother to me. I usually have a tweak I want to make to the code anyway. But I suppose some might find it inconvenient.
In any case, to say you can't put your own apps on your phone without paying a fee is incorrect, which is the comment I was responding to.
I’ve never considered or tried anything other than using a Mac, so I don’t know. But I was responding to a comment about a different matter, the fees for a developer account.
The Mac requirement was a pain for game developers using Unity/UE primarily on Windows, and wanting to target iOS. (Back when mobile games seemed like they could be an exciting new thing, before predatory F2P enshittification killed that market...)
100$ a year for a dev in Sweden - that's like money you wouldn't notice if it got lost in your pockets - and I am sure it cuts down on spammers and covers administrative cost.
I have no problem with a store having a small admission fee - that's perfectly reasonable and they do have operational costs. It would be nice if they had some way to waive the fee for popular OSS to garner some god will with the devs.
Taking a 30% cut of revenue on the other hand ... both platforms are guilty of this
> 100$ a year for a dev in Sweden - that's like money you wouldn't notice if it got lost in your pockets
For someone who is making money from it, sure, but that's exactly who this isn't about. The way they get screwed is by the 30%.
A fixed fee -- in any amount -- is screwing the people who aren't in it for the money. Because to begin with, it's not just the fee, it's the bureaucracy that comes with the fee.
You're a kid and you want to make your first app, but you don't have a credit card.
You live in a poor country and maybe the amount you can lose without noticing when you're rich isn't the same there. Or even if you can get the money, you may not have a first world bank account and the conglomerate isn't set up to take the local currency.
You're a desktop developer and you're willing to make a simple mobile app and give it away for free as long as it's not a bother. The money is nothing but the paperwork is a bother so you don't do it, and now the million people who would have used that app don't have it and have to suffer the spam-laden trash alternative from someone who is only in it for the money.
And suppose the amount is as trivial as you propose. Then why does a multi-trillion dollar conglomerate need that pittance from a million ordinary people?
>And suppose the amount is as trivial as you propose. Then why does a multi-trillion dollar conglomerate need that pittance from a million ordinary people?
Reminds me how in the 1970s and 1980s there used to be these ads in the back of magazines in which a person who supposedly became a millionaire sold pamphlets for $5 telling his secrets to success. The obvious question was why such a successful person would need $5 from poor people (unless that was one of his secrets to success, I suppose).
You bring up several important issues and I agree with you 100%.
A lot of good application/utilities in the past were from engineers who needed the tools themselves, developed them, and then released it open source.
But I can also see the clutter argument. Windows app store has been and still is a nightmare to use.
It feels like we had a good system, but then lost it. I have no idea what it takes to get it back.
> Then why does a multi-trillion dollar conglomerate need that pittance from a million ordinary people?
Because the store gets spammed by million of bot applications ? Having a small fee for store review is probably a decent noise floor.
You can still develop apps on your devices without a dev license - the week long cert is annoying, they probably want to avoid people side-loading via this mechanism (which I am against FWIW).
But you can develop on your devices without paying 100$/year
Okay, just so we're all on the same page: that 100 dollar fee IS NOT for publishing your app. That's not what that is. That's a separate thing with its own costs.
That 100 dollars is just the fee to even make an app. Even if your iPhone never has an Internet connection. And even if you literally load the app via USB to your iPhone only.
It's just extortion. It cannot be justified. Apple does it because they can - there are zero technical reasons behind it.
> That 100 dollars is just the fee to even make an app. Even if your iPhone never has an Internet connection. And even if you literally load the app via USB to your iPhone only.
This is incorrect.
You make it sound like you cannot even get started unless you pay a $100 fee. You do not need to pay Apple any fees to make an app and put it on your own device. You have to pay the fee once you want to distribute it on the App Store.
We are not talking about software distribution or admitting it to a store, we're talking about executing something on your own device, a device that you purchased.
Yes that is annoying - I hate Apple anti side loading stance. But that still doesn't make 100$ fee to apply for distribution/integration with their ecosystem unreasonable.
Are you even reading the comments you are replying to, or ?
You need to pay $100 to execute code on a device that you own. Without a 7 day time limit. And only if you have the technical expertise to do so. This is not a fee for distribution/integration. This is feudal rent.
Are you reading what I am saying ? 100$ for distribution access on the store is reasonable. Side-loading prevention is shit. Both can be true at the same time.
Yes, a world where you can sideload an app on an iOS device, without time limits, but you have still pay $100 to put it on the app store, is a much less shittier world, indeed.
I would call it "free developer experience" (using ADB), not "free sideloading".
If you want to send your app to a friend to download and install it directly on their phone (without using a computer with ADB), you need to be Google-approved and register your app first.
I think you could use adb over tcp from a chroot in the phone itself? But that doesn't really make it easier from their standpoint, and this is just a step towards full lockdown which is coming.
1) Oh yes of course, here friend you just need a PC and the command line tools (unless soon you'll need to be a registered and VERIFIED developer) to install revanced or any open source app
2) Unless they decide to ban you (they can if you don't show any activity in the developer account for X months) and of course because you were verified you can't simply apply again and pay again, because you were banned!!!!
Before buying a smartphone I tried to find an inexpensive model that supports open source OS, but I couldn't. What open OS support is ether expensive Pixels, or outdated models.
The solution, I think, would be a regulation that forbids manufacturers of any chip or device CPU from making obstacles to reprogramming the device (using fuses, digital signatures, encryption etc). So if you buy a device with CPU and writable memory, you should be able to load your own program and manufacturer may not use technical measures to stop you. The goal of regulation would be preventing of creating digital waste, vendor locks and allow reusing the hardware.
Of course, features like theft prevention won't work, so the user should be able to waive this right.
Looks like GrapheneOS will be available on another "major Android OEM” soon [1].
Regulation should prevent Google from subsidising manufacturers to use Android. Arguably the recent antitrust legislation [2] applies in this case because they're effectively paying manufacturers to place that horrendous and impossible to remove search bar on the home screen.
GrapheneOS is in some ways not an open OS. The official builds don't provide root access. So for example apps are able to hold your data hostage from you.
I get that this is in the name of security hardening. And you can make a build that has limited root access and is officially supported. But GrapheneOS isn't the end-all solution to computing freedom. Although hopefully on those devices you will be able to install custom OSes (root capable build of Graphene or otherwise).
Raw root access isn't what I'd want apps to have.. it's that the Android permission system deliberately limits what the user can consent to, the rest is for "system apps" and to install those you need to unlock bootloader and start the whole "journey" while saying goodbye to banking apps.
Implementing a more flexible permission model + sandbox would probably involve too much work for them.
Hopefully AVF might make things a little better if we'd be able to run Android VMs on Android - so you'd be able to run a rooted VM inside GrapheneOS.. but this depends on Google keeping Android open source, yet QPR1 was not released.
I agree that a powerful permission model is a great feature. But that doesn't obsolete the option to have the "root permission" that you can give when required. Sure, for my specific gripe a "full filesystem access" permission would be sufficient and better. But there are going to be other use cases that require other permissions. So it is always going to be useful to have that backup root permission that you can assign to very specific apps when required.
Not sure what exactly you mean with "open source OS" and if Lineage counts as one in your book: it supports quite a few cheap and also fairly recent Motorola phones, which are also easy to unlock:
For family, I just got a used Edge 30 Neo for ~100$ and put LineageOS on it, and it works like a charm. Phones like the Moto g84 go for even less and still can be bought new for a decent price.
Xiaomi would be even cheaper, but I would highly discourage getting one because the unlock process is plain ridiculous nowadays.
And as others have already noted, if you don't mind getting a phone that's a few years old, a used Pixel 5 is not expensive (still happily using a Pixel 4a and don't see why I would need to upgrade).
All the Fairphone Versions support e/OS/ as far as I know. I have the Fairphone 5 with the current e/OS/ version completely un-googled. But you also have the option to allow partial google-fication in e/OS/ so you don't miss out on most of the features and paid-apps you had.
This is the place where I think lawmakers needs to be involved. Bearing in mind that laws aren't engineering specs, being able to pay for things and use a bank are about as close to fundamental rights as anything is for participants in society. If you have to buy a second device to use Netflix, so be it, but we need laws that guarantee people can make digital payments without Apple or Google's permission.
There are societies today (I live in one) where some businesses are starting to accept payment only through a banking or payment app, no cash, no card, nothing else. And these apps will only function in the very narrow circumstances of "I bought a device which runs software from one of two American tech monopolies and follow all their frequently changing rules for using various software that's unrelated to the payment I need to make." This limitation is mostly in place due to the banks believing it will make things more secure. Security is important, but not important enough that you get to start denying innocent people the ability to make payments or exile them from the banking system because they had some kind of dispute with Apple or Google. Governments need to step in with access mandates here, otherwise this problem WILL come to a jurisdiction near you sooner or later.
The argument that this is actually a security benefit is a farce. It doesn't do anything. If the device is compromised then it's going to capture your password and send it to the attacker without attempting any attestation. So the only time the attestation is attempted is when the device isn't compromised.
Yes, if it was a measure of device security they would revoke attestation of devices that are behind on security updates. But no, a 5 year old device that never got security updates is A-OK according to Google but a completely up to date custom ROM is not.
It's clearly not about real security. It is about control. You follow the rules and get Google's blessing or no SafetyNet for you. These rules include things like ensuring that the user can't access their own data without the controlling app's permission.
Secure boot and OEM bootloader unlock should be able to work with images so you can lock a phone after the upgrade again.
I managed to get a US refubished Pixel 2 somehow with a fuselocked bootloader here in Ireland. I bought it second hand but I've no idea how it got that way. But I'm suck on the Pixel image and I wanted to use it for ROM testing etc.
This is outside of my area of expertise. I know there are i.e. banking apps that will disable themselves if you're running some unofficial 3rd party Android derivative like LineageOS. Are you saying those apps would work again if you perform some kind of secure boot locking procedure?
> If you have to buy a second device to use Netflix, so be it, but we need laws that guarantee people can make digital payments without Apple or Google's permission.
The reality is however that if you look at active current projects being able to use digital IDs to access fundamental freedoms like communication without child safety rails in Europe is going to require Apple or Google's permission because politicians like it that way.
You can think things should happen in a way all you like, but they are not going to, because governments have vested interests in the opposite direction.
Most DRM / banking apps work fine for me through the browser and you can add them to your home screen. Android / Samsung Pay will stop working, but if you have a Garmin watch, you can still pay with that.
But this is changing. Already in multiple countries(and soon possibly EU wide) there will be only play integrity(strong verdicts) to enforce availability of many services(if not using ios, which is the same locked in syndrome).
Yes some banks still allow classic clunky 2FA(sms, card readers, sometimes SIM generators) but it'll all eventually go away in favor of "locked and favored" os unless legislation fights against it.
Android and said manufacturers purposefully do everything in their power to make this as awful as possible.
For example, you can't relock the bootloader on any device except pixels. Why? No reason. Just fuck you, I guess.
That's a huge security hole that they're creating, intentionally.
What's going on is they are hoping that if you do use other software that you get malware or get scammed. They are literally, actually, undermining their own device's security just to send a message.
Even phones from Motorola require you to literally ask permission to unlock your bootloader via a form on their website, which they then unlock remotely or you enter some generated code.
Other manufacturers do the same, where you have to wait a period of like 45 days before being able to unlock, and then have to ask permission on their website to unlock your bootloader.
There are privilege escalation CVEs in bootloader code too. I remember unlocking some very early locked bootloaders this way in the early days of android.
I wouldn't want the bank to access my phone, so it doesn't matter that the app doesn't work, and in a weird case where you urgently need to transfer your money to scammers while not being at home, you can use bank's web app.
There are at least a couple of banks or credit card companies in the UK now that only offer mobile apps, as well as those now using push MFA with their apps for every large purchase. Recently I needed to install an app from the UK government to prove my identity via camera to renew my driving license, and that doesn't work in GrapheneOS either. I can do it in person (for now) but there is an extra fee.
All the banks I use, have a web app, although it can be somewhat limited, but I don't need any advanced functions anyway.
> as well as those now using push MFA with their apps for every large purchase.
Our banks use SMS OTP (not required for mobile app) for all operations - I assume otherwise the amount of fraud would be exorbitant.
> Recently I needed to install an app from the UK government to prove my identity via camera to renew my driving license, and that doesn't work in GrapheneOS either. I can do it in person (for now) but there is an extra fee.
Interesting that the government relies on a proprietary, foreign platform.
Not in markets without significant Huawei and Xiaomi presence. Local banks (Czech Republic) are not using integrity APIs to keep being usable for most clients.
Droidian[0] currently supports a relatively new Motorola phone[1]. A Snapdragon 8+ gen 1 device, so the performance isn't bad, and most features seem to work, including Waydroid. I've noticed incoming phone calls causing a glitch where the call can't be answered, but other than that, daily drivable. Just like a PinePhone, only more powerful. In my region it can be had for ~€250 brand new.
Did you check the stuff murena has on offer? Most if not all of their phones come with an unlockable bootloader and the OS they come with isn't that bad to start with either.
Does it? If it looks equivalent to "stock" Android but you can do what you want with is, including removing bloatware, then it's arguably more secure and thus a better alternative than most. It might not be the most secure but it's already a step.
Hmm... that looks like a pretty skewed comparison. It's as if somebody took the security features that make Graphene stand apart and compared everything else to them.
No contention that Graphene is safe, but categorizing other OSes as "pretty bad when it comes to security" because they don't copy Graphene is a bit of a stretch.
I'm going to echo the sibling comment that this comparison conveniently centers on GrapheneOS while conveniently ignoring anything they don't do; for example, a firewall using root is useful, but since they've decided user's can't be trusted with control of their devices that's right out.
Every few years or so we collectively rediscover that general computing devices should be general and repeat the same mistake every time new format is released. We're all a bunch of reactive losers and that will never change it seems.
> Before buying a smartphone I tried to find an inexpensive model that supports open source OS, but I couldn't. What open OS support is ether expensive Pixels, or outdated models.
You can buy a refurbished Pixel 5 for less than 200$. Great screen, great camera, 5G, the works. It's definitely not an "outdated" device, and it runs Graphene or Lineage with minimal hassle.
>The solution, I think, would be a regulation that forbids manufacturers of any chip or device CPU from making obstacles to reprogramming the device (using fuses, digital signatures, encryption etc).
Why would you make essential security features illegal? Do you want to fly on a plane where the flight control software was maybe overwritten?
>So if you buy a device with CPU and writable memory, you should be able to load your own program and manufacturer may not use technical measures to stop you.
The problem is Google and Apple locking down their Operating System, this is not a technical limitation on hardware.
> Do you want to fly on a plane where the flight control software was maybe overwritten?
I don't understand it. Whoever owns the place can replace any part of it, including computers. So being able to overwrite software doesn't change it. Furthermore, plane computers are not a consumer hardware.
You could make a better example with patched car software.
> The problem is Google and Apple locking down their Operating System, this is not a technical limitation on hardware.
The initial ROM bootloader contains hard-coded signature which prevents you from replacing Apple/Google software.
Security only works if you can control what software is trustworthy. If some software has been proven to be untrustworthy, it is worthwhile to prevent all software that the producer has ever made from working at scale. Adding some nominal process and fee to make it too expensive to create a lot of accounts prevents them from creating hundreds of alternative aliases. There is a lot of precedence for why this is a good idea and works. I think if there was another company involved with performing the audit which folks trusted it might now seem so scary.
Do you understand that you are advocating for a world in which two corporations are the sole determinator of the livelihood of all mobile software developers? A career in software development should not be at the complete mercy of Apple and Google, or I suppose if you had your way Microsoft for PC gatekeeping as well.
No matter how this turns out, I'm sure GrapheneOS will make a smart effort. https://grapheneos.org/
But long-term, Android is such a massive code base, and was designed more for surveillance and consumption, than for privacy&security and the user's interests.
I think getting mainline Linux on viable and sustainable on multiple hardware devices is warmer, fuzzier foundation. (Sort of a cross between Purism's work on the Librem 5, and PostmarketOS's work on trying to get mainline Linux viable on something else.)
> think getting mainline Linux on viable and sustainable on multiple hardware devices is warmer, fuzzier foundation.
You just have to somehow speedrun the decades of development that went into Android to make it decently run on mobile hardware.. never really understood this "throwing out the baby" direction - the UNIX userspace model simply doesn't work on mobile (I would wager it also doesn't work on desktop anymore), has no security (everything runs as your user which made sense when you ran some batch job on a terminal with multiple other users, but nowadays when a single user has as many processes as all the user had back then it effectively means no security between any of those programs), there is no real resource control, no lifecycles, so the device will burn scorching hot and have terrible battery life.
On Android (and iOS) apps were always living in a world with lifecycles so if they wanted to operate correctly, they had to become decent citizens (save state when asked, so they can be stopped and resumed at any moment). This also fits nicely with sandboxes and user permissions, etc.
So without developing an alternative user-space for "GNU-Linux", it's simply not competing with android in any form or shape.
And even if you do, now every GNU app has to somehow be ported to that userspace API (you can't just kill GIMP or whatever Linux process)
The closest I got to Linux mobile is GPD Pocket 4 with LTE and regular apps. Since I can get it to cap at 5 watts, it can give 9 hours of battery life. It does most things I care about, but it is just a mini laptop (which is good enough for me).
No, just take a look at how long and smooth does a pinephone run with "GNU Linux" vs stock android.
Android devs actually backported a bunch of work to the mainline kernel with regards to low-level energy management, but that's only one half of the story. The other is your phone stopping unused apps gracefully, and being able to go back to sleep regularly.
The vast majority which lives in android userspace. The customer compositor, input stack, wlan daemons, etc, are all tuned and optimized for power efficiency. Also, these days, there is a lot of hardware controlled directly by userspace - it's not just the GPU. And those hardware are generally important for offloading a lot of conpute and reducing wake ups. Things seem to only be trending further in this direction.
The problem is for developers. Abandoning Android for Linux is not viable for software developers who need to eat. Sure, we can use Linux smartphones ourselves, but if the software we make has a grand total of three people who ever lay eyes on it, that's less than ideal. And given how The Year of the Linux Desktop has gone, I think it'd be strongly preferable if we managed to stave off the tightening of control over Android rather than placing bets on the future Year of the Linux Smartphone.
The Year of the Linux Desktop is kind of happening. Not at the scale that the meme implies, but I've never seen anywhere near as much adoption of the Linux desktop as this year. The combination of Valve's efforts, more usage of Linux gaming handhelds, distributions like Bazzite that have strong selling points for Windows gamers, and Microsoft pissing everyone off with everything that is Windows 11, the Linux desktop has some legitimate momentum for once
Especially considering how much software these days on Windows are all Electron/Web. So is not a hard switch as it once was.
I switched from Windows to Linux it's been 2 years. One of the few things I missed on Windows, was the native WhatsApp app, as the Web WhatsApp it's horrible. Then a few months Meta killed the native app and made into a webview-app :)
It only takes one application to force you back to using Windows.
e.g. HellDivers 2 didn't work well until recently on Linux. If you are playing certain factions it is a very fast paced game and I would frequently experience slow downs on Linux.
So if I wanted to play HellDivers 2, I would have to reboot into Windows. Since running kernel 6.16 and updates to proton it now runs better.
And I can just take about any Linux distro, install it to about any computer and have an extremely nice device to work, play games, and handle almost any daily task with. I call that a huge success.
Yet, still 1/4th of the time my ThinkPad with Linux wakes with a Thunderbolt display connected it dies with a kernel panic deep in the code that handles DDC (no matter what kernel version).
And the latest gen finger print scanner only works between 10-50% of the time depending on the day, humidity, etc., no matter hof often you re-enroll a fingerprint, enroll a fingerprint multiple times, etc.
And the battery drains in 3-4 hours. Unless you let powertop enable all USB/Bluetooth autosuspend, etc. But then you have to write your own udev rules to disable autosuspend when connected to power, because otherwise there is a large wakeup latency when you use your Bluetooth trackball again after not touching it for one or two seconds.
And if you use GNOME (yes, I know use KDE or whatever), you have to use extensions to get system tray icons back. But since the last few releases some icons randomly don't work (e.g. Dropbox) when you click on it.
And there are connectivity issues with Bluetooth headphones all the time plus no effortless switching between devices. (Any larger video/audio meeting, you can always find the Linux user, because they will need five minutes to get working audio.)
As long as desktop/laptop Linux is still death by a thousand paper cuts, Linux on the desktop is not going to happen.
That is simply not true. I have tried to get so many people on Linux, just for it to fail when they try to do something simple, enough times in a row for them to want to go back to Windows.
I really wish it was seamless and good, but it just isn't (and frankly it's a bit embarrassing it isn't given desktop environments for GNU Linux have been in development for 20+ years).
I'm not saying it's seamless and good. I'm saying that I have had windows fail in similar or worse ways.
For example the laptop I had from my previous employer (a pretty beefy Dell) was failing to go to sleep, I had to unplug the charger and the HDMI cable on my desk each night, otherwise every second night it was keeping my monitor lit on the lock screen; when low on battery it clocked the CPU down so much that the whole system froze to a grinding stop not even the mouse pointer was moving, and even after putting it back on the charger it remained similarly unusable for a good 10 mins..
Like I have been using Linux since the Xorg config days when you could easily get a black screen if you misconfigured something, but at least those issues are deterministic and once you get to a working state, it usually stays there. Also, Linux has made very good progress in the last decade and it has hands down the best hardware support nowadays (makes sense given that the vast vast majority of servers run Linux, so hardware companies employ a bunch of kernel devs to make their hardware decently supported).
I had so many more issues running Windows over the years than Linux. BSODs were a common occurrence, and yearly fresh installs were a thing to keep my computer usable.
I moved to Mint almost 4 years ago at this point, running it on a now fairly old Dell G5 from 2019. Runs as smoothly as ever.
I had one problem during this 4 year run (botched update and OS wouldn't start). Logging to terminal and getting Timeshift to go back to before the update did the trick. Quick and painless. I could even run all the updates (just had to be careful to apply one of those after a reboot).
I have no idea what you are talking about. Maybe I am just very lucky with Linux.
It's the same in every discussion about OS vs OS. People who like one OS will claim that the other OS is full of problems, and vice versa. In some cases I guess people are just lucky/unlucky. Personally, I've been using both in parallel for about 15 years, and while I've never had any issues with Windows (no BSODs), Linux constantly gives me problems. But I'm a developer and much prefer to develop on Linux, so I stick with it.
Though I think that is not warranted with respect to my original comment. I have used Linux in some form or shape for 31 years now (jikes), I would love Linux to win, and I have used Linux on a wide variety of hardware (last few laptops have been ThinkPads).
I think desktop Linux will not improve until people start acknowledging the issues and work on it. It's the same as the claim that Linux is very secure (which Linux fans will often repeat), while it has virtually no layered security, and a fairly large part of the community is actively hostile towards such improvements (e.g. fully verified boot).
I think people tend to have double standards when it comes to Linux. People who run Linux generally choose to run Linux intentionally and are for that reason more willing to accept/overlook issues.
I have both Linux machines and Macs and Linux has always been objectively worse when it comes to driver and software issues. It's just has a large number of paper cuts.
I think people tend to have double standards when it comes to MacOS. People who run MacOS generally choose to run MacOS intentionally and are for that reason more willing to accept/overlook issues.
I use both Linux machines and Macs (at work) and Macs has always been objectively worse when it comes to usability ajd development. It's just has a large number of paper cuts.
The odds of having just about any Linux distro work "out of the box" without manual tweaking on just about any computer are still pretty low I'm afraid (by "work" I mean "support all of the functionality"). For instance, the laptop I'm writing this on connects without problems to a Bluetooth mouse, but won't for the life of me work with my Bluetooth headphones.
> The odds of having just about any Linux distro work "out of the box" without manual tweaking on just about any computer
Well, show me that magic OS that works on "just about any computer", because I am sure Windows ain't that. OSX only works on their select devices, and Windows have its own way of sucking. Let's be honest, there are shitty hardware out there and nothing will work decently on top. People just try to save these by putting Linux on top and then the software gets the blame.
It really isn't. This is a temporary sugar rush that comes after pretty much every time Microsoft does something awful. After a while the buzz will fizz out and the majority of those PC gamers that looked to switching go back to Windows.
IME a lot developers don't even use Linux on their desktop machine. I've met three developers that use Linux professional IRL. A lot of devs have a hard time even using git bash on Windows.
I am always called up by people at work because I am "the Linux guy" when they have a problem with Linux or Bash.
Sure, there are a lot of people that use Linux indirectly e.g. deploy to a Linux box, use Docker or a VM. But if someone isn't running Windows, 9 times out of 10 they are running a Mac.
More generally the thing that has paid the bills for me is always these huge proprietary tech stacks I've had to deal with. Whether it be Microsoft's old ASP.NET tech stack with SQL Server, AWS, Azure, GCP, what pays the bills is proprietary shite. I hate working with this stuff, but that what you gotta to pay the bills.
I mean, this strongly has to depend on what kind of software you are developing.
I don't know a single developer who primarily uses Windows.
Literally everyone around me uses Linux for development work (and a large portion of them also use Linux for their personal machines).
Of course. However if a developer isn't using Windows typically they are using a Mac.
In corpo-world. Everyone is using Windows. If they are using Linux it would be through a VM or WSL. I guarantee none of those people are using Linux at home.
So for every developer you know that is using Linux, there are many more people using Windows supplied to by their IT department.
> This is a temporary sugar rush that comes after pretty much every time Microsoft does something awful.
I think what it fundamentally comes down to is that for consumer-oriented Linux to see widespread adoption, it needs to succeed on its own merits. Right now, and since forever, Linux exists in a space for the majority of consumers who consider it where they think "I might use it, because at least it's not the other guy". A real contender would instead make the general public think "I'll use this because it's genuinely great and a pleasure to experience in its own right". And that's why I have absolutely zero faith in Linux becoming a viable smartphone ecosystem. If it were truly viable, it would have been built out already regardless of what Android was doing. "Sheltering Android refugees" is not a sustainable path to growth any more than "sheltering Windows refugees" is.
I agree, with a caveat. The vast number of consumers don't even know Linux/BSD or any the alternatives exist.
I have zero faith in a Linux smartphone. What will happen is that there will be some GNU/FSF thing with specs that are 15 years out date and you will have to install Linux via a serial console using Trisquel and the only applications available will the Mahjong (yes I am being hypobolic).
Clearly hyperbole! We'll also have TuxPaint, SuperTuxKart (CPU rendering only, because the toolchain doesn't support Android's HAL), and a couple of (long-abandoned) LibreOffice forks that crudely adapt different subsets of the interface for a touch device.
Unfortunately in the past people have taken obvious hyperbole literally.
I realised a few years ago when one of my friends didn't know what the browser was on her phone, that any notion of people caring about the OS outside of branding is pretty much non-existent.
I know it's been tried before (eg by Mozilla), but perhaps now the time is right for a web apps-only OS.
Many developers would need some help to get offline functionality and updates right though.. And it would be really nice if these apps didn't require parsing megabytes of JavaScript libraries on startup.
so the thing is, as an Android dev if I get embedded linux experience then I have lateral career movement to the peripherals that I'm usually writing apps for. While the intersection of app developers to embedded linux developers is probably very small, there is a smidge of incentive there, and that can be a powerful thing for the community: a lot of the pain points on linux phones feel hardware oriented (I complain loudly about the pinephone battery elsewhere in this thread).
another tailwind might be in the gaming scene. I have the general sense that SteamOS has been an interesting gateway for technically-minded folks to be impressed by this Linux thing. A similar model for mobile phones might be a tailwind (like a SteamOS for ARM?) The reason why that's perfect is because it undermines the Google monopoly and creates an app ecosystem that people will absolutely flock to, at least for games ($$).
Some people don't care and build on top of Linux anyway. This lockdown will accelerate this. At some point a critical mass will eventually be reached, perhaps with the assistance of some corporate entity or organization of some sort that pushes it over the edge. Then there will be a real open competitor. Will take some time though.
I'd rather like to see AOSP development spun off to a separate non-profit entity. Either by Google doing it or by a hard fork (which will need a lot of funding). Traditional Linux misses the polish and especially the security layering to be a good phone OS. Better to start from an already good base that works.
