Installing any app I want outside the Play Store was the primary reason I decided to go with Android, despite most of the people I know using iPhones. If I can't do this anymore, I may as well switch and be able to use iMessage and FaceTime with them.
Android is losing a unique selling point. This will have an impact on what a techie may recommend to a non-techie in the future, because everything is beige now.
I have the feeling Google has given up on using nerds as beachheads. The market is saturated enough and they don't need us anymore to do grass roots spreading of their products. It's the same with Youtube. As long as there were enough people who were unencumbered by ads because of their ad block and kept spreading links, the importance of Youtube was growing. After market saturation that vehicle isn't necessary anymore and they can squeeze them out.
The lack of antitrust enforcement is a clown show.
We have no choice in the most important computing category in the world. It's a duopoly and they have everyone in straightjackets - consumers, companies, competitors, governments, ...
A huge percentage of the world's thoughts and economy flow through mobile. And two companies own it.
Breaking up Google will not help in this particular case. The problem is entirely within the Android unit; and would still be present even if Android were to be split off into it's own company.
It certainly seems like there is problematic behavior in the restrictions Google puts on OEMs that want to use Android (or, more specifically, play services) on their devices. However, I think it would take a different enforcement mechanism to address that.
Then why does Google make so few anti-consumer decisions? I mean, compare Google with Facebook. Surely we can agree Google is the better behaved of those two.
Apple only allows software on their macbooks and mac mini, and every release of MacOS it's more locked down. Everything else, from iPhone to the watch, is 100% locked down. Likewise, every version of Windows tries, again and again and again, to lock down programs that can be run. People absolutely don't accept it, but they do try (remember when they tried to bury the ability to run unverified apps behind a price hike?)
I'd at least give it a shot to simply appeal to Google on the justification they give. After all, the blogpost ... It is very strange for Google to do what they do in that blogpost, don't you think?
"In Brazil, the Brazilian Federation of Banks (FEBRABAN) sees ..."
"Indonesia's Ministry of Communications and Digital Affairs praising it for providing a “balanced approach” that ..."
"Thailand’s Ministry of Digital Economy and Society sees it as a “positive and proactive measure” that aligns ..."
"Developer’s Alliance have called this a “critical step” for ..."
And it's easy to come up with other government requirements, like the DMA (yes, ironically) and ChatControl that require vendors are able to disable apps.
Clearly there is more than a little government pressure on Google to do this, including US and EU lobby groups (Developer's Alliance). Clearly Google is unwilling or unable to resist government pressure to allow governments to control which apps get to run ... Has anyone even asked these groups why they push for this?
> I mean, compare Google with Facebook. Surely we can agree Google is the better behaved of those two.
I'm not sure I agree, particularly with respect to their core businesses. Like Google basically own all parts of the ad stack and use that dominance to compete unfairly against basically everyone else, causing them to appear to be a better service. There was even an anti-trust case about it (up for sentencing at the moment, here's hoping for a breakup).
Facebook have certainly done a bunch of nefarious stuff, but Google is just a more useful product to the people who come here (and I agree with this), so they get more of a pass.
"Too big to fail" usually refers to companies such as banks that are such integral parts of the financial infrastructure that governments must bail them out when they screw up. In Google's case I would rather call it "too big to care", because every fine they get is basically a rounding error.
It is not just that. In my case , everyone around me are using iphone . I made the sacrifice to not easily connect with them and use android so that i have freedom ( to install, customise what ever).
Once that freedom aspect is taken away. There is no reason for me to make that sacrifice.
Until EU's cross compatibility between messaging apps is passed, we are forced to be in vendor lockin.
I want to preface this by saying that I use almost only signal, but I do get the appeal. Walking out of the house and switching from wifi to mobile is so smooth, signal always takes a hot minute to reconnect, but with facetime (and for that matter meet and whatsapp video calls) you barely get a stutter. For the most part it really is a "it just works" solution whereas signal sometimes feels a little klunky. I don't mind, but I get that people value that.
It’s utterly bizarre how BBM could have been the iMessage and WhatsApp and who knows what else. But rich out-of-touch people thinking exclusivity is a perk in a commodities market just shows how business savvy and wealth are in reality disconnected from eachother.
BBM itself should not have been a lock-in. It would have taken incredibly little effort to open it as a desktop messenger that can seamlessly interact with people who have BBM numbers for example.
I doubt they learned their lessons. Apple walked all over them in so many ways and, if memory serves me right, they even mocked Steve Jobs over the iPhone.
Edit: just so I’m clear I’m discussing it from the perspective of early to mid 2000s. iPhone hadn’t yet come out, but iPods were popular. Trillian and Pidgin were dominating the online landscape of software that could support multiple chat protocols - seamless ICQ, AIM, IRC, Yahoo, MSN Messenger, all in one program. If there was a time for RIM to corner the market here it was right then and there because BBM was the real deal, being available on phones and they could have signed agreements with others to bring it to, for example, Nokia and Motorola and whoever else.
Isn't that just doing their jobs as executives for a competitor?
Though internally, one would hope they were sounding some alarm bells. Though at the time, it wasn't at all obvious that people could get used to doing relatively serious typing on a small (even tiny back then) virtual keyboard.
Time after time we believe people in important places have some higher knowledge or some deeper insight. However, more likely, they were just regular people who were in the right place at the right time. I don't think they understood what they were up against. Neither did Nokia / Microsoft with Windows Phone.
Just to assist perplexed netizens like myself, apparently in addition to being an acronym for Big Beautiful Men, BBM also stands for BlackBerry Messenger [0].
Weird. If I wanted to send messages from my BlackBerry, I used AIM. I had no awareness of BBM (despite owning a BlackBerry), nor would it have provided nonzero value even if I had heard of it.
This does not suggest to me that BBM was somehow positioned for mass adoption. There was no problem for it to solve. It was worse than the existing messaging landscape.
(If I had wanted to send a message to someone else whose only mode of communication was their BlackBerry, a situation that never arose, I would have emailed them. Convenient email was the BlackBerry's entire marketing strategy. Note that this works just as well on smartphones today.)
BBM was the iMessage and WhatsApp before either of those.
WhatsApp became popular specifically because it was a multi-platform replacement for BBM.
BBM had little else to offer in terms of apps. It was a corporate ecosystem and good at that part of it.
iMessage also came out after BBM, and did their own device lock in, except iPhones were designed for the many instead of the few, especially beginners to smartphones.
Yes, Lineage and Graphene are far more usable than people without first hand experience imagine. The vast majority of Android apps just work. Some may display a warning when first launched about custom ROMs being "unsupported" (like Whatsapp), but then just work as expected. A few users also report broken notifications (those that use Google's library to implement them), but it's a minor inconvenience, at least for someone like me who dislikes notifications.
And there are many great apps available on these free Android devices that are simply not available on "official" builds such as NewPipe, because Google obviously doesn't want you to block ads on Youtube.
> I just switched to the iPhone with the new cycle, explicitly because of this news.
And guess what, sideloading has never been allowed on iPhones.
So you just went from bad to worse. The only rational option for tech-minded people nowadays is to buy a device that supports Lineage or Graphene (ironically Pixels are good for this) and to replace the stock OS.
Well no, the iPhone has niceties that Android lacks (as evidenced by its total market dominance for markets who can afford Apple devices). Lots of engineers use Android phones, but the C-suite invariably uses iPhones.
So if the reason you're choosing Android over iOS is freedom and flexibility, once that's gone, why not choose slickness, speed, battery-life, photo quality, and an integrated experience?
I have owned iPhones in the past (and still have a couple of old models collecting dust in a drawer), and I don't think they are in any way more refined than my Pixel 9 running Graphene. Most importantly, it is immune to arbitrary restrictions like sideloading bans or government-mandated spyware (aka Chat Control in Europe).
I glanced at Ubuntu Touch, but its device compatibility looked severely lacking (https://devices.ubuntu-touch.io/).... I have old Pixel phones I could potentially try it out on, but the last Pixel phone that is officially supported is the 3a. So that is a bummer.
Re: banking, not until adoption of non-Android and non-iOS devices grows. To break this chicken and egg problem, one can get an Android phone and use it exclusively for the banking app, treating it like one of those hardware security keys the banks used to give out in the early 2010s. One used to just leave it at home; maybe take it to work occasionally. Another option is to live like the early 2000s and go to an ATM/bank for all bank things, including account consultation.
The biggest bank in the Netherlands at least requires the app to confirm payments. Although they do still have these paper slips (maybe) for transfers but that cannot be used for ecommerce
> The biggest bank in the Netherlands at least requires the app to confirm payments
This is (I believe) part of PSD2, so basically all EZ banks require this now. Hilariously enough, they still have absurdly weak passwords but apparently they meet security requirements by forcing you to confirm stuff on your phone.
Written (on paper) transfer orders. You fill them out at home and throw them into a special mailbox at the bank. Old people still use them, I even used them occasionally 20 years ago or so because they sometimes came with invoices, pre-filled with receiver details, so they were about as convenient as online transfer.
Ubank in Australia just told me they’re retiring their website in a few months, the app will be the only way to access your account. It’s digital only, so no real world branches either.
My bank in Australia has a great desktop website, but you have to do 2FA on your phone to access it. That means even though I prefer to use the desktop site, I still need to be able to run the app too.
Because WhatsApp is really good, much better than SMS, and everybody uses it.
Meta only bought it after it was already the de facto standard. And to be fair they are only just starting to ruin it after quite a few years. So I would say the world made a pretty good decision there.
WhatsApp works with your phone number. If you have someone's number, you have their WhatsApp. And since basic text messaging is terrible and RCS still isn't universal, WhatsApp is used.
Switching to iPhone will make it even more obvious there is an unhealthy monopoly, so that's nice. If there's no good reason to choose Android, why not?
What we really need is a fair alternative to both these abuse platforms. Choosing an unfamiliar abuse over a familiar abuse isn't exactly the smartest move. The switch over to a free(dom) platform like plain Linux must happen even if we have to make some temporary sacrifices like the loss of mobile banking facilities. It can't be worse than using a feature phone, can it? The app ecosystem will eventually attain parity if the platform achieves popularity.
Then you'd be rewarding the company that pioneered and normalized taking away these rights. The next rights you'll lose will probably originate on Apple again years before Google takes them away too.
But you'll be reminded quickly how comparatively shit Apple's software is.
Aka the litany of "Oh, yeah, everyone knows that's broken but just deals with it, because there's no way to fix issues on a closed platform other than {wait for Apple}."
The only thing I can think of that's worse on iOS is that you're forced to use safari or another skin on webkit rather than true alternative browsers. Everything else works better thatn android AFAICT, and integrates amazingly with MacOS.
Only phones sold by carriers were controlled by carriers. You could easily (in Europe at least) buy an unlocked phone and put in a SIM from any carrier of your choice. You could then easily install (i.e. "sideload") Java apps from anywhere you wanted, e.g. from a storage card or over Bluetooth, although some permissions were restricted unless you bought an expensive code-signing certificate.
How will Google force Android users to "update" so sideloadinng can be prevented
Non-updated versions of Android running non-updated versions of sideloaded apps will not have the restriction
Another example of how not every "update" is for "security" and "updates" should be optional
The computer owner chooses one version of an operating system, e.g., "I chose Android because I can sideload any app", but by allowing automatic updates, without reviewing them first, the computer owner agrees to let the operating system vendor change the software remotely to anything the vendor chooses. The computer owner goes along with whatever the vendor decides, letting the vendor take them for a ride
If the operating system gets _worse_ in the opinion of the computer owner, if it fails to meet their needs, e.g., "sideloading", then that's too bad. The computer owner chose one version of Android, but by subscribing to "automatic updates" they effectively chose all future versions as well
This is why I prefer BSD UNIX-like operating system projects where I can choose to update or not to update. Unlike the hypothetical Android user, the project does not decide for me
HN replies may try to draw attention to "security" and away from "sideloading restriction". However there is no option to accept "security updates" while rejecting "sideloading restriction updates". According to the so-called "tech" companies that conduct data collection and surveillance as a "business model" through free, auto-updated software, every update, no matter what it contains, is deemed essential and critical for "security"
Online commentators seem to agree that the computer owner should have the choice to install or not install _any_ software outside the "app store", so-called "sideloading". Perhaps this freedom to choose whether to install or not install software should also apply to operating system "updates"
> How will Google force Android users to "update" so sideloadinng can be prevented
Google has the Google Play Services, which can be remotely updated via the Play Store, as has been done for the COVID exposure notification system [0]. Google's Play Protect already hooks into the installation process and could be updated to enforce the signatures.
Automatic updates are pretty unrelated. Google can just release an updated version of google play services or a device verification API and everyone's banking/government ID apps will stop working until you manually update anyway. They have a pretty big stick to whack you over the head with if you don't update to the new version "for security"
You can still install apps outside the play store, but the developer does need to verify their signing information. Effectively this means that any app you install must have a paper trail to the originating developer, even if its not on the app store. On one hand, I can see the need for this to track down virus creators, but on the other, it provides Google transparency and control over side loaded app. It IS a concerning move, but currently this is far from 'killing' non-appstore apps for most of the market.
So let's pick a random example app that might be popular on F-Droid today. Oh, I dunno...newpipe.
Given that Google both owns Android/Google Play Store and YouTube: what do you think they would do with the developer information of someone who makes an app that skirts their ad-model for YouTube?
I can't help but feel that this move is aimed specifically at ReVanced.
The "security" wording is the usual corpospeak - you can always trust "security" to mean "the security of our business model, of course, why are you asking?"
Exactly. I don't think Google is doing this so that people don't install some random FOSS alternatives through F-Droid.
Things like Newpipe seems much more of a target, especially if you want to take legal action. More so than stopping users, this gives Google fat more leverage about what Apps can exist. If they ever want to stop Newpipe a serious lawsuit against whoever signed the APK seems like an effective way to shut down the whole project. Certainly more effective then a constant battle between constraining them and them finding ways to circumvent the constraints.
Google is following the same game plan we saw when they decided that the full version of uBlock Origin (the version that is still effective on YouTube) should no longer be allowed within their browser monopoly.
The fact that there was a temporary workaround didn't change the endgame.
It's just there to boil the frog more slowly and keep you from hopping out of the pot.
It's the same game plan Microsoft used to force users to use an online Microsoft account to log onto their local computer.
Temporary workarounds are not the same thing as publicly abandoning the policy.
Curiously, for me Ublock light works just as well after I was essentially forced to switch. I could still get the original to function, but with every random chrome update, the thing would be deactivated, obviously as "insecure".
From a quick glance at /r/GooglePlayDeveloper/ it looks like Google is just as interested in killing playstore apps! It seems that they only want to support the existing larger apps now. I think they are giving a clear message to developers that its not really worth developing for that platform anymore. I think we will all agree that the playstore needed a purge but they seem to be making it impossible for any new solo devs at this point.
I thought most devs didn’t want to develop on android because IOS devs made more income per user (0) and spent more on in app purchases. Android does well with ad supported apps. Paid apps have had issues with piracy also.
“In 2024, the App Store made $103.4 billion to Google Play’s $46.7 billion.”
Not related to this particular news item, but several high-profile App developers are either killing their apps on Android entirely (like iA Writer) or removing features due to Google tightening submission requirements and increasing costs for apps that integrate with their services.
not the change mentioned in the news link. I was referring to what people are discussing over on the reddit play store sub. Google are terminating dev accounts without giving any reasons or warnings. I'm sure most, if not all terminations have have some element of justification but ultimately it means that Google seem pretty happy to terminate any dev account without letting the developer know why. And to make things worse, that developer is forever banned from ever publishing any content on the playstore for life. They cannot make a new account. Their career in android app development can be destroyed in an instant. Most terminations seem to be handled by bots... and to rub salt in the wound, Google only responds to appeals... using more bots. That is according to what the community has been saying at least. I'm sure they know what they are doing and one thing we all know is that Google actually IS big enough not to fail. But it does seem like the right thing to at least make new developers more aware of the risks. And it is obviously a very stressful time for anyone who is actually making a living off an android app.
To wit, there is only one business playbook with two strategies: When you are weak, make friends. When you are strong, make war.
Android used to be weak against iPhone and needed to cooperate, so they allowed more apps in to grow the userbase. Now that they're big and strong, they don't need allies, so they start kicking out everyone who isn't making them money.
Every "enshittified" service does it - Imgur, Reddit, whatever. Everyone selling $10 bills for $9 does it. Microsoft did it. They took a step backwards by buying GitHub, when they realized they were totally blowing it on cloud. But now that they have users stuck on GitHub and VS Code, they're defecting again.
True, although using adb requires the use of the usb port, which for some of my projects is highly impractical.
Also, with this move, Google has made it very clear that they don't want people to have any real control over their machines -- so I'm not inclined to think that using adb to work around the problem will always be possible.
It's fine, though. My hobby projects will continue into the future, just probably without using Android.
I know that this is how shizuku (0) does it and it is required anyway if you want to install multi apk applications so stiff won't change for most people then?
Play Store has an attestation API, Google could simply make it harder to run banking apps and similar if you run GrapheneOS. Something like requiring banking apps to use a stricter mode. GrapheneOS even mentions it's not easy spoofing this entirely as it change often on the FAQ page.
There's only so much you can do as a maintainer of a custom OS like Graphene before its too hard to maintain. I don't think there's enough coming in by way of donations to play catch-up.
Need legislation quick. But I suspect the EU doesn't want side loading either in the grand scheme of surveillance.
It also makes it easy for google to blacklist a developer, if for example the trump administration don’t like them (the same way apple removing apps documenting ICE).
And basically every corporation with any business in the US has proven _more_ than willing to instantly capitulate to any demand made by the administration.
Pretty sure virus creators could just pick a real ID leaked by the "adult only logins" shenanigans, whereas legit app developers probably wouldn't want to commit identity fraud.
If it gets that bad; Google can do what they already do with business listings - send a letter to the physical address matching the ID, containing a code, which then must be entered into the online portal.