The Chinese will eventually find it easier to sell their Chinese ecosystem devices to the world instead of catering to Google and American three-letter agencies.
Waydroid does surprisingly well at running Android apps on Linux.
Sure some apps won't work for whatever reason & HN commenters will have incredibly scathing things to say about that, but I bet there's a lot of folks who'd be cool with missing an app here or there.
It sucks to be losing Android, but IMO it's an ecosystem in free-fall. Bootloaders are locked more and more, there's literally zero AOSP hardware buyable now, and the roms scene has diminished not grown over time.
I totally think theres a Steam Deck moment waiting around a corner, where what seemed impossible a year ago shows up and is dead obvious & direct, and we all wonder why there were so many doubts before.
> Right, but that's a choice from manufacturers, not a requirement of building a mobile platform.
IMO, I think Microsoft gave up on running Android apps on Windows because they read the writing on the wall: Google will use Play Integrity/Protect to ensure Android apps only run on Google-approved devices/operating systems and nothing else.
I think this is the ultimate fate for Waydroid, as well.
The hope is lost for Android, there is no moving forward with google antagonizing its foss roots. Libre phone it is. We have to forcibly remove the bandage.
I wish you were wrong, but I don't disagree with assessment. I am on grapheneos ( edit: on pixel ) now, but even that should only be a pitstop now since google has decided to show its hand in such a nasty ( if not that unexpected ) manner.
Everyone is quick to ascribe malice without understanding why changes are made. It's never done for the reasons you think. Without a formal relationship between Graphene and Pixel, things were operating out of luck. This is why the next target hardware is starting with a business relationship. Even desktop Linux is most successful when business relationship between a vendor and the distro maker. Everything else is ripe for random breakage in support.
I believe it's similar to kernel modules in that they can either be compiled into the kernel or distributed separately. Graphene probably just distributes it as part of the system images. This just means rollouts are coupled. Apex doesn't imply closed source, only that there is a stable surface that allows more modular updates.
> Android was designed more for surveillance and consumption, than for privacy&security and the user's interests
I disagree. The Android security model is better than the Linux one. I am very happy with GrapheneOS, I don't have much to complain about.
The problem is that Google sucks and nobody enforces antitrust laws. But it's not just Google: how many Android manufacturers don't suck, really? Do they contribute to AOSP at all? Probably not. Do they build reasonable devices that could run something like GrapheneOS? Nope. Just relocking the bootloader is often a problem.
(2018) makes me more than a bit sad. I have a OnePlus 6, and it was ok with the software I tried out ~3 years ago, and basically fast enough. But it's soul crushing how running mainline Linux is just so impossible for consumer mobile chips.
It felt at the time like there was positive progress, more bits getting mainlined at a trickle but at least steady trickle rate. But it feels dark now. At least the GPU drivers everywhere have been getting much better, but I get the impression Qualcomm couldn't even ship a desktop/laptop after years of delay, is barely getting that in order now. It feels impossible to hope for the mobile chips anywhere to find religion & get even basic drivers mainlined.
> Android is such a massive code base, and was designed more for surveillance and consumption
I disagree. I have been using de-googled / de-spywared Android for a decade now and I really love it. Once you remove google mobile services and rely on open source applications Android feels really good.
Also its questionable if projects such as purism or even the pinephone will ever offer such good security and privacy as a de-googled Pixel with GrapheneOS will.
It's a different approach to security. There are no malicious apps in GNU/Linux repositories. (And yes, Linux security should be improved; I run Qubes on desktop)
That's like saying using a hole in a wall is a different approach to security than putting a lockable door in a wall. Sure no security is s different approach to security, but it's not an effective one.
>There are no malicious apps in GNU/Linux repositories
Maybe not intentionally malicous, but there have been bugs that can cause applications to act maliciously such as deleting users files. If an application gets exploited it could also do malicous things. Just because you trust the author of a program, that doesn't mean that sanboxing is pointless. Additionally programs like the terminal are a free for the user to run things like curl | sh which can run malware infecting the system and run wild since there is no security to stop it from doing almost anything.
>Purism
The wiki page pretty much says that they don't have privacy or security and don't have the resources to implement such features unlike Google or Apple. They also make some claims to try and pretend their platform is secure and private in order to help sell the Librem 5, a product they made with inferior privacy and security compared to Android.
In the past, they forced Steam to implement proper refund policies, and they are currently suing Microsoft about the way subscribers were duped into paying more for "AI features" they didn't want.
Tell them to lodge a designated complaint to the Australian Competition & Consumer Commission (ACCC).
ACCC complaints are designed for individual grievances while a designated complaint from a designated complainer is supposed to address "significant or systemic market issues that affect consumers in Australia".
If, and I do mean if, government is a solution here, its only role is to ensure that app use cannot be required for service ( and we can argue over what services can stay app-only ).
Android has not been really open for a long time now.
- Many APIs have been moved to Google Play Services (which is not open source), and many apps have come to rely on them. You can emulate it partially but not fully, see second point below.
- Some features like device attestation / SafetyNet fail on non-"official" devices, for example many banking or government ID apps refuse to work on open source os like GrapheneOS
Oh, the irony. I still remember how in the early days of Android vs iOS discussions, the main point was "but it's OPEN!". The word "open" was used as a comma by Google people. It was The Thing. The Difference. Good vs Evil and all that.
It looks like eventually any company will start squeezing customers for what they are worth.
But only once the company is powerful enough. We don't call Google a monopoly, because there is Apple, but taken together they certainly behave as one. Both create expectations, create expected momentum in a certain direction, people build (companies, lives) on those assumptions and boom, you can't get out and now the company changes the deal.
Is it just our assumptions that get us in trouble? Or do we need to do more?
I'm not sure how to regulate this, other than to stimulate open source, as the "for the people by the people" solution. But also that will just lead to poor expensive solutions (the market created some nice FOSS though). So the law it should be... And we're back to the problem of lobbying...
Perhaps there should be contracts: Google advertises Android as open: They should sign a contract: For how long will Android be open? Define "Open". The contract can be enforced. Or perhaps we, the people, sue now, for false advertising, although that will just make them flex their legal and lobbying muscles... And they didn't sign any contracts.
I regret having wasted a good part of my career supporting Google with the Android enterprise. They had some very good (technically and intentionally) people there, but it all got thoroughly corrupted.
With hindsight the only thing that kept them remotely honest was the Andy Rubin vs Sundar Pichai turf war, which at the time manifested as Android vs Chrome. Once that had a decided winner it was a recipe for serious trouble.
The only viable way forward for an open mobile OS is to fork Android as is. This is the only way to carry over anything resembling existing app support or all the work that goes into making a mobile OS actually work up to the level users expect. i.e. cameras through to hardware media CODECs and total system stability.
While I understand the reasons behind this campaign, I have mixed feelings about it.
As an iPhone user, I find it frustrating that deploying my own app on my own device requires either reinstalling it every 7 days or paying $100 annually. Android doesn't have this limitation, which makes it simpler and more convenient for personal use.
However, when it comes to publishing apps to the store, I take a different view. In my opinion, stricter oversight is beneficial. To draw an analogy: NPM registry has experienced several supply chain attacks because anyone can easily publish a library. The Maven Central registry for Java libraries, by contrast, requires developers to own the DNS domain used as a namespace for their library. This additional requirement, along with a few extra security checks, has been largely effective in preventing—or at least significantly reducing—the supply chain attacks seen in the NPM ecosystem.
Given the growing threat of such attacks, we need to find ways to mitigate them. I hope that Google's new approach is motivated by security concerns rather than purely economic reasons.
Android already has this strict oversight, in theory, in the form of the Play Store. And yet.
Personally I feel much more safe and secure downloading a random app from F-Droid, than I do from Google, whose supposed watchful eyes have allowed genuine malware to be distributed unimpeded.
I don't understand how you can have mixed feelings about this.
> However, when it comes to publishing apps to the store,
This isn't about publishing apps to the Play Store. If that's all this was about, we wouldn't give a shit. The problem is that this applies to all stores, including third party stores like F-Droid, and any app that is installed independently of a store (as an apk file).
> Given the growing threat of such attacks, we need to find ways to mitigate them.
How about the growing threat of right-wing authoritarian control? How do we mitigate that when the only "free" platform is deciding the only way anybody can install any app on their phone is if that app's developer is officially and explicitly allowed by Google?
Hell, how long until those anti-porn groups turn their gaze from video games and Steam onto apps, then pressure MasterCard/Visa and in turn Google to revoke privileges from developers who make any app/game that's too "obscene" (according to completely arbitrary standards)?
There's such a massive tail of consequences that will follow and people are just "well, it's fine if it's about security". No. It's not. This is about arbitrary groups with whatever arbitrary bullshit ideology they might have being able to determine what apps are allowed to be made and installed on your phone. It's not fucking okay.
My elderly father unknowingly installed an application on Android after seeing a deceptive ad. An advertising message disguised as an operating system pop-up convinced him that his Android phone's storage was almost full. When he tapped the pop-up, and followed instructions he installed a fake cleaner app from the Play Store. While the app caused no actual harm, it displayed notifications every other day urging him to clean his phone using the same app. When he opened it, the app — which did nothing except display a fake graph simulating almost full storage — pressured him to purchase the PRO version to perform a deeper cleanup.
In reality, the phone had 24 GB of free space out of 64 GB total. I simply uninstalled the fake cleaner and the annoying notifications disappeared.
How such an app could reach the Play Store is beyond me. I can only imagine how many people that app must have deceived and how much money its creators likely made. I'm fairly certain the advertisement targets older people specifically—those most likely to be tricked.
For better or worse, I'm pretty sure that such an app would never land into the Apple App Store.
So you're saying Google is doing fuck all to protect customers on their already locked down store, right? This doesn't sound like it will be addressed by Google extending developer registration outside of their store at all if they can't even address obvious scam apps that they're already promoting. And to your point, yes, Apple probably does do a better job of maintaining their app store, that way they can prevent some of the push back on iOS being so locked down. An iPhone sounds like the right device for your father.
If the manufacturer wants to offer verification of developers, this should be an optional feature allowing the user to continue the installation of applications distributed by unverified developers in a convenient way.
Making this verification mandatory is an absolute non-starter, ridiculous overreach, and a spit in the face of regulators who are trying to break Google and Apple's monopoly on mobile app distribution.
I think the main ask should not be limited to android/ios but similarly to the rules and regs of previous decades around agressive interop and standardisation. Asks for piecemeal carveouts whenever a monopoliist tightens the noose allows the can to be kicked downn the road when the outrage has subsided and allows for entrenchment of the status quo by stealth. Chipping away until the stated goal is reached.
Just like the car/gas monopolies were not alowed to get away with locking users into their own cartels - similar efforts should (but probably wont) be taken to preserve the ability of users to do with their devices as they see fit.
Linux on mobile is fun, but really I want AOSP and its superior security model and SDK.
Now I hate Google as much as the next person, but I also hate all the other Android manufacturers who just don't do better.
Ideally, major manufacturers would all contribute to AOSP to make sure that it runs well with their devices. And then we could install the "AOSP distro" we want, be it GrapheneOS or LineageOS or whatever the fuck we want.
> does anyone know if Huawei is following along with this in their fork?
They suck like all the other manufacturers: they forked as a quick solution, and then decided to go with their own proprietary codebase. If nobody else contributes, why would they make it open source?
What I see from the Linux experience is that the only way it works is to have a copyleft licence and a multitude of contributors. That way it belongs to everybody, and it moves too fast for one single entity to write a proprietary competitor on their own. But AOSP is not that: first it's a permissive licence, and only Google meaningfully contributes to it.
This is likely the result of one of the most idiotic and bad rulings to come out of recent tech lawsuits. It's so painfully brain damaged and yet somehow has seemed to largely fly under the radar.
Google was found to have a monopoly on android with the play store (even though you can side load other stores), Apple was found to not have a monopoly with the app store.
OK. But that is not the really bad part, the really bad part came from the appellate court this past July. Google pointed out that the Apple app store was ruled not a monopoly, but somehow Google's more open system was..
The judge, I am not shitting you, said that because Apple doesn't allow competitors on their phones, they cannot be anti-competitive. Google lost the appeal.
So now, clear as day, Google needs to kick out competition to be competitive. Good job legal system.
The "things that got him cancelled" were things he said (as opposed to things he did) and those that I've read were correct (though I'm aware I havent read everything he said on the subject).
To be clear: this does not diminish his contributions in the field of software! His ideas about Free Software have been visionary and are as important as ever. One can be brilliant in one field and a fool in another. This is actually very common among technical people ("engineer's disease"). We cannot expect someone to be right 100% of the time.
Between this and a growing number of oems not permitting bootloader unlocking (latest being Samsung with OneUI 8) Android's "open" future is pretty bleak.
IMO the bigger recent issue is that Google stopped pushing AOSP updates timely. As far as I know the QPR1 source is still missing in action after almost two months (!).
I wonder if it's possible for a consortium led by major phone manufacturers to "libreoffice" Android away from Google's control.
Android (to a lesser extend iOS) has become deeply embedded in the infrastructure of modern society. It is essentially a public utility and should be managed as such.
Let's not forget Google was legally forced to open up distribution to alternative app stores and direct downloads. This gives them some baseline security/accountability that applies to even side-loaded apps.
I've only been interested in Android phones particularly Pixels because I can just flash another OS and do whatever but if Google goes through with this I might consider iphones this time
The issue of android being open is not a developer issue. I do not mean, it does not affect developers, rather that the wrong that must be righted is to the user.
The F-droid article states:
"You, the consumer, purchased your Android device believing in Google’s promise that it was an open computing platform and that you could run whatever software you choose on it. "
This is an actionable issue. I believe this is a legally reasonable issue. If you buy a car and then the car manufacturer changes the car so you can only buy gas from them, or parts, that is an offense.
If you accept that users are wronged by googles action, the problem is what can be done about it?
Wrongs committed by companies like Google, Apple, Amazon are difficult to fix because of failures in our legal system. The typical legal action is a class action suit. These typically result in large "settlements" with little real effect. Users get a notice that they are entitled to $40 but only if they jump through seven hoops. Lawyers on both sides make out like bandits. The offenders have little incentive not to be repeat offenders, just not to get caught again. This is an acceptable risk for corporations and so does not act as a deterrent.
There are states Attorney Generals who can file anti-trust actions. The US government (ha ha) could file an anti-trust action. In my opinion neither of these are likely. And even if it happens, it will take years. And years.
A problem with these two legal solutions is that they rely on someone else. The result is that users are victims. We are all used to that by now.
Since we, as android users, are legally entitled to compensation - is there another way to take a legal action.
In most states the limits on small claims actions is between $3000 and $10,000. Well above the cost of an android phone. If there is one class action legal suit against google they can easily spend the money to defend it. And the time. They have the resources to do this.
However, what would happen if 1000 people filed small claims action, asking for a refund for the cost of their phone? Google is declaring war on users. They have their big legal tanks. Small claims are the equivalent of drones in the legal world.
We have the internet. We have AI. Can we generate reasonable and fair legal small claims court filings for each of the 50 states and put them online to help people.
We, the people, have learned helplessness. We need to learn something else or resign ourselves to simply being fodder for predatory actions by corporations.
I don't understand the Google's move. Google uses Android as a platform to collect virtually everyone's personal info and build the profile to benefit its ad business. If there is an extremely tiny chance that people (or a sizble population) may walk away from the platform, it's not worth the risk.
Are there any alternative mobile OSes actively developed? I remember Ubuntu Touch was the thing and something from Firefox, but not sure if they are continued?
We also have PostmarketOS (alpine base) and Mobian (debian base) as frontrunners. Supposedly Arch Linux for ARM and openSUSE Tumbleweed are also used by some on mobile.
There's HarmonyOS [1], which is developed by Huawei, and which has a similar mix of open (OpenHarmony) and proprietary components. I haven't used it, but it's supported by quite a few phones and sort of surprised it wasn't mentioned anywhere on this thread.
A year ago I built a React Native Android app for my wife called "Pimp daddy", which she uses to track her earnings as an independent contractor.
The whole concept is meant to poke fun at the idea of me "checking up on her" (I file her tax returns) and the entire theme is 80s pimp styled.
Every time she submits something, she'll get a random pimp remark, like "Go get that money for me, girl!". She just rolls her eyes and ignores it, but it's what made it fun for me to work on it.
Edgy stuff like that could jeopardize my account in the near future. It might just be security now, but an automated "naughty words detector" will be an obvious next step.
I doubt I will invest any more time in hobby app development if I have to deal with some humorless overbearing watchdog telling me what I can and cannot install on my own device. Very sad to see Android following Microsofts anti power user direction.
It is a story I heard way too often. Big Tech creates something which is so convenient, you don't want to miss it. Then Big Tech breaks that something, makes it more expensive or uses any other means of rent-seeking just pissing of its customers. We as consumers are by far the biggest lobbying-group, but nobody really gives an f.
I'm trying my way with /e/OS but thats not for everybody. It also shows me how deeply dependencies on google services are woven into the whole ecosystem - even on open source apps.
You can't even develop without the paid dev account? I thought it'd just be for distribution. Like, you can build and run whatever you want on an iPhone without a paid account.
You can develop and install via adb, but you can't just tell the package manager to install an APK you downloaded on your phone. Maybe attestation makes sense to allow Amazon App Store or Epic Games Store to be installed without a warning and to allow companies like Spotify to distribute their apps themselves from their websites without using Google Play Store and without a warning. What's wrong is preventing people from installing apps that haven't been attested by Google straight from their phone, even with a warning.
I get that requiring attestation for downloaded apps is wrong too, it's just this website says "it will no longer be possible to develop apps for the Android platform without first registering centrally with Google" which seems incorrect from what you're saying.
Edit: Oh I get it, "develop for the platform" means develop and distribute. Maybe it's just me, but seems like an important difference.
Given the apple v epic ruling about in payment commision outside the app store, I don't understand this. I assume Google would get the same ruling if they tried what apple did, so why bother with walling off if you can't get paid?
At least with 3p app stores they could have Gpay if the app developer wanted to, but now they will be pissed and can't build a 3p app anyway since users can't install it via 3p app stores.
That's doable for now in some places. But in an increasing number of countries, payments for just about everything are done directly from an Android or iOS app, so you'd always have to carry around this locked-down phone as well your Linux phone.
I love this and I'll support it, but I know that in the end it won't make a difference. Consumers decided they only wanted 2 choices, and these are the consequences.
The idea of offering something for free then later deliberately restricting and or reducing its scope after securing enough takers to maximize benefits and advantages for those making the offer ought to be unlawful as they are knowingly and deliberately manipulating human nature. Those who accept such seemingly appealing offers often end up disadvantaged or harmed. And here with Google's latest Android edict we have yet another instance.
Manipulation and deception tactics are particularly relevant in internet age and they are Big Tech's standard modus operandi because its found them to be such financially successful business models. Laws need to enacted to prevent such exploitation as it is unreasonable and unacceptable for the psyche/reasoning of ordinary citizens to be pitched against such psychological might.
As so often happens with such authoritarian and manipulative dictates, this Google edict comes wrapped in the usual paltry excuse of security. Even Blind Freddy knows this excuse to be bullshit and that the real beneficiary is Google. The time has come for Android to be decoupled completely from Google.
It's tragic that despite a monopolistic finding against Google the Law didn't recognize the fact.
perhaps the users should be allowed to install whatever they want on the devices they own? this "security" narrative google spews is weak, considering how much malware fails to be detected by play store
I just bought a fairphone6 hoping this phone would last me a decade with security patches and lineageos support. Naively I was assuming Google would keep Android open for that period. Now I might as well switch to Apple so I'm in sync with the rest of my family.
Ugh.
You will probably run some kind of community Android distribution on that phone, like Lineage or Graphene, and those will likely not include this limitation. The world will be worse off, but you and I will be unaffected. Worst case is that future Google will decide to kick us out of the Play Store, but there has been plenty of workarounds for that before.
I've been using Android phones since the OG Droid (2009) because I could install software on it. My next phone will be an iPhone if this doesn't change.
Whats also an issue is that Android seemingly has stopped publishing the source code for Android (AOSP). Android 16 QPR1 has been out for months but still no source code released.
Considering that Google has stated their intent that Chrome OS and Android are moving toward a single unified platform, they will essentially be fucking up the laptop/desktop market as well.
The only remaining good thing about Google is their Project Zero. They have become the same shit as every greedy company.
The play store ID process is ridiculous, their AI is making up BS why it wouldn't let your documents pass, clearly no human in the loop.
In the EU we can report this to: comp-market-information@ec.europa.eu
State that:
Google is abusing its dominant position on the market for Android-app distribution by “denial of access to an essential facility”.
Google is not complying with their "gatekeeper" DMA obligations (Article 5(4), Article 6(12), Article 11, Article 15)
Attach evidence.
Financial penalty is the only way to pressure this company to abide law.
> [...] the Digital Markets Act (‘DMA’) obliges gatekeepers like Google to effectively allow the distribution of apps on their operating system through third party app stores or the web. At the same time, the DMA also permits Google to introduce strictly necessary and proportionate measures to ensure that third-party software apps or app stores do not endanger the integrity of the hardware or operating system or to enable end users to effectively protect security. [...]
They seem to be on it, but no surprise: it's all about Google's claims for "security" and "ongoing dialogue gatekeepers".
Every company is open when they gain from it and closed when they gain from it. The idea of free general computing needs a different sponsor. Like a country or regulations. I don’t think open source projects and private companies can defend this idea adequately.
EDIT: apologies I misunderstood that this is limiting third-party distribution. I am of course, in favour of this.
Original comment:
I don't want this. The App Store on iOS has its flaws, but it's a curated system that has a lot of checks in place to prevent malware. I have never felt unsafe on iOS and it's the primary reason I've not joined Android and the Play Store's wild west.
Because I'd actually be interested in an Android phone if Google locks down the play store to legitimate actors, increases the barrier for entry and improves the quality and safety of submissions. Which this looks to be doing?
> Android phone if Google locks down the play store to legitimate actors, increases the barrier for entry and improves the quality and safety of submissions
Locks down how? This is literally how it is from the start. Ignoring the fact that it is completely unrelated to the topic, this is just wrong regardless.
Unfortunately the feedback period for the European Digital Fairness Act has been closed since October 24th. Does anyone know of another way to appeal to my European overlords^H representatives?
Google is killing Android. Along with the side-loading changes, I'm losing the desire to keep using it, as it's no longer an open OS.
What's the point of those changes? Does Google want to maintain its revenue from Play Store? Feels like a bad long-term decision, especially when Apple is releasing excellent phones.
Google is evil. Every single one on here arguing "but muh security improves" is against freedom of computing, plain and simple. There's no middle ground.
Google & others have slowly turned down the freedom dial over the years and we let it happen. People working for Google let it happen. I'm not aware of any inside movement protesting this like they protested against various social issues.
Security that you can't turn off is basically a prison.
Just installed Lineage OS 23 (androind 16) on my Motorola g84. Works like a charm. Banking apps work. Do I need to say fuck google? Like it's not obvious?
For what it is worth, I submitted a (totally, different, "handwritten", personal) complaint to the UK's CMA about this a few weeks ago, when it was first announced.
I received _the_ most boilerplate "Thanks, bog off" response imaginable, which I presume is a good thing...
Dear $NAME,
Thank you for your correspondence.
We value people contacting us with information. This helps us to tackle anti-competitive behaviour and protect people and businesses from being disadvantaged by unfair practices.
What happens now?
Our Digital Markets Team will now analyse your enquiry using our published prioritisation principles (https://www.gov.uk/government/publications/cma-prioritisation-principles). The Digital Markets Unit (DMU) will oversee a new regulatory regime, promoting greater competition and innovation in digital markets and protecting consumers and businesses from unfair practices.
The CMA will continue to use its existing powers, where appropriate, to investigate harm to competition in digital markets. Please be aware that the CMA has no powers to take action or open a case on behalf of an individual customer or business (for example; to pursue compensation, refunds, or to intervene or adjudicate in disputes).
We prioritise the cases that are most likely to make a real difference for people and the UK economy based on our available resources and the likelihood of a successful outcome.
Can I get an update on my enquiry?
We are unable to give you an update on your enquiry.
We find all enquiries useful to inform our current and future work. However, we offer no guarantee as to where or how your enquiry may be used.
We do publish details of our cases on our website. You can subscribe to email alerts which will inform you when new information has been added.
Will the CMA investigate my enquiry?
We review all the enquiries that we receive. This helps us to understand:
whether different industries in the UK economy are competitive
if competition law is being broken
if shoppers or businesses are being disadvantaged.
Even if we don’t immediately investigate your enquiry, it may lead to us taking further action in the future.
Do I need to do anything else?
You do not need to do anything. If we need further information, we will contact you.
Thank you again for taking the time to contact us.
Yours sincerely
Carol Sampson (she/her) | Enquiries Admin Officer | Strategy, Communications and Advocacy | Competition and Markets Authority
The Cabot | 25 Cabot Square | London | E14 4QZ
So, I naïvely think one way to push this higher up the priority list and get the UK's regulator to act at least would be to look at those prioritisation principles and make the point that it falls high up them. One of them is "The CMA’s work should ensure that competitive markets provide choice and variety and drive lower prices"; another is "the CMA’s actions should empower competitive, fair-dealing businesses to compete, including by addressing the behaviour of a small minority of businesses that try to harm consumers, restrict competition, or prevent markets from functioning properly".
It's pretty clear to me that Google's direction won't be going down this route, and in many ways I wish I knew about these before submitting my complaint. If you're reading this in the UK, consider looking at those guidance points and hamming home explicitly how this move by Google breaks those points – which, frankly, it clearly does (it is going to reduce choice and variety; it is also explicitly restricting competition and harming consumers!)
These things simply do not work. Things that work: legislation (when enforced); lawsuits (when successful and very costly to the company); physical violence of course; people collectively refusing to buy the product because now it has zero advantage over Apple or because someone comes out with a new better competitor; forced interoperability via reverse engineering.
The discussion between open-source and closed-source is essentially a discussion between communism and capitalism.
Anything that reaches a certain threshold of value to society and requires enormous effort to build and maintain has to fall back to a capitalist, for-profit, closed-source structure. That's all that's happening here.
Of course, small stuff like a software library that doesn't require much effort to build and doesn't provide much value can remain open-source. I personally think this obsession with open-source software is simply an obsession with communism and getting things for free, and not wanting getting rewarded for the value of the stuff you build, etc.
> I personally think this obsession with open-source software is simply an obsession with communism and getting things for free, and not wanting getting rewarded for the value of the stuff you build, etc.
Except that both platforms (iOS as well as Android) were either born out of OSS or are still reliant on active development in such projects. They created nothing, they took something from the commons, polished it and are now rent-seeking. It was tolerated till they threatened to choke all competition and trap and rent-seek the entire world with their duopoly.
> they threatened to choke all competition and trap and rent-seek the entire world
They did so legally and didn't break any rules. This is the game of capitalism, and the fact is, IOS and Android are extremely well built and developed, and no open-source project would ever come close to the hundreds of thousands of paid engineers that built IOS and Android.
You can either have capitalism and IOS and Android, or you can have communism and a society that is 10+ years behind in development. Do you really want to give up IOS 26 for a blackberry?
Linux, even though you may think is a massive project and you may be right in some regards, doesn't require massive amounts of capital, human resources and paid developers, etc. to build it.
Android on the other hand is developed by thousands of engineers and is a much larger project in terms of monetary investment than Linux. Linux was essentially built by a single guy. Android could never have been built by a single person or even a open-source project. It's too massive.
However complex you think Linux is, its just a kernel and doesn't require a conglomerate to build and maintain for billions of users. Android does, and those developers need to get paid for the massive value they provide.
My point still remains, none of these projects require tens of thousands of paid developers to exist. They also don't provide nearly as much value as Android does. Billions of smartphones use Android. Linux is not even used by regular people. And its precisely because it didn't have the same level of development MacOS and Windows had with many orders of magnitude more PAID engineers working on those
What about this is communism vs capitalism? Or even closed vs open source. There are billions of android devices in people's hands. Requiring a centralized authority to authorize what code people get to run on their own devices has nothing to do with a free market economy. This is a private entity telling us it's not safe to run code on our own computers without their approval.