Do that + identity check = bans for virus makers are not easily evaded, regardless of where they live.
That physical address will be useless, and probably easily worked around, in many if not most countries. Expecting Google to be able to use that address together with the law is a pretty US-centric expectation. I don't think most virus creators would be impacted, especially not the ones that are part of professional (criminal or government) organizations.
Yeah... no. This is normal with desktop computers. Let's stop handholding people. If I trust the source, I trust the domain... I want to be able to install app from its source.
Googles/Apples argument would have been much stronger if their stores managed to not allow scams/malware/bad apps to their store but this is not the case. They want to have the full control without having the full responsibility. It's just powergrab.
It's normal for Windows and *nix, not for modern macOS which has big limitations on unsigned apps requiring command line and control panel shenanigans.
And you are completely ignoring viruses, ransomware, keyloggers, the 50 toolbars etc that has been the staple of Windows and before that DOS for over 40 years.
Scam apps are rife in the iOS App Store. But what they can’t do easily install viruses that affect anything out of its sandbox, keyloggers, etc
You are missing the part where the OS provider is the virus and keylogger. Unless of course you feel it reasonable that google and apple datamine everything you type via their software keyboard[0] or reading the contents of your notifications via play services[1].
Sandboxing isn't feature dependent on Apple being a big curator is it? These are orthogonal but not the same issues.
I've never said that PCs don't have viruses or that it isn't a problem, only that I should be able to install software from developer I trust if I want to.
I agree let's have sandboxed app instalations on platforms. Flatpak is already going this way. But it looks like big players Microsoft,Apple and Google are gatekeeping app sandboxing behind their stores instead of allowing people/devs to use sandboxing directly.
And then there will still be complaints about Google limiting what apps can do and take away “your freedom”. What happens when a third party app wants to be able to read in other apps internal storage to create a back up solution like iCloud? Should that be allowed? What about if they want to create an app that autocompletes what you type when working in another app requiring key logger like capabilities?
You can have sandboxing and run whatever you want. I do it every day on PCs where I, the user, can define the terms of sandboxing any appliclation I want, and not a trillion dollar corporation using sandboxes to enforce their chosen revenue streams upon users.
Yes and for you to think that is a valid argument for a consumer product is why most open source products suck for consumers and end up being about as bad as the “homermobile”.
You do realize macOS has used sandboxing by default for over a decade, right?
ChromeOS/ChromiumOS uses heavy sandboxing. Android currently uses sandboxing transparently, despite plans to iOS-ify the platform. Hell, Windows uses app isolation sandboxing these days.
All four consumer platforms let you run the software you want to and they provide sandboxing at the same time. They also let you configure sandboxes, too.
As for open source, consumer products like the Steam Deck use sandboxes, popular game launchers like Lutris use sandboxes, Firefox transparently uses sandboxing by default, as does Chromium/Chrome, anything installed automatically with Flatpak or Snap are sandboxed by default and AppArmor/SELinux works in the background automatically on most distros and are activated by default.
Saying open source projects like the Steam Deck, Firefox, Chromium, ChromiumOS and Android suck for consumers is a weird opinion, but you're free to have it.
> Mac apps outside of the Mac App Store really doesn’t have any sandboxing.
Apps can and do ship with sandboxing rules that will be applied at runtime.
> ChromeOS also isn’t open source. And expecting end users to “configure sandboxes” you might as well not have one.
I listed ChromeOS as one of four consumer operating systems used by billions of people that uses sandboxing, not as an open source OS.
Notice how I did use ChromiumOS when referring to open source software, along with Chromium.
> And expecting end users to “configure sandboxes” you might as well not have one.
Who said anything about expecting users to do that? I just mentioned that you could configure them if you wanted to, like I said in my GP.
Again, my point is that these are consumer products that billions of people use everyday that use sandboxing by default, yet somehow not even having to think about sandboxing is too onerous for end users?
> Firefox is s browser, and didn’t they tighten what third party extensions can run?
Yes, it is open source consumer software that does sandboxing by default without the user having to think about it.
> Android - or at least the version that most people use - is not “open source” by any stretch of the imagination.
> Apps can and do ship with sandboxing rules that will be applied at runtime.
Hardly any apps outside of the Mac App Store voluntarily opt in for sandboxing
> I listed ChromeOS as one of four consumer operating systems used by billions of people that uses sandboxing, not as an open source OS.
And also locked down…
> AOSP is very much open source
Calling AOSP open source when it’s almost useless to most consumers without the proprietary bits from Google is just as disingenuous as calling iOS open source because Darwin is open source.
Yes, if you bother with the rigmarole of escaping walled garden then you should be expected to navigate 20-30 permissions, which is in practice all that's necessary.
If users without that level of technical skill are pressured into making those decisions, that's because they're being mistreated.
Yes because technically literate users shouldn’t have trusted mainstream companies to not install bundle ware back in the
Day? They shouldn’t have trusted Zoom not to install a web server on Macs surreptitiously that caused a vulnerability? They shouldn’t have searched Google for printer drivers not knowing that it was a fake printer driver? They shouldn’t have trusted Facebook when they installed VPN software that tracked all of their traffic from any app?
Is that really your answer? To make the phone ecosystem as fraught as Windows PCs for the average user? How is they worked out for PC users since the 80s?
Technically illiterate users should leave the default security settings enabled.
In the modern day, I actually think this mostly works? Are you aware of instances where normies installed Windows malware because they purposefully disabled Windows Defender?
Everyone always talks about the "Dancing Bunnies Problem" but I'm not convinced it's actually a thing.
You mean like all of the ransomware that is being reported on a monthly basis? My mom looked for a printer driver by searching on Google and installed some type of crap that wasn’t the official driver. She is 80. But she has actively been using computers since we had an Apple //e in the house in 1986.
On the Mac, people installed Zoom and it installed a backdoor web server.
Please install an ad blocker on your mom's computer, if you haven't already. Not every fake driver etc gets blocked by an ad blocker, but the majority do.
How is they worked out for PC users since the 80s?
Just to be clear, are you claiming that we would be better off if PC hardware and OS vendors had the level of control that smartphone vendors do today?
For almost every user - yes. If apps had to run in a strict sandbox it would be better for most users. Where it would make you jump through an incredible number of hoops or even install “developer editions” of operating systems.
You really can’t trust developers to do the right thing - even major developers like Zoom (the secret web server) , Facebook (the VPN that trashed usage actoss apps on iOS) and Google (convincing consumers to install corporate certificates to track usages on iOS).
Even more to the point, you read about some app installed outside of the Google Play store that’s malware - including the official side loaded version of FortNite…
I think they’re just going to track down a random person in a random country who put their name down in exchange for a modest sum of money. That’s if there’s even a real person at the other end. Do you really think that malware creators will stumble on this?
This has to be about controlling apps that are inconvenient to Google. Those that are used to bypass Google’s control and hits their ad revenue or data collection efforts.
There are no good reasons left to use either platform - you're basically paying an arm and a leg to rent a device whose primary purpose is to usurp your attention and plunder your wallet at every possible opportunity.
Use and encourage your circle to use Signal, so you're not limited to any given platform, or the political or ideological whims of the gardenmeisters.
Google has gone full enshittified with this move, might as well move as far and as fast away from all the shit if you're technically capable, introduce whatever pressure you can to signal that there's a desperate need in the smartphone market for something clean and honest.
“There are no good reasons” really? One of my favorite things about iOS/ipados is the incredible selection of music creation apps. My iPad is loaded with synths, sequencers, and effects. AUM in particular is an amazing program for live performances mixing both software and hardware using a touch interface.
Many, but not all, of the programs I use on iPad are also available on Mac and Windows at much higher prices. That alone is reason enough to use a iPad. Most of these apps can be run on the least expensive iPad and/or older ones.
Like it or not, computing appliances have led to really good software markets. The “clean and honest” software markets are either much more expensive or don’t exist at all. The optimist in me is hoping that Android losing some freedom might lead to higher quality software and some actual competition to Apple.
Firefox with UBO is still a huge win. But Orion browser is making progress. At this point I just don’t see a reason to go android anymore. If I have to be part of a walled garden I may as well choose the nicer one.
For me the main reason to stick to FOSS Android ROMs (over a Linux phone) is that you retain compatibility with thousands of very good FOSS and non-FOSS apps. There is Waydroid, and it works very well, but if you are primarily running Android apps, an Android device makes more sense.
AOSP is used in many contexts like embedded devices where somehow enshackling it would screw up Google's self-interest in other market areas (like ensuring there is a wider population of Android developers).
But regardless, thirdparty ROMs will continue to exist regardless of how much effort it takes because the demand exists and will not merely dissipate.
Maybe it’s because I’m European but I’ve never understood what iMessage even is or what it offers above either sms or WhatsApp/signal. And I’ve used an iPhone for the past 15 years.
Game streaming services like GeForce Now, Xbox Live, Amazon Luna use PWAs for iOS/iPad support, used by a lot of ordinary users. They're not in AppStore because of incompatibility with Apple rules.
Not by much these days. The Pixel 10 actually gives you half the storage as the iPhone 17 at the same price.
The only Android phones that are significantly cheaper than equivalent iPhone tend to come with some kind of compromise (and don’t forget that Apple’s phones start at $600 - the iPhone 16e exists).
I did. I cannot recommend it. There is no real way to unlock bootloaders on these. They've locked it down so much that you can't really do anything but run what they give you.
The Chinese phone ecosystem is basically unavailable in the US. Huawei was banned, and none of the other brands sell products officially besides OnePlus, which has iPhone-adjacent pricing.
Ehh, I'm unconvinced. A lot of these cheapo Android phones have bizarre restrictions and really short lifespans. A used iPhone might last longer and therefore be cheaper in the long run.
You can definitely get cheaper Android phones than an iPhone. There will be compromises but it will be cheaper. Many people are fine with a $200 or less phone.
Most android flagships are about the price of iPhones.
> Android is short for AOSP.
This actually made me laugh out loud.
Uh, no. AOSP is a showcase project which currently cannot run on any phones produced on Earth.
Android is the most popular mobile operating system.
AOSP does not include code to run almost any viable hardware and also does not include code necessary to run android applications. Everything that is Google play services is not in AOSP.
Bear in mind Google play services isn't the Google play store. It's basic device functionality, like cellular service and GPS.
>requires Google Play Services, which is basically every commercial app.
Not my experience at all. Only some banking apps or apps that otherwise hard depend on play services feature like google pay. GrapheneOS offer isolated unprivileged sandboxed Google play services for those.
I mean, flagship vs flagship idk if one has ever been significantly cheaper, but I've never been in the market for those either. It's very easy to get a higher priced, more interesting, highly specced Android phone. Both iPhones and flagship android phones are way too expensive for what they are capable of compared to any of their own prior generations of themselves, if you ignore tech specs and consider the tangible end-user functionality, but even still.
I've always bought the phone that suits me in the moment, have never budgeted higher than $600CAD, and have simply never been interested in iPhones beyond what used to be nice industrial design. For that, last time I got a brand new Pixel 7 on sale, Pixel 4a, Nexus 5 etc.. and they've all done what I needed and usually came close to matching the fancier versions in some ways in the same year's lineup.
Usually though I have breadth of options to pick from across a range of brands that I can choose between based on whatever the hell I prefer. iPhones are just iPhones, bigger or smaller, more expensive or cheaper, big camera plateau or small, and that's all fine too.
The sideloading aspect for me and a better sense of control is absolutely a component in that preference, and I'll have to consider that going forward, but I'd sooner just dial back my dependence on phones in general than switch to an iPhone.
No longer true with the newest chip that Mediatek cooked up, ARM licensed cores like C1 are catching up rapidly with Apple CPUs (or maybe Apple has hit the limit of their current design philosophy)
Over the last years Android has gotten increasingly worse, which is something you just have to expect from a Google product.
It is still unbelievable to me that Google is shipping a product which takes 10 seconds to show anything when I search through my phones settings. What are they doing?
>open source
Sure. If you buy the right phone you get some open source components. Of course half the Android companies are trying to funnel you into their proprietary ecosystem as well. The rest just wants you to use Google's proprietary ecosystem.
> takes 10 seconds to show anything when I search through my phones settings
Ah, I see ol' Google's been shamelessly copying Apple again.
Unrelated but related to embarrassingly-bad search: On my iPhone, I have a Hacker News reader app called Octal. Now when I search the phone itself for "octal" (like I do to launch most apps), sometimes the only result found is... the Octal entry under Settings (where iOS sticks the permission-granting interface for notifications, location, etc.) Can't find the app itself. Just the settings for it.
>GrapheneOS is a private and secure mobile operating system with great functionality and usability. It starts from the strong baseline of the Android Open Source Project (AOSP) and takes great care to avoid increasing attack surface or hurting the strong security model.
They are doing it like everybody else, they have their own system apps (because they got kind of unmaintainted by Google in AOSP since Android 12), they add drivers from the pixel device tree and then they add their security patches.
If you would put AOSP on a Pixel, it wouldn't even boot and if you managed to get it to boot, the apps would be
unusable.
You can still side-load signed apps. It's a similar limitation to macOS which won't let you run apps that Apple hasn't signed without command line or control panel shenanigans. Compared to iOS, Android still has the advantage of installing your own full browser (like Firefox) with full-fat ad blocking (uBlock Origin, not Lite). iOS is Safari-only right now though, in theory, some alternative engines may be available in Europe later.
With macOS you run "sudo spctl --master disable", and then you can run whatever you want without sending PII to Apple. Is that the case with the new Android stuff?
No, the closest would be rooting your phone but then you can't use banking apps properly (there are loopholes to spoof integrity but they are slowly coming to an end as verification runs on TEE)
You can install full uBlock Origin in the Orion browser, on iOS. It also has decent built-in ad blocking (though uBlock Origin is still better).
I had been thinking for a long time to switch to Android (GrapheneOS, probably) when my current iPhone 13 dies, but this whole thing with "sideloading" on Android is making me reconsider. If I can't have the freedom I want either way, might as well get longer support, polished animation and better default privacy (though I still need to opt-out of a bunch of stuff).
AOSP releases are going to stop (or become late and cursory like Darwin releases), and new Pixels will not be able to run non-Google-certified operating systems :)
They have already shown themselves to be both able and willing.
Hopefully the backlash from this current decision will delay their plans long enough for GrapheneOS, Lineage and others to figure out how to work around it somehow, which is why I'm eagerly watching where this is going.
I can't confirm this yet but with Google refusing to provide device trees for new Pixels things definitely look headed that way; they're at least starting to make installing an alternate OS difficult. The Graphene devs are trying to set things up with a handset manufacturer to ship a GrapheneOS phone, but good luck connecting that thing to a US carrier (who allowlist handsets and often limit the allowlist to models they sell directly).
With all the things google is doing for custom os last few years ( play protect, no major updates to asop and bundling updates to closed source google libraries etc). It is not speculation it is predicting with high certainty. Google wants custom os market to die and they are doing it brick by brick.
We should Open our eyes and look at the timeline and realise it is not speculation and actual reality before it will be too late.
Source: i am an owner of device with custom os and i know things i have to do to fix broken apps.
They didn't. They implemented the WebExtensions API for WebKit. It's not complete (e.g. Stylus doesn't work yet), but it's enough to run uBlock Origin.
"The perfect should not be the enemy of the good" is the wrong analogy here. It's more like "death by a thousand cuts". Limitations on free computer usage are like a ratcheting mechanism: they mostly go in one direction.
Antitrust action is badly needed in this area. It is ridiculous that I need permission from my device manufacturer to install software on hardware I own. There is no viable alternative than to live in Apple and Google’s ecosystems. This duopoly cannot be allowed to keep this much control of the mobile platforms.
There needs to be a mandatory override for any lock down put in place by a manufacturer. I understand the need for security, but it should be illegal to prevent me from bypassing security if I decide to on my own device. Make it take multiple clicks and show me scary warnings, that's fine.
Technically Android still allows installation of anything if you use the debugging tool. Maybe that is where we have to draw the line, I'm not sure.
Aside from everyone pointing out that you can't do that on most phones, there's also the fact that installing your own OS will block you from using many apps that check your secure status.
I've been wanting to get into OS dev for years now, I may make an attempt at it soon. When I was younger I built my own kernels for the early OnePlus phones. Maybe I can build an alternative to Android, doubtful but I like a challenge.
The hardest part to making an alternative is the app ecosystem, you almost need a complete suite of 3rd party apps built before you can get any initial adoption.
The funny thing here: They have active spyware and malware on their app store. They go by vague offical sounding names like "Gallery" and "Messages" "Text Messages"
I've reported it and that goes to an google form where the app stays up. I've even gone farenough where I've escalated through internal Google contacts. Nothing is done. It's not sideloading that's the issue.
It's google. This is a hostile behavior to all users of the devices and developers of their platform.
_--
My thoughts on where this might go:
We're getting into an era where there are organizations that are violently hostile to your device and they demand that. These people believe that the device you paid for and the service you paid for is theirs.
I.e. mobile ids from governments, which may introduce client side scanning. More so, theres a hostile push for "age verification" which would lean on the Play integrity chain. Want to find out who does this? Look into Magisck on reddit and the apps people have difficultly using. This is not a case of "someone wants to hack something".. it's all about control.
If you're watching the Root/third party space.. right now there are issues running apps. Some apps scan for "SuperSU" app and will refuse to run. (As in they're not sandboxed)
They believe it because it’s true. RMS et al. have been predicting this for eons, but now that these companies feel comfortable to move overtly it’s pretty much too late to stop them.
We need to stop calling it "sideloading", we should call it freely installing software. The term "sideloading" makes it sound shady and hacky when in reality it is what we have been able to do on our computers since forever. These are not phones, they are computers shaped like phones, computer which we fully bought with our money, and I we shall install what we want on our own computers.
You could certainly say that. But if you go up to a normal person on the street and say "Google has prevented you from installing apps on your phone", while they're still able to install from Google Play just fine, they're going to look at you like a crackhead.