Linux doesn't need a for profit company gate keeping it to ensure it is safe and secure. And even Windows doesn't prevent you from running any executable you choose from the internet. Why are phones treated differently?
Because everyone in this comment section is arguing that Android should be open-source and detached from Google. I'm saying some things are simply too big to be built by the community.
The developers need to get paid. And the developers only get paid if the system is closed-source such that the revenue can only flow back to Google which is where the developers are hired at. In other words, yes it needs to be centralized, and the reason is the money required to build Android is just too much and therefore needs to be developed under a for-profit capitalist organization like Google.
This is the problem with this Hacker News platform. Who is downvoting me instead of discussing my points?
This platform has the EXACT same problem as Reddit. People can just silence you before you had a chance of discussion. What a waste of fucking time. Instead of improving our world models of reality by having discussions, you can just silence others because you disagree.
Remove the fucking downvote button! Just remove it, jesus fucking christ. Who thought this button was a good fucking idea?
I'm nearly out of this garbage. The same way I left Reddit long ago. X is the only platform that allows free speech.
I've got my Linux smartphone running and ready to go. VWYF, folks. I'll take shitty software and poor battery life over digital authoritarianism every single time.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
gonna say: the pinephone has been hell over the last few weeks. Phone auto-boots whenever power is applied (either by their keyboard case or via USB-C), then the battery dies very quickly, and you need a minimum charge to boot the phone, so that means you have to swap an SD card in there with JumpDrive just to charge the darn thing. There are some mitigating factors (larger battery, Tow-Boot + loading OS from SD card, potentially some SMT soldering shenanigans), but I genuinely feel like this is a fire hazard. I -do not- recommend inflicting this on others.
someone suggested (I can't lost the link) flipping the script with a GLiNet Mudi hotspot with SMS forwarding (to e-mail); I really like this idea. It would be suuuper neat to play around with the tethered model: make SIP calls with a hacked Switch with Android installed / dedicated ruggedized VoIP phone for emergencies, or justify making and carrying a cyberdeck.
Personally, I'm hoping to revive my 3DS because I fell in love with the darn thing again (and its near infinite battery life). I heard you can make calls on the original DS with SvSIP, so suuurely that can work on the 3DS too. As a fellow gamer and android dev I'm sure you'd appreciate the idea.
I don't want a phone owned and controlled and spied on by governments and mega corporations. I want a Gibson-Neuromancer style obelisk disk blob thing that does Internet, Telephony, and Computer stuff and uses whatever I tether it to as the human interface.
Edit: and to be clear, I’m against this change by google. I think there is value in protecting grandma from sideloaded apps (if that even happens in the real world) but this isn’t about protection of consumers, it’s about centralised control of what you can and can’t do, in preparation for handing over the reigns to an authoritarian government. ‘Security’ either to protect you from scams, protecting YouTube from third party apps, or preventing nation state hacking or similar will inevitably be the driving narrative.
i've had a positive experience with OnePlus 6 and Mobian, but if you want something more modern with a business behind it, check out https://furilabs.com/
This looks kind of cool, but it lacks a headphone jack...
Which you think would be the first thing you'd put on there since Bluetooth pairing is extremely difficult to get right when you're using custom operating systems.
My primary for the time being remains GrapheneOS, which, ironically enough, only runs on Pixel hardware for now (though the GOS team is working with an unnamed major Android OEM to produce a handset that meets GOS's strict platform requirements).
My Linux phone is a PinePhone pro, which I believe is no longer being sold. It's not great. Phosh could generously be described as "in progress" last time I used it. UIs for many applications aren't built for small touchscreens like that.
I'd have to review the hardware market again if I were going to make a fresh recommendation. Librem looks cool conceptually, but they're a bit pricey, and their framing of a "Made in USA" variant as a premium feature rather than a red flag, a reputation risk, and a supply chain risk make me skeptical of whether Librem is a trustworthy entity at all, or might just be controlled opposition. That could just be me erring on the side of paranoia, though.
You can still run an Android build that doesn't require a Google signature for apps. You'll just lose access to Play Integrity APIs, which you wouldn't get from non-Android Linux phones either. A better technical solution is to set up a federated replacement for Play Integrity that third party ROM developers can opt into and a library that can use that or Play Integrity for app developers that want it to use.
That's a bit overblown. Almost all banking apps work fine. You might be one of the unlucky few of course, but there's no need to scare others from running free software.
I think the "one smartphone for absolutely everything" era is over. Either switch banks (there are many who don't do this nonsense) or have a dedicated Android/iOS device for banking.
This works now, but good luck in 10 years time when the radio chip requires a digital signature from the host OS signed by google or apple and your current phone is deprecated by 6g or whatever.
I remember, when DVD players were required to show mandatory, non-skippable sections of video, chinese players violated the standards and international agreements and allowed skipping those sections, and they also sometimes illegally ignored regional restrictions.
I think times were different back then. Modern times are more like China selling Playstation 5’s with mod shops: to my knowledge, they currently don’t. Even if it ever becomes a thing the PS6 is only a few years away and will be even harder to break.
I mean, the actual implementation will be that CCP signs Google DragonFly Global Root CA cert, and Apple runs Google signed firmware, but those are just minor implementation details.
Mobile hotspot with a wireguard tunnel wrapping all traffic. Different RF bands (e.g. Starlink). Unauthorized private autonomous mesh networks. I don't care how hard they make it. I am never going to stop uncompromisingly exercising my right to absolute control over hardware I bought and paid for.
reminder that stallman was cancelled from the eff with adhominem attacks. and we are back to calling free software (which would prevent things like the article) as Open-Source (which ia just donations to google and meta)
If people working for Google had a conscience, they would be working to break the system from within. At this point it's leaving the confines of anti-consumerism and entering into a gray area of basic human rights abuse. It's clearly a cartel market with the other big players (Apple and others to a lesser extend) that needed to be broken 10 years ago(if it were possible).
It reminds me a bit of the book "The Constant Soldier", depicting Auschwitz guards and staff enjoying their carefree holiday at a nearby lake resort, before going back to burning people. Might seem like hyperbole, but I think we're rushing towards an ugly plutocracy.
Which Android phones? If I understand correctly this will be a requirement for certification, so any devices that do not enforce it will not pass integrity checks. Goodbye banking apps, etc.
Having a trustworthy channel for verified app loading is a vital security tool. F-Droid is such a channel; the Google Play Store is not. F-Droid inspects the source code of the applications they build, removes malware and other antifeatures from them, and compiles them from source to ensure that the binaries they deliver correspond to the source code they've inspected. The Google Play Store doesn't do any of those things. Consequently it's full of malware.
The topic here is Google nuking F-Droid from orbit, probably because it has NewPipe.
I'm not sure about the NewPipe angle, as Grey Jay exists (Backed by FUTO/Louis Rossman) on the Play store, which has ad-block and sponsor block incorporated into it.
Google is just being malicious towards opensource and privacy, under the guise of security
Not neccesarily a guise of security, but perhaps a different means of security. E.g. securing stock investments, profits, monies, etc. Nothing is 100% secure, you can't be in the void and still call it a void, etc
AFAIK most of the victims actually fall for social engineering in combination with legit apps. If you force developer registration criminals will simply find other attack vectors.
You are restricting a fundamental digital right in exchange for a minuscule reduction in risk.
The ability to 'sideload' is already off by default, and warns you before turning it on. Maybe just a bigger or sterner warning? I mean there's only so much you can do there...
This won't be true for much longer iiuc. Look at the outcomes of the Epic lawsuit. That's probably why Google is changing how they tackle this problem.
What those "people-who-don't-understand-the-risks" will do then, with more money left? I think they will give their money to all sorts of political populists, who will cause danger not only to themselves, but everyone.
Anyone who has lived through the windows PC era knows it's a legitimate problem. Google has tons of data to show malware exists for Android as well. Being able to prevent that malware from affecting the lives of Android users is a moral imperative for Google. I understand why folks are skeptical, but it's worth trying to dig into the fact rather than just react blindly.
That's rich knowing that both Apple and Google get most of their store money from dubious casino like games which I'm uncomfortable giving to my family.
Before they are allowed to make any comment on scams, they should clean up their own store first.
99% of all malware with real world consequences is caused by unverified developers, ergo, all unverified developers should be removed from app stores.
99% of all car accidents with real world consequences are caused by licensed human drivers, ergo, all licensed human drivers should be removed from roads.
Same argument. It's true, and simultaneously, it skips right past all of the ramifications of the proposal, even when the ramifications conceivably result in more harm than the original problem did.
A ton of malware is pushed through Google's adsense network, which already requires some level of verification afaik. It doesn't stop jack shit. You are naive if you think more verification is somehow going to stop this.
I'm going to say something that probably will get me down votes:
Why do we have to beg Google to keep Android open? Seriously. So many open source projects have risen out of real and concrete needs and successfully made their way into our every day lives.
A new platform needs to rise that breaks out completely from Google. I've given PostmarketOS a go (with a PinePhone) and while today I can't say it isn't a daily driver for everyone it is certainly the route that needs to be taken.
I'm still unable to use it because is not easy to break away from Android, but is a platform that I think about almost every day, because I do not want to use Android anymore and I'm willing to sacrifice certain aspects to have an open and friendly platform on my hands. And if it is not PostmarketOS then let it be another project.
We need these kind of projects, not kneeling down to a company like Google and begging for Android to be open. Effort needs to be put elsewhere. That's how major projects like Linux, BSDs and open source projects have flourished and taken the world.
Answer: bank/financial apps, enterprise apps, government apps and copyrighted media (music, video, games, books, ...).
Those are the players that demand excessive control over end-user devices, and thus the ultimate driver behind the problem we're discussing.
It's not that a new mobile platform couldn't possibly succeed. It's an open platform that cannot, because aforementioned players don't want it, and without them, mobile devices lose 90%+ of their usefulness, dooming them to become mere gadgets instead of (crappy, toylike) tools for everyday use.
Back in '99 Linux didn't run Excel/Word/Powerpoint or most games, but I ran it anyway. What others call showstoppers are for me inconveniences.
I have a motorolla edge 2024 that I'll load whatever open source phone OS will work well enough to place calls and browse the web. I'll keep another phone for the rare times some corporate/government overlord requires it. Many folks who refuse to use smartphones, similarly own a smartphone they rarely use for systems that require them.
My recommendation is to put as little time and energy into closed, locked down platforms as you can. Feel free to complain, but don't forget you can make choices.
Technology has a ratchet effect at scale - as a solution becomes widely adopted, it switches from being a convenience to being a necessity, because people start building more stuff on top of it. It's as true of to-the-minute accurate clocks as it is of smartphone banking.
You can still run a version of Word from 2004. It's fine, if all you need is to write some thoughts down for yourself. But the moment you need to collaborate with other people via a Word document, you'll find it difficult without the modern version with all its user-hostile aspects - and more importantly, other people will find you difficult to work with.
Same applies to other software, web and smartphones, and to everything else in life - the further you deviate from the mainstream, the costlier it is for you. Deviate too much, and you just become a social outcast.
Social Outcast here... It's pretty good.
Which is why we need to ban together. Libreoffice isn't dominate, but it has enough market share that it can't be completely ignored. Also if you are using it you are not alone - you are an annoying deviation, but there are enough of you that many cannot ignore you. The more people who also use libreoffice the more power we have. If we can get to just 5% market share we cannot be ignored. (it need not be libreoffice, there are other choices that support that file format well enough which is what we care about.)
> I'll keep another phone for the rare times some corporate/government overlord requires it.
Not having to do that is the whole point (especially as those are not rare to most of us).
This reminds me of a Woz interview in the early days of the iphone, and his solution to it not supporting multitask was also to run two phones.
> Feel free to complain, but don't forget you can make choices.
Of course. I can make a choice. When the choice is between being able to login to secure services with my SIM embedded e-signature, use mobile banking and conduct official business and not being able to do any of these things, making choices are easy.
Running Linux on desktop is easy mode when compared to phones, and yes, I started using Linux on desktop in 1999 too with SuSE 6.0. Phones are way more interconnected and central to our lives now when compared to a general purpose computer running your $FAVORITE_OS.
I booted Slackware from a pile of floppies back then. I thought the Germans had a pretty good offering with SuSE at the time.
Look I get it, even back then, most folks felt Windows was the obvious choice (and still do) for their jobs and so on. Sometimes you have to make do with with the unappealing choice in front of you.
For a little more context, my cracked screen iPhone can still do banking or whatever, but I chose not to pony up $800-$1200 for a new iPhone and bought the cheaper $350 Motorolla. It works for me and I think I'm not entirely alone. There are probably some cracked phones, some handme down phones that folks could use for those situations where you really need to use the closed platform, but otherwise are free to use something more open.
Slackware always brings out the inner teen in me. I feel giddy like in the old days. I need to install and maintain it somewhere some time, just for kicks.
I support FOSS wholeheartedly, and believe that it's possible to have a device which is completely Free (not Open but, Free) from hardware design to firmware and software.
On the other hand, there are some nasty realities which bring hard questions.
For example, radios. Radio firmware is something nasty. Give people freedom and you can't believe what you can do with it (Flipper Zero is revolutionary, but even that's a tongue in cheek device). Muck with your airspace and you create a lot of problems. The problem is not technology, but physics. So, unless you prevent things from happening, you can't keep that airspace fair to everybody.
Similar problems are present in pipelines where you need to carry information in a trusted way. In some cases open technology can guarantee this upto a certain point. To cross that point, you need to give your back to hardware. I don't believe there are many hardware security devices with open firmware.
I use MacBooks and iPhones mostly because of the hardware they bring in to the table. I got in these ecosystems knowing what I'm buying into, but I have my personal fleet of Linux desktops and servers, and all the things I develop and publish are Free Software.
I also use Apple devices because I don't want to manage another server esp. in my pocket (because I also manage lots of servers at work, so I want some piece of mind), yet using these devices doesn't change my mind into not supporting Free Software.
At the end, as I commented down there the problem is not the technology itself, but the mindset behind these. We need to change the minds and requirements. The technical changes will follow.
For radios, the general idea of building radios to a spec and having them certified to be sold in country works pretty well most of the time. It might be nice to have a phone with plenty of flexibility on the radio, but I think most folks would be happy just to connect and send work-a-day packets OTA unencumbered by additional restrictions.
It seems like a hardware security device could act similarly to the radio in that the general OS can ask for service (e.g. a signature), but not have access to the internals of the MCU. I don't see why these systems need to be opaque either, in fact it'd be nice to know what is running on the security enclave or LTE radio, even if folks aren't generally meant to access/modify the internals.
It'll be interesting to see how things develop. In my case, I am looking for more experimentation with the smartphone form factor. I'd like to see better options in the market.
What about when your smartphone is required to verify your identity so you can work / earn a paycheck? What about when it's required in order for you to engage in commerce?
We're headed down a very slippery slope and the destination is a very dystopian reality where those in power can prevent someone from participating in society on a whim. I believe the destination has previously been described as the beast system or New World Order.
We are all definitely going to have to make a choice. That much is certain.
> What about when your smartphone is required to verify your identity so you can work / earn a paycheck? What about when it's required in order for you to engage in commerce?
In some cases, it already is.
We're already far on the path you described, and there is no choice to make on it, not for individuals. To stop this, we need to somehow make these technologies socially unacceptable. We need to walk back on cybersecurity quite a bit, and it starts with population-wide understanding that there is such thing as too much security, especially when the questions of who is being secured and who is the threat remain conveniently unanswered.
Well put. Most SWEs on this very site probably require a smartphone for id verification for work. Acting like that is a personal choice is not useful
We're already there. Attestation is not in your phone, but in your ID card. European passports and ID cards carry biometric data of your face, so you can be computationally verified.
I'm aware of this slippery slope for a very long time, esp. with AI (check my comments if you prefer). On the other hand, I believe that we need to choose our battles wisely.
We believe that technology is the cause of these things, it's not. Remember:
The governments believe that this is the "necessity", so the technologies are developed and deployed. We need to change the beliefs, not the technology.The same dystopian digital ID allows me to verify my identity to my bank while I'm having my breakfast saving everyone time. That e-sig allows me to have a practical PKI based security in my phone for sensitive things.
Nothing prevents these things from turning against me, except the ideas and beliefs of the people managing these things.
We need to change minds. Not the technology.
> We need to change minds. Not the technology.
I totally agree that changing the hivemind's mind is the only way to preserve these freedoms.
Is anyone making any progress on this? Beyond the FSF, noyb, and hn lurkers?
> Feel free to complain, but don't forget you can make choices.
Except, this not really a choice or a reasonable work around.
Phones are still somewhat expensive, not to mention a time-sink to maintain. Try explaining to your parents or even close relatives that they need to abandon the phone they either spent $$$($) on our spend a $$ monthly on that they should really buy another $$$($) phone and use their "official" device like a company card.
You can't buy a new less than $400 that can be google free.
Bingo, this right here. Linux desktop wasn’t a daily driver until one day it was.
Although the only problem with this strategy is that Linux got that way because of a lot of private companies that actually wanted that. Valve didn’t want to be locked in with Microsoft. Many of Microsoft’s direct competitors also don’t want to be locked in. IBM famously switched to Mac, Google has been using Mac and Linux workstations for a long time as well.
Also, web technologies like Electron made porting applications to small user bases Linux easier. If that never happened, I wouldn’t be able to use my commercial apps on Linux. This concept might be a little more of a challenge for the mobile app ecosystem, which is a mix of native wrappers like react native and native apps, and there is a high amount of dependency on native APIs for the extra sensors and hardware features phones have the laptops and desktops don’t have.
E.g., For Linux on mobile to work react native can’t be an incomplete implementation like the status quo.
It's a transient state. Food for thought: how much of Linux being a daily driver depends on you having a modern Android or iOS smartphone?
If you need a locked down phone that passes remote attestation to authenticate yourself to a remote service, then whatever you use to access the service UI doesn't really matter: the only device that's necessary to have to use the service is the one you don't fully control, and which gets to control your patterns of use.
An intuition pump I like: imagine you want to put a widget on your desktop that always shows you the current balance of your bank account. You want it to just work ~forever after initial authentication (or at least a couple weeks between any reauth), and otherwise not require any manual interaction. See how hard it is (if it's even possible), and you'll know how badly you're being disempowered already.
Interesting thought. I’d say a low to medium amount but you’re making a good point here.
Most services offer simple SMS two factor, and then if they offer an upgrade to Authenticator or passkey then I have no iOS/Android dependency.
My bank’s website works almost the same as the phone app, I think the only difference is the lack of mobile check deposit (but nobody’s writing checks anymore).
Some services like Venmo are most popular on apps but still have a website.
My remaining hooks are:
- iCloud shared photo libraries with my family. I can use those on iCloud.com but it’s a bit more of a pain. My paid iCloud storage has been migrated to more open alternatives.
- AirTags and Find My. There just isn’t a competitor that’s anywhere near as good. It’s thankfully not a very necessary product.
- Apple Watch. (AirPods actually work great on Linux, btw, even if they are missing some functionality)
- Apple Home. I could migrate this to Home Assistant.
- Apple Wallet. This is mostly convenience. Most things that use it have some kind of alternative, like printed boarding passes. But there’s…
- Ticketmaster. The mobile website tells me I must download the app or add to mobile wallet. Barcodes are dynamic and screenshots don't work. I think the only alternative is to go to the box office before the event which can be very annoying.
Bitcoin :D
All fun and games until you want to exchange it to traditional fiat - at which point regular banking suddenly feels like FSF heaven in comparison :).
Lots of private companies do not want to be forced to pay Apple and Google a hefty chunk of their earnings either. That's what drove Epic Games and Spotify to fight Apple.
This.
Most of us do not want to carry two phones around. The reality is that there is strong utility for those non-open apps and they will never be replaced by open ones.
In some parts of the world, WhatsApp is as necessary as the phone itself. Official business is conducted via it.
I've not managed to read all the comments in this post, so apologies if I'm repeating other people, I also have only a passing understanding of how Google Play works, but couldn't we have:
Linux based phone, running Anbox to support Android apps running within containers. Effort would then have to put into support Play APIs within Anbox. Not a small amount of work, but I compare it to the state of Linux 20 years ago and how well Linux is doing today.
Google would eventually manage to completely block that. For example, have the app be encrypted for download from the Play Store for the individual Google-approved device key, and the device’s firmware will decrypt and run the app in a way so that the user can’t get hold of the decrypted app blob, and hence can’t possibly run it in any other (non-Google-approved) environment.
The bottom line is, the only way to ensure user freedom here is by regulation/legislation.
Communication is the main issue - If you've got whatsapp/telegram/whatever,and a couple others you can handle your own life differently without human interaction being affected.
The rest is a personal choice, I'm happy to have a bit higher friction to check my bank's balance for example. Maps is an issue but it can be overcome.
Accessibility is a big issue. The accessibility some of the apps like banking provide are compelling. - not totally unlike the difference between stairs and a ramp.
> I'm happy to have a bit higher friction to check my bank's balance for example.
I find this to actually be a great litmus test for the overall problem. Bank account balance is a basic piece of information that's about me, and that I need to keep track of to effectively live in our modern times. I should be able to access that information non-interactively at any time. But I can't.
Ask many banks, you'll get as many reasons for why they can't just allow me to cURL this number off an endpoint with some pre-shared credentials. Most of those reasons are bogus[0]. Now, it's not hard to identify several points where I could observe that information in-flight. There's an API that powers the app. The app itself has UI that could be queried or scrapped; some apps will even communicate this data to other apps when requested.
But good luck getting access to any of that non-interactively.
This is what all those technologies add up to. The bank says I can't have this information unless my eyeballs are physically looking at the screen displaying it - and the whole tech stack conspires to make sure I can't get it otherwise.
It's a trivial and non-critical need, but it's also exemplifying the basic user freedoms being denied to us: the ability to freely process information on my own device.
EDIT: Accessibility tools are often the only remaining workaround here, because those are uniquely hard for services to close. And as expected, accessibility became its special privilege category on modern devices, and is increasingly heavily scrutinized and limited by device vendors.
--
[0] - They're usually some kind of security or stability point, that's just a fig leaf to cover the actual reason: this is the way they can force you to interact with their app or website daily, creating an extremely valuable marketing channel for their financial products.
It's a trivial and non-critical need, but it's also exemplifying the basic user freedoms being denied to us: the ability to freely process information on my own device.
I hate to risk sounding like I'm beating a dead horse, but when I hear this I flash back to Attack Surface by Cory Doctorow. I interpreted his message in that book as something approximately like "you can't out-tech the bad guys", where "bad guys" can mean government surveillance agencies (probably more what he had in mind) OR "big corporations trying to control your life" (this may be me extrapolating). But even if I'm over-generalizing a bit, I think the point still stands.
"We" (open source advocates / hackers / hobbyists / makers / whatever) can't win on just tech alone. We have to use the legislative process, political pressure, social pressure, whatever, to achieve our goals. And so we should use our superior knowledge of technology to support doing that. So don't just think "how can I hack my phone to use an open source OS" but think "How can I help use technology to influence the outcome of the next election, and elect candidates who really represent the things I care about?" or "How can I help use technology to stir up enough activists making enough noise to persuade my bank to let me access my account using a non-proprietary OS", etc.
Now I'm not saying any of this is easy. By no means. Just suggesting that we need to at least approach things with that mindset in view to some extent.
I see your point, but I disagree that you need direct involvement in the legal process.
Companies are moved by money, if your tech is popular enough companies will dance to your tune.
Say that you get to a point where 90% of desktop users are on linux. Is there any doubt that banks, messaging platforms and the like would have their own linux apps? no matter how many hoops you make them pass through, they won't let that piece of the cake go.
The problem is that the current way of doing things will never reach those numbers, because we give up on the tools that companies use. UX, user research, graphic design, marketing and similar roles are pretty absent from these communities; I think changing that is the mising piece.
> we give up on the tools that companies use. UX, user research, graphic design, marketing and similar roles are pretty absent from these communities
Some of the bigger open source communities, like GNOME, do some amount of these things. But I think very few people are excited enough about user studies or marketing to do them as a hobby, unlike writing code. It's hard to see how you could beat Google/Apple/Microsoft at their own game like this without a lot of money. Red Hat is probably the biggest company that might be interested in this, but still about 2 orders of magnitude smaller than the giants.
You’d be surprised, behance and the like are full of people doing case studies for rebuilding popular apps for example.
There are hobbyists and people trying to get experience eveywhere, but there’s a fundamental disconnect between communities.
So what. Enough of us do that it just might be feasible.
I've used Linux for a loong time before some business-critical software ran on it. I had to have a Windows VM for years for netbanking, or before that, dual-boot for gaming.
If we're all too spoiled to give a free alternative a chance because it might be slightly inconvenient, we don't deserve the free alternative.
> Enough of us do that it just might be feasible.
Not nearly enough. Not by three orders of magnitude for the market to care.
This isn't the 1990s. Computers are now mainstream.
Stupid question: couldn't we work around that with some VM/container-style solution? They could probably find ways to lock it down with TPM/TEE and similar, but in today's landscape it should be possible if you're willing to accept the performance and battery cost. And if it does get traction, there'll also be more push to keep open alternatives viable. Giving in without a fight is the only way to ensure you'll lose.
Yes and to be honest it's not necessarily unjustified BUT it should ONLY be done when the parts, hardware, software, or both, are not linked to a single proprietary actor.
Need security before doing a $1000 transaction because everything so far was $10? Sure, ask for a physical token 2FA, NOT a YubiKey implementation.
Obviously though if I was working at Google or Apple and paid for the success of my company via incentives, e.g. stock, I would fight tooth and nail to let banks know that only MY solution is secure.
Webapps solve this completely. You login to a service as we have been doing forever. And the control is still on their side when you use a webapp. Almost every single app that is on my phone can be a webapp.
Websites as platform can't solve a problem that's social in nature - that it's allowed and accepted for organizations to have such excessive, invasive levels of control.
The parties I accuse of driving this problem didn't suddenly go rogue when smartphones happened. They always wanted this level of control (and much more) - they just couldn't get it until relevant technologies matured enough.
I'm not speculating here - we have actual empirical evidence to confirm this. A clear example is that there are several countries that, unlike the US and most of Europe, went all-in on Internet banking back before smartphones. Web limitations and conventions didn't stop them from doing the same thing everyone is doing with the phones now - the banks there just force customers to install malware on their computers, so they can do some remote attestation and KYC (and totally no marketing data collection) on their PCs.
Most of the West never had this because of the inverse of leapfrogging phenomenon - big, developed economies had too fast progress and at the same time too much inertia to fully adopt a pre-smartphone solution nation-wide.
My bank had website which I can log in and just use. It does not force me to install anything. I need to type username, password and SMS code, that's about it.
Every org doesn't provide that choice. If your child's activities class only communicates via an app and that is the only option in a given radius, rejecting that will mean you child doesn't get to do their activity. There are other examples that are more way more serious and make avoiding installing apps infeasible.
Because your bank isn't even trying to be secure, relative to what's considered industry standard.
Be grateful while it lasts.
Why do you think their bank "isn't even trying to be secure"?
Because SMS is not considered a secure 2FA mechanism anymore, and hasn't been for a while. If that's the default for that bank, and not GP going out of their way to pick a legacy access path, then they're about a decade behind what's considered industry standard -- which today is querying a second factor not just per login, but also per important operations (money transfers, dispositions, changes in settings), with the second factor being by default a smartphone with hardware and software integrity verified via remote attestation.
I haven't heard a compelling reason why remote attestation is more secure.
The whole point of 2FA was to have two devices that you own. Now the bank is forcing your login and 2FA to be on the same device. Which is the easiest device to steal.
What about SMS is somehow worse than that?
Uh, banks still provide separate tokens and one time pad cards last I've heard.
If yours doesn't, pick one that does.
Then literally every US business and government is not trying to be secure. I cannot name a single organization that does not have the option of or requires SMS 2FA.
I think the government and large businesses like it that way, as it makes the mobile network providers as a sort of credit check (or “are you worth dealing with”) mechanism.
Now that is more of a problem than a bank. Which is why someone beeds to integrate OTP tokens into ID cards, closing the issue.
> clear example
> several countries
Doesn't name a single one
...