Language is for conveying information to other people. If your audience doesn't understand what you're saying, you're effectively screaming into the void.
And the average person would understand that as a non-issue. The issue is you need a developer account to distribute your app, and Google can censor you not explaining anything to you or others. The issue is Google being a gatekeeper. And the fact that there’s malware in Google play store, is a cherry on top.
Would it be possible to exclude app store install from "Install", eg swapping positions with sideloading? The idea would be that "app store sideloads" are more like enabling features than installing something novel, and installs allow something unplanned to be enabled.
How badly screwed are we that the term "installing" doesn't work because it doesn't exclude the now default assumption that someone else controls everything you are allowed to install.
>The term "sideloading" makes it sound shady and hacky
"side" refers to the fact that it's not going through the first party app store, and doesn't have any negative connotations beyond that. Maybe if it was called "backloading" you'd have a point, but this whole language thing feels like a kerfuffle over nothing.
I get where you are coming from. However, language like this matters when it comes to legislation. People outside there space will be guided by the sideload language to think it's just "something extra on the side so why should I care?"
I understand what sideloading means, as I'm sure the rest of HN knows. But to the layman non-techie, it has indeed been marketed as a boogeyman.
Even in the Android developers blog post:
> We’ve seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
The research paper that shows their methodology for discovering these results AHS not been published by Google, to my knowledge. Just a mere "trust me, bro".
Language strongly influences how people perceive things. For example, people shown videos of a car crash estimated higher speeds and falsely remembered seeing broken glass if the crash was described as "smashed" or "collided" rather than "hit" or "contacted"[0].
"Direct installation" sounds neutral to me, but "sideloading" sounds advanced or maybe even sneaky.
If Google provides a permanent mechanism to disable this in developer settings, then this devolves to an inconvenience.
The setting to allow unsigned apps could be per appstore tracked by an on-device sqlite database, so a badly-behaving app will be known by its installer.
Yes, in that world everything works out. But as TFA notes, Google is pushing "developer verification" as a non optional change at the app level. To get around it in the future it appears you'll need a degoogled phone.
Time to figure out how to live without a phone - gotta find some sort of ultramobile pocket pc with 5G and run your own FreePBX for text and calling, etc. I've been wanting to do this forever, anyway. Using Starlink 5G would make it palatable, or maybe even preferable, assuming the performance is solid.
I have been thinking of secondary machine that would just use my phones wifi and encrypted vpn tunnels. Basically, the phone is only used for the banking app and whatever future government ID app will be required.
The secondary device would basically be built on a open platform etc. Once we can't use the phone for sharing the connection, then we are basically stuck using other wireless connections, LoRa for short to medium connections, direct wifi links and offline home cloud environments. It gets a bit grim when you think about it, but there are always options. Now, would you travel with a home made tablet phone in an airport for example? What a about a train station with xray scanners. Cyberpunk always comes to mind as well when thinking of these possible futures.
Seems like setting up a shareable wifi6 hotspot should be trivial, in this scenario - either a wifi 6 usb dongle or an m2 board like Intel WiFi 6 AX200/210 , can turn on hotspot mode for other devices.
WRT banking, you'd just use the browser - the whole point is to get away from the whole 'you need to spend $150/month and subscribe to a device and open yourself up to a whole suite of third parties in order to use an "app"'
You could use AI to build convenience scripts and UI tweaks, depending on your use case. Use tampermonkey or other script engine browser tools if you need to recreate a UI feature that a banking app provides.
I can build a much better machine for less than a flagship phone costs me, including video glasses and a few power packs. A wireless video stream to a dumbed down phone that only serves as the interface for swype style keyboard or something like that would also be an option - I think this might be a viable strategy.
I've seen raspberry pi phones and tablets that would absolutely terrify TSA agents, but I'm thinking more along the lines of a modded framework laptop with display hacks, or a boxy little pocket PC with a chonky battery - nothing that would alarm people unnecessarily.
I think I mostly take issue with the idea that the walled garden is necessary, or even preferable. Google at least had the barest shred of "the user has control" left - eliminating sideloading just eliminated any possible reason I would bother with them as a company.
I used a super-cheap Android phone with a Win tablet over 10 years ago, but couldn't come up with a decent "phone" option. I started using the phone itself for calls, everything else I did on my tablet.
Why would google implement a restriction then allow someone to disable it? That's literally how it works today. By default your Android phone with Googled-OS installs only from Play store, where all apps are verified. When you want to install non verified apps you need to explicitly allow it first.
"We urge regulators to safeguard the ability of alternative app stores and open-source projects to operate freely, and to protect developers who cannot or will not comply with exclusionary registration schemes and demands for personal information."
No, I like F-Droid, but I don't want them to need an official Google status to operate, or for anyone who wants to compete with F-Droid to have to obtain that special status.
edit: because the next step would be Google paying F-Droid a half-billion dollars for default search engine placement, or something else stupid. It becomes a captured organization, an excuse subsidiary.
indeed, but they're not talking about your phone, they're talking about android, which is something you don't buy nor own, you buy a license to use it on the provider's terms.
linux phones can't come soon enough ...
your point about the termn "sideloading" is spot on, though. perverting the language is the first step of manipulation: installing software is "sideloading", sharing files is "piracy", legitimate resistance is "terrorism", genocide is "right to defend oneself" ...
> which is something you don't buy nor own, you buy a license to use it on the provider's terms
The distinction between "own" and "license" is purely a legal one. If I buy a kitchen table I own it, I can chop it up and use the pieces to make my own furniture and sell it. When I buy a copy of a Super Mario game I cannot rip the sprites and make my own Super Mario game because I don't own the copyright nor trademark of Super Mario. But I do own the copy, and Nintendo does not get to march into my home and smash my games because they want me to buy the new one instead of playing my old ones.
> linux phones can't come soon enough
GNU/Linux. I used to think Stallman was being petty for insisting on the "GNU" part, but nowadays I understand why he insists on calling it GNU/Linux. There is nothing less "Linux" about Android than Debian, Arch or any other GNU/Linux distro, but GNU/Linux is fundamentally different in terms of user freedom from Android.
> Nintendo does not get to march into my home and smash my games because they want me to buy the new one instead of playing my old ones.
This is a really interesting example to choose because the new Nintendo Switch 2 cartridges have literally no data storage except to hold a license key. The content has to be downloaded from their servers, which they absolutely will take offline eventually.
That would require a lot tighter and broader (but not corp-controlled) organization than what open source is accustomed to - making cheap and capable phones that aren't tied to a big corp is big challenge.
> when in reality it is what we have been able to do on our computers since forever
You do realise that's been changing right? Slowly of course, there's no single villain that James Bond could take down, or that a charistmatic leader could get elected could change. The oil tanker has been moving in that direction for decades. There are legions defending the right to run your own software, but it's a continual war of attrition.
The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.
"Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that."
Unfortunately it also means giving the key to the Kingdom to a company like Microsoft or Google which are definitely adversaries in my book. Keeping them in check was still possible with full system access.
Even Apple I don't trust. They're always shouting about privacy but they define it purely as privacy from third parties, not themselves.
And they were the first to come up with a plan where your phone would spy on you 24/7.
> The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.
I've been in tech and startup culture for over a thousand programmer-years (25-30 normal years). It wasn't dot-com or the crash. It was mobile. The mobile ecosystem has always been user-hostile and built around the exploitation of the customer rather than serving the customer. When the huge mobile wave hit (remember "mobile is the future" being repeated the way political pundits repeat talking points?) the entire industry was bent in that direction.
I'm not sure why this is. It could have been designed and planned, or it could have evolved out of the fact that mobile devices were initially forced to be locked down by cell carriers. I remember how hard it was for Blackberry and Apple to get cell carriers to allow any kind of custom software on a user device. They were desperately terrified of being commoditized the way the Internet has commoditized telcos and cable companies. Maybe the ecosystem, by being forced to start out in a locked-down way, evolved to embrace it. This is known as path-dependence in evolution.
Edit: another factor, I think, is that the Internet had no built in payment system. As a result there was a real scramble to find a way to make it work as a business. I've come to believe that if a business doesn't bake in a viable and honest business model from day zero, it will eventually be forced to adopt a sketchy one. All the companies that have most aggressively followed the "build a giant user base, then monetize" formula have turned to total shit.
Ironically, to take it full circle, I think that the thing that led to mobile being so user-hostile was the lack of sideloading of apps.
I remember sites on the early web like Hampster Dance, where monetization happened as an afterthought. But if you have to pay $99 annually and jump through hoops just to get your software even testable on the devices of a large number of consenting users, the vast majority of software is going to be developed by people who seek an ROI on that $99 investment - which wasn't cheap then and isn't cheap now. Hampster Dance doesn't and wouldn't exist as an app, because Hampster Dance isn't made as a business opportunity.
Similarly, outside of a few bright lights like CocoaPods, you don't get an open-source ecosystem for iOS that celebrates people making applications for fun. And Apple doesn't want hobbyist apps on its store, because Apple makes more money when every tap has a chance of being monetized. Killing Flash, too, was part of this strategy.
Apple certainly could have said "developers developers developers" and made its SDK free. But it realized it had an opportunity to change the culture of software in a way where it could profit from having the culture self-select for user-hostility, and it absolutely took that opportunity.
It's not a bad place, the environment we live in. But IMO, if Apple had just made a principled decision years ago to democratize development on its platforms, and embraced this utopian vision of "anyone can become a programmer"... it could have been a much brighter world.
I suspect the average computer user is significantly smarter than the average phone user. The reason is that I've never seen a really dumb person using a computer, but I've seen plenty using phones. That might (or might not) be related to why the phone ecosystem evolved the way it did and computers didn't end up like that.
I think a big reason was customers' ignorance. The manufacturers can come up with whatever they want, if no one buys it it does not matter. People accepted locked-down smartphones because they saw them a phones first and foremost. If I recall correctly the iPhone released without any app store, so it was really not that different from a dumb cell phone. If you had offered those same people a desktop PC or laptop that you could not install your own programs on, that had no file explorer, that could barely connect to anything else no one would have bought it. But because they say smart phones as telephones first it flew over their head. How many of the people who are upgrading to Windows 11 now because of lack of security support are still running an outdated smartphone? The phone probably has more sensitive data on it than the PC by now.
People are willing to accept restrictions when they come with newer technology. Why is that? I don't know, I'm just reporting on what I see.
It was mobile. The mobile ecosystem has always been user-hostile and built around the exploitation of the customer rather than serving the customer.
Right. It was infuriating when those of us criticizing the iPhone's restrictions were told "it's just a phone, who cares", when it was clear that mobile computing was going to take over quickly.
If you want a real blackpill (I think this is the right word), consider the famous Cathedral and the Bazaar.
I recently had a realization: I can name Cathedrals, that are 800 years old, and still standing. I can't name a single Bazaar stall more than 50 years old around any Cathedral that's still standing. The Cathedral's builders no doubt bought countless stone and food from the Bazaar, making the Bazaar very useful for building Cathedrals with, but the Bazaar was historically ephemeral.
The very title of the essay predicts failure. The very metaphor for the philosophy was broken from the start. Or, in a twisted accidentally correct way, it was the perfect metaphor for how open-source ends up as Cathedral supplies.
There are definitely bazaars which have a very old history. Being that the word "bazaar" has middle-eastern origins it feels appropriate to highlight middle eastern bazaars. Al-Madina Souq in Aleppo is one such bazaar with quite a few shops/stalls/"souqs" dating back to the 1300's or 1400's, such as Khan al-Qadi (est. 1450). Khan el-Khalili in Cairo has its economic marketplace origins rooted in the 1100's-1300's.
Name a single bazaar vendor that's still going more than 50 years in any of them. The bazaar as an institution remains, as it does today, but there's no permanence with a bazaar, just as open-source will never have a permanent victory without becoming a cathedral. Bazaars persist through constant replacement, churn, not victory.
Windows NT will be with us longer than systemd and flatpak.
No I meant there are individual shops inside the bazaars that are still going under the same brand name for hundreds of years. The El-Fishawy Cafe inside Cairo's Khan el-Khalili bazaar has been operating under the same name since the 1700's[0]. Bakdash ice cream parlor inside Damacus' Al-Hamidiyah Souq was established in 1895.
For me, walking through an old Souq gives me a similar feeling of awe / mortality / insignificance as viewing a cathedral or looking from the Colorado ranch land up to the Rocky Mountains.
Also some cathedrals have remained "Catholic" since their raising, but there are a lot that have changed from Christian to Islamic to Protestant ... both the cathedral and the bazaar's physical buildings are still present from the same era and both are used for their original purpose (marketplace or worship). And both have delibly shaped their regions by being engines of culture, innovation, and power.
Windows NT is younger than Unix. I'd say the smart money is on the Unix-derived line of operating systems outliving Windows NT by a considerable amount.
However ... the domain of operating systems is subject to weird constraints, and so it's not really appropriate to make some of the observations one might make in other domains. Nevertheless, I thought the point was that we want things to improve via replacement (a "bazaar" model), rather than stand for all time. We don't actually want technology "cathedrals" at all, even if we do appreciate architectural ones.
> "I'd say the smart money is on the Unix-derived line of operating systems outliving Windows NT by a considerable amount."
Are you referring to the *BSDs? Linux isn't Unix derived. It's a re-implementation with no code traceable back to the original Unix or any of its descendants.
Aside from that, Windows has a revenue stream behind it that looks to continue indefinitely paying for its development and Linux has...? The half-digested carcass of Red Hat within IBM? Canonical?
Cathedrals change organizations too. You can't compare the longevity of a physical edifice (a cathedral) to an individual or organization (a bazaar vendor). They are different classes of things.
Businesses die. Cathedrals don't. IBM is 114 years old. Microsoft is 50. Google is 27. Disney is 101. Nintendo is 136 (they'll outlive Steam and the next nuclear war at this rate). The COBOL running banks is 65 years old. Windows NT architecture is 32. The platforms become infrastructure, too embedded to replace.
How many bazaar projects from even 10 years ago are still maintained? Go through GitHub's trending repos from 2015. Most are abandoned. The successes transform - GitLab, Linux, Kubernetes, more Cathedral than Bazaar.
> How many bazaar projects from even 10 years ago are still maintained?
Uhh, all the big ones in common use? GNU’s massive portfolio of software, Linux, multiple BSDs, Apache, Firefox, BusyBox, PHP, Perl, the many lineages of StarOffice, LaTeX, Debian, vim, fish, tmux, I mean this barely scratches the surface. Are you kidding me?
How many startups have failed over the last decade? I would argue that the norm is for any project to eventually cease. Only useful things with an active community (whether that community is for-profit or not) tend to last, until they are no longer valued enough to maintain. This goes for things in the physical world just as it does for software.
Any of the BSDs (well 2BSD is the oldest on a quick search), the linux project, the GNU C lib and GCC, etc. Just because you can't think of it, it does not mean it doesn't exist.
> Any of the BSDs (well 2BSD is the oldest on a quick search), the linux project, the GNU C lib, etc. Just because you can't think of it, it does not mean it doesn't exist.
Did BSD defeat Linux? No. Which BSD is even the right one? BSD's biggest success is living on as the foundation of Apple's Cathedral in XNU, and PlayStation's Cathedral in the PS4 and PS5.
Did Linux stay a bazaar vendor? No - 90% of code has been corporate contributed since 2004. Less than 3% of the Linux Foundation budget goes towards kernel development. Linux is a Cathedral, by every definition, and only exists today because Cathedrals invest in it for collective benefit. It's a Cathedral, run as a Cathedral joint venture, to be abandoned if a better thing for the investing Cathedrals ever came along.
GCC? Being clobbered by Clang. Less relevant every year. Same with GNU coreutils, slowly getting killed by uutils.
Firefox? Firefox only still exists because a Cathedral called Google funds it.
LibreOffice, Apache, PHP, Blender? Professional foundations that get very picky about who is allowed to contribute what. They aren't amateurs and they all depend on Cathedral funding. Blender only got good when it started collecting checks from Qualcomm, NVIDIA, AMD, Intel, and Adobe. Blender is a Cathedral funded by Cathedrals.
That's such an American take. Something doesn't have to be a "winner" to be useful. I enjoy using FreeBSD on my desktop and I don't care about the 0.01% marketshare.
I really dislike all the corporate involvement in Linux. I don't believe in win-win with commercial. That was the main reason for my choice though there's other things I like too such as full ZFS support and great documentation.
Wtf is a bazaar vendor? A bazaar-style project is a project with a variety of contributors who aren’t necessarily affiliated with a central org, where decisions are made at least partially through consensus. Linux still fits this description although it’s more of a hybrid model at the moment, as decision-making is highly centralized. But as a free/open source project, that centralization exists with implicit community consensus. If a substantial portion of the community decided that Linus and his team were making poor decisions, a fork would emerge. This process of periodic de-/re-centralization is a common attribute of many long-term FOSS projects and is usually not possible with proprietary software, absent generosity or neglect from IP “owners”.
I feel like you're moving the goal posts and using the greed caliper for measuring open-source success. Open-source doesn't need "to win", because as long as they have developers, projects go on, and as long as they have any users they are still relevant.
The title also correctly describes the relationship between FOSS and cloud SaaS. FOSS is the bone yard and parts catalog that devs go to when building closed platforms to lock in users. It largely exists today to be free labor for SaaS and training data for AI.
I'm not there yet, but I am perilously close to tipping over into believing that making open source software today is actually doing harm by giving more free labor to an exploitative ecosystem. Instead you should charge for your software and try to build an ecosystem where the customer is the customer and not the product.
I stress today because this was not true pre-SaaS or pre-mobile. FOSS was indeed liberating in the PC and early web eras.
I always found this term utterly bizarre. It first showed up in the early days of the mobile "revolution" and felt astroturfed, since no developer would think we need a fundamentally new term for downloading software. It felt like something some dark patterns team came up with to discourage free installation of software on your own device.
Of course maybe I'm overthinking it. It's common for people deep in the bowels of an industry to invent pointless jargon, like "deplane" for getting off an airplane. Anyone know where the term "sideload" was coined or by whom?
The popularity in app stores has no bearing. Some problem apps can be on no store, just locally installed. This has been well covered in the past and you are playing catch up. It’s about abusive household members who spy on their grown children, siblings, roommates, girlfriends, parents, etc. with apps they install on their devices if given a route to do so.
This is laying the groundwork for mandatory software. Soon after this browsers and messengers will be required to install tracking components to be included in the app stores or approved for sideloading.
This is how the surveillance blob will get around the huge backlash to Apple's mandatory on-device child abuse scanning, close off any avenues to escape it before re-introducing mandatory on-device spying.
If you focus on the fact that Google fraudulently marketed an operating system that allows users to run any software they like (until they successfully drove other open options out of the marketplace) you have all the legal justification you need to force Google to back down.
In the US, there's no requirement for a company to honor the claims of prior advertisements for things that they might do in the future for a different product. And even if a company does lie about the features of their product, advertising law does not require a company to change the features of their product to meet those claims. What could be required is a change in the advertising, or a refund for people who bought the devices under the false terms.
But if you advertise a certain side of feature features in a phone three years ago, and sell something completely different next year, that's entirely legal.
It's certainly possible for the same company to create an open platform in addition to a separate platform that is a walled garden.
Microsoft Windows is an open platform that is open to running whatever software you want, while Xbox is a walled garden.
That doesn't mean that Google can fraudulently market an open platform and then close it after driving competing platforms out of the market without running afoul of antitrust law.
However, if Google wants to create a new platform that is a walled garden, as long as they are honest with users about what they are selling, that would be perfectly legal everywhere except the EU.
> That doesn't mean that Google can fraudulently market an open platform and then close it after driving competing platforms out of the market without running afoul of antitrust law.
But they haven't done these things. If they violate the law, they will have violated the law. Google hasn't imposed the discussed requirements yet. However, even if they imposed them today, I do not believe they currently advertise that they allow side-loading.
Also the commercial market for sideloading is basically nil. I'm not sure what antitrust angle you'd take here -- whose market would they unfairly disadvantaging? Basically all antitrust actions thus far regarding mobile platforms have been regarding their gigantic commercial app stores. That is entirely unaffected by these changes.
> However, if Google wants to create a new platform that is a walled garden, as long as they are honest with users about what they are selling, that would be perfectly legal everywhere except the EU.
The policy they are proposing is the same policy that Apple recently switched to in order to comply with EU regulations! Apple is doing it precisely because it complies with the EU's demands.
> Basically all antitrust actions thus far regarding mobile platforms have been regarding their gigantic commercial app stores. That is entirely unaffected by these changes.
This is more or less true. Epic Games is most likely not going to fight Google any further in the U.S., assuming they actually get what the recent injunction promised them (which does not include unrestricted sideloading, but does include better protections for verified third party app stores on Android).
But at the same time, I don't think it's invalid to say that antitrust law provides a pretty solid framework for a hypothetical "sideloading mandate". The EU's Digital Markets Act comes very close, but falls short of declaring exactly what a "third party app store" should be. That is, "an independent source of applications without any oversight whatsoever from $BIG_TECH_CO".
However, they probably specifically avoided doing that because they knew it would lead to malware on iOS, and a huge win for Apple in the court of public opinion. Will the EU or any of the other regulators actually ever go any further than "third party app stores"? Probably not, to be honest.
What? The parent comment alleges that your claim that Google engaged in fraudulent marketing is false, but your reply just restates your original claim without addressing their argument.
> except the EU
Also Australia, Japan, Brazil, and the United Kingdom, with others sure to follow.
I think the reason you keep reiterating this is because once you realize that there is no legal justification to go after Google for this move under current US law, the only real solution becomes obvious: new legislation, and you really don't want that, because you know it will apply to Apple devices as well, which would be The End of the World.
(This is before Apple/Google lobbying efforts result in either the death of the bill or a bunch of exceptions allowing companies to do "notarization" or "developer verification".)
Antitrust law applies to any company of massive size that engages in anticompetitive conduct, not just companies who create "open platforms" [1], otherwise there would never be any antitrust cases. An antitrust case would be your best hope under current law, but it already happened and the remedies did not include a mandate to keep allowing unrestricted sideloading indefinitely.
Anyway, you're now moving the goalpost, because you were originally talking about a case based on the premise that they engaged in fraudulent marketing, not a case based on the premise that they currently hold a monopoly. The former would never hold up in court, the latter already happened but the remedies were insufficient to stop Developer Verification.
[1] The reason Apple wasn't forced to allow third party app stores as a result of Epic Games v. Apple was not because iOS is a "closed platform"; they simply weren't found to be a monopoly in the "mobile gaming transactions" market (which does not preclude them from eventually being found a monopoly in the "mobile app distribution" market).
The Android Developer Blog called it "an ID check at the airport which confirms a traveler's identity but is separate from the security screening of their bags."
From the mouths of rubes, I guess. The ID check at the airport has zero to do with safety or security and everything to do with the airlines' business model (no secondary market for tickets), enforced by government.
>The ID check at the airport has zero to do with safety or security and everything to do with the airlines' business model (no secondary market for tickets), enforced by government.
If it's really about protecting "airlines' business model", why did TSA recently start requiring REAL ID to board flights? Were airlines really losing substantial amounts of money through forged drivers licenses that they felt they needed to crack down?
Source? The wikipedia article makes it pretty clear that it was in response to the 9/11 attacks. It got delayed several times so it ended up taking 2 decades to implement, but Trump had little to do with it. The May 7, 2025 deadline was set back in 2022, under Biden.
To my knowledge the deciding factor between which state ids were considered compliant and which were not was whether the state required disclosing and documenting immigration status to get a drivers license. In theory there are other rules, but the rest of them were pretty universally followed already anyway.
In addition, the source you linked explicitly points out that the id standards were just one part of a bill that "would repeal the provisions regarding identification documents in IRTPA, replace them with a version that would set the federal standards directly rather than in negotiation with the states, and would make various changes to US immigration law regarding asylum, border security and deportation."
This is nonsensical. The minute the government doesn’t check ID to get on a plane that coincides with your ticket, the airline will start doing ID checks before getting on domestic flights just like they do for international flights.
And some airports are now allowing non fliers inside the terminal.
Even hotels force you to verify your ID to check in even though the reservation I’d transferable - just add a guest to your room when you make the reservation.
This is a weak argument. If things have slipped through the cracks with someone actively reviewing it, the alternative cant be 'lets not do any checking whatsoever'.
There are better arguments against this that other commenters here have provided (including "my device, my rule") but this isnt a strong argument.
That's the thing, they don't review their apps, and they actively ignore people flagging apps that are scams or otherwise malicious. Much like their ad empire, its all bots and people making money for pretending to care.
It's not "let's not do any checking whatsoever", it's just "let individual users choose between Google's ineffective checking and alternative app sources that users can trust or not trust with zero involvement from Google".
I know this is side topic but if buying the Android or iPhone hardware gives us hardware we don't control, then what alternatives we realistically have? I do own pinephone (and I was recently reading that they kinda staled with development of new phones hardware), I know about librem.. is there anything else on the market?
LineageOS? /e/OS? ArrowOS? Android has so much momentum that seems like it would be difficult to avoid a fork. I know Waydroid exists, but I'm not sure that's good enough. Ubuntu Touch sounds really cool too, but I've put effort into it with a used Google Pixel 3A and it's not an easy, cheap thing to try out right now. And it's still dependent on binary blobs for drivers, as far as I know. Not a great situation.
Regarding banking apps and things like that, I don't run into to any issues except for not being able to scan checks for deposit on the mobile website. And also I have to have physical credit cards. If you can't do what you need, consider changing to a local credit union which has your interests in mind far more than a for-profit bank.
I've never run into a need for apps for a government purpose, but perhaps I will someday.
I'm sure my situation where I live may be different than your situation where you live.
I don't use an open source fork of Android daily and from what I can tell the best option that exists today.
The only hardware that I know will continue to be open enough for this to be viable in the future is Fairphone. I hope there are others. I would definitely would NOT trust Google Pixel to remain open for the foreseeable future.
Personally, I'm trying to get out of the habit of using my phone anyway, so I might as well have laptop or desktop hardware that can fulfill my needs.
Bought a used iPhone 7 for a specific project requiring a supported OS (iOS15) and having a hardware security module and the phone worked fine for that but Microsoft Authenticator refused to install below iOS 16 for no obvious reason.
However, I don't think they haven't measured the number of users installing apps outside of the Play store. May be they just don't care about the small % of total users who are a large % here on HN.
And this will creep out to the major desktop systems too, Apple is doing it with their stupid "non-verified app" and Windows looks more likely to do so with their "need Microsoft account to login" to windows.
It's unfriendly to developers and power users, but very friendly to the other 99.999% of users.
I used to work for Google, on Android security, and it's an ongoing philosophical debate: How much risk do you expose typical users to in the name of preserving the rights and capabilities of the tiny base of power users? Both are important but at some point the typical users have to win because there are far, far more of them.
The article implies that this move is security theater. It's not. I wasn't involved in this decision at all, but the security benefit is clear: Rate limiting.
As the article points out, Google already scans all the devices for harmful apps. The problem is knowing what apps to look for. Static analysis can catch them, dynamic analysis with apps running in virtual environments can catch them, researchers can catch them, users can report them... all of these channels are taken advantage of to identify bad apps and Google Play Protect (or whatever it's called these days) can then identify them on user devices and warn the users, but if bad actors can iterate fast enough they can get apps deployed to devices before Google catches on.
So, the intention here is to slow down that iteration. If attackers use the same developer account to produce multiple bad apps, the dev account will get shut down, requiring the attackers to create a new account, registered with a different user identity and confirmed with different government identification documents.
Note that in the short term this will just create an additional arms race. In order to iterate their malware rapidly, attackers will also need to fake government IDs rapidly. This means Google will have to get better at verifying the IDs, including, I expect, getting set up to be able to verify the IDs using government databases. Attackers will probably respond by finding countries where Google can't do that for whatever reason. Google will have to find some mitigation for that, and so on.
So it won't be a perfect solution, but in the real world, especially at Google scale, there are no perfect solutions. It's all about raising the bar, introducing additional barriers to abuse and making the attackers have to work harder and move slower, which will make the existing mechanisms more effective.
> in the name of preserving the rights and capabilities of the tiny base of power users
These are the rights of all the users. Take that perspective.
Remotely pushing a code to billions of devices to lock their baisc function (running code user loads) unless the device owner pay and provide sensitive info is a full-scale global malware attack by itself.
It's not even about power users. The article describes this pretty well: It is about the fact that this action will destroy or at least severely harm the open source app ecosystem. What I can see is that this already has a chilling effect on app developers releasing apps on F-Droid. You might say why should I care about that when I am one of the 99 % of normal users. But it all comes down to freedom. If you destroy alternatives to the Play Store, you remove the freedom of choice that even the 99 % of users would have if they were willing to switch to proper open source solutions.
Does anyone know if there is a concrete evidence that bespoke measure violates the EU's digital markets act?
Completely false dichotomy - you could release a separate android channel that would require flashing through fastboot but still be signed, don't require unlocked bootloader and fully pass "Play Integrity".
In that case, an ID-gated play store and a developer settings toggle with a scary warning message would serve the same purpose for that 99.999% while leaving the rest minimally affected. Clearly that's not enough for google.
If that ever does happen I really hope they just focus on making a proper phone, not trying to make it a hybrid phone and workstation. When they were working on Ubuntu touch (or whatever their phone version was called), they would show off how cool it was that you could just plug your monitor and input devices into it and boom you’ve got an all in one device.
But who wants that? It’s cool. But I’d rather just have a fully functional phone that happens to be Linux.
> If that ever does happen I really hope they just focus on making a proper phone, not trying to make it a hybrid phone and workstation.
It's not a zero-sum game in that regard. The entire point of Linux phones is to get Linux distros working in phone form-factors. Getting them to work as general-purpose computers is the easier, already finished part. Getting them to work as phones is the harder-part, the new work. Removing the easy, already finished part doesn't make writing the camera drivers, modem-handling software, etc. any easier.
> But I’d rather just have a fully functional phone that happens to be Linux.
I'd love to see this. Could the community rally a phone manufacturer with phones at different price points and focus on that? Most projects I've looked at in the past have been as good as dead, or spread across a bunch of outdated or bad phones.
Yeah, all you need to add is a desktop environment and some kernel drivers that are specific for phone hardware.... except that's what AOSP already is.
Very few people care about this change. The current outrage will be a distant memory in a few months. I'm sure fdroid will find a path forward. Folks who want to install custom apps on their phone will still be able to do so, maybe with an extra tedious step in some cases but if you're motivated the changes won't stop you.
Forking a project isn't really the same as "ending" it, as much as it is becoming it. Even ignoring that, you can't be a meaningful competitor unless you actually ship on a phone, and support the features that the average consumer is looking for. Amazon even tried and failed spectacularly.
If that actually were the case, the iPhone would've died in 2007.
In reality, most people don't even know what sideloading is. Those are the people who are buying phones and supporting the market for their existence.
The 0.001% of people who want to side load applications onto their phone, can clamor for a new OS all they want, but unless they put the resources in place to make that happen, it won't.
There were zero Android phones in 2007. The G1 launched in 2008 as a brand new platform with no third party apps. In 2007, Windows Mobile was the popular platform for people who liked loading their own software on their phone.
If you were around for the early Android scene you might have heard of XDA Developers -- which was named for the O2 XDA Windows Mobile phone.
Can anyone say exactly what this would mean for F-Droid? For instance, not that I want this to happen but if F-Droid really wanted, they could conceivably get verified developer status.
And then they could offer apps, which (again I don't want this, just asking), could also be distributed if verified. F-Droid would have to be verified and would only be able to distribute apps from developers that are also verified.
And so conceivably you could still install apps from outside the Play store if they're verified. Unless the Play store is administering verification.
I'm not saying that would work, in fact, I think in practice it wouldn't. I'm just trying to play out what that would look like to understand the specifics of how F-Droid is being effectively dismantled. But I'm all ears if someone has a different interpretation about how F-Droid lives through this. It would seem that it would only survive on degoogled phones.
> we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.
Since these are open source apps, couldn't f-droid maintain their own fork of each app with a different application identifier?
It would give Google the ability to shutdown F-Droid at will by baning their account and thus far more power to control what F-Droid publishes and how it operates. However, it seems like anyone could fork an open source app and use their own account and setup their own unique identifier for their fork.
No question this increases Google's power but it doesn't seem like it technically makes it impossible to operate a store like F-Droid.
If nothing prevents this from happening, then when it does happen, I will make it a point to carry nothing but a laptop and a dumb phone, maybe a hotspot. If I need something from the internet, I will get it before the trip. If I can't get it on the trip, and forgot to beforehand, I will either find another way, or not do whatever it is.
I don't know why I don't do that now, honestly. Sounds pretty interesting.
You don’t because it’s not reasonable. It’s fun to play with (speaking from experience), but it’s not reasonable in day-to-day life. That’s why smartphones are so successful. That’s why we need to actually open platform.
People choose Android because they need / want more control over their system. If Google continues to remove that control, they lose the only thing that gives their OS an edge.
In my eyes, Google is violating my rights because I did not agree to them stopping independent installation. I view them pushing this update as criminal vandalism.
A law with more teeth than the EU's Digital Markets Act (which, contrary to popular belief, does not actually require sideloading) could theoretically be passed. The current (pre-lobbying) iteration of the App Store Freedom Act looks pretty good (ctrl+f "security", "safety", "integrity" returns zero results).
Realistically speaking, that probably won't happen, though. What can you, yourself do to mitigate the impact?
Install a forked version of Android without Developer Verification. LineageOS, GrapheneOS and CalxyOS are all pretty good options. Stop using any apps with remote attestation via Play Integrity, which will mean sacrificing more and more functionality as time goes on. Try to use mobile sites instead of mobile apps as much as possible. Watch the F-Droid catalog get smaller and smaller until it crumbles completely when it becomes unusable by >80% of Android users.
This will shape the future of computing with how Apple being treated as the reference for the whole industry. (I know this is Google here. But our reference devices are iDevices that was unfortunately always locked in the Apple provisioned codesign)
Our “pocket” computers are locked in. The next computing platform will be more wearable such as AR glasses. We’re expected to have 3 players in the upcoming iteration - Apple, Google. Meta due to vivid services needed for valuable glasses services.
Meta already shows how you don’t really own the device by what’s running on it.
It’ll be very sad if next generations most used form of computing will be able to run only border-controlled software.
This change would make Google's policies in line with the policies Apple has recently implemented to comply with those court orders you're talking about.
I was a big proponent of the nexus phones and Google's efforts in the space, but I am hundred percent not an android fan anymore.
There's a study on positive or destructive workers, from a business management pov. The finding was that the "bad" employees and the "good" are often the same people: a "good" employee scorned becomes the worst type of employee.
I think Google will be discovering some variant of this from their previous fandom, and it will be too late.
You seem to be framing this as if it were a business decision to curtail competition. I and likely the team pushing these changes only see the security benefits for users through these changes. People have tinted lenses to assume malice when Google does things, but if you've actually ever been close to the decision making process internally it's never anything close to what people seem to imagine. People are overestimating how problematic these changes will be in practice.
Too late for whom though? I suspect it's not Google. The only companies with enough capital to take them on at their own game are somehow even worse, although admittedly the gap is getting narrower by the second.
And yeah, giants occasionally fall suddenly. But mostly just in the software world. Phones require extensive hardware and software knowledge, and increasingly also require playing nice with carriers/TLA government agencies.