South Korea is, the go-to example I've seen brought up on on HN many times over the years. AFAIR, they used to legally mandate ActiveX controls to access banking and government portals, and that practice continues to date even though the legal mandate was dropped. From what I read, there's still a set of applications that are commonly required to access banking and tax filing services, that purport to provide a degree of remote attestation and "security" (firewalls, detection of keyloggers and screen capture), and to access digital certificates.
Brazil is another example - ironically, the software suite that's commonly required for banking is named after the capital of the country I live in :).
Some quick searching now also flags Slovenia and Serbia as places where some banks require custom desktop (or even Windows-specific) software to access banking services.
This works only as long as the webapp allows you to log in using a username/password and/or 2FA which is not tied to a smartphone app. More and more countries are moving to digital identity solutions, and while many of them offer hardware tokens as alternatives to apps, the future looks like one where smartphone apps will be only option.
Banking websites will tell you that you need 2FA. Of course you need to use not just any 2FA you need to use their app and of course you don't need a 2FA if you use the app directly for banking. My companys equity app does not even want to run on lineageos. At the moment it looks like a 2 phone will be necessary at some point.
For now, my banking app actually runs on GrapheneOS. My digital identity app that it requires to log in does not, but luckily my government also offers an NFC chip that I can just scan instead.
Two phones is such an unsatisfactory solution because it will be too impractical, too expensive, or both, for the vast majority of people.
Is there anything preventing use of something like Keepass vaults as your 2FA solution?
Yes, the fact that these 2FA systems aren't based on time-based one time passwords you're probably thinking of. It's a push notification that you need to open and approve in the official app.
The 2FA is not TOTP, it’s push notifications to the bank’s proprietary app
They're working hard on shutting that down as well with Passkeys. It's only a matter of time until the only way to log in will be through de-facto proprietary apps.
Being a web app doesn’t mean shit. We already have DRM encrypted web content where the consuming device requires some attestation to decode. I.e. Widevine.
But, it doesn't. The browser is unsupported for many of the above-mentioned applications.
Can I get an example of a single one that can't be found on the web?
Netflix? Telegram's push 2FA? Any mobile wallet application? The vast majority of dating apps? Any of the app-only social networks? Basically all keyless entry applications?
All functionality found on the web.
This is why we need laws and regulation. And the most important thing we need is not governments forcing Android to be open, but laws requiring governments to not force their citizens to use locked down hardware.
My government, Denmark, is one of the most digitized societies in the world. While the government has allocated money to a committee to investigate how the country can become less dependent on American big tech corporations, at the same time they are planning on launching a mandatory age verification solution in 2026 where the only possibly anonymous way of verifying your age to access e.g. social media will be through a smartphone app running on either Google Android or Apple iOS. These nincompoops do not realize that this move will effectively put every open source alternative at a permanent and severe disadvantage, thus handing Apple and Google, which are already duopolies in the smartphone market, a huge moat that will lock out all future competitors form entering the market.
I have written to the relevant government agencies, and while they are nice enough to actually answer questions, their answers reveal that they act as if they are a commercial business and not a government agency that is supposed to act in the interest of the people and preserve their freedom. They argue that they are releasing a solution that will work for the vast majority of platforms and that they are continuously monitoring the market to assess whether they need to add support for other platforms. This is a cost-cutting measure which is maybe okay for a commercial entity targeting a specific market demographic, but it is an absurd way for a government to think.
Before the upcoming age verification we already had a national digital identity solution, MitID, which also comes as an app running on Android and iOS, and which is locked down to require strong integrity using Google Play Integrity. But at least here they also offer hardware tokens so people can use their digital identity without owning a smartphone and running an open source OS like Linux on their desktops. But with age verification this is apparently over, all the while the government is lying about actually making an effort to free us from American big tech - they are instead basically forcing us to be their customers now.
I think this is true for other European governments. The UK is has introduced age verification (although not mandated an app) and is pushing for digital ID. If digital ID meets too much pushback plan B is a boiled frog approach by introducing it for children first (the legislation for that is in its final stages).
Governments say they want sovereignty but not if they have to pay anything for it. They also like the fact that forcing everyone to do everything through a few big businesses makes surveillance and censorship easy. No need to pass laws, just do deals with a few companies. Governments are all about central control, and its more important to them than what they see as obsolete nonsense about sovereignty.
IMO, we should be demanding more from the banks and governments, not that they keep android open.
We should demand that they support every platform. Or at least every platform that adopts some sandboxing model.
I wonder, if there were an open platform to exist that people use increasingly, maybe that would be incentive enough for at least one bank/financial app to permit that platform just to get a competitive advantage.
In the meantime probably the best that can be done is having a regular phone and a banking phone.
Maybe the answer is to put whatever the banks etc need on something like a smartwatch. Smartwatch + phone is better than two phones IMHO and they're so tedious to use/install anything on that it reduces the attack surface for hackers etc. Tap to pay or digital signatures or identity, passkeys etc via a smartwatch interaction seems like a good use case. Sort of a souped up yubikey. I don't know how good biometrics is on watches nowadays but my Pixel phone has some sort of camera behind the screen to read fingerprints so I can't imagine its impossible. Even adding a capacitive pad on a band seems plausible. Who knows, I don't feel like biometrics have been a real focus of design in the smartwatches I've used.
Personally, I have found smartwatches fairly useless (I do enjoy the activity tracking and notifications but that's not much really) so freeing my phone from bullshit by moving some functions to a watch could increase the value/utility of a some sort of smartwatch. Ultimately, it doesn't need to be that "smart" even.
Doubtful - the costs of supporting it far outweighs any gain they'd have. In case of banks, the costs of supporting aren't just about developing software for an additional platform, but also insurance premiums and managing fallout of hacks (which always eventually happen) - both of which would go way up, as the company would be voluntarily supporting endpoint decides that are less secure than "industry standard" minimum.
So the last possible community response is to bring back "responsive web apps"(tm) in the browser. And make sure a privacy first mobile web browser is installed.
Too bad browsers also support device attestation.
Bank apps: Use an ATM, or a second phone. Enterprise apps: Use a second phone, preferably paid for by work. Government apps: Use a second phone, or refuse to use it (since there's likely elderly whom are not on board yet). Copyrighted media: Piracy.
"just use a second phone" cannot be the answer because 99% of people will just scoff at that. Instead of buying a second phone, why not just buy one that works?
And that's to say nothing of the environmental impact.
> "just use a second phone" cannot be the answer because 99% of people will just scoff at that.
Here we are talking about installing PostmarketOS/Linux on a smartphone. The next milestone is not to get everyone on it. First we need a base of early adopters that are willing to use it despite the drawbacks. The more user those alternatives will get, the more they will be developed, the better it will get.
Sure, for the next years, it will be way behind Android or iOS in terms of ease of use, but that's the price to pay to get back control on the device you own that is probably the main computer you use everyday.
For me that's not worse than using Linux in the early 2000s, and like Linux in the early 2000s, it may even be _fun_ to be an early adopter of Linux on the smartphone.
Now we don't need to migrate everyone to PostmarketOS, we _just_ need an alternative OS for at least the ones who are willing to play with it.
> it. First we need a base of early adopters that are willing to use it despite the drawbacks.
That didn't work that well for Linux, though. It's still a very niche OS even on desktop.
Why postmarketOS and not Mobian?
idk, I was just giving a name for "Linux but not Android on a smartphone".
It's called GNU/Linux.
>It's called GNU/Linux.
The overwhelming majority of users call it "Linux" and don't care what the operating system's pronouns are.
Many Linux systems are running today without GNU coreutils or userland.
It's time to stop posting this flame bait.
It might actually be a better environmental decision, if instead of buying a new second phone, it is instead about keeping an existing phone in use and not adding to the burning heaps of e-waste. Given the rising popularity of refurbished phones, not to mention the lower costs, it might actually be the opposite of what you claim, at least on those grounds.
And for the rest, well, "just works" for what? With a little time and effort, it may even get to the case of the "just works" part is a siloed unit like a SIM card that is just installed to the device, making it opt-in and user owned...
> "just use a second phone" cannot be the answer
Not That i want to kick the can down the road, but the ultimate solution (barring actually fighting for our privileges over the systems we buy) is to have that second phone, and control it either via vnc, or via a kvm which presents vnc. I know, its really absurd, complexity wise, what with tunneling and figuring out where to house said setup. However, the latter is ultimately transparent to the phone, outside of allowing a second monitor/hid to be connected to it. You could, given a VNC client then go ahead and control it via laptop or another phone.
> "just use a second phone" cannot be the answer
It is the best answer at the moment. You can keep an absolute basic phone with all the banking and such apps loaded and nothing else. You treat it like an appliance. Your daily driver will be separate and can be running PostmarketOS or LineageOS etc.
There are several benefits off the top of my head:
1. Since you only install banking/govt type apps on your "important" phone, it stays more secure vs. putting your random game app along with the banking app on the same phone.
2. When you upgrade your daily driver, you don't need to deal with tons of re-auth steps for banking/govt apps.
3. Your daily driver can be customized to the nth degree because the pesky banking app won't be on it to refuse login because, say, you turned on developer options or rooted the phone.
4. You can even leave the basic phone at home for extra safety, if you wish, without affecting your daily driver.
5. You can root your daily driver and put as much adblocking setup as you want to boost your privacy. Your basic phone won't have enough activity outside banking/govt. to build much of a profile.
There's just one problem: increasingly, everything that makes a phone a "daily driver" is the thing that can only work on the "important" phone. Banking/finance, government services, commerce, work, communications (thanks a lot E2EE), and DRM-ed entertainment - all the major players here are locking their software down and relying on remote attestation to ensure their locks stay shut.
With this being the trend, you're already more likely to leave what you called "daily driver" phone home, and only take the "important" one with you.
Still waiting for someone to make a tiny token sized phone. Unfortunately the smallest around, Unihertz Atom, is both outdated and too low resolution for some apps to work.
Which is exactly my point: once you apply these workarounds, you don't need a smartphone anymore.
Also: both banks and governments are pushing for 2FA with a mobile device being the primary, and in some cases the only, accepted second factor source.
For bank apps, you can just use their website
relative of mine has t1d and they use their phone app to monitor and give insulin, also alarm them when they are low..trusting outside the reliability of apple and google for this type of stuff i imagine would be difficult.
This and also phone manufacturers lock us with Google.
I'm fine with using bank/financial services/media via the web. Other stuff can be emulated.
Hopefully I'll never have to buy another closed phone.
This is only until the only 2FA solutions that the bank requires you to use to log in and authorize transactions only come as smartphone apps.
to your point, not exactly a one-to-one, but several discount airlines (e.g., RyanAir, PLAY, Allegiant, Frontier, Spirit, Wizz, Flair, AirAsia) already require an app to check in for a flight, or pay a fee. No app (or the horrors, no mobile), it cannot be done on a regular computer, must go to a ticket counter and pay a fee.
The web is an open platform, and most, if not all, aforementioned applications are happily working on the web.
> Answer: bank/financial apps, enterprise apps, government apps and copyrighted media (music, video, games, books, ...). Those are the players that demand excessive control over end-user devices, and thus the ultimate driver behind the problem we're discussing.
Those work perfectly via a browser, on any platform where the browser can run. As long as a hypothetical open OS has a browser capable with bog standard modern capabilities, it will be fine
I tried to log into a banking website on a full desktop browser recently, one that I had previously used with a password. It literally would not let me login until I downloaded their app and set up a passkey. That is now the _only_ way for me to access those accounts. Presumably, I could call in, though I wouldn't be surprised if the person on the phone also asked that I download the app in order to verify my identity, and even if it wasn't the case, they didn't offer that option when I was trying to login. Many bank websites now also require the phone app.
There are banks that do not work via a browser. But no one prevents them from doing that. It's their conscious choice, not a technology limitation
The happened to me with Uphold, precisely yesterday.
It required me to install the application to sign in via web browser. There was no way, the web app wouldn't bulge.
I did it, checked my $5 dollars balance and deleted the app again.
Totally disgusting behaviour.
Remind me again what video quality Netflix gives you when streaming to an open browser on an open OS?
You mean Firefox that refuses to support web standards for encoded video streams for ideological reasons?
Wasn't aware of that, can you send a link explaining?
You're getting downvoted because that's not the point.
You are technically right, we still have access to these services via a web browser today. It doesn't mean we'll have it forever.
With the advent of AI browsers and AI agents, it's not hard to think of a future where LLM chat interfaces and mobile apps are the future, and web apps start getting disregarded as legacy and eventually, discontinued.
Try ordering some food via mobile application and then again via web app. You'll instantly feel the downgrade on the web app. Bugs, glitches, slow experience.
The desktop web is already the 2nd-class citizen for modern startups.
> Why do we have to beg Google to keep Android open? Seriously.
Because the market has failed, and we have a duopoly. There are many reasons for that, but, this is the exact sort of time a govt must step in - when something becomes a utility, it needs to be regulated as such.
I agree, I don't really want to enshrine Google/Apple into law, however if they are makers of an operating system that is used like a common utility, they should be regulated as such.
Unfortunately western governments are moving to impose more and more control over our digital life, and I think they see a locked down commercial platform as a convenient means to that end because they can regulate it. If the EU commission ever succeeds in passing Chat Control, which requires client side scanning on all devices, then it is very convenient for them if people do not use open source operating systems where they can just run clients that don't send data to a third party.
right, government literally side with them if any
open hardware/platform is impossible if they mandate all chat is exported to gov anyway
some governments, especially autocratic or authoritarian.
Even govts that may be in some political climates authoritarian can and will want exceptions to this.
There is no world that I see where decisions being made by Google are a good or reasonable choice for all parties, even ones you might think would side with this decision.
Remember, this give Google more control than an authoritarian govt. Sure, there may be a cost of doing business with some countries, however, even in those cases, this is bad for them - Google can just say "sucks to suck" and they either must use their product or develop their own, but if they use their product, *Google still has more control over that authoritarian govt than the people in it*
Put simply, now, Google Is Evil.
Samsung can cut ties with Google if they want to, they have market share to go on their own.
I'm sure they would love to. They've been trying to make their own app store (Galaxy Store) a thing for over a decade. But cutting ties with Google would mean no Google Apps and no Google Play Store, and that would probably be catastrophic for them.
Legislation is required at this point. Infrastructure companies (including finance and transportation) should be required to provide web apps that have feature parity with proprietary apps. (Enforcement is simple: ban distribution of the proprietary app for 5 years).
I think we going the other way though.
For instance, this recently proposed bipartisan bill would force all (even locally installed) AI apps to repeatedly run age checks on end users, and also adds $100,000 penalties each time the AI screws up when a minor is involved, even for bugs. I don’t see any safe harbor provisions, or carve outs for locally installed / open source / open weight projects, so it’d end up handing a monopoly to ~ 1 provider that’s too big to prosecute:
https://news.ycombinator.com/item?id=45741862
The most important thing you can do right now is get the democrats to actually field a candidate in 2028 that will restore the rule of law and free markets in the US.
> Why do we have to beg Google to keep Android open?
We don't! Instead, we go to regulators. Though I suspect your question really is "Why bother with salvaging Android at all?"
Mobile platforms are hard - famously, Microsoft failed to make Windows phone a viable platform, and John Carmack successfully argued that Meta didn't need a custom OS. Mozilla's Mobile OS that had OEM partners making real phones spluttered out, and nor for the lack of trying. Both Firefox OS and Postmarket rely on an Android foundation for HAL/drivers, IIRC. Device bring-up is hard, and negotiating with OEMs is harder still, and that comes "free" with Android-supporting devices.
Logistically, the vast majority of people who install apps from non-Play-Store sources do so ok their daily-driver phone, which is running the stock operating system. They are not tech savvy at all
> Mozilla's Mobile OS that had OEM partners making real phones spluttered out, and nor for the lack of trying.
Firefox OS had serious issues.
* Web standards 2013-2017 weren't ready enough.
* 2013-2017 phones still weren't powerful enough for complex JS apps to feel fast.
* asm.js was de-facto proprietary (a new FFOS with wasm would be be another story)
* The UI wasn't so great.
* Their launch devices were slow, cheap, and sucked.
* Their launch devices weren't readily available to developers.
* Their OS provided no real advantages over iOS or Android
The OS is still around as KaiOS (with a couple hundred million devices shipped IIRC) and I believe it still powers Panasonic TVs.
Interestingly, I think a FirefoxOS of today with good React Native and Flutter integration and cutting-edge WASM support could have a shot at success if not completely mis-managed.
A lot of these pushes for attestation are coming from regulators and security audits though.
If that's inevitably the case, then we should all enjoy the ability to install user-controlled, open source operating systems while we still can.
However, if it's not inevitable, then those who cherish such freedoms should forcibly push back against the attempts to strip them away.
> So many open source projects have risen out of real and concrete needs and successfully made their way into our every day lives.
When it comes to consumer hardware or software targeted at end users? I think such cases are pretty rare and far in between. Firefox had a brief stint of being popular in the late 2000s, Valve is doing some cool stuff with SteamOS/Proton but I can't think of much else of the the top of my head.
Otherwise it's usually companies like Google or Apple which use OSS as a base layer for their closed down and proprietary platforms.
PostmarketOS is cool but its a product niche targeted a very tiny subset of consumers (just like Linux on desktop for that matter).
For another platform to rise, there needs to be some heavy market shift. There already were opensource mobile OS: Maemo/meego/Tizen. Heck! I'd even throw phosh and ubports in the pot. But those are about as rare a sight in the wild as lightphones.
Phones have become essential to daily lives and the catch22 is: companies won't support niche platforms for their apps and users won't switch until the apps are there. Android happened to get adopted before everyone started relying on mobile devices as computer substitutes. Unless a major player pulls out a Valve move and does with waydroid what Valve did with wine, I can't imagine the market changing significantly.
One of the benefits of mobile GNU/Linux distros is that it is possible to run Android apps on them. Waydroid works well. The one catch is that it can be difficult to trick certain picky apps into running on an "unsecured" device.
> The one catch is that it can be difficult to trick certain picky apps into running on an "unsecured" device.
Imho, this is where we should fight for regulation.
"All mobile apps must allow the user to acknowledge the risks of running on an unsecured platform, but then launch normally"
Couple it with a liability shield for user security issues, if the user acknowledges risk.
The real Android lock-in is the universe of essential apps that, through developer laziness, refuse to launch on alternative platforms.
Eh, I disagree.
You can never catch all "bad actors". Sure, you can make a best effort, but govts are not efficient/usually work better at doing one thing, not 100 - they should be regulating the common platform not all actors on it.
Anyways, that's just as bad as what Google's trying to do.
> that, through developer laziness, refuse to launch on alternative platforms.
Android Dev is (relatively) quite difficult. The code and UI elements do not translate easily to other platforms. If a solitary developer (keep in mind, they may be a volunteer doing things in their free time, or just someone scratching a personal itch) does not then go out, purchase multiple other pieces of hardware, and write the application on multiple other platforms, that is not "developer laziness", rather that is a high cost to entry creating practical hurdles.
I think next time I upgrade my "phone" I'm going to get a gaming capable tablet with wireless and give it the steamos treatment. This gives you decent linux/windows/android interop.
I already lug a small backpack around most of the time, I can leave the tablet in the bag and use buds for conversations and when I need an actual computer it'll be way better.
> Why do we have to beg Google to keep Android open?
Because Google and Apple have put themselves between us and everything else.
Until we manage to replace them (by lobbying to everything including governments against them, and by working towards making the alternatives usable), we unfortunately have to resort to this. I'd even say we are entitled to this because we never asked for Google and Apple to become compulsory, they decided this.
I would personally be able to switch to Linux mobile today because I don't rely on anything proprietary (except the interrail app occasionally, damn them - but possibly waydroid would work for this)… if only there was usable and reliable hardware that could run the mainline kernel: decent battery life, decent picture quality, decent GPS, decent calls (especially emergency calls even if I haven't needed to actually make one so far, finger crossed, and Signal would do for most other situations actually).
I've daily-driven the PinePhone for a year. Call quality is awful and calls are awfully unreliable, and SMS are quite unreliable as well. Too bad for a phone. Unfortunately the phone took a big rain and now its modem is unreliable and doesn't come back up very often, but that's something a phone will likely endure in its life. Pictures are awful. GPS never worked well on my regular PinePhone. It somewhat worked on the Pinephone Pro until it died because it overheated. Linux hardware support is okayish, it was nice to run completely free software which was my main motivation for trying it but the hardware is crap to the point of being unusable serious.
The FP5 can apparently run PostmarketOS quite well. It would make an awesome Linux mobile. Camera and calls only partially work though [1]. And that's the main features of a phone.
Linux mobile itself it becoming quite decent (if one can do without the proprietary apps), what we really need is good hardware running it. Then we can begin to imagine a world with it having a decent usage share.
[1] https://wiki.postmarketos.org/wiki/Fairphone_5_(fairphone-fp...
Did you consider Librem 5? The hardware is much better, calls etc work fine.
> I've daily-driven the PinePhone for a year.
Which OS? Did you try SXMo?
The Librem 5 is awfully outdated now (and so I won't buy it today because I'd worry about it becoming e-waste fast), doesn't have a good battery life, is very pricey, and I'd worry about call reliability (I have no doubt it can be made to work, but reliably, from sleep?).
I'm sure it's way better than the PinePhone, but the Librem 5 is definitely not suitable for the general public, even without considering the Linux mobile part.
> Which OS?
Mobian and postmarketOS
> Did you try SXMo?
Yes, not my cup of tea. I'm happy with a stable Plasma or Phosh; at this point, the GUI is not a concern at all for me. SXMO is a nice project but it will never target the general public, and I think we need to target the general public because I wish the general public's computing were free. It's nice that nerds can be free but it's also not good enough.
> The Librem 5 is awfully outdated now
https://puri.sm/posts/the-danger-of-focusing-on-specs/
> doesn't have a good battery life
It's far from great but you can change the battery on the go. Look, you can't fight for anything without making any compromises.
> you can fight for anything
I suppose your mean't you "can't".
I know, m'y life is full of compromises because of my various political opinions.
> https://puri.sm/posts/the-danger-of-focusing-on-specs/
I agree and I intend to keep my current phone at least ten years (and I hope it will be able to run Linux at some point, it's very close!), but the Librem was released with outdated specs and that was 5 years ago. It was released with outdated specs because then current hardware was not free software friendly. However, producing outdated hardware today is a huge environmental concern for me.
That current hardware is non-free software friendly is a huge concern as well, and both concerns go by hand: we are absolutely building huge piles of e-waste just because of proprietary / closed hardware.
Anyway; the Librem 5 has been a fantastic thing for the development of Linux mobile. We also won't go anywhere with phones such as the Librem 5 to make Linux mobile a reality for the general public.
Fair enough. See also: https://source.puri.sm/Librem5/docs/community-wiki/-/wikis/F...
> I suppose your mean't you "can't".
Thanks, yes, fixed.
I don't understand why individuals expect a corporation like Google, driven by profits, to give a sh*t. I would expect no less of Apple with IOS.
Individuals should look for and support alternatives. I'm currently working on a desktop running Ubuntu because I want an alternative to the duopoly of Windows and macOS.
Additionally, we should support open-source alternatives with our donations. I personally donate money every year to Ubuntu, the Gnome foundation, and Tor.
If you're worried about a for-profit company having sway over your computer, Ubuntu is not really the choice to make. Please consider running upstream Debian; there are very few downsides, but the upside is that it is run by an organization that is not (and never will be) driven by profits. Also, it seems a little silly to donate to Ubuntu, which is maintained by a for-profit company.
Ubuntu controls a big voting block in debian’s organization. They forced systemd in, for example.
Devuan is a good enough compromise for me. The OS is stable, and the only issues I’ve had involve hacking curl|bash scripts that fail to realize they should just install the debian version.
(Steam and docker run well.)
> If you're worried about a for-profit company having sway over your computer, Ubuntu is not really the choice to make.
Why not? The point is not to not have anything supplied by a business. The point is to avoid being controlled by a business.
Ubuntu does not have the same hold over your computer that Google has over your phone. The software is open source. You can switch distros easily as it does not have lock-in.
The OS on desktop situation isn't comparable to the OS on mobile situation. You can buy any PC and expect being able to replace its OS. On phones, you have to look for the ones where it's possible, and depending on the phone, it's possible despite the efforts from the manufacturers for not allowing it.
Also in PC OSs, there isn't a corporation dictating what programs you are allowed to install. In iOS there is, and soon in Android too.
IMO, these corporations have managed to amass an amount of power where there's no longer consumer freedom. Therefore, there's no free market. We have reached a point where the law must intervene to restore capitalism.
Because we can't install that on phones and even if we did, we need to use Android apps to do basic daily things.
Phones are not like PCs, you can't "just install a different OS". You also can't just build a phone from parts like you can with a PC, it comes locked in with the OS, with proprietary drivers and advanced cryptographic DRM measures.
And even if we did get things to the level of desktop Linux, we can't run any of the apps we need for everyday life. Most of these things on desktop are web-based, so you can use them on Linux, but this isn't the case for mobile and many things only come in mobile. Bank apps, government services, digital identification, mandatory companion apps for other devices...
If nothing else, we need to keep Android as open as possible because it makes it easier to port those things to other platforms and maybe one day have a proper alternative.
Oh, and it's not like we have a good alternative. The current Linux stack is completely inadequate for mobile use. An average phone has something like 50 apps the need to be able to react to any of a few dozen different local or remote events at any moment, yet also need to use approximately zero CPU cycles to do that. We need a brand new app paradigm if we want mobile Linux to succeed and it's not looking like that's going to happen any time soon.
> Phones are not like PCs, you can’t “just install a different OS.”
This right here is the root of the problem.
The problem is that a new project and even a fork would need buy in buy companies like Samsung. Otherwise a project LineageOS would be much more popular. This is hard to do without serious money.
Yes, agree 100%. It's not only Android the problem. It's the cartelization between them and hardware manufacturers. But then that means that we will be doomed to the current duopoly between Google and Apple.
The very first step I believe needs to be taken is to pass strict laws to allow devices to be reflashed with whatever we want. Until we do not have that in place we will always be stucked like this. Once people can truly install from scratch whatever they want then the game should change completely.
Agreed.
So many good working devices go to waste because no longer supported by Google and the hardware manufacturers. They have good cameras, good wifi etc... we should be able to reflash them and install whatever OS we want on them.
It's becoming more and more difficult to install even Lineage on a lot of 6 or 7 year old hardware.
Good point about hardware duopoly, and laws (along lines of "right to repair", right?). Nit: "Until we do not have that in place" - double negative
Why is popularity a concern? I'm writing this on a Librem 5 with PureOS that I've been daily driving for the last few years and which gives me a much better experience than Android could. Why would it matter to me as a user whether it's popular or not? The only thing I can think of is availability of native applications, but this would just hide the actual problem with interoperability and pass it down for the next underdog project to worry about.
Popularity is important when we consider whole societies, but it's not particularly relevant for individuals. I don't need a buy in of Samsung to use GNU/Linux on my phone.
For example because the wait time in the theme park which I visited can be find only in their app for iOS and Android. The same true for ordering food to your table in another theme park. Yeah, there are alternatives, but those cost you time, sometimes hours. And these companies won’t implement anything for an error margin.
The fact this is a thing is part of the problem.
We should not be downloading executables and running them from random third parties in order to do mundane tasks. If they absolutely must have an app, it should be a web app, end of.
Here's a question, what if the executable was thoroughly sandboxed? Like Firecracker level with virtualization? And once you're there, what's the difference between that and a webapp?
I don't think apps are going away so users need to have a switch that says, "I don't trust this company with anything". Extremely limited Internet access, no notifications, no background activity at all, nothing. It needs to be like apps for the 2nd gen iPhone: so completely neutered that webapps look like Star Trek level technology.
Google is a step ahead of that, with their device attestation technology. Now apps can make sure they are only running in an approved environment.
Again:
> but this would just hide the actual problem with interoperability and pass it down for the next underdog project to worry about.
Just consider how this wouldn't happen at all in an environment where no platform dominates in popularity (and it doesn't always happen today either, as lots of things like these are accessible via the Web from any platform regardless).
We have exactly that interoperability right now, and the market said that they don’t want use that.
A market like that needs to be better regulated then.