A while ago I implemented some little feature I wanted for an open source app, and tested it on my phone. Only Android development I've ever done, a few hours' work: I wasn't going to get certified as an official Android developer for it. With this, I wouldn't be able to do it? Or rather I could, but could only test with the Android Studio emulator or similar?
Similarly if I just wanted to make something for myself, not distribute it at all, I know have to register with this program just to install my thing on my own phone? I don't think even Apple goes that far?
No. You can still install apks through ADB, which is how you would do it during development. But you won't be able to distribute it without signing it through google.
Agreed, and the only reason I bought a Pixel is because it supports Graphene. But as long as the masses value convenience over privacy and freedom, nothing will change, and Apple/Google will happily keep selling them devices that are now primarily designed to spy on them.
"But as long as the masses value convenience over privacy and freedom, nothing will change, and Apple/Google will happily keep selling them devices that are now primarily designed to spy on them."
When I have taken the time to educate someone on a very personal level about privacy, the person understands the value and will change some of their habits. We can win this.
I have this profound disgusting feeling when I think I'm going to have to ask Google to validate which app I am allowed to install on the phone I paid freaking money to get !
This is not about open source, the government being able to ban apps, or anything else but a principle.
I'm not a child and Google is definitely not an authority respectable enough to tell me what I can't install. They have lied, been sued countless times, had to pay billions of fines,..
At this point, there are 2 alternatives : iphone, grapheneos (don't even start with Linux phone).
Iphone suck just as bad on that matter but at least the software is more suited to professionals, it's not as half ass done as Google software.
Grapheneos, it runs just fine 99% of the time but these last 1% can be so annoying. Like how they disable face unlock, or how some apps refuse to work because of play integrity.
My last hope is that the eu will come once again to the rescue and bring the mfcker at Google who came up with this idea back to earth.
That or ban Google Android version and make an European Android alternative funded and developed by a consortium of tech companies that want to sell phone in Europe.
After all, Europe is even a more interesting market than the usa.
with all these folding phones and e-ink mobile sized e-readers having gone through several generations, I'm beginning to think the next big kickstarter[0] is a dumb e-ink phone/wifi modem connected as a 5g modem to an amoled linux tablet.
[0] No royalties required if you pick up my "fantastic" idea, just send me a free device
If users are drawn to the "tree of the knowledge of adb install" then your first assumption should be that the menu in the walled garden is unsatisfactory, not the designs of a serpent.
There's an overarching lesson that FLOSS needs to learn from the last fifteen years:
If it's not copyleft, it's not free. Also, it's more than just a legal classification of IP law, it's an ethos. I don't care how "free" your underlying OS is, if most of the userland is proprietary and the only way to really effectively use the software on consumer hardware is to use a megacorp's implementation of it and to bow to their whims, it might as well be Microsoft Windows.
This is why I always thought Android never really was Linux. Sure, it has a Linux kernel, but that kernel just exists to run a bunch of software in a way that you have no real control over.
i am just waiting on the same thing that happened with sony and geohot to happen to google as well. blocking sideloading will annoy some very smart and maybe dangerous people
I just wish BlackBerry went in a different direction. If during the early-mid 2010s they decided to dedicate to open-source and privacy-first, as well as keeping their flagship QWERTY format with the optimized BlackBerryOS, they could still be around serving a particularly large niche in the smartphone market: Those who use their phone for communication and utility over entertainment.
Maybe they can make a comeback. If anyone at BlackBerry is reading this, just do it, please and thank you.
It's logical, and comes down to accuracy and comfort. It's the same reason why mechanical keyboards are best on desktop, not those silly flat Apple butterfly keyboards.
What I'm sad about is the fact that the QWERTY format was completely abandoned to cater to the entertainment-focused users on Android and iOS. Those are also the people who "don't care about privacy" and are fine with walled gardens, as long as their TikTok, Facebook and Netflix work.
Is typing on a touchscreen phone really that difficult for people? I did a Monkeytype test just now on my iPhone. I got 50WPM in the 30 second test. For comparison, I get about 100WPM when I type on a regular computer keyboard.
I feel like getting 50% typing speed isn't so bad, and I doubt I would get a lot better than that with physical buttons. Generally I'd rather have more screen real estate.
That said, I definitely prefer physical buttons for games.
> if you compile from source and deploy via adb nothing changes
That's not how I understand it. Do you have a source?
"Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices."
> Android Studio is unaffected because deployments performed with adb, which Android Studio uses behind the scenes to push builds to devices, is unaffected.
So, simply sending a download link for an APK to a friend is not enough anymore - I now have to teach them how to install and use adb.
EDIT
> we are also introducing a free developer account type that will allow teachers, students, and hobbyists to distribute apps to a limited number of devices without needing to provide a government ID.
Depending on how they implement that, this would at least partially improve the situation. Sounds like no ID is required, but I assume the whole ordeal with registering each app is still mandatory.
Yes, like the software for my ebike conversion kit for which I only have the APK. I have vetted the software and would like to install it. If Google blocks that, then fuck them.
They all died. There were Linux phones until Android and there were some non-Android phones until Android 8 or so, such as Qt Extended, RIM BlackBerry OS, Palm webOS, Mozilla Firefox OS, and Microsoft Windows Phone, to name a few. They all died from numerous footgun wounds as well as pressures from competition.
VoLTE was one of major contributors to the situation, by the way. Only iOS and Android supported voice call on 4G LTE for first 3-5 years, due to it being a huge pile of TBDs and transitional hacks. There were political fights in whether the LTE is to be 4G or it was to be 3.9999G and superseded quickly by a completely separate 4G standard. This meant that companies and consortium that maintained alternative OS could spend unrealistic amount of lobbying and engineering effort trying to get into it, risking investments needed for it, or give up and start procurement process for a white flag. All chose the latter, and we ended up with an iOS/Android duopoly with unprecedented totality.
I've been using Sailfish OS for quite some time, but I don't do all of my computing on the phone. There's quite a high friction for using any of the mainstream Android apps, so usually you have to find an alternative if possible.
I also use Sailfish OS - its not perfect, but useable. :) And the way Android and iOS goes to shit, its current state might already be better than them soon. ;-)
(Sailfish OS is improving over time, if a bit slowly. :) )
It's not a non-issue i'm sure it's quite annoying to deal with, they just work around it. I hope the deal with their unnamed OEM works out and we get a native GrapheneOS Device. I'd buy it day one.
It's kind of ironic that you have to actually give Google money in order to not use Android. I'm still amazed that there's no Graphene support for any other device.
I really would love to get rid of everything related to Google, Microsoft and Apple. Too bad I am completely depending on them. Business wise and privately. I wish I would wake up tomorrow with a Linux phone with no crippleware, no notifications, no crappy animations, no limits, no nothing.
it's always hilarious (and there's a lot of this going on right now) when major players eliminate themselves from the competition, while deluding themselves that they've eliminated the competition.
Meh, I can still install what I want via adb. It's probably a good thing most people won't be able to click a link and have a new program installed by an anonymous person. Especially in an ecosystem where .apks are passed around manually
Most consumers DON'T CARE. They want their phones to access Facebook, Instagram, TikTok, X, Bluesky, their banking, shopping, and food order apps, etc. If anything they'd be glad to know that Google is stopping entire classes of malware at the source. This is an anti-techie move, not an anti-consumer move. Only techies care about being able to run any software you want on a device you own. Most people don't really want to own a computer because owning one means you are responsible for administrating it, and that's well beyond normies' capability and/or well outside the things they want to spend time or energy fucking with. They just want access to what the computer enables.
Continuing to bang on this drum has "less space than a Nomad, lame" energy. Except it's political, so you sound even more like an autistic loon. Start thinking, techies. Not everybody is remotely like you. 99% of Google's customer base don't care about this, and Google may have actually increased Android's value to end users.
They want to use Facebook, Instagram, TikTok... The exact services that wouldn't exist in the first place if there wasn't for the open neutral Internet, something they didn't care about too.
As with manifest v3, Google is once again misusing their position as a source of open standards to benefit their adware business. Hopefully the EU fines them once again.
A weird hill to choose to die on given that in practice it's not really a meaningful percentage of people that are using adblockers and the negative PR they get from these oversteps is massive.
I believed the EU specifically ruled that Apple's rules which include this are NOT ok. And they're currently fighting Apple about it. Unless I missed something.
Dare I say it, I think we're being too harsh on Google here.
When you own a massively successful consumer product like Android, which is foundational to users' lives, you have an obligation to your users to keep them safe*. Sometimes you will have to choose between protecting users who don't know what they are doing at the expense of limiting users who know what they are doing. In this case, they have chosen to err on the side of the former.
I get it. It's OK to not like this development, especially if you use a lot of sideloaded apps. However, if you call this "anti-consumer", then perhaps you and Google have different notions of who the consumers are.
All said and done, Android/Pixel is still the most open mobile platform. Users are still free to install other AOSP-based OSes such as Graphene OS, which have no such restrictions on sideloading.
PS: I'm a former Google employee. I don't think I am a Google shill. I worked on mobile security, but I was not involved on this matter.
* I am using "safety" as a catch all for privacy and security as well.
AOSP is starting to be locked down. Google's idea of promoting safety is charging developers for recognition. When there's a profit incentive involved, no, we are not being "too harsh"
> Android/Pixel is still the most open mobile platform
There are 2 options in this space (practically). Being better than Apple, who is explicit about the fact that they own every iPhone on the planet, is not a flex.
Do you think Apple is being reckless not doing the same thing on MacOS, Microsoft on Windows? Is the population too stupid to be permitted general purpose computers?
>Is the population too stupid to be permitted general purpose computers?
I'm strongly against this Android change (for a simple reason written below) but the answer to this is a resounding yes! The general population is a complete security disaster with unsigned software! The latest generations being brought up within abstracted mobile ecosystems are no improvement either on that front (probably worse).
That said - and I think this is a key point in this debate - sideloading apps is already a fringe part of the Android ecosystem. The vast majority of average Android users will never interface with this functionality. Well there is still obviously a security risk as with any time unsigned software is offered, it doesn't seem to me to be a major issue in the ecosystem. This is clearly about control, not security. Let's say there is more antitrust action and Google loses more control over their preferred forced storefront monopoly within the ecosystem. With this change, at least according my understanding of it, they are still the arbiter of what is allowed on the platform and not even if an app comes from another app store.
> …perhaps you and Google have different notions of who the consumers are.
A relatively small percentage of HN users have empathy for people who haven't the faintest idea how their gadgets work and no curiosity about learning that. It can seem inconceivable.
I agree with you that normal people deserve safety when using their most intimate device, and that backdoors that can give technical people unfettered access will ultimately be abused by bad actors. I wish the world didn't work this way, but it's the one we live in.
> have empathy for people who haven't the faintest idea how their gadgets work and no curiosity about learning that.
I sincerely hope that a lot of people are actually better than how the stereotypes may make one think. Empathy (or lack of it) doesn't change the issue: users are deprived of choice and forced to go along a corporate decision, whenever it benefits them or not.
Ultimately, it all boils down to lack of informed consent and power/voice disparity between casual users and large corporations, especially when the choice is limited (and we have a de-facto duopoly). What you're seeing here is users expressing their dissatisfaction with a major decision that goes against their interests and that they had no say in. Have some empathy for those folks too.
I'm pretty sure most people who are unhappy about the news don't want to harm anyone and find no enjoyment if someone is harmed by lacking informedness. I'm very confident there are ways to present the issue and give a choice in a manner that is comprehensible to anyone, without requiring any technical knowledge. Every competent adult should be able to decide if they want to risk a thief gaining access to all their accounts at the benefit of ability to have extended control over their phone. Or be unable to install applications not blessed by the vendor, at the benefit of vendor promising to keep them safe from malware. I might not do the best job here, but I strongly believe that such things can be explained to anyone regardless of their life choices.
That's not what Google is doing, and their disrespect for user autonomy should not be confused for a lack of empathy towards those who don't understand computers.
Consider this framing: there's a controversy whenever it's acceptable that one could be punished for their choices on how their devices behave. I.e. whenever users willing to have better control over their devices should be punished by a refusal to access a lot of popular apps, sometimes even resulting in social awkwardness. I'm sure that empathetic people can see how this can feel unfair.
Yes, these big corporations are truly benevolent entities who are only looking out for the common man, and us software engineers are out of touch and "lack empathy".
It couldn't possibly be a frustration and concern that this is blatantly anti-competitive and serves to make Google considerably more money and leaves us with little/no options for people who actually know how to use a computer.
Frankly I think the security argument is largely a smokescreen to avoid discussions of anti-trust.
Let's take this to the logical extreme: I can make my phone even more secure if I pound a nail through it so that it doesn't turn on anymore. The phone is really secure now; it is impossible to install any malware on it, no one can install a bitcoin miner or track my credit cards or anything.
Even better, how about we replace the concept of "smartphone" with a glossy print of a Pixel phone that people can carry in their pocket? It would be lighter and completely secure as there would be no way to run any software on it.
Obviously I'm being farcical here, but ultimately I think there's a spectrum of security, and generally speaking these kinds of "security increases" end up making the phone less useful. Sideloading apps is already disabled by default. Most users aren't going to enable it; really the only people who are going to enable this are nerds who want to sideload stuff, and there's a strong selection bias towards people who know how to take care of themselves in the first place.
Also, frankly I don't really buy the "security" argument anyway. These companies aren't selfless benevolent entities who care so much about us, they are for-profit enterprises. If all apps need to be approved by and purchased through Google, then they can extract more money from users, which wouldn't be true with a side-loaded app store (e.g. what Amazon tried).
I currently run an iPhone, but I don't like how locked down it is and I have considered moving back to Android because of that, but now I'm not really seeing the point. I could of course install Lineage or Graphene or something else but that's considerably more effort.
If I buy a Google Pixel device then I AM a consumer. You don't have to choose, you could release a separate device for those who know what they're doing, just like Mozilla releases a separate edition of Firefox that doesn't require signatures.
And yes, I while I can still install some alternative OS on my older Pixel (now Google has stopped providing device trees for the newer ones which I therefore won't buy), Google constantly tries to make this as insufferable as possible with their "Play Integrity" crap.
> now Google has stopped providing device trees for the newer ones which I therefore won't buy
Yeah, that sucks. I don't know if they made any official statement on that. I hope they will continue releasing device trees. It's a feather in their cap that the best mobile device to use for de-Googling so far was a Pixel device (with alt OSes). I hope they won't lose that distinction.
If you want to install software on your Microsoft Windows computer, it has to be signed by a verified developer, otherwise you get an overridable warning that the developer cannot be verified, the software may contain malware etc.
If you want to install software on you MacOS machine, the same thing applies. It must come from a verified developer with an apple account, otherwise you get a warning and must jump through hoops to override. As of macos15.1 this is considerably more difficult to override.
If you want to install iOS apps, the apps have to be signed by a verified developer. Theres no exceptions.
I just dont see a future where being able to create and publish an app anonymously is going to be supported.
Becoming a verified developer is a PITA, and can take a while or be impossible (i.e. getting a DUNS number if you're in a sanctioned country might be not at all possible) but at the same time, eliminating the ability of our devices from running any old code it downloads and runs is a huge safety win.
I'm okay with overridable warnings, having to open system settings to override the verification, etc. It's a "huge safety win" for the 80% of users who don't really know what they're doing, security wise. But not for me.
I won't be using any OS that doesn't allow me to step outside its walled garden, if I have any alternatives at all. With macOS it's quite simple - the second they won't allow apps from unverified/unsigned developers, I'm switching to Linux. On mobile, I might as well switch to iOS, since I'm not really sure what else Android offers anymore that's so compelling, other than being able to install apps directly. And then I'll just wait for a Linux phone or something.
But Apple will change those "warnings" into straight-up lies, and fail to mention the user can override them, and hide those overrides in non-discoverable places:
Whenever I try to open an unverified app, this popup comes up saying "[AppName] Not Opened" "Apple could not verify [AppName] is free of malware that may harm your Mac or compromise your privacy." Then there's only two options to either press "Done" or "Move to Trash." - https://old.reddit.com/r/mac/comments/1ekv55h/cant_right_cli...
This also implies that Apple does verify that app store apps are free from malware, when that's not the case. It only verifies that they are from a developer who paid the fee and whose apps pass Apple's automated screens.
> I just dont see a future where being able to create and publish an app anonymously is going to be supported.
This is strongly needed if surveillance laws like Chat Control are not to be trivially bypassed. This way applications that don't offer governments the required surveillance features can be banned and the developpers can be sued. Not looking forward to that.
I dunno man, it doesn't feel like a "huge safety win" that my computer has to check with a singular US tech company before it will let me use any software on it.
That's only sorta how it usually works. The developer has to check with a singular US tech company before they can sign the software they've given you.
Except yeah, the way this android stuff works is closer to that way. Instead of Google giving out a key for signing, they instead ask for one and tie a developer to a namespace, so yeah, I guess your Android phone has to check whether or not that namespace is "in the clear"
Right, Google could revoke that signature at any time and my device would refuse to install that software. The exact mechanics don't really matter, the end result is the same, my device will only install software that one company approves of and can change at any time, huge win for security right?
> eliminating the ability of our devices from running any old code it downloads and runs is a huge safety win
No, this is just false. There's numerous, well-documented instances of malware making it past gatekeepers security checks. This move is exclusively about Google asserting control over users and developers and has nothing to do with security or safety.
The only "huge safety win" comes from designing more secure execution models (capabilities, sandboxing, virtual machines) that are a property of the operating system, not manual inspection by some megacorp (or other human organization).
Thats a false equivalency. I didnt say that software was safe because its been checked. Just that at the least, one can somewhat figure out where the software came from.
Getting a DUNS number obviously doesn't make it so that you cant publish malware. It just provides a level of traceability/obstacle that slows down the process of distributing malware.
Installing any app I want outside the Play Store was the primary reason I decided to go with Android, despite most of the people I know using iPhones. If I can't do this anymore, I may as well switch and be able to use iMessage and FaceTime with them.
Android is losing a unique selling point. This will have an impact on what a techie may recommend to a non-techie in the future, because everything is beige now.
I have the feeling Google has given up on using nerds as beachheads. The market is saturated enough and they don't need us anymore to do grass roots spreading of their products. It's the same with Youtube. As long as there were enough people who were unencumbered by ads because of their ad block and kept spreading links, the importance of Youtube was growing. After market saturation that vehicle isn't necessary anymore and they can squeeze them out.
Yes! Android doesn’t need an USP. Not anymore now that we have a stable equilibrium of this perfect duopoly.
This is unacceptable.
Google needs to be broken up. Apple too.
The lack of antitrust enforcement is a clown show.
We have no choice in the most important computing category in the world. It's a duopoly and they have everyone in straightjackets - consumers, companies, competitors, governments, ...
A huge percentage of the world's thoughts and economy flow through mobile. And two companies own it.
Ma Bell was nothing compared to this.
Breaking up Google will not help in this particular case. The problem is entirely within the Android unit; and would still be present even if Android were to be split off into it's own company.
It certainly seems like there is problematic behavior in the restrictions Google puts on OEMs that want to use Android (or, more specifically, play services) on their devices. However, I think it would take a different enforcement mechanism to address that.
Disabling the ability to install arbitrary apps, like ReVanced, etc. benefits other parts of Alphabet.
In general, making anti consumer decisions is also easier when you know you can fall back on income from other units.
Then why does Google make so few anti-consumer decisions? I mean, compare Google with Facebook. Surely we can agree Google is the better behaved of those two.
Apple only allows software on their macbooks and mac mini, and every release of MacOS it's more locked down. Everything else, from iPhone to the watch, is 100% locked down. Likewise, every version of Windows tries, again and again and again, to lock down programs that can be run. People absolutely don't accept it, but they do try (remember when they tried to bury the ability to run unverified apps behind a price hike?)
I'd at least give it a shot to simply appeal to Google on the justification they give. After all, the blogpost ... It is very strange for Google to do what they do in that blogpost, don't you think?
https://android-developers.googleblog.com/2025/08/elevating-...
"In Brazil, the Brazilian Federation of Banks (FEBRABAN) sees ..."
"Indonesia's Ministry of Communications and Digital Affairs praising it for providing a “balanced approach” that ..."
"Thailand’s Ministry of Digital Economy and Society sees it as a “positive and proactive measure” that aligns ..."
"Developer’s Alliance have called this a “critical step” for ..."
And it's easy to come up with other government requirements, like the DMA (yes, ironically) and ChatControl that require vendors are able to disable apps.
Clearly there is more than a little government pressure on Google to do this, including US and EU lobby groups (Developer's Alliance). Clearly Google is unwilling or unable to resist government pressure to allow governments to control which apps get to run ... Has anyone even asked these groups why they push for this?
> I mean, compare Google with Facebook. Surely we can agree Google is the better behaved of those two.
I'm not sure I agree, particularly with respect to their core businesses. Like Google basically own all parts of the ad stack and use that dominance to compete unfairly against basically everyone else, causing them to appear to be a better service. There was even an anti-trust case about it (up for sentencing at the moment, here's hoping for a breakup).
Facebook have certainly done a bunch of nefarious stuff, but Google is just a more useful product to the people who come here (and I agree with this), so they get more of a pass.
Ads.
A smaller company would at least be less capable of ignoring the fines or the loss of market share. Or in other words, "too big to fail".
"Too big to fail" usually refers to companies such as banks that are such integral parts of the financial infrastructure that governments must bail them out when they screw up. In Google's case I would rather call it "too big to care", because every fine they get is basically a rounding error.
They are also "too big to be regulated", which I would include in the "too big to fail" category.
[dead]
>I may as well switch and be able to use iMessage and FaceTime with them
I, too, love vendor lockin.
It is not just that. In my case , everyone around me are using iphone . I made the sacrifice to not easily connect with them and use android so that i have freedom ( to install, customise what ever). Once that freedom aspect is taken away. There is no reason for me to make that sacrifice.
Until EU's cross compatibility between messaging apps is passed, we are forced to be in vendor lockin.
I have no idea why iMessage and FaceTime are draws when Signal is available.
I want to preface this by saying that I use almost only signal, but I do get the appeal. Walking out of the house and switching from wifi to mobile is so smooth, signal always takes a hot minute to reconnect, but with facetime (and for that matter meet and whatsapp video calls) you barely get a stutter. For the most part it really is a "it just works" solution whereas signal sometimes feels a little klunky. I don't mind, but I get that people value that.
Another road that leads to BBM it seems.
It’s utterly bizarre how BBM could have been the iMessage and WhatsApp and who knows what else. But rich out-of-touch people thinking exclusivity is a perk in a commodities market just shows how business savvy and wealth are in reality disconnected from eachother.
In 2012, Jim Balsillie (then co-CEO of RIM with Mike Lazaridis) had actually planned this, but the board rejected the idea: https://www.theregister.com/2012/04/13/balsillie_plan_open_b...
BBM could have been great lock in IF OS and Hardware experience was not so bad.
For vast majority, Android vs iPhone is not massively different so iMessage availability is a draw for some people.
BBM itself should not have been a lock-in. It would have taken incredibly little effort to open it as a desktop messenger that can seamlessly interact with people who have BBM numbers for example.
I doubt they learned their lessons. Apple walked all over them in so many ways and, if memory serves me right, they even mocked Steve Jobs over the iPhone.
Edit: just so I’m clear I’m discussing it from the perspective of early to mid 2000s. iPhone hadn’t yet come out, but iPods were popular. Trillian and Pidgin were dominating the online landscape of software that could support multiple chat protocols - seamless ICQ, AIM, IRC, Yahoo, MSN Messenger, all in one program. If there was a time for RIM to corner the market here it was right then and there because BBM was the real deal, being available on phones and they could have signed agreements with others to bring it to, for example, Nokia and Motorola and whoever else.
But no. They’d rather be arrogant and stupid.
> they even mocked Steve Jobs over the iPhone.
Isn't that just doing their jobs as executives for a competitor?
Though internally, one would hope they were sounding some alarm bells. Though at the time, it wasn't at all obvious that people could get used to doing relatively serious typing on a small (even tiny back then) virtual keyboard.
Time after time we believe people in important places have some higher knowledge or some deeper insight. However, more likely, they were just regular people who were in the right place at the right time. I don't think they understood what they were up against. Neither did Nokia / Microsoft with Windows Phone.
Just to assist perplexed netizens like myself, apparently in addition to being an acronym for Big Beautiful Men, BBM also stands for BlackBerry Messenger [0].
[0] https://en.wikipedia.org/wiki/BBM_(software)
Weird. If I wanted to send messages from my BlackBerry, I used AIM. I had no awareness of BBM (despite owning a BlackBerry), nor would it have provided nonzero value even if I had heard of it.
This does not suggest to me that BBM was somehow positioned for mass adoption. There was no problem for it to solve. It was worse than the existing messaging landscape.
(If I had wanted to send a message to someone else whose only mode of communication was their BlackBerry, a situation that never arose, I would have emailed them. Convenient email was the BlackBerry's entire marketing strategy. Note that this works just as well on smartphones today.)
BBM was the iMessage and WhatsApp before either of those.
WhatsApp became popular specifically because it was a multi-platform replacement for BBM.
BBM had little else to offer in terms of apps. It was a corporate ecosystem and good at that part of it.
iMessage also came out after BBM, and did their own device lock in, except iPhones were designed for the many instead of the few, especially beginners to smartphones.
We got BBM on Android and iOS. Alas, by then it was mostly too late. It got some initial traction but that didn't last.
I mean, we have mandatory Play Store services, so the experience on android is not significantly less locked-in.
LineageOS without gapps (no microg even) works fine. Very few apps require play services. I think everything from F-Droid works.
Yes, Lineage and Graphene are far more usable than people without first hand experience imagine. The vast majority of Android apps just work. Some may display a warning when first launched about custom ROMs being "unsupported" (like Whatsapp), but then just work as expected. A few users also report broken notifications (those that use Google's library to implement them), but it's a minor inconvenience, at least for someone like me who dislikes notifications.
And there are many great apps available on these free Android devices that are simply not available on "official" builds such as NewPipe, because Google obviously doesn't want you to block ads on Youtube.
> LineageOS
This frog is being boiled
The market for that is extremely niche and Google is going to make that less and less practical as it closes off AOSP source availability
I just switched to the iPhone with the new cycle, explicitly because of this news.
Sideloading was the killer feature for me as well.
> I just switched to the iPhone with the new cycle, explicitly because of this news.
And guess what, sideloading has never been allowed on iPhones.
So you just went from bad to worse. The only rational option for tech-minded people nowadays is to buy a device that supports Lineage or Graphene (ironically Pixels are good for this) and to replace the stock OS.
Well no, the iPhone has niceties that Android lacks (as evidenced by its total market dominance for markets who can afford Apple devices). Lots of engineers use Android phones, but the C-suite invariably uses iPhones.
So if the reason you're choosing Android over iOS is freedom and flexibility, once that's gone, why not choose slickness, speed, battery-life, photo quality, and an integrated experience?
> (as evidenced by its total market dominance for markets who can afford Apple devices)
This is only true in English speaking markets, the rich countries of Western Europe are much more Android heavy.
> the C-suite invariably uses iPhones.
Hard to see that as a plus.
I have owned iPhones in the past (and still have a couple of old models collecting dust in a drawer), and I don't think they are in any way more refined than my Pixel 9 running Graphene. Most importantly, it is immune to arbitrary restrictions like sideloading bans or government-mandated spyware (aka Chat Control in Europe).
> battery life
Eh? I have a 6000mah Android. Everyone with an iPhone that I know struggles to get half the battery life I get.
Check UbuntuTouch, it's really a nice third option. The OS is refreshing and the dev community active.
We do not have to choose the lesser of two evils this time.
I glanced at Ubuntu Touch, but its device compatibility looked severely lacking (https://devices.ubuntu-touch.io/).... I have old Pixel phones I could potentially try it out on, but the last Pixel phone that is officially supported is the 3a. So that is a bummer.
Device compatibility is not a feature occurred naturally, it's the result of people wanting and then working to get it supported.
So, if you're interested in adding more devices, join the community and see what you can do!
Chicken egg situation. I would be interested to contribute, but I cannot run it on any of my devices. Alas I am not contributing.
I wonder if banking and messaging apps will work on it in the future
Re: banking, not until adoption of non-Android and non-iOS devices grows. To break this chicken and egg problem, one can get an Android phone and use it exclusively for the banking app, treating it like one of those hardware security keys the banks used to give out in the early 2010s. One used to just leave it at home; maybe take it to work occasionally. Another option is to live like the early 2000s and go to an ATM/bank for all bank things, including account consultation.
Or use the banks website from a computer? Which banks do not allow this?
The biggest bank in the Netherlands at least requires the app to confirm payments. Although they do still have these paper slips (maybe) for transfers but that cannot be used for ecommerce
> The biggest bank in the Netherlands at least requires the app to confirm payments
This is (I believe) part of PSD2, so basically all EZ banks require this now. Hilariously enough, they still have absurdly weak passwords but apparently they meet security requirements by forcing you to confirm stuff on your phone.
> Although they do still have these paper slips (maybe) for transfers
Are you describing checks?
Written (on paper) transfer orders. You fill them out at home and throw them into a special mailbox at the bank. Old people still use them, I even used them occasionally 20 years ago or so because they sometimes came with invoices, pre-filled with receiver details, so they were about as convenient as online transfer.
ING? You can choose to receive a hardware device instead of using the app.
Ubank in Australia just told me they’re retiring their website in a few months, the app will be the only way to access your account. It’s digital only, so no real world branches either.
This would be enough of a reason for me to immediately move all my savings to another bank. No website, no business.
> the app will be the only way to access your account
Maybe also on the ATMs of other banks?
Many banks in Europe are app-only and don't allow you to log in with a web browser.
In Germany at least, that's only the ones that advertise being an "app bank". It's the last thing that I want, but they exist.
Yikes. That sounds tough.
My bank in Australia has a great desktop website, but you have to do 2FA on your phone to access it. That means even though I prefer to use the desktop site, I still need to be able to run the app too.
"Refreshing" is an interesting adjective to use. I don't want a refreshing OS. I want a rock stable OS that sips battery.
There are so many ways one can go about telling people that Android and iOS are not the only viable options for a mobile OS.
If an adjective is sufficient to make you fall back to the mean then there wasn't much one can do to convince you, I'm afraid.
Yeah... Does it support WhatsApp? If not that's a deal-breaker in most of the world.
Most of the world loves being shackled by a Meta product for some reason. The allegiance to WhatsApp is mindbending.
Free unlimited global text messaging in a time when people with very low incomes dealt with very low limits or per-message fees.
Much of the love was built before Facebook took it over.
Because WhatsApp is really good, much better than SMS, and everybody uses it.
Meta only bought it after it was already the de facto standard. And to be fair they are only just starting to ruin it after quite a few years. So I would say the world made a pretty good decision there.
WhatsApp works with your phone number. If you have someone's number, you have their WhatsApp. And since basic text messaging is terrible and RCS still isn't universal, WhatsApp is used.
Signal desperately needs "Signal for Business".
Sell a way for businesses to send trusted communications to their customers in sensitive industries - i.e. healthcare would be a big one.
They need both an actual revenue stream, but also that sort of professional messaging can drive adoption which ultimately furthers the Signal mission.
Plus all those things could desperately use good secure messaging systems.
Huh, that wouldn't be a bad idea at all.
Using Waydroid, you can run many/most Android apps unmodified.
So, yes, it's possible :)
Switching to iPhone will make it even more obvious there is an unhealthy monopoly, so that's nice. If there's no good reason to choose Android, why not?
What we really need is a fair alternative to both these abuse platforms. Choosing an unfamiliar abuse over a familiar abuse isn't exactly the smartest move. The switch over to a free(dom) platform like plain Linux must happen even if we have to make some temporary sacrifices like the loss of mobile banking facilities. It can't be worse than using a feature phone, can it? The app ecosystem will eventually attain parity if the platform achieves popularity.
Multiple alternatives already exists. Or how do you define "fair"?
Then you'd be rewarding the company that pioneered and normalized taking away these rights. The next rights you'll lose will probably originate on Apple again years before Google takes them away too.
It doesn't make any difference anyway, does it?
Then I might as well treat myself with better hardware & ecosystem.
Better hardware, yes.
But you'll be reminded quickly how comparatively shit Apple's software is.
Aka the litany of "Oh, yeah, everyone knows that's broken but just deals with it, because there's no way to fix issues on a closed platform other than {wait for Apple}."
I will take Apple's software over Samsung's ad infested, buggy & ugly software any day.
What are all these things that are broken?
The only thing I can think of that's worse on iOS is that you're forced to use safari or another skin on webkit rather than true alternative browsers. Everything else works better thatn android AFAICT, and integrates amazingly with MacOS.
There being a different keyboard with a period next to space that's only used for address bars.
Tapback emoji choice being uneditable.
There's a lot of little annoyances that on Android can be user-fixed, but on iOS it's just... wait and hope.
Honestly, now you mention it, space bar/period thing is annoying :)
I’m always searching for things with unnecessary dots in them, and I’d forgotten about the keyboard options on Android.
my iphone doesn't reboot every time I try to take a picture or make a phone call (on every pixel I've had)
android sucks, but it was open
now it just sucks
How many pixels have you had that reboot when you take a picture or make a phone call?
My pixels haven't done that (yet anyways).
4
I think this isn’t true at all, before the iPhone existed cellular carriers controlled software on consumer phones.
Remember when GPS navigation was a $5/month app that was a cellular plan addon?
Only phones sold by carriers were controlled by carriers. You could easily (in Europe at least) buy an unlocked phone and put in a SIM from any carrier of your choice. You could then easily install (i.e. "sideload") Java apps from anywhere you wanted, e.g. from a storage card or over Bluetooth, although some permissions were restricted unless you bought an expensive code-signing certificate.
As I recall, in the US at the time the best networks were CDMA and had more strict device activation requirements, especially Verizon.
"If I can't do this anymore..."
How will Google force Android users to "update" so sideloadinng can be prevented
Non-updated versions of Android running non-updated versions of sideloaded apps will not have the restriction
Another example of how not every "update" is for "security" and "updates" should be optional
The computer owner chooses one version of an operating system, e.g., "I chose Android because I can sideload any app", but by allowing automatic updates, without reviewing them first, the computer owner agrees to let the operating system vendor change the software remotely to anything the vendor chooses. The computer owner goes along with whatever the vendor decides, letting the vendor take them for a ride
If the operating system gets _worse_ in the opinion of the computer owner, if it fails to meet their needs, e.g., "sideloading", then that's too bad. The computer owner chose one version of Android, but by subscribing to "automatic updates" they effectively chose all future versions as well
This is why I prefer BSD UNIX-like operating system projects where I can choose to update or not to update. Unlike the hypothetical Android user, the project does not decide for me
HN replies may try to draw attention to "security" and away from "sideloading restriction". However there is no option to accept "security updates" while rejecting "sideloading restriction updates". According to the so-called "tech" companies that conduct data collection and surveillance as a "business model" through free, auto-updated software, every update, no matter what it contains, is deemed essential and critical for "security"
Online commentators seem to agree that the computer owner should have the choice to install or not install _any_ software outside the "app store", so-called "sideloading". Perhaps this freedom to choose whether to install or not install software should also apply to operating system "updates"
> How will Google force Android users to "update" so sideloadinng can be prevented
Google has the Google Play Services, which can be remotely updated via the Play Store, as has been done for the COVID exposure notification system [0]. Google's Play Protect already hooks into the installation process and could be updated to enforce the signatures.