True, if a new system ever wants to rise, it’s gonna need backing from a major player. But once it takes over the market, it might just become the next “Android.”
Not so, if the next system is mobile GNU/Linux. As long as the components remain free and mostly the same as on desktop, if one or two go bad, they can be replaced. And certainly the core system won't go bad.
I agree with you completely.
The point we are all missing, Google is not going to pull back, they have already invested in this change, it's in rollout phase, infrastructure is in place. It's not going to be rolled back. The ship has sailed. Keep Android Open is unfortunately dead on arrival, IF we are going to depend on Google.
And, are we going to keep depending on a profit oriented company to follow our bid? If so, then, we are very well have lost already.
I also don't think it is right for Goverment to force companies give up their properties, in this case it is like forcing Google to continue to fund Android.
May be Goverment world wide could all fund the same OSS OS which benefits everyone. But right now I see zero incentives for any government to do it.
It's better to have a billion dollar corp footing the bill for the massive amount of work it takes to maintain Android. If it comes to needing a fork so be it, but if they can be convinced (or strongarmed) to be more supportive of an open ecosystem and FOSS Android projects, everyone wins.
This comment nails it. There was an an article about how the FSF got funding for exactly one dude to work on free phone software https://news.ycombinator.com/item?id=45586339
That's great and all but it's just a drop in the bucket of the amount of work needed.
You're right. Especially with the rise of agentic AI. You could have hundreds of contributors, all using agents, working on different modules, according to existing spec and tests, create a new OS, or Web Browser or anything. It's the end of monopolistic control of software.
But, I think the giants already know and accept this. The moat now is compute. A centralization of power back to the server, the rise of thin clients, and fat services.
So, it is a revolution but there's also counterbalancing forces. Still, we should ride that wave :)
> You could have hundreds of contributors, all using agents, working on different modules, according to existing spec and tests
The current problem with "Linux on phones" is the locked down nature of the hardware. For example, looking at PostmarketOS's support device list [0], sensors, Wifi, even phone calls don't work. Would what you're saying enable faster implementation of those support modules? (This would be really cool if possible).
[0] https://en.wikipedia.org/wiki/PostmarketOS#Supported_device_...
If it's just about building software against suites of tests and spec that already exist, then definitely what I'm saying would make it faster. But if it's a hardware control issue, then no.
In that case (ie, if in order to be free we need to free the hardware, too), we need to create a hardware company that builds a phone from the modem/radio on up and owns every layer.
Obviously non trivial hahahahaha :)
AI is letting the world of bits move faster than before by exponentially reducing rework and sharing around the benefit of network effects from collective human knowledge. It's not touching hardware in the same way, and doesn't give us the same superpower.
edit: I guess the "easier" play is to convince an existing full stack phone hardware company to make us an OpenPhone that we can hack on because they believe in the inevitabilities of trends and consequences from AI and want to invest in that future. That would be cool? Any takers? Reach out cris@dosaygo.com
The difference is hardware. A large part of the explosion around Linux in desktop computing is based on the fact that IBM's patents for desktop architecture expired and IBM clones proliferated in the marketplace. Also, busses like ISA/PCI/AGP and ports (serial, parallel, ethernet, USB) were all standardized.
In short, Linux was possible because the underlying hardware was open and standard.
> A new platform needs to rise that breaks out completely from Google
After many many years and many forks, yes. This is still clearly the right answer. Google didn't succumb to Apple and just accept things, they acquired Android and invested heavily in it. We are all grateful for that. BUT, we must also acknowledge that the time of the two horse race is over. And while OpenAI and many others are attempting to do various things, we can continue to invest and back alternatives that create a more fragmented market. Maybe they will not replace Android, that's fine, but you're not going to fix Android's problems without suing Google, which people are doing, or actively working on alternatives, which again people are doing. Change is coming.
If people have to put the tiniest bit of effort into using a different platform, they won't. This is the sole problem with alternative platforms. I agree with you that the ideal solution would be to break away from Google entirely, either with a hard fork of Android, or something completely different. But you'll have to make the transition absolutely seamless for the masses, or it won't happen.
I agree with you, but that only works if people value it and are willing to pay for it.
Look at email. It’s technically open, but in reality there are a few large players who control the majority of it.
The only way open source phone software succeeds is if there is real money behind it and there is an attractiveness to it that makes people pay for it.
Because money. Yes Android is open source, but Google is spending billions of dollars a year paying engineers to develop it. If you want Android to be "free" find alternate funding, with no strings attached.
See: linux
How many consumer devices is Linux successfully running on?
I used to have a Jolla phone which ran a pretty cool linux OS on it but it only worked because it had an alien dalvik android vm so I could still run apps like those from my bank, whatsapp etc..
It's nearly impossible to live in the modern world without either an iphone or android without making some major sacrifices e.g. I'd love to not use whatsapp but it's not an option because all of my friends and family use it
Why did you stop using it? Asking because I was wondering if I should get one.
The short answer is its a huge costly chaotic mess to be in a standards/compatibility battle we don't have to be in.
It's far easier for everyone if Google plays nice than to put in the work to unseat them and still keep app devs and users happy.
Agreed w the sentiments. Minor nit: "I can't say it isn't a daily driver for everyone" - double negative
> So many open source projects have risen out of real and concrete needs and successfully made their way into our every day lives.
Ironic because the foundation of Android itself is built on open source.
Most if not all large, successful open source projects are funded by commercial interests, not just consumers. The resources it takes to maintain something like Android far exceeds what can be funded solely by donations and volunteers.
> Most if not all large, successful open source projects are funded by commercial interests, not just consumers.
Right, the key point here is most of the fundamental projects were never commercial in origin and had grassroots community or academic roots. Android is built on top of a student's hobby Unix clone.
> The resources it takes to maintain something like Android far exceeds what can be funded solely by donations and volunteers.
Um, no duh a corporate project requires corporate funding. Android was never a grass roots community effort.
Simple answer, no open source project can have the keys that sign play store access.
Problem is the hardware vendors often very much like closed systems. And banking apps too. We sadly have a much less open hardware ecosystem compared to the PC landscape. And even here driver problems are more pronounced the more exotic the OS platform.
For me mobile OS are a broken mess, irrespective of Apple or Google, so I would love to have an alternative. Mobile phones are powerful devices that are severely handicapped by bad software. Restrictions are sold as security and there are a lot of people that even buy into these crap argument. So much so that even legislation has adopted them to some degree.
But for hardware vendors to jump on another train, a new OS must probably offer something shiny. And the average user has no idea how easy it could be to interface your smartphone with other devices without needing some ad riddled vendor specific apps. I mean you can install an ssh client on your phone, but meh... That is more or less the only app I install these days.
Why? Because I want to run bank, OTP, streaming, and other crap apps that requires certain level of trust that a 100% open source version of AOSP made by some guy in a basement doesn't provide, that's why.
Does Qualcomm support the use of their hardware in "raw" Linux phone and tablet use? Where I can be root?
We need both. Open source alternatives are great, but they don't replace tight regulation of large corporations. Just because Linux exists doesn't mean we can give Microsoft, Apple and Google free reign.
I agree, F** Android, the website should me MakeLinuxSmartphoneReady.org and PostmarkeOS + Gnome Mobile is in good shape but a few smartphones support it.
I completely agree.
Google has been gradually becoming more restrictive on Android openness, slowly but surely strengtening the thumb screws.
On the long term, the best thing to happen is for them to bang make it proprietary [1] while it is still free and liberal. The shock effect will be big, and the initial changes big, too. Such will motivate the right people. Open source devs, governments, legislators, people with executive powers within other companies.
But Google is too sneakily clever for that. So they go slowly, gradually. There won't be a shock effect, or if it happens it'll be a done deal.
This is how you turn a country into fascism, too. Slowly but surely, and then bang. It is all the small steps beforehand which matter, and this is why the Execute Order 66 quote from Star Wars is so such a beautiful example in popular movie SF.
You can see how failed efforts for coups in democracies have failed recently because of checks and balances. South Korea is a recent example, but looking at the details it was a close call. In my opinion, the same was true for USA, and I don't know enough about the Brazil example.
[1] Yes, I realize Android is proprietary and AOSP is FOSS.
Because you cannot own or operate a cellphone. The cell phone modem is not licensed or controlled by you. It cannot be, it is the telecommunication company's. And this reality is intruding more and more into everyday life. You will not be allowed to control your smartphone. They are terrible computers because of this. A smartphone's legal purpose is now basically just banking, shopping, and navigation. Other things that interfere with commerce will not be allowed.
Just use your phone as a hotspot with a real computer for computing that you can and do own.
Likely there just aren't enough of the right people to support such a project, sans a sustained revenue model.
I'm going to say something that should get upvotes.
YOU CAN, AND SHOULD, DO BOTH.
Because smartphones are designed such that I cannot put whatever OS I want on them. I'm stuck with whatever proprietary flavor of Android the manufacturer loaded it with.
If I'm really lucky one of the opem source Android forks will support my device. But my current phone is not supported by postmarketOS or GrapheneOS.
I don't want a world where the market can only support a dozen devices across 4 or 5 manufacturers.
Good luck funding the development of a competing mobile OS by FLOSS nerds that can compete with Google's trillion dollar market cap.
Even if you could get some traction, you're gonna have a bad time getting banks to support this OS, at which point it will be useless for most users, preventing you from ever becoming profitable.
> Even if you could get some traction, you're gonna have a bad time getting banks to support this OS
This already happened. Banks here in Brazil like to require an invasive piece of software (a browser "plugin", though it installs system services) to access their online banking websites. For a long time, this invasive software was Windows-only, so those of us using Linux had to either beg the banks to enable a flag to bypass that "security software" for our accounts, or do without online banking. The same for the government-developed tax software, which was initially DOS-only and then became Windows-only.
But nowadays, there is a Linux variant of that invasive banking "security" software, and that tax software became Java-only (with Windows, Linux, and MacOS installers, plus a generic archive for other operating systems). So things can change.
Linux, linux, linux, if you’re blackpilled keep it to yourself, contributes nothing.
Like many others in this thread have already said, Linux is not the solution.
You call it blackpilling, I call it facing reality.
Drivers and firmware blobs.
The real problem was never solved to begin with: all mobile devices require proprietary drivers to function at all. Because these drivers are proprietary, the only people in a position to make them compatible with an OS are the manufacturer's dev team; and they are only interested in compatibility with Google's proprietary Android fork.
When Google starts to release versions of its proprietary Android fork, any open Android fork (or other alternative OS) will have to reverse engineer that proprietary Android fork in order to match its compatibility with proprietary firmware blobs. This will need to be done for every device.
Imagine trying to find your way through a building while wearing a blindfold. It's much easier if you are able to study the original floor plan that building was modeled after, even if the building itself has a modified design. Google is taking away that floor plan.
The situation is already medium-bad: it would be trivial to use an alternative OS if drivers and firmware were open source. It would be relatively easy if drivers and firmware had open specifications. It's difficult, but feasible in the current situation, where drivers and firmware are closed spec, but designed to be compatible with a close fork of an open source codebase. It will be extremely difficult (and technically illegal in the US) to do when drivers and firmware are closed spec, and designed to be compatible with a closed source codebase.
This is the correct take.
Let's say we beg Google to keep it open now, and they acquiesce.
So what?
Do you think this same drama won't repeat in the future?
Back in the 2007 or when it came out in Sweden I bought the iPhone and started developing for it. This was cool, new and exciting and it was fine as long as my company was paying the $100 fee every year. But then I switched jobs and worked at a company which produced mostly open source code. Suddenly I would have to pay $100 every year just to be able to put my own software on the phone ...
This is why I switched to Android, just for Google now to pull the rug from under my feet again ...
This situation would have been avoided if we, as community of engineers, had insisted on full and uncompromised open source (Stallmanist or GPL way) right from the start instead of going the ESR way of half-hearted open source where it's technically open but corporates get to have a free lunch and make abuses.
Like most coders, I also prefer the permissive MIT/Apache/BSD licensing for most software projects but incidents like these make me question the direction we are heading towards. They raise fundamental questions about freedom itself - looking at the broader picture, is having a restrictive kind of freedom (GPL) often more beneficial than having full permissive freedom (MIT/Apache)?
But Linux is GPL. That didn't stop Google from using it as a basis for something that is not GPL and in fact not even open source (Google Play Services).
What leverage does a community of engineers have to insist on anything? Android could be entirely closed source. So could Chrome.
It would be naive to assume that the power dynamics in our society can be fundamentally altered by a 10 line software license.
The Linux kernel is a separate system layer here, it's the AOSP parts like the Dalvik Runtime (equivalent of JRE) and components built on top of it (such as Play Store) which are being subject to permissive licensing abuse. If AOSP itself was GPL licensed, it'd have been difficult for Google to create something closed like Play Store as it'd have been considered derivative work.
You're right that broadly speaking, there is very little that could be done to stop this but having a culture of "everything GPL" in an organization definitely helps. For example, Sun was farsighted enough, though they couldn't stop Oracle from acquiring MySql, Oracle was still forced to keep MySql under GPL and they were able to salvage MariaDB too.
Similar was the case with Java. Oracle tried everything in its power to control its use and direction including legal means, it's only thanks to GPL that alternative implementations like OpenJDK and Amazon Corretto still exist. We can't even imagine the state of these software today if Sun hadn't licensed them under GPL originally but used some other permissive license instead!
Dalvik was used up until Android 4.4. Since Android 5 Lollipop the Java Runtime Environment is called the 'Android Runtime' or just ART.
https://en.wikipedia.org/wiki/Android_Runtime
https://en.wikipedia.org/wiki/Dalvik_(software)
Java and MySQL were already out in the open as open source projects when Oracle acquired Sun though.
I don't know much about Android's history but if Dalvik was created exclusively by Google and they had no intention of open sourcing it fully... it'd be akin to a closed source Java app on top of the open source OpenJDK... which would be allowed.
Not that it would help in this particular scenario, but Linux did not embrace the GPL development from about 20 years ago.
But they are!!
I have a "weakly held strong opinion" on this subject. I think open source has been a disaster for the state of software for normal people. On the one hand exploited developers making peanuts or nothing for their hard work. On the other hand exploited users losing control of their devices and social networks.
The era when people paid an affordable fee for software they could use however they wanted was much better. But it got squeezed out by free software on the one side and serf-ware on the other.
The proof is in the pudding and the pudding is rotten.
Edit: then again maybe it's unfair of me to blame the decline in paid for software on open source.
I have been involved in open source projects with various structures and sustainability models. Open-core Enterprise software startups, unfunded or underfunded middleware/libraries and underfunded end-consumer software/apps. A real problem that I have with lots of open source is a mismatch between technical talent to produce software, an open ethos/philosophy (finding true believers in a much more open future), AND the most important often missing piece, a product mindset and willingness to do work that isn't just software dev. So many FOSS projects I have seen, with capable engineers spending years of their lives working on them, are lacking product management, a willingness to let users actually push the project in a direction that is more approachable to a mass audience, and the willingness to do the hard boring work of making software run everywhere. Lots of stuff falls into this general gripe, and a bunch of it isn't news to anyone. Lots of open source has shitty design/UX, every damn one of us that lives with desktop Linux knows exactly why it's not the year of the Linux desktop. The sleep function on the laptop I am writing this comment on doesn't work right (when booted into Linux), and every few months you have to find terminal wizardry to fix normal shit that should have a GUI config interface to un-fuck it, but "real software people don't touch their mouse unless they absolutely must". This comment got a bit off the rails, anyway, long live FOSS!
> The era when people paid an affordable fee for software they could use however they wanted was much better. But it got squeezed out by free software on the one side and serf-ware on the other.
Charging for free and open-source software is not only possible, but encouraged Stallman himself.
Yes but how do you build a consumer software business on top of a licensing scheme that legally allows anyone to share their copy of the software with anyone else, and allows other businesses to resell your software at half the price?
I charge for copies of free software I wrote, an AGPLv3+ desktop application, and earn about $2k MRR from it. Most people don't care about your choice of license, they just want software that conveniently solves their problem(s). If they want to share it, that's fine. They're giving it to people who wouldn't have bought it anyway. If those grantees ever want an official copy, with updates and support, they come back to me.
You see the same effect mirrored in illicit distribution of copyrighted works. Sharing movies increases box office revenue. Sharing albums increases music sales.
The people who get a copy for no charge weren't going to buy a copy in the first place. When you expose them to the product, some percent go on to become fans, advertising the work, and perhaps giving money to support it.
Read through my past comments from last year to find more info.
Few companies have done it successfully like Red Hat, Odoo ERP and Sensio Labs (the company that builds Symfony framework).
Yes but notice how all of those are B2B? I was responding in the context of B2C, on one hand we know that people are willing to pay for convenience - Steam has largely beaten piracy by simply offering a better service.
But that wouldn't hold up if games were released under a FOSS license. There would be nothing stopping me (maybe trademark law? I'm sure there are workarounds) from setting up "SteamForFree", rehosting every game with the same user experience as Steam, and offering access for a small monthly fee to cover hosting costs and make a tidy profit.
I'd like to offer source code, allow modifications for personal use, while prohibiting redistribution and certain types of commercial use (e.g. companies over $x million in revenue). That's a pretty fundamental mismatch between what I feel comfortable with in order to protect my income and what FOSS licenses allow.
Fully agree with this sentiment.
I do think though that disallowing "certain types of commercial use" is a poison pill that would prevent your project from getting any significant adoption.
I think a better option would be something like GPL but with the "you can redistribute copies of this to anyone you like without paying me" part stripped out. (Maybe replaced with a provision that allows transferring your license to someone else, but then you're not allowed to use it afterwards.) The goal being to protect consumer freedom to exercise ownership rights over their software (including the ability to modify it) without simultaneously trying to abolish the copyright system and killing your own funding mechanism in the process.
Notice all three of those companies make their money selling support contracts to businesses, not selling software to consumers.
Charging for open source software is possible but improbable, and I respectfully say it is naive to think otherwise.
Every open source product that takes in real money sells services and support, or they sell closed "premium" features. Oh, and the third bucket, philanthropy.
the people saying gpl cannot sell software is always bsd users, who always work for some company contracting with Boz allen Hamilton and such. It's never an honest opinion.
Sounds a bit like victim blaming, how is it the fault of open source software that corporations are exploiting them?
Because they went "open source" and not "free software" to appease corporations.
The trap was there all along and developers fell right into it.
> ... uncompromised open source (Stallmanist ...
Of course, Stallman strongly eschews the ambiguity and misdirection inherent in the phrase open source, and in this particular instance the considered use of 'free' or 'freedom' is precisely what we're now all upset about the impending loss of.
GPL doesn't help you one bit in this particular situation, because "regular users" would still be using the locked-down stock Android that came with their device. So they still can't install your app.
Anyone who is already running a rooted Android or otherwise customized OS isn't affected by this, only developers who want to distribute their app to users.
AFAIK GPLv3 requires to allow user to run modified software (so essentially device must be unlockable). Android is not GPLv3, unfortunately.
Many Android devices are unlockable, you can run your own software, and yet we still have a problem. This problem exists irrespective of what you can technically do with the hardware due to the vote by corporations to favour device "security" over user freedom. A phone is useless to most people without the apps they depend on.
I can't root or otherwise customize my OS on my device because Linux is not GPLv3.
Correct. And the reason GPLv3 exists is because TiVo did the same thing eons ago.
Google is the modern Microsoft spiritual successor to Embrace, Extend, Extinguish. Look at all the people who use gmail, youtube, etc all from a web app that Google wholly controls.
Would that have really stoped google having its own cloud/app layer on top of the base system? OEM could still lock the bootloaders.
Unless, maybe the EU, enforce a right to repair and tinker we'll be at the mercy of these companies with their walled gardens.
"Restrictive Freedom" as you call it, is simply freedom.
Freedom cannot exist without discernment.
If you have a free and open society but allow Nazis, because you allow everyone, how long will you be free? Not long. The Nazis will use their freedom to take everyone else's.
Freedom demands a simple rule. We accept everyone who accepts everyone.
Fundamentally, GPL shares this rule. That is the point of it. Our labor, when shared, should be shared just the same when used.
> We accept everyone who accepts everyone.
If we were to accept and enforce this rule, billions of followers of some major religions would not be eligible to be part of a free and open society.
"Tolerate" might be a better word to use for their analogy. I can hate you and all you stand for, but I can still tolerate you. Meaning, I let you be and don't try to curtail your actions according to my personal beliefs.
Nah. The error is the royal "we". We tolerate <subjective judgement>, We enforce <subjective judgement>. And above all, We require everyone to be nice and cultured.
The actual power-wielder who regulates these things is a government (or rather its justice system), a warlord, nowadays maybe an AGI, but definitely not society and not "We, users of orange social media". These mechanisms work for thousands of years, paradoxes gonna paradox.
Good.
What you quoted is just the person restating the paradox of tolerance. It's totally nonsensical once you get past "one-dimensonal evil" cases (or perhaps cases like software, a category is more narrowly and cleanly delineated).
He's right that freedom requires restriction. The problem with the paradox of tolerance is that it masquerades as a meaningful principle while leaving the actual restrictions unnamed.
P.S. it also is worth noting that, to the extent that the GPL works, it's precisely because it doesn't rely on vague principles. It's specific about what's restricted, when, and how.
I don't think the Paradox of Tolerance intends to be a principle. It is a statement of the problem, for which principles could be proposed.
If there is anything prescriptive to it, it's the implication that no principles will ever suffice. In which case you need to find a way to reframe the problem.
Can you explain how you mean this in the context of software?
What you describe sounds like the paradox of intolerance but I fail to see how that can be applied to free software.
Freedom in general: You can't have absolute freedom because that includes the freedom to take the freedom from others.
In software: You can't have absolutely free software because ... ? I fail to see how free software might infringe on the freedom of others.
Yeah, this is pretty much the rationale behind the Paradox of Tolerance, which you alluded to. Just as a tolerant society cannot tolerate intolerance without eventually just becoming intolerant, this clearly demonstrates that the same is true for Free Software. If we tolerate the use of Free Software for the use of the non-free software, eventually one loses the freedom in Free Software.
It's of course not a perfect analogy since the original Free Software still exists, but since in practice the dependency was from free towards non-free, like in this instance, it still works. Google and its anti-freedom practices are still in effective control of the Android ecosystem even though it's still technically free by way of AOSP.
And just as how some people argue that intolerance of the intolerant by a tolerant society is bad, so do some people argue that things like the GPL is bad because it prevents downstream modifications etc. going from free to non-free. Maybe this will help re-evaluate the culture around this stuff.
I hate that you’re being downvoted. You are absolutely right here.
Just because we “allow nazis” doesn’t mean society will turn into an authoritarian dictatorship.
People are not stupid.
In this case, it was precisely the act of "allow nazis" that led Google to its current situation.
People aren't stupid, but the fact that Google is in this situation proves that we should have been less naive.
I don’t understand your point. It sounds like you think someone is making Google take unwanted actions.
They don't need to be stupid. They could be complacent, afraid or morally corrupt.
"i know why you did it. You were afraid. And who wouldn't be?"
Bold move, arguing against yourself like that.
I think a better critique is that these cold-war political basis vectors don't adequately describe today's political landscape (and neither do the revolution-era idea of the left wing vs the right wing; arguably they didn't back in 1950 either).
Best example of how the communist/fascist/liberal democracy triad completely falls is looking at China, which has facets of all three and none at the same time.
This makes it difficult nigh on impossible to have a real political discussion, as they fail to amount to more than connotative terms to be applied to outgroups, and do not map to political reality in any meaningful sense. Anyone can turn into the fuzzy outline of a nazi if you squint really hard.
Nuances needed to make any sort of sense of 21st century politics, especially its newer entries, are the tensions between cosmopolitarianism vs communitarianism and technocracy vs populism.
The problem with using such an outdated political map is that many of our contemporary problems are missing from it, and go unresolved until enough frustration builds that there is an ill-conceived popular upheaval that forces the issue. Rather than addressing the technocratic European Union's lack of accountability to its citizens, we get Brexit instead, which could likely have been avoided if the political map wasn't so out of touch.
American politics at this point is practically defined by being afraid of the other group. The groups themselves have little cohesion, and contain bitter rivals, but they trust each other more than their hated enemies.
Which becomes self-reinforcing: attempting to save yourself is perceived by the other as oppression.
I don't mean to simply blame all sides here. Facts on the ground do exist.I think I can justify how some players are worse than others, and that there might be a way out of the vicious cycle when some individuals say "no, that assertion no longer seems reasonable."
But given that it's gotten monotonically worse for decades, I don't see that happening any time soon.
> People are not stupid.
There are plenty of stupid people around.
We interact with them every day.
Yes. And society with good education has fewer stupid people. You don’t stop “bad” ideologies by outlawing them, you stop them by arguing for a free society and education.
Is that true?
American education isn't great, but it's not radically worse than many other rich nations. The difference doesn't seem sufficient to justify the extreme separation of ideologies. (That is, I'm not arguing in favor of one or the other, but the level of hatred between the two implies that at least one is wildly off base.)
Hmmm. The rise of nazis to power from time to time is evidence to the contrary.
Most people, might not be 'stupid'; but complacency in the population is enough to drop the guard down.
> complacency in the population is enough to drop the guard down.
In the case of the nazis, the population might even support them.
I am not arguing for complacency. I am arguing that authoritarian ideologies are won over with arguments, not by outlawing them.
“Never believe that anti-Semites are completely unaware of the absurdity of their replies. They know that their remarks are frivolous, open to challenge. But they are amusing themselves, for it is their adversary who is obliged to use words responsibly, since he believes in words. The anti-Semites have the right to play. They even like to play with discourse for, by giving ridiculous reasons, they discredit the seriousness of their interlocutors. They delight in acting in bad faith, since they seek not to persuade by sound argument but to intimidate and disconcert. If you press them too closely, they will abruptly fall silent, loftily indicating by some phrase that the time for argument is past.” - Jean-Paul Sartre
It's not about outlawing them, it's about not giving them a platform allowing them to rise, like the current major media platforms are doing right now. Social media should be held responsible of the content they publish.
You are arguing as if the two sides are acting in good faith. Authoritarianism almost always isn't. Greed and corruption is is inherently tipping the scales unfairly against the fair system to be imbalanced against the good actor.
You can see it again and again in the success of voter suppression acts and the deceitful tactics played by authoritarians.
Arguments only work when both actors respect good arguments.
> half-hearted open source where it's technically open but corporates get to have a free lunch and make abuses.
I'd argue what you describe as "half-hearted" is actually more true to open source and libre software than restrictive licensing.
Im a millennial dev which happens to have a Gen Z brother who also chose this profession.
Seeing him walk my steps 15 years later has been eye opening for the brutal cultural change.
They’re socially conditioned to assume that anything free is a scam or illegal, that every tool is associated with a corporation, and that learning itself is going through certain hoops (by the uni, the certificator or whatever) so that you get permission to earn money a certain way.
As more doors get closed, I fear this process will solidify.
> They’re socially conditioned to assume that anything free is a scam or illegal, that every tool is associated with a corporation, and that learning itself is going through certain hoops (by the uni, the certificator or whatever) so that you get permission to earn money a certain way.
To be fair, there are also legit reason for why it evolved this way. It's mainly for quality and reliability. There is so much crappy sloppy work from unqualified workers, and it used to be even worse.. The easy available free knowledge really helped to rise the standard even for people without proper education in an area.
I don't fully agree with that, IMO it's a multifaceted problem.
There's the obvious fact that tech has become the new path to high salaries, and culture changes when people are pursuing the money rather than the trade.
There's the centralisation and capture of resources - app stores in mobile, message boards moving to reddit then being astroturfed, hardware closing to repairs for water resistance/ form factor reasons...
There's also the death of piracy limiting access to resources. Apps, courses and books were files pirated massively, online services kinda stopped that.
I don't think free/open source resources failed to catch up in quality, but I do think they failed to soften friction and remove the barrier of access. Consider mastodon vs twitter, creating a website vs a facebook page, sideloading an app vs app stores, reading a manual vs an influencer course.
> I don't fully agree with that, IMO it's a multifaceted problem.
It always is.
> There's the obvious fact that tech has become the new path to high salaries, and culture changes when people are pursuing the money rather than the trade.
There is nothing new about this. Education and skills have always been a path to salaries. Even a thousand years ago, craftsman and artisans had a better career than any random farmer. And with education, there is will always follow standardization and certification at some point, because where money flows, scam grows, and societies have to protect their interests.
This is all nothing new, or harmful by itself. The problem is that all those legit interests, can also be too overprotective or even abused for someone's greed. It's always a balanced battle between legit interests and someone's greed. But many countries seem far to much leaning to the greedy and abusive side at the moment.
> There's also the death of piracy limiting access to resources. Apps, courses and books were files pirated massively, online services kinda stopped that.
Piracy is not dead. It's always been a battle of life and death of individual sources.
> ... mainly for quality and reliability.
And yet, it continues to decline year over year.
> They’re socially conditioned to assume that anything free is a scam or illegal
Piracy is technically illegal, but that didn’t stop us.
They're right. Embrace, Extend, Extinguish and Enshittification have been the core experiences of digital life with corporations in charge of platforms.
My hope is that LLMs will help open source developers provide reasonable alternatives to the gatekeeping and spyware that corporations are now making their bread and butter. Example: Recent tried to use Unity LTS for a small project - the software is a joke now, basic functionality is broken out of the box. A couple of hours with an LLM and I had all the features I needed using a more lightweight library, monogame. Not an operating system, but I'm hoping the pattern will continue as LLMs get more proficient at code - the moat of "this is hard and laborious to do" will be drained.
An issue is that it’s not only the corpos, there’s also an increase of individuality that has become the norm.
For example, try to learn from an online resource and you’ll see that the most popular sources (YouTubers, twitchers, etc) are all preparing a rug pull to a non free resource, slipping undisclosed ads as content or straight up selling snake oil.
I grew up assuming that a random guy on the internet had always genuine intentions, even those who were assholes. Now the default is either a paid account, a bot, or someone trying to grind for personal gain. Everything’s adversarial.
Yeah, I don't understand why people put up with Apple for this. I would love to write small personal apps for my iPhone. But, I don't want to use a mac, I don't want to pay a fee every year and I don't want to use the apple store (yes there are convoluted work-rounds for the last one).
I totally agree with your sentiment, but can't you still do that with Android?
IIUC, you can still load apps directly via adb. Is that not correct?
Ironically, somewhere around 2014, Google was doing the exact same style "keep Android open" campaign, recruiting developers around the world - including me, to help lobby for keeping Android "open" and tell the horror stories of issues that random OEMs caused by forking Android, breaking compatibility and security.
Made sense to me at the time and they were really into "Android should be open source" vibe, so I supported it.
10 years later, I'm also rugpulled. Their vision has dramatically shifted into trying to build a walled garden on top of Android, but now they are haunted by their open source roots, and the walled garden is just a really tall pile of bricks laid around it.
So many times we've been promised things, only for them to be delivered in a half-baked state with half of the parts open source while other parts were closed only to Google and Google approved apps.
So many times the issue trackers for different parts of the platform ecosystem have changed, that some issues are impossible to debug without using web archive. And just as many times, they have been closed, ignored for years or unnoticed, being ping-ponged among team members until they forget about it.
Yet, even with all of the closed and privatized parts of the ecosystem, they are still not able to deliver on an ecosystem promise.
They control my email, my photos, my cloud, my browser, my phone - yet cannot keep a single thing properly in sync. Still, I download something and I do not know where it went. Still, I cannot Airdrop things without a 3rd party service. Still, I take a photo only for it to appear on the cloud 5 minutes later. Still, I cannot have a "sandbox" account for testing that just works, but have to juggle multiple accounts, causing their auth system to break 80% of the time when testing.
As a developer, I do not plan to support Android anymore. I recently got an iPhone, and am now fully switching to it. Even tho I am long on $GOOG stock, because the money printer go brrr, I will be spending that money in the Apple's ecosystem from now on.
Apple pisses off many HN users who then swear to switch to Android, Google pisses off many HN users who then swear to switch to an iPhone – so for both companies, in effect, nothing changes.
Aside from that, the masses don't care or know about any of this. A couple of HN users don't make a dent in the revenue of any large company. What we can do is work on alternative ecosystems or at least support the small companies and organizations who do with our wallets.
It doesn't make sense to choose between a snake that bit you and another that bit you earlier.
If you don't want to be bitten, get out of the snake pit.
> 10 years later, I'm also rugpulled. Their vision has dramatically shifted into trying to build a walled garden on top of Android
Abrupt abandoning of their Nexus line for overpriced Pixel hardware was the watershed moment. The exact moment when their executives decided to ride free on open source labor.
> Still, I cannot Airdrop things without a 3rd party service
Well, it hardly works between Apple devices themselves to begin with (sending a bunch of pictures over to a 4 years old iphone works like 1 times out of 10 trial..). At least I can use regular old Bluetooth to send stuff to any kind of device from Android without the cruel gatekeeping of only Apple devices.
So yeah, both platforms have their own ways they suck in.
Out of curiosity, have you seen Genode before?
https://genode.org
One of the things it works on is the PinePhone, so there's _some_ hope of at least one viable alternative happening:
https://archive.fosdem.org/2024/schedule/event/fosdem-2024-3...
I can see why they add the fee, but they would both garner so much goodwill by giving free accounts if the app you publish is open source. I don't think it would be that hard to automate by requiring a GitHub link.
Those days are over. Being evil means there is no goodwill to begin with unless you can exploit it financially wise. Google stopped being not evil, they specifically deleted it from the code of conduct.
Ofc, being evil is subjective. But also this is the first excuse of evil players!
> goodwill
Doesn't seem like something they consider a positive though.
See I was similar but the big difference back then was a random little 99c app on iOS would make you several thousand dollars a month, so the $100/year fee was nothing for a long time. It was only after around 2012 that things changed.
On Google Play I never, ever had any app be anything close to as successful as on iOS. I think I probably made less than 1/100th the amount I did on iOS back in the day.
I don’t know what it was like back then but in today’s world you do not need to pay Apple any fees if all you’re doing is writing software in Xcode and deploy it to your own device. You do need a developer account, the free version of one, but you only need to pay the fee if you’re going to publish on the App Store.
Free provisioning: If you do not pay the developer fee an app installed via Xcode will work for 7 days. Afterwards the app on your phone will *stop working*, and you must open Xcode on your Mac again, and push a new build to your phone if you want to keep using it.
Paid provisioning: If you have paid the developer fee, a build will expire based on the amount of time left before that payment renews, so if you build and install an app a month before your developer fee renews, that build of the app (that you installed via Xcode) will stop working in 1 month.
We're stuck between two mafia families :-(
A.K.A. Digital Feudalism.
I've been doing it that way for years on the free account, never seemed like a bother to me. I usually have a tweak I want to make to the code anyway. But I suppose some might find it inconvenient.
In any case, to say you can't put your own apps on your phone without paying a fee is incorrect, which is the comment I was responding to.
Saying what youve said above and knowing full well how this works, but failing to mention a crucial fact like this is deceptive.
Don't you also need to buy a Macbook? That is quite expensive. I guess in Apple's view also developping on a non-Apple device is a security risk.
I’ve never considered or tried anything other than using a Mac, so I don’t know. But I was responding to a comment about a different matter, the fees for a developer account.
The Mac requirement was a pain for game developers using Unity/UE primarily on Windows, and wanting to target iOS. (Back when mobile games seemed like they could be an exciting new thing, before predatory F2P enshittification killed that market...)
100$ a year for a dev in Sweden - that's like money you wouldn't notice if it got lost in your pockets - and I am sure it cuts down on spammers and covers administrative cost.
I have no problem with a store having a small admission fee - that's perfectly reasonable and they do have operational costs. It would be nice if they had some way to waive the fee for popular OSS to garner some god will with the devs.
Taking a 30% cut of revenue on the other hand ... both platforms are guilty of this
> 100$ a year for a dev in Sweden - that's like money you wouldn't notice if it got lost in your pockets
For someone who is making money from it, sure, but that's exactly who this isn't about. The way they get screwed is by the 30%.
A fixed fee -- in any amount -- is screwing the people who aren't in it for the money. Because to begin with, it's not just the fee, it's the bureaucracy that comes with the fee.
You're a kid and you want to make your first app, but you don't have a credit card.
You live in a poor country and maybe the amount you can lose without noticing when you're rich isn't the same there. Or even if you can get the money, you may not have a first world bank account and the conglomerate isn't set up to take the local currency.
You're a desktop developer and you're willing to make a simple mobile app and give it away for free as long as it's not a bother. The money is nothing but the paperwork is a bother so you don't do it, and now the million people who would have used that app don't have it and have to suffer the spam-laden trash alternative from someone who is only in it for the money.
And suppose the amount is as trivial as you propose. Then why does a multi-trillion dollar conglomerate need that pittance from a million ordinary people?
>And suppose the amount is as trivial as you propose. Then why does a multi-trillion dollar conglomerate need that pittance from a million ordinary people?
Reminds me how in the 1970s and 1980s there used to be these ads in the back of magazines in which a person who supposedly became a millionaire sold pamphlets for $5 telling his secrets to success. The obvious question was why such a successful person would need $5 from poor people (unless that was one of his secrets to success, I suppose).
You bring up several important issues and I agree with you 100%. A lot of good application/utilities in the past were from engineers who needed the tools themselves, developed them, and then released it open source.
But I can also see the clutter argument. Windows app store has been and still is a nightmare to use.
It feels like we had a good system, but then lost it. I have no idea what it takes to get it back.
> Then why does a multi-trillion dollar conglomerate need that pittance from a million ordinary people?
Because the store gets spammed by million of bot applications ? Having a small fee for store review is probably a decent noise floor.
You can still develop apps on your devices without a dev license - the week long cert is annoying, they probably want to avoid people side-loading via this mechanism (which I am against FWIW).
But you can develop on your devices without paying 100$/year
> Because the store gets spammed by million of bot applications ?
They're a search engine company. They can't figure out how to put real apps on page 1 and spam apps on page 500?
Also, then why are they charging the fee if you use someone else's store?
> the week long cert is annoying, they probably want to avoid people side-loading via this mechanism
It seems like you understand their underlying motives, so then why are you defending them?
But this isn't about the store. It's about being able to install apps even without going through the store.
I'm not talking about putting the App into the Store, just installing it on my phone.
> and I am sure it cuts down on spammers
Okay, just so we're all on the same page: that 100 dollar fee IS NOT for publishing your app. That's not what that is. That's a separate thing with its own costs.
That 100 dollars is just the fee to even make an app. Even if your iPhone never has an Internet connection. And even if you literally load the app via USB to your iPhone only.
It's just extortion. It cannot be justified. Apple does it because they can - there are zero technical reasons behind it.
> That 100 dollars is just the fee to even make an app. Even if your iPhone never has an Internet connection. And even if you literally load the app via USB to your iPhone only.
This is incorrect.
You make it sound like you cannot even get started unless you pay a $100 fee. You do not need to pay Apple any fees to make an app and put it on your own device. You have to pay the fee once you want to distribute it on the App Store.
We are not talking about software distribution or admitting it to a store, we're talking about executing something on your own device, a device that you purchased.
You can do that without dev license ?
Yes, but app is only usable for 7 days on iOS.
Yes that is annoying - I hate Apple anti side loading stance. But that still doesn't make 100$ fee to apply for distribution/integration with their ecosystem unreasonable.
Your options are either $100/year for "integration with their ecosystem", or your app stops working every 7 days.
It is very unreasonable.
Are you even reading the comments you are replying to, or ?
You need to pay $100 to execute code on a device that you own. Without a 7 day time limit. And only if you have the technical expertise to do so. This is not a fee for distribution/integration. This is feudal rent.
Are you reading what I am saying ? 100$ for distribution access on the store is reasonable. Side-loading prevention is shit. Both can be true at the same time.
Your position wasn't clear to me, at least.
Yes, a world where you can sideload an app on an iOS device, without time limits, but you have still pay $100 to put it on the app store, is a much less shittier world, indeed.
>This is why I switched to Android, just for Google now to pull the rug from under my feet again
1) You can continue to install unsigned APKs via adb with the upcoming update.
2) Signing APKs for sideloading requires a Google development account which is a one time fee of $25, no yearly fees.
So still a free sideloading option available, and if you want to avoid adb it is a one time cost that is 1/4 the annual rate on Apple.
I would call it "free developer experience" (using ADB), not "free sideloading".
If you want to send your app to a friend to download and install it directly on their phone (without using a computer with ADB), you need to be Google-approved and register your app first.
I think you could use adb over tcp from a chroot in the phone itself? But that doesn't really make it easier from their standpoint, and this is just a step towards full lockdown which is coming.
1) Oh yes of course, here friend you just need a PC and the command line tools (unless soon you'll need to be a registered and VERIFIED developer) to install revanced or any open source app
2) Unless they decide to ban you (they can if you don't show any activity in the developer account for X months) and of course because you were verified you can't simply apply again and pay again, because you were banned!!!!
First they came for F-droid...
This is the obvious problem.
Before buying a smartphone I tried to find an inexpensive model that supports open source OS, but I couldn't. What open OS support is ether expensive Pixels, or outdated models.
The solution, I think, would be a regulation that forbids manufacturers of any chip or device CPU from making obstacles to reprogramming the device (using fuses, digital signatures, encryption etc). So if you buy a device with CPU and writable memory, you should be able to load your own program and manufacturer may not use technical measures to stop you. The goal of regulation would be preventing of creating digital waste, vendor locks and allow reusing the hardware.
Of course, features like theft prevention won't work, so the user should be able to waive this right.
Looks like GrapheneOS will be available on another "major Android OEM” soon [1].
Regulation should prevent Google from subsidising manufacturers to use Android. Arguably the recent antitrust legislation [2] applies in this case because they're effectively paying manufacturers to place that horrendous and impossible to remove search bar on the home screen.
[1] https://www.androidauthority.com/graphene-os-major-android-o... [2] https://www.justice.gov/opa/pr/department-justice-wins-signi...
GrapheneOS is in some ways not an open OS. The official builds don't provide root access. So for example apps are able to hold your data hostage from you.
I get that this is in the name of security hardening. And you can make a build that has limited root access and is officially supported. But GrapheneOS isn't the end-all solution to computing freedom. Although hopefully on those devices you will be able to install custom OSes (root capable build of Graphene or otherwise).
Raw root access isn't what I'd want apps to have.. it's that the Android permission system deliberately limits what the user can consent to, the rest is for "system apps" and to install those you need to unlock bootloader and start the whole "journey" while saying goodbye to banking apps.
Implementing a more flexible permission model + sandbox would probably involve too much work for them.
Hopefully AVF might make things a little better if we'd be able to run Android VMs on Android - so you'd be able to run a rooted VM inside GrapheneOS.. but this depends on Google keeping Android open source, yet QPR1 was not released.
I agree that a powerful permission model is a great feature. But that doesn't obsolete the option to have the "root permission" that you can give when required. Sure, for my specific gripe a "full filesystem access" permission would be sufficient and better. But there are going to be other use cases that require other permissions. So it is always going to be useful to have that backup root permission that you can assign to very specific apps when required.
> Looks like GrapheneOS will be available on another "major Android OEM” soon.
I'm secretly hoping that this will be Framework or Nothing.
Could either of those be considered a major Android OEM? I was thinking Motorola.
I just wish they had two sizes, a pocket version please. I have small Trumpian hands.
Not sure what exactly you mean with "open source OS" and if Lineage counts as one in your book: it supports quite a few cheap and also fairly recent Motorola phones, which are also easy to unlock:
https://wiki.lineageos.org/devices/#motorola
For family, I just got a used Edge 30 Neo for ~100$ and put LineageOS on it, and it works like a charm. Phones like the Moto g84 go for even less and still can be bought new for a decent price.
Xiaomi would be even cheaper, but I would highly discourage getting one because the unlock process is plain ridiculous nowadays.
And as others have already noted, if you don't mind getting a phone that's a few years old, a used Pixel 5 is not expensive (still happily using a Pixel 4a and don't see why I would need to upgrade).
All the Fairphone Versions support e/OS/ as far as I know. I have the Fairphone 5 with the current e/OS/ version completely un-googled. But you also have the option to allow partial google-fication in e/OS/ so you don't miss out on most of the features and paid-apps you had.
Most vendors (at some level) allow flashing custom distributions, as long as you didn't buy that device from carrier: https://github.com/zenfyrdev/bootloader-unlock-wall-of-shame...
You will lose DRM-based apps (e.g. Netflix), Payment apps, and bank apps though.
This is the place where I think lawmakers needs to be involved. Bearing in mind that laws aren't engineering specs, being able to pay for things and use a bank are about as close to fundamental rights as anything is for participants in society. If you have to buy a second device to use Netflix, so be it, but we need laws that guarantee people can make digital payments without Apple or Google's permission.
There are societies today (I live in one) where some businesses are starting to accept payment only through a banking or payment app, no cash, no card, nothing else. And these apps will only function in the very narrow circumstances of "I bought a device which runs software from one of two American tech monopolies and follow all their frequently changing rules for using various software that's unrelated to the payment I need to make." This limitation is mostly in place due to the banks believing it will make things more secure. Security is important, but not important enough that you get to start denying innocent people the ability to make payments or exile them from the banking system because they had some kind of dispute with Apple or Google. Governments need to step in with access mandates here, otherwise this problem WILL come to a jurisdiction near you sooner or later.
> Security is important
The argument that this is actually a security benefit is a farce. It doesn't do anything. If the device is compromised then it's going to capture your password and send it to the attacker without attempting any attestation. So the only time the attestation is attempted is when the device isn't compromised.
Yes, if it was a measure of device security they would revoke attestation of devices that are behind on security updates. But no, a 5 year old device that never got security updates is A-OK according to Google but a completely up to date custom ROM is not.
It's clearly not about real security. It is about control. You follow the rules and get Google's blessing or no SafetyNet for you. These rules include things like ensuring that the user can't access their own data without the controlling app's permission.
Secure boot and OEM bootloader unlock should be able to work with images so you can lock a phone after the upgrade again.
I managed to get a US refubished Pixel 2 somehow with a fuselocked bootloader here in Ireland. I bought it second hand but I've no idea how it got that way. But I'm suck on the Pixel image and I wanted to use it for ROM testing etc.
This is outside of my area of expertise. I know there are i.e. banking apps that will disable themselves if you're running some unofficial 3rd party Android derivative like LineageOS. Are you saying those apps would work again if you perform some kind of secure boot locking procedure?
> If you have to buy a second device to use Netflix, so be it, but we need laws that guarantee people can make digital payments without Apple or Google's permission.
The reality is however that if you look at active current projects being able to use digital IDs to access fundamental freedoms like communication without child safety rails in Europe is going to require Apple or Google's permission because politicians like it that way.
You can think things should happen in a way all you like, but they are not going to, because governments have vested interests in the opposite direction.
Most DRM / banking apps work fine for me through the browser and you can add them to your home screen. Android / Samsung Pay will stop working, but if you have a Garmin watch, you can still pay with that.
But this is changing. Already in multiple countries(and soon possibly EU wide) there will be only play integrity(strong verdicts) to enforce availability of many services(if not using ios, which is the same locked in syndrome).
Yes some banks still allow classic clunky 2FA(sms, card readers, sometimes SIM generators) but it'll all eventually go away in favor of "locked and favored" os unless legislation fights against it.
Android and said manufacturers purposefully do everything in their power to make this as awful as possible.
For example, you can't relock the bootloader on any device except pixels. Why? No reason. Just fuck you, I guess.
That's a huge security hole that they're creating, intentionally.
What's going on is they are hoping that if you do use other software that you get malware or get scammed. They are literally, actually, undermining their own device's security just to send a message.
These people are psychotic.
Even phones from Motorola require you to literally ask permission to unlock your bootloader via a form on their website, which they then unlock remotely or you enter some generated code.
Other manufacturers do the same, where you have to wait a period of like 45 days before being able to unlock, and then have to ask permission on their website to unlock your bootloader.
And good lock unlocking anything over 5 years old because the updated website doesn't support what you've got. Been there, it sucks.
To be fair, for "anything over 5 years old" you can probably find a privilege escalation exploit.
Do tell me when you find one for unlocking the bootloader of an LG G6, been looking for one for a few years now :)
A 1st gen Verizon Moto X bootloader unlock would be nice as well.
That might get you root but not a bootloader unlock.
There are privilege escalation CVEs in bootloader code too. I remember unlocking some very early locked bootloaders this way in the early days of android.
the question is not "being able to", the question is "being able to with a reasonable effort".
wandering the web to find an exploit is way beyond my spare time.
That small little caveat already makes it a non-option
I wouldn't want the bank to access my phone, so it doesn't matter that the app doesn't work, and in a weird case where you urgently need to transfer your money to scammers while not being at home, you can use bank's web app.
There are at least a couple of banks or credit card companies in the UK now that only offer mobile apps, as well as those now using push MFA with their apps for every large purchase. Recently I needed to install an app from the UK government to prove my identity via camera to renew my driving license, and that doesn't work in GrapheneOS either. I can do it in person (for now) but there is an extra fee.
All the banks I use, have a web app, although it can be somewhat limited, but I don't need any advanced functions anyway.
> as well as those now using push MFA with their apps for every large purchase.
Our banks use SMS OTP (not required for mobile app) for all operations - I assume otherwise the amount of fraud would be exorbitant.
> Recently I needed to install an app from the UK government to prove my identity via camera to renew my driving license, and that doesn't work in GrapheneOS either. I can do it in person (for now) but there is an extra fee.
Interesting that the government relies on a proprietary, foreign platform.
Banks are all moving to MFA through an app, which then needs play protect, which then maybe need TWRP/Magisk.
Not in markets without significant Huawei and Xiaomi presence. Local banks (Czech Republic) are not using integrity APIs to keep being usable for most clients.
Bank apps work fine (at least UK ones) on Graphene OS installed via the play store.
> a regulation that forbids manufacturers of any chip or device CPU from making obstacles to reprogramming the device
Except regulations are now moving in the opposite direction: to mandate device locking.
fyi you can buy refurb'd pixel 7's off eBay for like ~$170
great for playing around with or if you want to install something like GrapheneOS.
Droidian[0] currently supports a relatively new Motorola phone[1]. A Snapdragon 8+ gen 1 device, so the performance isn't bad, and most features seem to work, including Waydroid. I've noticed incoming phone calls causing a glitch where the call can't be answered, but other than that, daily drivable. Just like a PinePhone, only more powerful. In my region it can be had for ~€250 brand new.
[0] https://droidian.org/ [1] https://www.notebookcheck.net/Lenovo-ThinkPhone-by-Motorola-...
Did you check the stuff murena has on offer? Most if not all of their phones come with an unlockable bootloader and the OS they come with isn't that bad to start with either.
Indeed, and starting at 360€ for a CMF Phone 1 with OS already installed, no tinkering, feels relatively affordable and easy to try.
They are pretty bad when it comes to security:
https://eylenburg.github.io/android_comparison.htm
Does it? If it looks equivalent to "stock" Android but you can do what you want with is, including removing bloatware, then it's arguably more secure and thus a better alternative than most. It might not be the most secure but it's already a step.
Hmm... that looks like a pretty skewed comparison. It's as if somebody took the security features that make Graphene stand apart and compared everything else to them.
No contention that Graphene is safe, but categorizing other OSes as "pretty bad when it comes to security" because they don't copy Graphene is a bit of a stretch.
I'm going to echo the sibling comment that this comparison conveniently centers on GrapheneOS while conveniently ignoring anything they don't do; for example, a firewall using root is useful, but since they've decided user's can't be trusted with control of their devices that's right out.
We just had a thread about this on https://news.ycombinator.com/item?id=45740383.
Every few years or so we collectively rediscover that general computing devices should be general and repeat the same mistake every time new format is released. We're all a bunch of reactive losers and that will never change it seems.
Many of those devices are closed exactly due to regulations.
> Before buying a smartphone I tried to find an inexpensive model that supports open source OS, but I couldn't. What open OS support is ether expensive Pixels, or outdated models.
You can buy a refurbished Pixel 5 for less than 200$. Great screen, great camera, 5G, the works. It's definitely not an "outdated" device, and it runs Graphene or Lineage with minimal hassle.
You can get a new Pixel 8 for ~500$, I would say that has a very decent price to value, and will be supported for longer.
I snagged a Pixel 8A for around 200 on ebay.
you can also snag refurb'd Pixel 7s for $170 off eBay atm
>The solution, I think, would be a regulation that forbids manufacturers of any chip or device CPU from making obstacles to reprogramming the device (using fuses, digital signatures, encryption etc).
Why would you make essential security features illegal? Do you want to fly on a plane where the flight control software was maybe overwritten?
>So if you buy a device with CPU and writable memory, you should be able to load your own program and manufacturer may not use technical measures to stop you.
The problem is Google and Apple locking down their Operating System, this is not a technical limitation on hardware.
> Do you want to fly on a plane where the flight control software was maybe overwritten?
I don't understand it. Whoever owns the place can replace any part of it, including computers. So being able to overwrite software doesn't change it. Furthermore, plane computers are not a consumer hardware.
You could make a better example with patched car software.
> The problem is Google and Apple locking down their Operating System, this is not a technical limitation on hardware.
The initial ROM bootloader contains hard-coded signature which prevents you from replacing Apple/Google software.
On pixel devices you can add your own signature to be checked and thus can use secure boot with a custom OS - that's how GrapheneOS works.
No need to strip out every wall, we just have to think about the problem and put doors at necessary places so we can enjoy both freedom AND security.
Security only works if you can control what software is trustworthy. If some software has been proven to be untrustworthy, it is worthwhile to prevent all software that the producer has ever made from working at scale. Adding some nominal process and fee to make it too expensive to create a lot of accounts prevents them from creating hundreds of alternative aliases. There is a lot of precedence for why this is a good idea and works. I think if there was another company involved with performing the audit which folks trusted it might now seem so scary.
Do you understand that you are advocating for a world in which two corporations are the sole determinator of the livelihood of all mobile software developers? A career in software development should not be at the complete mercy of Apple and Google, or I suppose if you had your way Microsoft for PC gatekeeping as well.
No matter how this turns out, I'm sure GrapheneOS will make a smart effort. https://grapheneos.org/
But long-term, Android is such a massive code base, and was designed more for surveillance and consumption, than for privacy&security and the user's interests.
I think getting mainline Linux on viable and sustainable on multiple hardware devices is warmer, fuzzier foundation. (Sort of a cross between Purism's work on the Librem 5, and PostmarketOS's work on trying to get mainline Linux viable on something else.)
> think getting mainline Linux on viable and sustainable on multiple hardware devices is warmer, fuzzier foundation.
You just have to somehow speedrun the decades of development that went into Android to make it decently run on mobile hardware.. never really understood this "throwing out the baby" direction - the UNIX userspace model simply doesn't work on mobile (I would wager it also doesn't work on desktop anymore), has no security (everything runs as your user which made sense when you ran some batch job on a terminal with multiple other users, but nowadays when a single user has as many processes as all the user had back then it effectively means no security between any of those programs), there is no real resource control, no lifecycles, so the device will burn scorching hot and have terrible battery life.
On Android (and iOS) apps were always living in a world with lifecycles so if they wanted to operate correctly, they had to become decent citizens (save state when asked, so they can be stopped and resumed at any moment). This also fits nicely with sandboxes and user permissions, etc.
So without developing an alternative user-space for "GNU-Linux", it's simply not competing with android in any form or shape.
And even if you do, now every GNU app has to somehow be ported to that userspace API (you can't just kill GIMP or whatever Linux process)
The closest I got to Linux mobile is GPD Pocket 4 with LTE and regular apps. Since I can get it to cap at 5 watts, it can give 9 hours of battery life. It does most things I care about, but it is just a mini laptop (which is good enough for me).
> You just have to somehow speedrun the decades of development that went into Android to make it decently run on mobile hardware
Isn't this mainly due to proprietary drivers and firmware?
No, just take a look at how long and smooth does a pinephone run with "GNU Linux" vs stock android.
Android devs actually backported a bunch of work to the mainline kernel with regards to low-level energy management, but that's only one half of the story. The other is your phone stopping unused apps gracefully, and being able to go back to sleep regularly.