[0]: https://en.wikipedia.org/wiki/Exposure_Notification
Automatic updates are pretty unrelated. Google can just release an updated version of google play services or a device verification API and everyone's banking/government ID apps will stop working until you manually update anyway. They have a pretty big stick to whack you over the head with if you don't update to the new version "for security"
You can still install apps outside the play store, but the developer does need to verify their signing information. Effectively this means that any app you install must have a paper trail to the originating developer, even if its not on the app store. On one hand, I can see the need for this to track down virus creators, but on the other, it provides Google transparency and control over side loaded app. It IS a concerning move, but currently this is far from 'killing' non-appstore apps for most of the market.
So let's pick a random example app that might be popular on F-Droid today. Oh, I dunno...newpipe.
Given that Google both owns Android/Google Play Store and YouTube: what do you think they would do with the developer information of someone who makes an app that skirts their ad-model for YouTube?
I can't help but feel that this move is aimed specifically at ReVanced.
The "security" wording is the usual corpospeak - you can always trust "security" to mean "the security of our business model, of course, why are you asking?"
Exactly. I don't think Google is doing this so that people don't install some random FOSS alternatives through F-Droid.
Things like Newpipe seems much more of a target, especially if you want to take legal action. More so than stopping users, this gives Google fat more leverage about what Apps can exist. If they ever want to stop Newpipe a serious lawsuit against whoever signed the APK seems like an effective way to shut down the whole project. Certainly more effective then a constant battle between constraining them and them finding ways to circumvent the constraints.
Google is following the same game plan we saw when they decided that the full version of uBlock Origin (the version that is still effective on YouTube) should no longer be allowed within their browser monopoly.
The fact that there was a temporary workaround didn't change the endgame.
It's just there to boil the frog more slowly and keep you from hopping out of the pot.
It's the same game plan Microsoft used to force users to use an online Microsoft account to log onto their local computer.
Temporary workarounds are not the same thing as publicly abandoning the policy.
Curiously, for me Ublock light works just as well after I was essentially forced to switch. I could still get the original to function, but with every random chrome update, the thing would be deactivated, obviously as "insecure".
From a quick glance at /r/GooglePlayDeveloper/ it looks like Google is just as interested in killing playstore apps! It seems that they only want to support the existing larger apps now. I think they are giving a clear message to developers that its not really worth developing for that platform anymore. I think we will all agree that the playstore needed a purge but they seem to be making it impossible for any new solo devs at this point.
I thought most devs didn’t want to develop on android because IOS devs made more income per user (0) and spent more on in app purchases. Android does well with ad supported apps. Paid apps have had issues with piracy also.
“In 2024, the App Store made $103.4 billion to Google Play’s $46.7 billion.”
0 https://www.businessofapps.com/data/app-data-report/
I have no idea what this means. How does this change "kill playstore apps"?
Not related to this particular news item, but several high-profile App developers are either killing their apps on Android entirely (like iA Writer) or removing features due to Google tightening submission requirements and increasing costs for apps that integrate with their services.
not the change mentioned in the news link. I was referring to what people are discussing over on the reddit play store sub. Google are terminating dev accounts without giving any reasons or warnings. I'm sure most, if not all terminations have have some element of justification but ultimately it means that Google seem pretty happy to terminate any dev account without letting the developer know why. And to make things worse, that developer is forever banned from ever publishing any content on the playstore for life. They cannot make a new account. Their career in android app development can be destroyed in an instant. Most terminations seem to be handled by bots... and to rub salt in the wound, Google only responds to appeals... using more bots. That is according to what the community has been saying at least. I'm sure they know what they are doing and one thing we all know is that Google actually IS big enough not to fail. But it does seem like the right thing to at least make new developers more aware of the risks. And it is obviously a very stressful time for anyone who is actually making a living off an android app.
To wit, there is only one business playbook with two strategies: When you are weak, make friends. When you are strong, make war.
Android used to be weak against iPhone and needed to cooperate, so they allowed more apps in to grow the userbase. Now that they're big and strong, they don't need allies, so they start kicking out everyone who isn't making them money.
Every "enshittified" service does it - Imgur, Reddit, whatever. Everyone selling $10 bills for $9 does it. Microsoft did it. They took a step backwards by buying GitHub, when they realized they were totally blowing it on cloud. But now that they have users stuck on GitHub and VS Code, they're defecting again.
> currently this is far from 'killing' non-appstore apps for most of the market.
It means that Android is no longer suitable for my own private dev projects.
If it's for your own projects, for yourself only, ADB still works without this verification.
True, although using adb requires the use of the usb port, which for some of my projects is highly impractical.
Also, with this move, Google has made it very clear that they don't want people to have any real control over their machines -- so I'm not inclined to think that using adb to work around the problem will always be possible.
It's fine, though. My hobby projects will continue into the future, just probably without using Android.
I didn't think a usb port was required since the introduction of wifi adb?
https://www.androidpolice.com/use-wireless-adb-android-phone...
Ah, I didn't know this was a thing. Thank you!
I know that this is how shizuku (0) does it and it is required anyway if you want to install multi apk applications so stiff won't change for most people then?
(0): https://shizuku.rikka.app/
You can use GrapheneOS or LineageOS without the Google rootkit and continue installing any apps you want
Considering both Graphene and Lineage have been complaining about google making development harder and harder for how long will that be a possibility?
Play Store has an attestation API, Google could simply make it harder to run banking apps and similar if you run GrapheneOS. Something like requiring banking apps to use a stricter mode. GrapheneOS even mentions it's not easy spoofing this entirely as it change often on the FAQ page.
There's only so much you can do as a maintainer of a custom OS like Graphene before its too hard to maintain. I don't think there's enough coming in by way of donations to play catch-up.
Need legislation quick. But I suspect the EU doesn't want side loading either in the grand scheme of surveillance.
> Google could simply make it harder to run banking apps and similar if you run GrapheneOS
Thats the Banks fault then. I complained to mine and they removed the safetynet check / let you skip it.
My devices are not supported by either of those, sadly.
sure. now. why do you think google won't choose a way to destroy them in the near future?
Well with that thinking you can't use an OS by any corparation???
It also makes it easy for google to blacklist a developer, if for example the trump administration don’t like them (the same way apple removing apps documenting ICE).
And basically every corporation with any business in the US has proven _more_ than willing to instantly capitulate to any demand made by the administration.
Pretty sure virus creators could just pick a real ID leaked by the "adult only logins" shenanigans, whereas legit app developers probably wouldn't want to commit identity fraud.
If it gets that bad; Google can do what they already do with business listings - send a letter to the physical address matching the ID, containing a code, which then must be entered into the online portal.
Do that + identity check = bans for virus makers are not easily evaded, regardless of where they live.
That physical address will be useless, and probably easily worked around, in many if not most countries. Expecting Google to be able to use that address together with the law is a pretty US-centric expectation. I don't think most virus creators would be impacted, especially not the ones that are part of professional (criminal or government) organizations.
Even in the US, it won't always work. If you moved in the past few years, the address on your ID will be wrong.
Will they send letters to sanctioned countries? What about a PO box, or a remailer service?
Can you imagine what you're suggesting for a Linux machine? It's absurd. My box my rules, I'll run any damn code I please.
Yeah... no. This is normal with desktop computers. Let's stop handholding people. If I trust the source, I trust the domain... I want to be able to install app from its source.
Googles/Apples argument would have been much stronger if their stores managed to not allow scams/malware/bad apps to their store but this is not the case. They want to have the full control without having the full responsibility. It's just powergrab.
It's normal for Windows and *nix, not for modern macOS which has big limitations on unsigned apps requiring command line and control panel shenanigans.
And you are completely ignoring viruses, ransomware, keyloggers, the 50 toolbars etc that has been the staple of Windows and before that DOS for over 40 years.
Scam apps are rife in the iOS App Store. But what they can’t do easily install viruses that affect anything out of its sandbox, keyloggers, etc
You are missing the part where the OS provider is the virus and keylogger. Unless of course you feel it reasonable that google and apple datamine everything you type via their software keyboard[0] or reading the contents of your notifications via play services[1].
0 - https://discuss.grapheneos.org/d/16046-google-keyboard-w-net... 1 - https://discuss.privacyguides.net/t/sandboxed-google-play-pr...
You mean if you run an OS made by a company whose whole profit model is based on tracking users so they can advertise to you is invading your privacy?
Sandboxing isn't feature dependent on Apple being a big curator is it? These are orthogonal but not the same issues. I've never said that PCs don't have viruses or that it isn't a problem, only that I should be able to install software from developer I trust if I want to.
I agree let's have sandboxed app instalations on platforms. Flatpak is already going this way. But it looks like big players Microsoft,Apple and Google are gatekeeping app sandboxing behind their stores instead of allowing people/devs to use sandboxing directly.
And then there will still be complaints about Google limiting what apps can do and take away “your freedom”. What happens when a third party app wants to be able to read in other apps internal storage to create a back up solution like iCloud? Should that be allowed? What about if they want to create an app that autocompletes what you type when working in another app requiring key logger like capabilities?
What part of "I should be able to install software from developer I trust if I want to" was hard to understand?
Then you don’t want sandboxing if you want all of those permissions.
You can have sandboxing and run whatever you want. I do it every day on PCs where I, the user, can define the terms of sandboxing any appliclation I want, and not a trillion dollar corporation using sandboxes to enforce their chosen revenue streams upon users.
Yes and for you to think that is a valid argument for a consumer product is why most open source products suck for consumers and end up being about as bad as the “homermobile”.
You do realize macOS has used sandboxing by default for over a decade, right?
ChromeOS/ChromiumOS uses heavy sandboxing. Android currently uses sandboxing transparently, despite plans to iOS-ify the platform. Hell, Windows uses app isolation sandboxing these days.
All four consumer platforms let you run the software you want to and they provide sandboxing at the same time. They also let you configure sandboxes, too.
As for open source, consumer products like the Steam Deck use sandboxes, popular game launchers like Lutris use sandboxes, Firefox transparently uses sandboxing by default, as does Chromium/Chrome, anything installed automatically with Flatpak or Snap are sandboxed by default and AppArmor/SELinux works in the background automatically on most distros and are activated by default.
Saying open source projects like the Steam Deck, Firefox, Chromium, ChromiumOS and Android suck for consumers is a weird opinion, but you're free to have it.
Mac apps outside of the Mac App Store really doesn’t have any sandboxing.
And Android’s sandboxing is so bad, you always hear about the malware of the week especially outside of the Play Store.
ChromeOS also isn’t open source. And expecting end users to “configure sandboxes” you might as well not have one.
Firefox is s browser, and didn’t they tighten what third party extensions can run?
Android - or at least the version that most people use - is not “open source” by any stretch of the imagination.
> Mac apps outside of the Mac App Store really doesn’t have any sandboxing.
Apps can and do ship with sandboxing rules that will be applied at runtime.
> ChromeOS also isn’t open source. And expecting end users to “configure sandboxes” you might as well not have one.
I listed ChromeOS as one of four consumer operating systems used by billions of people that uses sandboxing, not as an open source OS.
Notice how I did use ChromiumOS when referring to open source software, along with Chromium.
> And expecting end users to “configure sandboxes” you might as well not have one.
Who said anything about expecting users to do that? I just mentioned that you could configure them if you wanted to, like I said in my GP.
Again, my point is that these are consumer products that billions of people use everyday that use sandboxing by default, yet somehow not even having to think about sandboxing is too onerous for end users?
> Firefox is s browser, and didn’t they tighten what third party extensions can run?
Yes, it is open source consumer software that does sandboxing by default without the user having to think about it.
> Android - or at least the version that most people use - is not “open source” by any stretch of the imagination.
AOSP is very much open source
> Apps can and do ship with sandboxing rules that will be applied at runtime.
Hardly any apps outside of the Mac App Store voluntarily opt in for sandboxing
> I listed ChromeOS as one of four consumer operating systems used by billions of people that uses sandboxing, not as an open source OS.
And also locked down…
> AOSP is very much open source
Calling AOSP open source when it’s almost useless to most consumers without the proprietary bits from Google is just as disingenuous as calling iOS open source because Darwin is open source.
Sure I do. I sandbox what I want when I want.
So now you are expecting users to navigate hundreds of permissions and know the consequences of each one? How did that work out for Vista?
Yes, if you bother with the rigmarole of escaping walled garden then you should be expected to navigate 20-30 permissions, which is in practice all that's necessary.
If users without that level of technical skill are pressured into making those decisions, that's because they're being mistreated.
“Besides that, how was the play Mrs. Lincoln?”
Nah it's really not that bad.
The toolbars don’t just magically appear there. They are the product of a technically illiterate user.
Yes because technically literate users shouldn’t have trusted mainstream companies to not install bundle ware back in the Day? They shouldn’t have trusted Zoom not to install a web server on Macs surreptitiously that caused a vulnerability? They shouldn’t have searched Google for printer drivers not knowing that it was a fake printer driver? They shouldn’t have trusted Facebook when they installed VPN software that tracked all of their traffic from any app?
Is that really your answer? To make the phone ecosystem as fraught as Windows PCs for the average user? How is they worked out for PC users since the 80s?
Technically illiterate users should leave the default security settings enabled.
In the modern day, I actually think this mostly works? Are you aware of instances where normies installed Windows malware because they purposefully disabled Windows Defender?
Everyone always talks about the "Dancing Bunnies Problem" but I'm not convinced it's actually a thing.
You mean like all of the ransomware that is being reported on a monthly basis? My mom looked for a printer driver by searching on Google and installed some type of crap that wasn’t the official driver. She is 80. But she has actively been using computers since we had an Apple //e in the house in 1986.
On the Mac, people installed Zoom and it installed a backdoor web server.
Please install an ad blocker on your mom's computer, if you haven't already. Not every fake driver etc gets blocked by an ad blocker, but the majority do.
The fake printer driver came up in the organic results…
I'm explicitly only talking about ransomware that requires disabling Windows Defender.
The default security settings only got to be the way they are after more than a decade of exploited windows xp machines breaking the whole internet.
How is they worked out for PC users since the 80s?
Just to be clear, are you claiming that we would be better off if PC hardware and OS vendors had the level of control that smartphone vendors do today?
For almost every user - yes. If apps had to run in a strict sandbox it would be better for most users. Where it would make you jump through an incredible number of hoops or even install “developer editions” of operating systems.
You really can’t trust developers to do the right thing - even major developers like Zoom (the secret web server) , Facebook (the VPN that trashed usage actoss apps on iOS) and Google (convincing consumers to install corporate certificates to track usages on iOS).
Even more to the point, you read about some app installed outside of the Google Play store that’s malware - including the official side loaded version of FortNite…
https://blog.checkpoint.com/research/fortnite-vulnerability-...
I appreciate your response even though I strongly disagree.
You really can’t trust developers to do the right thing
Indeed not, and that includes OS developers. Imagine if Microsoft had been able to block web browsers other than IE in the name of "security".
Well, you have to trust the operating system vendor.
In this case, I’ll much rather trust F-Droid maintainers than Google.
It's killing F-Droid, which is the only place I want to sideload from.
It makes sense for average users to have identifiable traceability.
Developers, and power users often pre-date these kinds of smartphones.
> need for this to track down virus creators
I think they’re just going to track down a random person in a random country who put their name down in exchange for a modest sum of money. That’s if there’s even a real person at the other end. Do you really think that malware creators will stumble on this?
This has to be about controlling apps that are inconvenient to Google. Those that are used to bypass Google’s control and hits their ad revenue or data collection efforts.
I might as well get a landline/dumbphone and a small linux tablet.
F-droid routinely delivers me higher quality, more reliable apps that do exactly what I need then to do too.
It's become my go-to for "I need a utility for X task".
Refuse to participate in either walled garden.
There are no good reasons left to use either platform - you're basically paying an arm and a leg to rent a device whose primary purpose is to usurp your attention and plunder your wallet at every possible opportunity.
Use and encourage your circle to use Signal, so you're not limited to any given platform, or the political or ideological whims of the gardenmeisters.
Google has gone full enshittified with this move, might as well move as far and as fast away from all the shit if you're technically capable, introduce whatever pressure you can to signal that there's a desperate need in the smartphone market for something clean and honest.
“There are no good reasons” really? One of my favorite things about iOS/ipados is the incredible selection of music creation apps. My iPad is loaded with synths, sequencers, and effects. AUM in particular is an amazing program for live performances mixing both software and hardware using a touch interface.
Many, but not all, of the programs I use on iPad are also available on Mac and Windows at much higher prices. That alone is reason enough to use a iPad. Most of these apps can be run on the least expensive iPad and/or older ones.
Like it or not, computing appliances have led to really good software markets. The “clean and honest” software markets are either much more expensive or don’t exist at all. The optimist in me is hoping that Android losing some freedom might lead to higher quality software and some actual competition to Apple.
Probably the only real benefit now is Firefox/alt browsers
Firefox with UBO is still a huge win. But Orion browser is making progress. At this point I just don’t see a reason to go android anymore. If I have to be part of a walled garden I may as well choose the nicer one.
For me the main reason to stick to FOSS Android ROMs (over a Linux phone) is that you retain compatibility with thousands of very good FOSS and non-FOSS apps. There is Waydroid, and it works very well, but if you are primarily running Android apps, an Android device makes more sense.
Isn't the Android rom scene in shambles? What phone would you have to buy now to be able to even run decent a decent custom ROM?
No. One of these: https://wiki.lineageos.org/devices/
Graphene and Lineage work great on Pixel 9s.
You could also use a thirdparty ROM.
How long until AOSP deviates so much from features in 3rd party ROMs that it becomes infeasible to for amateur developers to maintain them?
AOSP is used in many contexts like embedded devices where somehow enshackling it would screw up Google's self-interest in other market areas (like ensuring there is a wider population of Android developers).
But regardless, thirdparty ROMs will continue to exist regardless of how much effort it takes because the demand exists and will not merely dissipate.
And in the EU you can install apps outside of the AppStore on your iPhone!
But not outside of Apple's control, they have a very similar mechanism to this verification process with 3rd party app stores.
Thats a recent addition; hope consumer protection laws around the world become better.