The vast majority which lives in android userspace. The customer compositor, input stack, wlan daemons, etc, are all tuned and optimized for power efficiency. Also, these days, there is a lot of hardware controlled directly by userspace - it's not just the GPU. And those hardware are generally important for offloading a lot of conpute and reducing wake ups. Things seem to only be trending further in this direction.
The problem is for developers. Abandoning Android for Linux is not viable for software developers who need to eat. Sure, we can use Linux smartphones ourselves, but if the software we make has a grand total of three people who ever lay eyes on it, that's less than ideal. And given how The Year of the Linux Desktop has gone, I think it'd be strongly preferable if we managed to stave off the tightening of control over Android rather than placing bets on the future Year of the Linux Smartphone.
The Year of the Linux Desktop is kind of happening. Not at the scale that the meme implies, but I've never seen anywhere near as much adoption of the Linux desktop as this year. The combination of Valve's efforts, more usage of Linux gaming handhelds, distributions like Bazzite that have strong selling points for Windows gamers, and Microsoft pissing everyone off with everything that is Windows 11, the Linux desktop has some legitimate momentum for once
Especially considering how much software these days on Windows are all Electron/Web. So is not a hard switch as it once was.
I switched from Windows to Linux it's been 2 years. One of the few things I missed on Windows, was the native WhatsApp app, as the Web WhatsApp it's horrible. Then a few months Meta killed the native app and made into a webview-app :)
It only takes one application to force you back to using Windows.
e.g. HellDivers 2 didn't work well until recently on Linux. If you are playing certain factions it is a very fast paced game and I would frequently experience slow downs on Linux.
So if I wanted to play HellDivers 2, I would have to reboot into Windows. Since running kernel 6.16 and updates to proton it now runs better.
And I can just take about any Linux distro, install it to about any computer and have an extremely nice device to work, play games, and handle almost any daily task with. I call that a huge success.
Yet, still 1/4th of the time my ThinkPad with Linux wakes with a Thunderbolt display connected it dies with a kernel panic deep in the code that handles DDC (no matter what kernel version).
And the latest gen finger print scanner only works between 10-50% of the time depending on the day, humidity, etc., no matter hof often you re-enroll a fingerprint, enroll a fingerprint multiple times, etc.
And the battery drains in 3-4 hours. Unless you let powertop enable all USB/Bluetooth autosuspend, etc. But then you have to write your own udev rules to disable autosuspend when connected to power, because otherwise there is a large wakeup latency when you use your Bluetooth trackball again after not touching it for one or two seconds.
And if you use GNOME (yes, I know use KDE or whatever), you have to use extensions to get system tray icons back. But since the last few releases some icons randomly don't work (e.g. Dropbox) when you click on it.
And there are connectivity issues with Bluetooth headphones all the time plus no effortless switching between devices. (Any larger video/audio meeting, you can always find the Linux user, because they will need five minutes to get working audio.)
As long as desktop/laptop Linux is still death by a thousand paper cuts, Linux on the desktop is not going to happen.
I have had worse experiences on each and every count with various Windows installs on various laptops, and yet it is the "de facto" desktop OS.
That is simply not true. I have tried to get so many people on Linux, just for it to fail when they try to do something simple, enough times in a row for them to want to go back to Windows.
I really wish it was seamless and good, but it just isn't (and frankly it's a bit embarrassing it isn't given desktop environments for GNU Linux have been in development for 20+ years).
I'm not saying it's seamless and good. I'm saying that I have had windows fail in similar or worse ways.
For example the laptop I had from my previous employer (a pretty beefy Dell) was failing to go to sleep, I had to unplug the charger and the HDMI cable on my desk each night, otherwise every second night it was keeping my monitor lit on the lock screen; when low on battery it clocked the CPU down so much that the whole system froze to a grinding stop not even the mouse pointer was moving, and even after putting it back on the charger it remained similarly unusable for a good 10 mins..
Like I have been using Linux since the Xorg config days when you could easily get a black screen if you misconfigured something, but at least those issues are deterministic and once you get to a working state, it usually stays there. Also, Linux has made very good progress in the last decade and it has hands down the best hardware support nowadays (makes sense given that the vast vast majority of servers run Linux, so hardware companies employ a bunch of kernel devs to make their hardware decently supported).
I had so many more issues running Windows over the years than Linux. BSODs were a common occurrence, and yearly fresh installs were a thing to keep my computer usable.
I moved to Mint almost 4 years ago at this point, running it on a now fairly old Dell G5 from 2019. Runs as smoothly as ever.
I had one problem during this 4 year run (botched update and OS wouldn't start). Logging to terminal and getting Timeshift to go back to before the update did the trick. Quick and painless. I could even run all the updates (just had to be careful to apply one of those after a reboot).
I have no idea what you are talking about. Maybe I am just very lucky with Linux.
It's the same in every discussion about OS vs OS. People who like one OS will claim that the other OS is full of problems, and vice versa. In some cases I guess people are just lucky/unlucky. Personally, I've been using both in parallel for about 15 years, and while I've never had any issues with Windows (no BSODs), Linux constantly gives me problems. But I'm a developer and much prefer to develop on Linux, so I stick with it.
Though I think that is not warranted with respect to my original comment. I have used Linux in some form or shape for 31 years now (jikes), I would love Linux to win, and I have used Linux on a wide variety of hardware (last few laptops have been ThinkPads).
I think desktop Linux will not improve until people start acknowledging the issues and work on it. It's the same as the claim that Linux is very secure (which Linux fans will often repeat), while it has virtually no layered security, and a fairly large part of the community is actively hostile towards such improvements (e.g. fully verified boot).
I think people tend to have double standards when it comes to Linux. People who run Linux generally choose to run Linux intentionally and are for that reason more willing to accept/overlook issues.
I have both Linux machines and Macs and Linux has always been objectively worse when it comes to driver and software issues. It's just has a large number of paper cuts.
I think people tend to have double standards when it comes to MacOS. People who run MacOS generally choose to run MacOS intentionally and are for that reason more willing to accept/overlook issues.
I use both Linux machines and Macs (at work) and Macs has always been objectively worse when it comes to usability ajd development. It's just has a large number of paper cuts.
The odds of having just about any Linux distro work "out of the box" without manual tweaking on just about any computer are still pretty low I'm afraid (by "work" I mean "support all of the functionality"). For instance, the laptop I'm writing this on connects without problems to a Bluetooth mouse, but won't for the life of me work with my Bluetooth headphones.
> The odds of having just about any Linux distro work "out of the box" without manual tweaking on just about any computer
Well, show me that magic OS that works on "just about any computer", because I am sure Windows ain't that. OSX only works on their select devices, and Windows have its own way of sucking. Let's be honest, there are shitty hardware out there and nothing will work decently on top. People just try to save these by putting Linux on top and then the software gets the blame.
As long as it isn't a gamer laptop.
Not really, because Proton is Win32, kind of.
It really isn't. This is a temporary sugar rush that comes after pretty much every time Microsoft does something awful. After a while the buzz will fizz out and the majority of those PC gamers that looked to switching go back to Windows.
IME a lot developers don't even use Linux on their desktop machine. I've met three developers that use Linux professional IRL. A lot of devs have a hard time even using git bash on Windows.
I am always called up by people at work because I am "the Linux guy" when they have a problem with Linux or Bash.
Sure, there are a lot of people that use Linux indirectly e.g. deploy to a Linux box, use Docker or a VM. But if someone isn't running Windows, 9 times out of 10 they are running a Mac.
More generally the thing that has paid the bills for me is always these huge proprietary tech stacks I've had to deal with. Whether it be Microsoft's old ASP.NET tech stack with SQL Server, AWS, Azure, GCP, what pays the bills is proprietary shite. I hate working with this stuff, but that what you gotta to pay the bills.
I mean, this strongly has to depend on what kind of software you are developing. I don't know a single developer who primarily uses Windows. Literally everyone around me uses Linux for development work (and a large portion of them also use Linux for their personal machines).
Of course. However if a developer isn't using Windows typically they are using a Mac.
In corpo-world. Everyone is using Windows. If they are using Linux it would be through a VM or WSL. I guarantee none of those people are using Linux at home.
So for every developer you know that is using Linux, there are many more people using Windows supplied to by their IT department.
> This is a temporary sugar rush that comes after pretty much every time Microsoft does something awful.
I think what it fundamentally comes down to is that for consumer-oriented Linux to see widespread adoption, it needs to succeed on its own merits. Right now, and since forever, Linux exists in a space for the majority of consumers who consider it where they think "I might use it, because at least it's not the other guy". A real contender would instead make the general public think "I'll use this because it's genuinely great and a pleasure to experience in its own right". And that's why I have absolutely zero faith in Linux becoming a viable smartphone ecosystem. If it were truly viable, it would have been built out already regardless of what Android was doing. "Sheltering Android refugees" is not a sustainable path to growth any more than "sheltering Windows refugees" is.
I agree, with a caveat. The vast number of consumers don't even know Linux/BSD or any the alternatives exist.
I have zero faith in a Linux smartphone. What will happen is that there will be some GNU/FSF thing with specs that are 15 years out date and you will have to install Linux via a serial console using Trisquel and the only applications available will the Mahjong (yes I am being hypobolic).
Clearly hyperbole! We'll also have TuxPaint, SuperTuxKart (CPU rendering only, because the toolchain doesn't support Android's HAL), and a couple of (long-abandoned) LibreOffice forks that crudely adapt different subsets of the interface for a touch device.
Unfortunately in the past people have taken obvious hyperbole literally.
I realised a few years ago when one of my friends didn't know what the browser was on her phone, that any notion of people caring about the OS outside of branding is pretty much non-existent.
I know it's been tried before (eg by Mozilla), but perhaps now the time is right for a web apps-only OS.
Many developers would need some help to get offline functionality and updates right though.. And it would be really nice if these apps didn't require parsing megabytes of JavaScript libraries on startup.
One can dream! :-)
My TV runs one, it isn't taking the world by storm.
https://webostv.developer.lge.com/discover
It's got to be better than the laggy, unreliable, content-pushing Google TV crap that runs my TV... Right?
Making a guess: nope. Same underpowered SoC, in order to save $5.
It is better than Android TV, which I also own, but in terms of ads, yep there are some as well.
Differention, that is what all OEMs care about, netbooks already showed us that.
so the thing is, as an Android dev if I get embedded linux experience then I have lateral career movement to the peripherals that I'm usually writing apps for. While the intersection of app developers to embedded linux developers is probably very small, there is a smidge of incentive there, and that can be a powerful thing for the community: a lot of the pain points on linux phones feel hardware oriented (I complain loudly about the pinephone battery elsewhere in this thread).
another tailwind might be in the gaming scene. I have the general sense that SteamOS has been an interesting gateway for technically-minded folks to be impressed by this Linux thing. A similar model for mobile phones might be a tailwind (like a SteamOS for ARM?) The reason why that's perfect is because it undermines the Google monopoly and creates an app ecosystem that people will absolutely flock to, at least for games ($$).
Some people don't care and build on top of Linux anyway. This lockdown will accelerate this. At some point a critical mass will eventually be reached, perhaps with the assistance of some corporate entity or organization of some sort that pushes it over the edge. Then there will be a real open competitor. Will take some time though.
> Abandoning Android for Linux is not viable for software developers who need to eat.
We'll finally get our ecosystem diversity back when the next geopolitical happening happens and Google bans Chinese android apps on bullshit pretexts.
Wait a few years more.
I'd rather like to see AOSP development spun off to a separate non-profit entity. Either by Google doing it or by a hard fork (which will need a lot of funding). Traditional Linux misses the polish and especially the security layering to be a good phone OS. Better to start from an already good base that works.
Why would that affect anything? The Chinese Android ecosystem is already split from the Google one.
> Why would that affect anything?
The Chinese will eventually find it easier to sell their Chinese ecosystem devices to the world instead of catering to Google and American three-letter agencies.
Waydroid does surprisingly well at running Android apps on Linux.
Sure some apps won't work for whatever reason & HN commenters will have incredibly scathing things to say about that, but I bet there's a lot of folks who'd be cool with missing an app here or there.
It sucks to be losing Android, but IMO it's an ecosystem in free-fall. Bootloaders are locked more and more, there's literally zero AOSP hardware buyable now, and the roms scene has diminished not grown over time.
I totally think theres a Steam Deck moment waiting around a corner, where what seemed impossible a year ago shows up and is dead obvious & direct, and we all wonder why there were so many doubts before.
> Right, but that's a choice from manufacturers, not a requirement of building a mobile platform.
IMO, I think Microsoft gave up on running Android apps on Windows because they read the writing on the wall: Google will use Play Integrity/Protect to ensure Android apps only run on Google-approved devices/operating systems and nothing else.
I think this is the ultimate fate for Waydroid, as well.
The hope is lost for Android, there is no moving forward with google antagonizing its foss roots. Libre phone it is. We have to forcibly remove the bandage.
I wish you were wrong, but I don't disagree with assessment. I am on grapheneos ( edit: on pixel ) now, but even that should only be a pitstop now since google has decided to show its hand in such a nasty ( if not that unexpected ) manner.
Everyone is quick to ascribe malice without understanding why changes are made. It's never done for the reasons you think. Without a formal relationship between Graphene and Pixel, things were operating out of luck. This is why the next target hardware is starting with a business relationship. Even desktop Linux is most successful when business relationship between a vendor and the distro maker. Everything else is ripe for random breakage in support.
AOSP is open source so it could be forked.
Except many key features are nowadays delivered via APEX modules, distributed via PlayStore.
https://source.android.com/docs/core/ota/apex
https://grapheneos.org/features#anti-persistence
GrapheneOS has apex modules disabled and never had the need for that.
ART updates are distributed via APEX since Android 12.
So is it stuck in Java 12?
I believe it's similar to kernel modules in that they can either be compiled into the kernel or distributed separately. Graphene probably just distributes it as part of the system images. This just means rollouts are coupled. Apex doesn't imply closed source, only that there is a stable surface that allows more modular updates.
> Android was designed more for surveillance and consumption, than for privacy&security and the user's interests
I disagree. The Android security model is better than the Linux one. I am very happy with GrapheneOS, I don't have much to complain about.
The problem is that Google sucks and nobody enforces antitrust laws. But it's not just Google: how many Android manufacturers don't suck, really? Do they contribute to AOSP at all? Probably not. Do they build reasonable devices that could run something like GrapheneOS? Nope. Just relocking the bootloader is often a problem.
buy a used OnePlus 6 and load Mobian on it. quite functional these days running a mainline kernel.
(2018) makes me more than a bit sad. I have a OnePlus 6, and it was ok with the software I tried out ~3 years ago, and basically fast enough. But it's soul crushing how running mainline Linux is just so impossible for consumer mobile chips.
It felt at the time like there was positive progress, more bits getting mainlined at a trickle but at least steady trickle rate. But it feels dark now. At least the GPU drivers everywhere have been getting much better, but I get the impression Qualcomm couldn't even ship a desktop/laptop after years of delay, is barely getting that in order now. It feels impossible to hope for the mobile chips anywhere to find religion & get even basic drivers mainlined.
> Android is such a massive code base, and was designed more for surveillance and consumption
I disagree. I have been using de-googled / de-spywared Android for a decade now and I really love it. Once you remove google mobile services and rely on open source applications Android feels really good.
Also its questionable if projects such as purism or even the pinephone will ever offer such good security and privacy as a de-googled Pixel with GrapheneOS will.
https://grapheneos.social/@GrapheneOS/112712864209034804
>than for privacy&security and the user's interests.
Even if that was true, AOSP is better for privacy and security than any other Linux distro.
By which criterion? This sounds wrong.
https://madaidans-insecurities.github.io/linux.html
It's a different approach to security. There are no malicious apps in GNU/Linux repositories. (And yes, Linux security should be improved; I run Qubes on desktop)
https://source.puri.sm/Librem5/docs/community-wiki/-/wikis/F...
>It's a different approach to security
That's like saying using a hole in a wall is a different approach to security than putting a lockable door in a wall. Sure no security is s different approach to security, but it's not an effective one.
>There are no malicious apps in GNU/Linux repositories
Maybe not intentionally malicous, but there have been bugs that can cause applications to act maliciously such as deleting users files. If an application gets exploited it could also do malicous things. Just because you trust the author of a program, that doesn't mean that sanboxing is pointless. Additionally programs like the terminal are a free for the user to run things like curl | sh which can run malware infecting the system and run wild since there is no security to stop it from doing almost anything.
>Purism
The wiki page pretty much says that they don't have privacy or security and don't have the resources to implement such features unlike Google or Apple. They also make some claims to try and pretend their platform is secure and private in order to help sell the Librem 5, a product they made with inferior privacy and security compared to Android.
As I said in the other thread:
Australian users of alternative app stores should make a complaint to the ACCC: https://www.accc.gov.au/about-us/contact-us-or-report-an-iss...
In the past, they forced Steam to implement proper refund policies, and they are currently suing Microsoft about the way subscribers were duped into paying more for "AI features" they didn't want.
Unfortunately, I think attestation is being pushed by other parts of the Australian government. Particularly ACSC.
I think you are better off making a complaint to the Australian Australian Consumers’ Association (CHOICE) https://accounts.choice.com.au/contact-us/ than to the ACCC
Tell them to lodge a designated complaint to the Australian Competition & Consumer Commission (ACCC).
ACCC complaints are designed for individual grievances while a designated complaint from a designated complainer is supposed to address "significant or systemic market issues that affect consumers in Australia".
This is doubleplusungood. The war on General Purpose Computing is the death of innovation and a direct attack on digital freedom.
If you're in the US, UK or EU, please contact your government.
Profit is a perverse incentive.
If, and I do mean if, government is a solution here, its only role is to ensure that app use cannot be required for service ( and we can argue over what services can stay app-only ).
Android has not been really open for a long time now.
- Many APIs have been moved to Google Play Services (which is not open source), and many apps have come to rely on them. You can emulate it partially but not fully, see second point below.
- Some features like device attestation / SafetyNet fail on non-"official" devices, for example many banking or government ID apps refuse to work on open source os like GrapheneOS
Oh, the irony. I still remember how in the early days of Android vs iOS discussions, the main point was "but it's OPEN!". The word "open" was used as a comma by Google people. It was The Thing. The Difference. Good vs Evil and all that.
It looks like eventually any company will start squeezing customers for what they are worth.
But only once the company is powerful enough. We don't call Google a monopoly, because there is Apple, but taken together they certainly behave as one. Both create expectations, create expected momentum in a certain direction, people build (companies, lives) on those assumptions and boom, you can't get out and now the company changes the deal.
Is it just our assumptions that get us in trouble? Or do we need to do more?
I'm not sure how to regulate this, other than to stimulate open source, as the "for the people by the people" solution. But also that will just lead to poor expensive solutions (the market created some nice FOSS though). So the law it should be... And we're back to the problem of lobbying...
Perhaps there should be contracts: Google advertises Android as open: They should sign a contract: For how long will Android be open? Define "Open". The contract can be enforced. Or perhaps we, the people, sue now, for false advertising, although that will just make them flex their legal and lobbying muscles... And they didn't sign any contracts.
> We don't call Google a monopoly, because there is Apple We call that a duopoly, which is similarly bad as a monopoly.
And after the change Google is doing now, it will still be more open than iOS.
JBQ redeemed: https://www.greenbot.com/jbq-is-quitting-aosp/ (yes, 2013)
I regret having wasted a good part of my career supporting Google with the Android enterprise. They had some very good (technically and intentionally) people there, but it all got thoroughly corrupted.
With hindsight the only thing that kept them remotely honest was the Andy Rubin vs Sundar Pichai turf war, which at the time manifested as Android vs Chrome. Once that had a decided winner it was a recipe for serious trouble.
The only viable way forward for an open mobile OS is to fork Android as is. This is the only way to carry over anything resembling existing app support or all the work that goes into making a mobile OS actually work up to the level users expect. i.e. cameras through to hardware media CODECs and total system stability.
This feels similar to Sony and their OtherOS feature.[0]
Many people bought Android phones because of the open capability. Even if you don't use it, just knowing you have an out is important.
And now Google is "altering the terms".
[0]:https://en.wikipedia.org/wiki/OtherOS
While I understand the reasons behind this campaign, I have mixed feelings about it.
As an iPhone user, I find it frustrating that deploying my own app on my own device requires either reinstalling it every 7 days or paying $100 annually. Android doesn't have this limitation, which makes it simpler and more convenient for personal use.
However, when it comes to publishing apps to the store, I take a different view. In my opinion, stricter oversight is beneficial. To draw an analogy: NPM registry has experienced several supply chain attacks because anyone can easily publish a library. The Maven Central registry for Java libraries, by contrast, requires developers to own the DNS domain used as a namespace for their library. This additional requirement, along with a few extra security checks, has been largely effective in preventing—or at least significantly reducing—the supply chain attacks seen in the NPM ecosystem.
Given the growing threat of such attacks, we need to find ways to mitigate them. I hope that Google's new approach is motivated by security concerns rather than purely economic reasons.
Android already has this strict oversight, in theory, in the form of the Play Store. And yet.
Personally I feel much more safe and secure downloading a random app from F-Droid, than I do from Google, whose supposed watchful eyes have allowed genuine malware to be distributed unimpeded.
Exaclty. Play Store takes a cut from what it is selling, so they should be more strict what can be sold, not lock the whole platform.
> Maven Central registry for Java libraries, by contrast, requires developers to own the DNS domain used as a namespace
What are the requirements around domain renewal?
I don't understand how you can have mixed feelings about this.
> However, when it comes to publishing apps to the store,
This isn't about publishing apps to the Play Store. If that's all this was about, we wouldn't give a shit. The problem is that this applies to all stores, including third party stores like F-Droid, and any app that is installed independently of a store (as an apk file).
> Given the growing threat of such attacks, we need to find ways to mitigate them.
How about the growing threat of right-wing authoritarian control? How do we mitigate that when the only "free" platform is deciding the only way anybody can install any app on their phone is if that app's developer is officially and explicitly allowed by Google?
Hell, how long until those anti-porn groups turn their gaze from video games and Steam onto apps, then pressure MasterCard/Visa and in turn Google to revoke privileges from developers who make any app/game that's too "obscene" (according to completely arbitrary standards)?
There's such a massive tail of consequences that will follow and people are just "well, it's fine if it's about security". No. It's not. This is about arbitrary groups with whatever arbitrary bullshit ideology they might have being able to determine what apps are allowed to be made and installed on your phone. It's not fucking okay.
My elderly father unknowingly installed an application on Android after seeing a deceptive ad. An advertising message disguised as an operating system pop-up convinced him that his Android phone's storage was almost full. When he tapped the pop-up, and followed instructions he installed a fake cleaner app from the Play Store. While the app caused no actual harm, it displayed notifications every other day urging him to clean his phone using the same app. When he opened it, the app — which did nothing except display a fake graph simulating almost full storage — pressured him to purchase the PRO version to perform a deeper cleanup.
In reality, the phone had 24 GB of free space out of 64 GB total. I simply uninstalled the fake cleaner and the annoying notifications disappeared.
How such an app could reach the Play Store is beyond me. I can only imagine how many people that app must have deceived and how much money its creators likely made. I'm fairly certain the advertisement targets older people specifically—those most likely to be tricked.
For better or worse, I'm pretty sure that such an app would never land into the Apple App Store.
So you're saying Google is doing fuck all to protect customers on their already locked down store, right? This doesn't sound like it will be addressed by Google extending developer registration outside of their store at all if they can't even address obvious scam apps that they're already promoting. And to your point, yes, Apple probably does do a better job of maintaining their app store, that way they can prevent some of the push back on iOS being so locked down. An iPhone sounds like the right device for your father.
The threat of such attacks is not growing
If the manufacturer wants to offer verification of developers, this should be an optional feature allowing the user to continue the installation of applications distributed by unverified developers in a convenient way.
Making this verification mandatory is an absolute non-starter, ridiculous overreach, and a spit in the face of regulators who are trying to break Google and Apple's monopoly on mobile app distribution.
I think the main ask should not be limited to android/ios but similarly to the rules and regs of previous decades around agressive interop and standardisation. Asks for piecemeal carveouts whenever a monopoliist tightens the noose allows the can to be kicked downn the road when the outrage has subsided and allows for entrenchment of the status quo by stealth. Chipping away until the stated goal is reached. Just like the car/gas monopolies were not alowed to get away with locking users into their own cartels - similar efforts should (but probably wont) be taken to preserve the ability of users to do with their devices as they see fit.
It's a lost cause. We need to focus on pmOS: https://postmarketos.org/
With both Android and Chromium, we're ultimately at Google's mercy.
btw, does anyone know if Huawei is following along with this in their fork?
Linux on mobile is fun, but really I want AOSP and its superior security model and SDK.
Now I hate Google as much as the next person, but I also hate all the other Android manufacturers who just don't do better.
Ideally, major manufacturers would all contribute to AOSP to make sure that it runs well with their devices. And then we could install the "AOSP distro" we want, be it GrapheneOS or LineageOS or whatever the fuck we want.
> does anyone know if Huawei is following along with this in their fork?
They suck like all the other manufacturers: they forked as a quick solution, and then decided to go with their own proprietary codebase. If nobody else contributes, why would they make it open source?
What I see from the Linux experience is that the only way it works is to have a copyleft licence and a multitude of contributors. That way it belongs to everybody, and it moves too fast for one single entity to write a proprietary competitor on their own. But AOSP is not that: first it's a permissive licence, and only Google meaningfully contributes to it.
> btw, does anyone know if Huawei is following along with this in their fork?
They are moving to their own completely proprietary OS called HarmonyOS NEXT.
This is likely the result of one of the most idiotic and bad rulings to come out of recent tech lawsuits. It's so painfully brain damaged and yet somehow has seemed to largely fly under the radar.
Google was found to have a monopoly on android with the play store (even though you can side load other stores), Apple was found to not have a monopoly with the app store.
OK. But that is not the really bad part, the really bad part came from the appellate court this past July. Google pointed out that the Apple app store was ruled not a monopoly, but somehow Google's more open system was..
The judge, I am not shitting you, said that because Apple doesn't allow competitors on their phones, they cannot be anti-competitive. Google lost the appeal.
So now, clear as day, Google needs to kick out competition to be competitive. Good job legal system.
Yes, I recall HN commenters of the time predicting this exact outcome as a result.
That's fucking insane.
A direct link to the UK's Competition and Markets Authority, in case you don't want to go via a blog post:
https://contact-the-cma.service.gov.uk/wizard/classify
It's very simple to submit a complaint.
What makes me depressed the most is that Google made this decision knowing full well how much pushback they are going to receive.
And still.
Stallman was right.
He usually is, given time.
I wonder, what thing does HN think Stallman is wrong about today (and which in the future we will be proven wrong and Stallman was right).
I haven't seen him say anything I disagree with. But we would have to discuss specifics for me to have confidence.
Well, the things that got him canceled were and are wrong obviously. But anything (i know of) software related was right
The "things that got him cancelled" were things he said (as opposed to things he did) and those that I've read were correct (though I'm aware I havent read everything he said on the subject).
He has written some very questionable things about pedophilia (from which he has since distanced himself): https://stallman.org/archives/2006-may-aug.html#05%20June%20...
To be clear: this does not diminish his contributions in the field of software! His ideas about Free Software have been visionary and are as important as ever. One can be brilliant in one field and a fool in another. This is actually very common among technical people ("engineer's disease"). We cannot expect someone to be right 100% of the time.
Between this and a growing number of oems not permitting bootloader unlocking (latest being Samsung with OneUI 8) Android's "open" future is pretty bleak.
IMO the bigger recent issue is that Google stopped pushing AOSP updates timely. As far as I know the QPR1 source is still missing in action after almost two months (!).
Google got a minor slap on the wrist for their last antitrust case so now they know they're invincible and can get away with anything.
I wonder if it's possible for a consortium led by major phone manufacturers to "libreoffice" Android away from Google's control.
Android (to a lesser extend iOS) has become deeply embedded in the infrastructure of modern society. It is essentially a public utility and should be managed as such.
Major phone manufacturers would break androids neck. (E.g.Samsung)
Does it also mean that developers in "bad" countries will not be able to create installable Android apps?
Related question, is Modern Android as good if not better than iOS? Or does iOS still have an edge?
> please big corpo overlord do not do what is most profitable for you, pretty pretty please please
It’s funny how the “Google doesn’t control it it’s open source” crowd has gotten very quiet as of late. See also chromium and manifest 3
Let's not forget Google was legally forced to open up distribution to alternative app stores and direct downloads. This gives them some baseline security/accountability that applies to even side-loaded apps.
I've only been interested in Android phones particularly Pixels because I can just flash another OS and do whatever but if Google goes through with this I might consider iphones this time
Don't be a jerk, if you sign this, you should sign "Make iOS Open" first
Why? iOS never pretended to be open.
So what? I don't care what iOS or Android pretend to be, I care that they are not open.
The issue of android being open is not a developer issue. I do not mean, it does not affect developers, rather that the wrong that must be righted is to the user.
The F-droid article states: "You, the consumer, purchased your Android device believing in Google’s promise that it was an open computing platform and that you could run whatever software you choose on it. "
This is an actionable issue. I believe this is a legally reasonable issue. If you buy a car and then the car manufacturer changes the car so you can only buy gas from them, or parts, that is an offense.
If you accept that users are wronged by googles action, the problem is what can be done about it?
Wrongs committed by companies like Google, Apple, Amazon are difficult to fix because of failures in our legal system. The typical legal action is a class action suit. These typically result in large "settlements" with little real effect. Users get a notice that they are entitled to $40 but only if they jump through seven hoops. Lawyers on both sides make out like bandits. The offenders have little incentive not to be repeat offenders, just not to get caught again. This is an acceptable risk for corporations and so does not act as a deterrent.
There are states Attorney Generals who can file anti-trust actions. The US government (ha ha) could file an anti-trust action. In my opinion neither of these are likely. And even if it happens, it will take years. And years.
A problem with these two legal solutions is that they rely on someone else. The result is that users are victims. We are all used to that by now.
Since we, as android users, are legally entitled to compensation - is there another way to take a legal action.
In most states the limits on small claims actions is between $3000 and $10,000. Well above the cost of an android phone. If there is one class action legal suit against google they can easily spend the money to defend it. And the time. They have the resources to do this.
However, what would happen if 1000 people filed small claims action, asking for a refund for the cost of their phone? Google is declaring war on users. They have their big legal tanks. Small claims are the equivalent of drones in the legal world.
We have the internet. We have AI. Can we generate reasonable and fair legal small claims court filings for each of the 50 states and put them online to help people.
We, the people, have learned helplessness. We need to learn something else or resign ourselves to simply being fodder for predatory actions by corporations.
Please, just give users the ability to say whether they want this "extra safety" control on. (If it even is extra safety, but whatever.)
If they don't, they can sideload, and use F-Droid, and etc.
And then we can debate whether it should be default on, or default off, and how hard it should be to turn off.
I don't understand the Google's move. Google uses Android as a platform to collect virtually everyone's personal info and build the profile to benefit its ad business. If there is an extremely tiny chance that people (or a sizble population) may walk away from the platform, it's not worth the risk.
Remember when Apple removed the signature of the dev of iTorrent, distributed via an 'alternative' app store?
Exactly the same.
GAFAM are controlling what you can and cannot install on your computer.
It's time for a broader law that goes beyond what is in the DMA (bootloader, OS, etc...).
Are there any alternative mobile OSes actively developed? I remember Ubuntu Touch was the thing and something from Firefox, but not sure if they are continued?
Ubuntu Touch is still a thing.
We also have PostmarketOS (alpine base) and Mobian (debian base) as frontrunners. Supposedly Arch Linux for ARM and openSUSE Tumbleweed are also used by some on mobile.
There's HarmonyOS [1], which is developed by Huawei, and which has a similar mix of open (OpenHarmony) and proprietary components. I haven't used it, but it's supported by quite a few phones and sort of surprised it wasn't mentioned anywhere on this thread.
[1]: https://en.wikipedia.org/wiki/HarmonyOS
https://mobian.org
A year ago I built a React Native Android app for my wife called "Pimp daddy", which she uses to track her earnings as an independent contractor.
The whole concept is meant to poke fun at the idea of me "checking up on her" (I file her tax returns) and the entire theme is 80s pimp styled.
Every time she submits something, she'll get a random pimp remark, like "Go get that money for me, girl!". She just rolls her eyes and ignores it, but it's what made it fun for me to work on it.
Edgy stuff like that could jeopardize my account in the near future. It might just be security now, but an automated "naughty words detector" will be an obvious next step.
I doubt I will invest any more time in hobby app development if I have to deal with some humorless overbearing watchdog telling me what I can and cannot install on my own device. Very sad to see Android following Microsofts anti power user direction.
never been a better time to donate to postmarket os, mobian or friends.
If you leave under a dictatorship you definitely don't want to reveal your identity to develop and distribute an app that fights the government.
It is a story I heard way too often. Big Tech creates something which is so convenient, you don't want to miss it. Then Big Tech breaks that something, makes it more expensive or uses any other means of rent-seeking just pissing of its customers. We as consumers are by far the biggest lobbying-group, but nobody really gives an f. I'm trying my way with /e/OS but thats not for everybody. It also shows me how deeply dependencies on google services are woven into the whole ecosystem - even on open source apps.
You can't even develop without the paid dev account? I thought it'd just be for distribution. Like, you can build and run whatever you want on an iPhone without a paid account.
You can develop and install via adb, but you can't just tell the package manager to install an APK you downloaded on your phone. Maybe attestation makes sense to allow Amazon App Store or Epic Games Store to be installed without a warning and to allow companies like Spotify to distribute their apps themselves from their websites without using Google Play Store and without a warning. What's wrong is preventing people from installing apps that haven't been attested by Google straight from their phone, even with a warning.
I get that requiring attestation for downloaded apps is wrong too, it's just this website says "it will no longer be possible to develop apps for the Android platform without first registering centrally with Google" which seems incorrect from what you're saying.
Edit: Oh I get it, "develop for the platform" means develop and distribute. Maybe it's just me, but seems like an important difference.
I think it is and it doesn't just end there. It's develop and distribute binaries.
Everyone is still free to develop and distribute source code.
The nice thing about laws in the EU is: if Google locks it down, like iOS, we just enforce that it needs to be more open again.
But for iOS, that did not work well so far, as I have zero apps installed via AltStore PAL (iOS), yet some apps via F-Droid (Android).
Given the apple v epic ruling about in payment commision outside the app store, I don't understand this. I assume Google would get the same ruling if they tried what apple did, so why bother with walling off if you can't get paid?
At least with 3p app stores they could have Gpay if the app developer wanted to, but now they will be pissed and can't build a 3p app anyway since users can't install it via 3p app stores.
> why bother with walling off if you can't get paid?
To destroy competitors of Google apps such as Aurora Store or NewPipe.
I bet those are just a rounding error to their profits.
How about linuxonphone.org and just dump all your financial/auth related apps to an old Android phone?
Actually, better, dumbphone.org and dump all financial/auth/chat apps to an old Android phone that costs some $200.
That's doable for now in some places. But in an increasing number of countries, payments for just about everything are done directly from an Android or iOS app, so you'd always have to carry around this locked-down phone as well your Linux phone.
I love this and I'll support it, but I know that in the end it won't make a difference. Consumers decided they only wanted 2 choices, and these are the consequences.
What's the best resource to keep track of all efforts to make open source phone OSes?
I'm looking for a new phone and it's tough with the current state of things.
Also about contacting your government, what's the best approach? I'm in EU.
The idea of offering something for free then later deliberately restricting and or reducing its scope after securing enough takers to maximize benefits and advantages for those making the offer ought to be unlawful as they are knowingly and deliberately manipulating human nature. Those who accept such seemingly appealing offers often end up disadvantaged or harmed. And here with Google's latest Android edict we have yet another instance.
Manipulation and deception tactics are particularly relevant in internet age and they are Big Tech's standard modus operandi because its found them to be such financially successful business models. Laws need to enacted to prevent such exploitation as it is unreasonable and unacceptable for the psyche/reasoning of ordinary citizens to be pitched against such psychological might.
As so often happens with such authoritarian and manipulative dictates, this Google edict comes wrapped in the usual paltry excuse of security. Even Blind Freddy knows this excuse to be bullshit and that the real beneficiary is Google. The time has come for Android to be decoupled completely from Google.
It's tragic that despite a monopolistic finding against Google the Law didn't recognize the fact.
The European Commission public consultation is closed. Maybe that would be worth adding a note.
Perhaps Android could run sideloaded apps in a container. I know Android apps are already somewhat contained by userid.
perhaps the users should be allowed to install whatever they want on the devices they own? this "security" narrative google spews is weak, considering how much malware fails to be detected by play store
I just bought a fairphone6 hoping this phone would last me a decade with security patches and lineageos support. Naively I was assuming Google would keep Android open for that period. Now I might as well switch to Apple so I'm in sync with the rest of my family. Ugh.
You will probably run some kind of community Android distribution on that phone, like Lineage or Graphene, and those will likely not include this limitation. The world will be worse off, but you and I will be unaffected. Worst case is that future Google will decide to kick us out of the Play Store, but there has been plenty of workarounds for that before.
I've been using Android phones since the OG Droid (2009) because I could install software on it. My next phone will be an iPhone if this doesn't change.
You can still install software on it.
Will this impact forks od AOSP? Like lineage os or graphene os?
Whats also an issue is that Android seemingly has stopped publishing the source code for Android (AOSP). Android 16 QPR1 has been out for months but still no source code released.
Yep, slowly moving pieces of AOSP to closed source and now silence on putting out any AOSP releases, in the name of simplifying their development..
They're exremely tight-lipped on this.. many people asked using multiple channels but no response for months.
Considering that Google has stated their intent that Chrome OS and Android are moving toward a single unified platform, they will essentially be fucking up the laptop/desktop market as well.
The only remaining good thing about Google is their Project Zero. They have become the same shit as every greedy company.
The play store ID process is ridiculous, their AI is making up BS why it wouldn't let your documents pass, clearly no human in the loop.
In the EU we can report this to: comp-market-information@ec.europa.eu
State that: Google is abusing its dominant position on the market for Android-app distribution by “denial of access to an essential facility”. Google is not complying with their "gatekeeper" DMA obligations (Article 5(4), Article 6(12), Article 11, Article 15)
Attach evidence.
Financial penalty is the only way to pressure this company to abide law.
The EU's DMA team replied to a previous inquiry:
> [...] the Digital Markets Act (‘DMA’) obliges gatekeepers like Google to effectively allow the distribution of apps on their operating system through third party app stores or the web. At the same time, the DMA also permits Google to introduce strictly necessary and proportionate measures to ensure that third-party software apps or app stores do not endanger the integrity of the hardware or operating system or to enable end users to effectively protect security. [...]
They seem to be on it, but no surprise: it's all about Google's claims for "security" and "ongoing dialogue gatekeepers".
Freedom to use own hardware or software, no.
Every company is open when they gain from it and closed when they gain from it. The idea of free general computing needs a different sponsor. Like a country or regulations. I don’t think open source projects and private companies can defend this idea adequately.
It's finally the time for Sailfish OS / Linux Smartphone OSes!
EDIT: apologies I misunderstood that this is limiting third-party distribution. I am of course, in favour of this.
Original comment:
I don't want this. The App Store on iOS has its flaws, but it's a curated system that has a lot of checks in place to prevent malware. I have never felt unsafe on iOS and it's the primary reason I've not joined Android and the Play Store's wild west.
I can't emphasize this enough, your comment is 100% wrong.
This is about only allowing play verified apps. Play store will remain whatever you think of it regardless of this move.
What this has to do with the topic, if you're on iOS?
Because I'd actually be interested in an Android phone if Google locks down the play store to legitimate actors, increases the barrier for entry and improves the quality and safety of submissions. Which this looks to be doing?
This is not Google locking down the Play Store, it's them restricting distribution outside the Play Store, which you don't have to do in any case.
Apologies. I did _NOT_ gather that from reading the OP.
Why would you be interested in Android?
Isn't iOS a pinnacle of UI/UX loaded with most innovative features in the world backed by the most genius CEOs of all times?
You should just check submission link contents before commenting. This just locks down apps outside of google play.
> Android phone if Google locks down the play store to legitimate actors, increases the barrier for entry and improves the quality and safety of submissions
Locks down how? This is literally how it is from the start. Ignoring the fact that it is completely unrelated to the topic, this is just wrong regardless.
Unfortunately the feedback period for the European Digital Fairness Act has been closed since October 24th. Does anyone know of another way to appeal to my European overlords^H representatives?
Write to your mep
Seriously, is this launched by Google to keep people from doing something real? Kindergarten...
Keep Android open.
Has anyone seen Andy Rubin publicly comment on Google's stewardship of Android? I wonder what he thinks about his creation and the way its evolving.
Considering Andy Rubin is a massive creep, let's not have him publicly comment about anything at all, ever: https://www.cbsnews.com/news/andy-rubin-google-settlement-se...
Google is killing Android. Along with the side-loading changes, I'm losing the desire to keep using it, as it's no longer an open OS.
What's the point of those changes? Does Google want to maintain its revenue from Play Store? Feels like a bad long-term decision, especially when Apple is releasing excellent phones.
Google is evil. Every single one on here arguing "but muh security improves" is against freedom of computing, plain and simple. There's no middle ground.
Google & others have slowly turned down the freedom dial over the years and we let it happen. People working for Google let it happen. I'm not aware of any inside movement protesting this like they protested against various social issues.
Security that you can't turn off is basically a prison.
Kill it so we get a chance to see a new competitor.
have you seen the stupidity that is trying to develop for ie qualcomm soc if you are a small fry?
It won't get better if nothing changes.
that's cool and all, but I would just like to sign the letter from a form on the same page instead of having to email someone
Just installed Lineage OS 23 (androind 16) on my Motorola g84. Works like a charm. Banking apps work. Do I need to say fuck google? Like it's not obvious?
For what it is worth, I submitted a (totally, different, "handwritten", personal) complaint to the UK's CMA about this a few weeks ago, when it was first announced.
I received _the_ most boilerplate "Thanks, bog off" response imaginable, which I presume is a good thing...
So, I naïvely think one way to push this higher up the priority list and get the UK's regulator to act at least would be to look at those prioritisation principles and make the point that it falls high up them. One of them is "The CMA’s work should ensure that competitive markets provide choice and variety and drive lower prices"; another is "the CMA’s actions should empower competitive, fair-dealing businesses to compete, including by addressing the behaviour of a small minority of businesses that try to harm consumers, restrict competition, or prevent markets from functioning properly".It's pretty clear to me that Google's direction won't be going down this route, and in many ways I wish I knew about these before submitting my complaint. If you're reading this in the UK, consider looking at those guidance points and hamming home explicitly how this move by Google breaks those points – which, frankly, it clearly does (it is going to reduce choice and variety; it is also explicitly restricting competition and harming consumers!)
These things simply do not work. Things that work: legislation (when enforced); lawsuits (when successful and very costly to the company); physical violence of course; people collectively refusing to buy the product because now it has zero advantage over Apple or because someone comes out with a new better competitor; forced interoperability via reverse engineering.
The discussion between open-source and closed-source is essentially a discussion between communism and capitalism.
Anything that reaches a certain threshold of value to society and requires enormous effort to build and maintain has to fall back to a capitalist, for-profit, closed-source structure. That's all that's happening here.
Of course, small stuff like a software library that doesn't require much effort to build and doesn't provide much value can remain open-source. I personally think this obsession with open-source software is simply an obsession with communism and getting things for free, and not wanting getting rewarded for the value of the stuff you build, etc.
> I personally think this obsession with open-source software is simply an obsession with communism and getting things for free, and not wanting getting rewarded for the value of the stuff you build, etc.
Except that both platforms (iOS as well as Android) were either born out of OSS or are still reliant on active development in such projects. They created nothing, they took something from the commons, polished it and are now rent-seeking. It was tolerated till they threatened to choke all competition and trap and rent-seek the entire world with their duopoly.
> they threatened to choke all competition and trap and rent-seek the entire world
They did so legally and didn't break any rules. This is the game of capitalism, and the fact is, IOS and Android are extremely well built and developed, and no open-source project would ever come close to the hundreds of thousands of paid engineers that built IOS and Android.
You can either have capitalism and IOS and Android, or you can have communism and a society that is 10+ years behind in development. Do you really want to give up IOS 26 for a blackberry?
Ah, yes, the library named Linux.
Linux, even though you may think is a massive project and you may be right in some regards, doesn't require massive amounts of capital, human resources and paid developers, etc. to build it.
Android on the other hand is developed by thousands of engineers and is a much larger project in terms of monetary investment than Linux. Linux was essentially built by a single guy. Android could never have been built by a single person or even a open-source project. It's too massive.
However complex you think Linux is, its just a kernel and doesn't require a conglomerate to build and maintain for billions of users. Android does, and those developers need to get paid for the massive value they provide.
My apologies for not being precise: Linux/GNU and all the BSD variants.
My point still remains, none of these projects require tens of thousands of paid developers to exist. They also don't provide nearly as much value as Android does. Billions of smartphones use Android. Linux is not even used by regular people. And its precisely because it didn't have the same level of development MacOS and Windows had with many orders of magnitude more PAID engineers working on those
What about this is communism vs capitalism? Or even closed vs open source. There are billions of android devices in people's hands. Requiring a centralized authority to authorize what code people get to run on their own devices has nothing to do with a free market economy. This is a private entity telling us it's not safe to run code on our own computers without their approval.
Linux doesn't need a for profit company gate keeping it to ensure it is safe and secure. And even Windows doesn't prevent you from running any executable you choose from the internet. Why are phones treated differently?
Because everyone in this comment section is arguing that Android should be open-source and detached from Google. I'm saying some things are simply too big to be built by the community.
The developers need to get paid. And the developers only get paid if the system is closed-source such that the revenue can only flow back to Google which is where the developers are hired at. In other words, yes it needs to be centralized, and the reason is the money required to build Android is just too much and therefore needs to be developed under a for-profit capitalist organization like Google.
This is the problem with this Hacker News platform. Who is downvoting me instead of discussing my points?
This platform has the EXACT same problem as Reddit. People can just silence you before you had a chance of discussion. What a waste of fucking time. Instead of improving our world models of reality by having discussions, you can just silence others because you disagree. Remove the fucking downvote button! Just remove it, jesus fucking christ. Who thought this button was a good fucking idea?
I'm nearly out of this garbage. The same way I left Reddit long ago. X is the only platform that allows free speech.
It's time for a new non-Google OS frankly. Not sure if HarmonyOS would be the one, but I don't see a lot of Mobile OS development going on anymore
https://wiki.pine64.org/wiki/PinePhone_Software_Releases
I've got my Linux smartphone running and ready to go. VWYF, folks. I'll take shitty software and poor battery life over digital authoritarianism every single time.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
Which brand do you suggest ?
Google wants my apartment lease to let me distribute free games, so I just won't support their platform.
This is not about security, it's about control.
gonna say: the pinephone has been hell over the last few weeks. Phone auto-boots whenever power is applied (either by their keyboard case or via USB-C), then the battery dies very quickly, and you need a minimum charge to boot the phone, so that means you have to swap an SD card in there with JumpDrive just to charge the darn thing. There are some mitigating factors (larger battery, Tow-Boot + loading OS from SD card, potentially some SMT soldering shenanigans), but I genuinely feel like this is a fire hazard. I -do not- recommend inflicting this on others.
someone suggested (I can't lost the link) flipping the script with a GLiNet Mudi hotspot with SMS forwarding (to e-mail); I really like this idea. It would be suuuper neat to play around with the tethered model: make SIP calls with a hacked Switch with Android installed / dedicated ruggedized VoIP phone for emergencies, or justify making and carrying a cyberdeck.
Personally, I'm hoping to revive my 3DS because I fell in love with the darn thing again (and its near infinite battery life). I heard you can make calls on the original DS with SvSIP, so suuurely that can work on the 3DS too. As a fellow gamer and android dev I'm sure you'd appreciate the idea.
I don't want a phone owned and controlled and spied on by governments and mega corporations. I want a Gibson-Neuromancer style obelisk disk blob thing that does Internet, Telephony, and Computer stuff and uses whatever I tether it to as the human interface.
This is not about security, it's about control.
Of course we know, but they always spin it as being about security.
They are just careful not to say whose security.
It's not a lie if it is to secure their cashflow.
One man’s security is another man’s control.
Edit: and to be clear, I’m against this change by google. I think there is value in protecting grandma from sideloaded apps (if that even happens in the real world) but this isn’t about protection of consumers, it’s about centralised control of what you can and can’t do, in preparation for handing over the reigns to an authoritarian government. ‘Security’ either to protect you from scams, protecting YouTube from third party apps, or preventing nation state hacking or similar will inevitably be the driving narrative.
No, it's not security. It never was.
Weird micro-aggression without any argument to back it up.
i've had a positive experience with OnePlus 6 and Mobian, but if you want something more modern with a business behind it, check out https://furilabs.com/
This looks kind of cool, but it lacks a headphone jack...
Which you think would be the first thing you'd put on there since Bluetooth pairing is extremely difficult to get right when you're using custom operating systems.
If you're cheap like me a used Pixel3a is a grand device.
My primary for the time being remains GrapheneOS, which, ironically enough, only runs on Pixel hardware for now (though the GOS team is working with an unnamed major Android OEM to produce a handset that meets GOS's strict platform requirements).
My Linux phone is a PinePhone pro, which I believe is no longer being sold. It's not great. Phosh could generously be described as "in progress" last time I used it. UIs for many applications aren't built for small touchscreens like that.
I'd have to review the hardware market again if I were going to make a fresh recommendation. Librem looks cool conceptually, but they're a bit pricey, and their framing of a "Made in USA" variant as a premium feature rather than a red flag, a reputation risk, and a supply chain risk make me skeptical of whether Librem is a trustworthy entity at all, or might just be controlled opposition. That could just be me erring on the side of paranoia, though.
>VWYF, folks
Volkswagen Your Face
Vincent Wants Yummy Fries
Viewing Worked Yesterday, Frank
Voyeur Whom You Fuck
Veiled Widows You Fancy
Vore Website? Yes, Free!
Vote With Your Francs, obviously.
You can still run an Android build that doesn't require a Google signature for apps. You'll just lose access to Play Integrity APIs, which you wouldn't get from non-Android Linux phones either. A better technical solution is to set up a federated replacement for Play Integrity that third party ROM developers can opt into and a library that can use that or Play Integrity for app developers that want it to use.
Banking apps will not work then.
That's a bit overblown. Almost all banking apps work fine. You might be one of the unlucky few of course, but there's no need to scare others from running free software.
I think the "one smartphone for absolutely everything" era is over. Either switch banks (there are many who don't do this nonsense) or have a dedicated Android/iOS device for banking.
This works now, but good luck in 10 years time when the radio chip requires a digital signature from the host OS signed by google or apple and your current phone is deprecated by 6g or whatever.
when the radio chip requires a digital signature from the host OS signed by google or apple
China will never let that happen.
I remember, when DVD players were required to show mandatory, non-skippable sections of video, chinese players violated the standards and international agreements and allowed skipping those sections, and they also sometimes illegally ignored regional restrictions.
I think times were different back then. Modern times are more like China selling Playstation 5’s with mod shops: to my knowledge, they currently don’t. Even if it ever becomes a thing the PS6 is only a few years away and will be even harder to break.
Google, Apple, or CCP. Problem solved.
I mean, the actual implementation will be that CCP signs Google DragonFly Global Root CA cert, and Apple runs Google signed firmware, but those are just minor implementation details.
5 eyes governments would be able to mandate this to stop against the ‘persistent evils of China’
The irony, software freedom is now dependent on China.
Mobile hotspot with a wireguard tunnel wrapping all traffic. Different RF bands (e.g. Starlink). Unauthorized private autonomous mesh networks. I don't care how hard they make it. I am never going to stop uncompromisingly exercising my right to absolute control over hardware I bought and paid for.
reminder that stallman was cancelled from the eff with adhominem attacks. and we are back to calling free software (which would prevent things like the article) as Open-Source (which ia just donations to google and meta)
This is worst thing ever happened to humankind.
If people working for Google had a conscience, they would be working to break the system from within. At this point it's leaving the confines of anti-consumerism and entering into a gray area of basic human rights abuse. It's clearly a cartel market with the other big players (Apple and others to a lesser extend) that needed to be broken 10 years ago(if it were possible).
It reminds me a bit of the book "The Constant Soldier", depicting Auschwitz guards and staff enjoying their carefree holiday at a nearby lake resort, before going back to burning people. Might seem like hyperbole, but I think we're rushing towards an ugly plutocracy.
Going full on Godwin today?
People working for Google are not Nazis and people using Android phones are not like Auschwitz prisoners. That's a really terrible analogy.
If you care about it, then buy Android phones that will support sideloading. Financially reward companies that are doing what you want.
Which Android phones? If I understand correctly this will be a requirement for certification, so any devices that do not enforce it will not pass integrity checks. Goodbye banking apps, etc.
Chinese phones, ones with GrapheneOS, new ones created to fulfill the market demand Google is creating.
>will not pass integrity checks
Those apps can add support for other integrity APIs. Operating system owners can fund this work to help their operating system gain marketshare.
This affects all Android devices with Google Services.
99% of malware with real world consequences of people losing much or all of their money is from unverified developers.
This is a step in the right direction to keep people safe in my opinion. Most people around the world don’t understand the risks.
Having a trustworthy channel for verified app loading is a vital security tool. F-Droid is such a channel; the Google Play Store is not. F-Droid inspects the source code of the applications they build, removes malware and other antifeatures from them, and compiles them from source to ensure that the binaries they deliver correspond to the source code they've inspected. The Google Play Store doesn't do any of those things. Consequently it's full of malware.
The topic here is Google nuking F-Droid from orbit, probably because it has NewPipe.
I'm not sure about the NewPipe angle, as Grey Jay exists (Backed by FUTO/Louis Rossman) on the Play store, which has ad-block and sponsor block incorporated into it. Google is just being malicious towards opensource and privacy, under the guise of security
Not neccesarily a guise of security, but perhaps a different means of security. E.g. securing stock investments, profits, monies, etc. Nothing is 100% secure, you can't be in the void and still call it a void, etc
"NewPipe" I use "PipePipe", which does less stracktraces.
AFAIK most of the victims actually fall for social engineering in combination with legit apps. If you force developer registration criminals will simply find other attack vectors.
You are restricting a fundamental digital right in exchange for a minuscule reduction in risk.
The ability to 'sideload' is already off by default, and warns you before turning it on. Maybe just a bigger or sterner warning? I mean there's only so much you can do there...
This won't be true for much longer iiuc. Look at the outcomes of the Epic lawsuit. That's probably why Google is changing how they tackle this problem.
When was the last time you read articles about malware in F-droid? When was the last time you read articles about malware in the play store?
What those "people-who-don't-understand-the-risks" will do then, with more money left? I think they will give their money to all sorts of political populists, who will cause danger not only to themselves, but everyone.
YOU should be kept safe.
The malware boogeyman is really paying off tangibly for Google. They've got actual fans of their profit-motivated paternalism.
Anyone who has lived through the windows PC era knows it's a legitimate problem. Google has tons of data to show malware exists for Android as well. Being able to prevent that malware from affecting the lives of Android users is a moral imperative for Google. I understand why folks are skeptical, but it's worth trying to dig into the fact rather than just react blindly.
That's rich knowing that both Apple and Google get most of their store money from dubious casino like games which I'm uncomfortable giving to my family.
Before they are allowed to make any comment on scams, they should clean up their own store first.
99% of all malware with real world consequences is caused by unverified developers, ergo, all unverified developers should be removed from app stores.
99% of all car accidents with real world consequences are caused by licensed human drivers, ergo, all licensed human drivers should be removed from roads.
Same argument. It's true, and simultaneously, it skips right past all of the ramifications of the proposal, even when the ramifications conceivably result in more harm than the original problem did.
https://en.wikipedia.org/wiki/G._K._Chesterton#Chesterton's_...
Akshually 99% of malware with real world consequences comes preinstalled on your phone.
A ton of malware is pushed through Google's adsense network, which already requires some level of verification afaik. It doesn't stop jack shit. You are naive if you think more verification is somehow going to stop this.