Maybe it’s because I’m European but I’ve never understood what iMessage even is or what it offers above either sms or WhatsApp/signal. And I’ve used an iPhone for the past 15 years.
For me, mainly: no international cost, no metered cost (other than data), no extra app like WhatsApp to install (but other party needs iOS).
Edit: that said, nowadays, maybe because I'm back in the EU, I use WhatsApp way more often than iMessage.
It is easier, however, to install WhatsApp then to switch from Android to iOS.
Of course. iMessage is just a convenience when someone else has an iPhone.
It's ironic that they pull this bullshit while at the same time putting out their "Vanilla Pro" ad mocking Apple's ecosystem.
https://www.youtube.com/watch?v=DnWykPvftfg
> Installing any app I want outside the Play Store was the primary reason I decided to go with Android
You still can do that with PWAs in Android. Let's see for how long.
> PWAs
And I wonder when can we stop lying to ourselves pretending "web"-apps are real (native) apps?
Why?
Can you create and run a service that starts when phone is turned on, with a PWA app? Usecase is a backup daemon.
Does every app need to do this?
I make lots of "real" healthcare apps that are PWAs.
Much better installation and user experience, no dev cert nonsense, brain dead simple updates, no app store, etc...
Backup, file sync, and chat... very common and important use cases. Not everything can start with a user request.
You shouldn't need a service running all the time for chat. Just use push notifications.
There is a big difference between Websites and Applications. Websites are a smaller subset of capabilities.
Do you have a single friend who isn't a programmer who has installed a PWA in the last two years?
Game streaming services like GeForce Now, Xbox Live, Amazon Luna use PWAs for iOS/iPad support, used by a lot of ordinary users. They're not in AppStore because of incompatibility with Apple rules.
I use 3CX VOIP app as a PWA daily, I'm just an IT worker.
Same, I'm tempted to call android just a shittier iPhone now
What part of cheaper, better, and open source is shittier exactly?
1. Not cheaper.
2. I think it's better, I like the UX but that's subjective.
3. Not open source. AOSP is open source. Android is not open source.
It's certainly cheaper when you compare phones with like specs.
Not by much these days. The Pixel 10 actually gives you half the storage as the iPhone 17 at the same price.
The only Android phones that are significantly cheaper than equivalent iPhone tend to come with some kind of compromise (and don’t forget that Apple’s phones start at $600 - the iPhone 16e exists).
Storage needn't be expensive. Any 150€ phone will let you put in a 2TB sdcard. It's specifically the premium brand phones that squeeze you out
The specs that you can't just plug and play are a bit more relevant to look at I'd say
Try Xiaomi.
I did. I cannot recommend it. There is no real way to unlock bootloaders on these. They've locked it down so much that you can't really do anything but run what they give you.
Xiaomi phones have built-in ads, that's one of the reasons it gets to be cheaper.
The Chinese phone ecosystem is basically unavailable in the US. Huawei was banned, and none of the other brands sell products officially besides OnePlus, which has iPhone-adjacent pricing.
Not sold in the US officially, no warranty service.
Ehh, I'm unconvinced. A lot of these cheapo Android phones have bizarre restrictions and really short lifespans. A used iPhone might last longer and therefore be cheaper in the long run.
You can definitely get cheaper Android phones than an iPhone. There will be compromises but it will be cheaper. Many people are fine with a $200 or less phone.
1: citation needed
2: yeah okay with that logic "I just subjectively feel that way", there's no point having a conversation
3: Android is short for AOSP. You're probably thinking of things like Google Play or OneUI?
> citation needed
Most android flagships are about the price of iPhones.
> Android is short for AOSP.
This actually made me laugh out loud.
Uh, no. AOSP is a showcase project which currently cannot run on any phones produced on Earth.
Android is the most popular mobile operating system.
AOSP does not include code to run almost any viable hardware and also does not include code necessary to run android applications. Everything that is Google play services is not in AOSP.
Bear in mind Google play services isn't the Google play store. It's basic device functionality, like cellular service and GPS.
> What part of cheaper
The iPhone 17 is the same price as the Pixel 10
> better
But the iPhone 17 has better hardware features, like UWB, better cameras, and a _far_ faster CPU.
> open source
Only if you install Graphene, and then never install anything that requires Google Play Services, which is basically every commercial app.
In terms of cameras, my pixel takes way better pictures than any iphone, and people I know with iphones (which is basically everyone) admit it.
Mine was better until Google kept forcing AI sharpening and making things look worse.
Which pixel do you have? I have the 9, and I don't seem to have that problem.
>requires Google Play Services, which is basically every commercial app.
Not my experience at all. Only some banking apps or apps that otherwise hard depend on play services feature like google pay. GrapheneOS offer isolated unprivileged sandboxed Google play services for those.
GOS allows you to install and use apps from the Play Store and the vast majority of them works flawlessly.
> The iPhone 17 is the same price as the Pixel 10
I mean, flagship vs flagship idk if one has ever been significantly cheaper, but I've never been in the market for those either. It's very easy to get a higher priced, more interesting, highly specced Android phone. Both iPhones and flagship android phones are way too expensive for what they are capable of compared to any of their own prior generations of themselves, if you ignore tech specs and consider the tangible end-user functionality, but even still.
I've always bought the phone that suits me in the moment, have never budgeted higher than $600CAD, and have simply never been interested in iPhones beyond what used to be nice industrial design. For that, last time I got a brand new Pixel 7 on sale, Pixel 4a, Nexus 5 etc.. and they've all done what I needed and usually came close to matching the fancier versions in some ways in the same year's lineup.
Usually though I have breadth of options to pick from across a range of brands that I can choose between based on whatever the hell I prefer. iPhones are just iPhones, bigger or smaller, more expensive or cheaper, big camera plateau or small, and that's all fine too.
The sideloading aspect for me and a better sense of control is absolutely a component in that preference, and I'll have to consider that going forward, but I'd sooner just dial back my dependence on phones in general than switch to an iPhone.
> and a _far_ faster CPU.
No longer true with the newest chip that Mediatek cooked up, ARM licensed cores like C1 are catching up rapidly with Apple CPUs (or maybe Apple has hit the limit of their current design philosophy)
> The iPhone 17 is the same price as the Pixel 10
Too bad there aren’t any other Android phones…
Over the last years Android has gotten increasingly worse, which is something you just have to expect from a Google product.
It is still unbelievable to me that Google is shipping a product which takes 10 seconds to show anything when I search through my phones settings. What are they doing?
>open source
Sure. If you buy the right phone you get some open source components. Of course half the Android companies are trying to funnel you into their proprietary ecosystem as well. The rest just wants you to use Google's proprietary ecosystem.
Everything in settings loads near instantly for me including search. What exactly has gotten worse with Android recently?
> takes 10 seconds to show anything when I search through my phones settings
Ah, I see ol' Google's been shamelessly copying Apple again.
Unrelated but related to embarrassingly-bad search: On my iPhone, I have a Hacker News reader app called Octal. Now when I search the phone itself for "octal" (like I do to launch most apps), sometimes the only result found is... the Octal entry under Settings (where iOS sticks the permission-granting interface for notifications, location, etc.) Can't find the app itself. Just the settings for it.
Cheaper for sure, better maybe but open source certainly not, AOSP doesn't run on a single device on earth, not even the emulators.
I'm out of the loop on this. What is Graphene doing?
https://grapheneos.org/features
>GrapheneOS is a private and secure mobile operating system with great functionality and usability. It starts from the strong baseline of the Android Open Source Project (AOSP) and takes great care to avoid increasing attack surface or hurting the strong security model.
They are doing it like everybody else, they have their own system apps (because they got kind of unmaintainted by Google in AOSP since Android 12), they add drivers from the pixel device tree and then they add their security patches.
If you would put AOSP on a Pixel, it wouldn't even boot and if you managed to get it to boot, the apps would be unusable.
You can still side-load signed apps. It's a similar limitation to macOS which won't let you run apps that Apple hasn't signed without command line or control panel shenanigans. Compared to iOS, Android still has the advantage of installing your own full browser (like Firefox) with full-fat ad blocking (uBlock Origin, not Lite). iOS is Safari-only right now though, in theory, some alternative engines may be available in Europe later.
If they need to be signed by Google, that's not side loading by definition; it's using an alternate Google channel.
What your describing isn't "side-loading". Doing that means the apps go through Google's chain of control. Please don't let them redefine the word.
With macOS you run "sudo spctl --master disable", and then you can run whatever you want without sending PII to Apple. Is that the case with the new Android stuff?
We don't know yet. At the moment side-loading still works without restrictions.
No, the closest would be rooting your phone but then you can't use banking apps properly (there are loopholes to spoof integrity but they are slowly coming to an end as verification runs on TEE)
Couldn't you install with adb without rooting?
You can install full uBlock Origin in the Orion browser, on iOS. It also has decent built-in ad blocking (though uBlock Origin is still better).
I had been thinking for a long time to switch to Android (GrapheneOS, probably) when my current iPhone 13 dies, but this whole thing with "sideloading" on Android is making me reconsider. If I can't have the freedom I want either way, might as well get longer support, polished animation and better default privacy (though I still need to opt-out of a bunch of stuff).
Well GrapheneOS is not Google-certified, so it is not impacted by this :-).
AOSP releases are going to stop (or become late and cursory like Darwin releases), and new Pixels will not be able to run non-Google-certified operating systems :)
> and new Pixels will not be able to run non-Google-certified operating systems :)
I haven't heard about this. Source?
I think there has been much _speculation_ around this, but no proof that I am aware of.
They have already shown themselves to be both able and willing. Hopefully the backlash from this current decision will delay their plans long enough for GrapheneOS, Lineage and others to figure out how to work around it somehow, which is why I'm eagerly watching where this is going.
I can't confirm this yet but with Google refusing to provide device trees for new Pixels things definitely look headed that way; they're at least starting to make installing an alternate OS difficult. The Graphene devs are trying to set things up with a handset manufacturer to ship a GrapheneOS phone, but good luck connecting that thing to a US carrier (who allowlist handsets and often limit the allowlist to models they sell directly).
> Google refusing to provide device trees for new Pixels things definitely look headed that way
So you're just speculating.
With all the things google is doing for custom os last few years ( play protect, no major updates to asop and bundling updates to closed source google libraries etc). It is not speculation it is predicting with high certainty. Google wants custom os market to die and they are doing it brick by brick. We should Open our eyes and look at the timeline and realise it is not speculation and actual reality before it will be too late. Source: i am an owner of device with custom os and i know things i have to do to fix broken apps.
How did Orion sidestep the safari WebKit requirements?
They didn't. They implemented the WebExtensions API for WebKit. It's not complete (e.g. Stylus doesn't work yet), but it's enough to run uBlock Origin.
> It's a similar limitation to macOS which won't let you run apps that Apple hasn't signed without command line or control panel shenanigans
Can you do something similar to load unsigned apps on Android?
Agreed. While I do not like this move, ti is weird to me how far people are going in their criticism.
The perfect should not be the enemy of the good.
"The perfect should not be the enemy of the good" is the wrong analogy here. It's more like "death by a thousand cuts". Limitations on free computer usage are like a ratcheting mechanism: they mostly go in one direction.
Antitrust action is badly needed in this area. It is ridiculous that I need permission from my device manufacturer to install software on hardware I own. There is no viable alternative than to live in Apple and Google’s ecosystems. This duopoly cannot be allowed to keep this much control of the mobile platforms.
There needs to be a mandatory override for any lock down put in place by a manufacturer. I understand the need for security, but it should be illegal to prevent me from bypassing security if I decide to on my own device. Make it take multiple clicks and show me scary warnings, that's fine.
Technically Android still allows installation of anything if you use the debugging tool. Maybe that is where we have to draw the line, I'm not sure.
Especially when partaking in the duopoly is literally mandatory for life: banking, government services, basic communication, etc.
Monopolies hold the US back and it can't coast on their success forever.
you don't need permission for the hardware... you can install your own OS.
Aside from everyone pointing out that you can't do that on most phones, there's also the fact that installing your own OS will block you from using many apps that check your secure status.
>you can install your own OS
https://github.com/zenfyrdev/bootloader-unlock-wall-of-shame
Can you, with SecureBoot?
Not if you don't have permission to install your own OS...
Didn't Google recently kill AOSP and stop providing board support packages for their phones?
They did for pixel phones yes.
I've been wanting to get into OS dev for years now, I may make an attempt at it soon. When I was younger I built my own kernels for the early OnePlus phones. Maybe I can build an alternative to Android, doubtful but I like a challenge.
The hardest part to making an alternative is the app ecosystem, you almost need a complete suite of 3rd party apps built before you can get any initial adoption.
The funny thing here: They have active spyware and malware on their app store. They go by vague offical sounding names like "Gallery" and "Messages" "Text Messages"
I've reported it and that goes to an google form where the app stays up. I've even gone farenough where I've escalated through internal Google contacts. Nothing is done. It's not sideloading that's the issue.
It's google. This is a hostile behavior to all users of the devices and developers of their platform.
_--
My thoughts on where this might go:
We're getting into an era where there are organizations that are violently hostile to your device and they demand that. These people believe that the device you paid for and the service you paid for is theirs.
I.e. mobile ids from governments, which may introduce client side scanning. More so, theres a hostile push for "age verification" which would lean on the Play integrity chain. Want to find out who does this? Look into Magisck on reddit and the apps people have difficultly using. This is not a case of "someone wants to hack something".. it's all about control.
If you're watching the Root/third party space.. right now there are issues running apps. Some apps scan for "SuperSU" app and will refuse to run. (As in they're not sandboxed)
They believe it because it’s true. RMS et al. have been predicting this for eons, but now that these companies feel comfortable to move overtly it’s pretty much too late to stop them.
Google know full well that it's malware. They also know that it makes them money so they're not going to do anything.
We need to stop calling it "sideloading", we should call it freely installing software. The term "sideloading" makes it sound shady and hacky when in reality it is what we have been able to do on our computers since forever. These are not phones, they are computers shaped like phones, computer which we fully bought with our money, and I we shall install what we want on our own computers.
I like the term "direct install" which someone suggested in one of the previous threads.
Or just "install". This word was sufficient my entire life until the Apple App Store came along and hijacked it.
"Why should I change my name? He's the one who sucks"
https://youtube.com/watch?v=ADgS_vMGgzY&t=3s
You could certainly say that. But if you go up to a normal person on the street and say "Google has prevented you from installing apps on your phone", while they're still able to install from Google Play just fine, they're going to look at you like a crackhead.
Language is for conveying information to other people. If your audience doesn't understand what you're saying, you're effectively screaming into the void.
"Google has prevented you from installing apps outside the Google Play store on your phone."
And the average person would understand that as a non-issue. The issue is you need a developer account to distribute your app, and Google can censor you not explaining anything to you or others. The issue is Google being a gatekeeper. And the fact that there’s malware in Google play store, is a cherry on top.
Would it be possible to exclude app store install from "Install", eg swapping positions with sideloading? The idea would be that "app store sideloads" are more like enabling features than installing something novel, and installs allow something unplanned to be enabled.
I wonder where the term started?
Android itself calls it "install" when you open an APK file, there's not mention of "sideload" in Android at all as far as I can tell.
There is, actually, but in a different context. The `adb sideload` command allows you to boot a device from an image without flashing it.
This command is also used to install 3rd-party ROMs.
There is an option in the TWRP recovery tool to sideload any capable .ZIP file.
How badly screwed are we that the term "installing" doesn't work because it doesn't exclude the now default assumption that someone else controls everything you are allowed to install.
>The term "sideloading" makes it sound shady and hacky
"side" refers to the fact that it's not going through the first party app store, and doesn't have any negative connotations beyond that. Maybe if it was called "backloading" you'd have a point, but this whole language thing feels like a kerfuffle over nothing.
I get where you are coming from. However, language like this matters when it comes to legislation. People outside there space will be guided by the sideload language to think it's just "something extra on the side so why should I care?"
Agreed. "Sideloading" has been marketed as a boogeyman opening doors to malware, when in fact malware exists on the play store anyway.
It hasn't been marketed that way, its a term which differentiates installing apps from the app store and installing them outside of it.
I understand what sideloading means, as I'm sure the rest of HN knows. But to the layman non-techie, it has indeed been marketed as a boogeyman.
Even in the Android developers blog post:
> We’ve seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
The research paper that shows their methodology for discovering these results AHS not been published by Google, to my knowledge. Just a mere "trust me, bro".
Edit to include link to source: https://android-developers.googleblog.com/2025/08/elevating-...
Sounds like "sidestepping" i.e. doing something illegitimately or at least outside the normal path.
Language strongly influences how people perceive things. For example, people shown videos of a car crash estimated higher speeds and falsely remembered seeing broken glass if the crash was described as "smashed" or "collided" rather than "hit" or "contacted"[0].
"Direct installation" sounds neutral to me, but "sideloading" sounds advanced or maybe even sneaky.
[0] https://www.simplypsychology.org/loftus-palmer.html
if anything, installing the app spoon fed to you by your phone OS provider should get the pejorative.
Let's calling, "Lameloading" or something to really nail it home.
Mandatory googleloading.
How about "unlocked install"?
Consumers are already familiar with what a "locked phone" is.
Unfortunately not. They are calling it "phone" and ("rooted phone" or "unlocked phone").
Sounds too much like illegal jailbreaking. Direct install better IMO
If Google provides a permanent mechanism to disable this in developer settings, then this devolves to an inconvenience.
The setting to allow unsigned apps could be per appstore tracked by an on-device sqlite database, so a badly-behaving app will be known by its installer.
Have you read anything about this? What you are proposing is exactly what is being disabled.
Let's say that Google implements this restriction, but allows F-Droid a permanent permission to disable it for apps installed through their store.
Then there is both increased protection and accountability.
Yes, in that world everything works out. But as TFA notes, Google is pushing "developer verification" as a non optional change at the app level. To get around it in the future it appears you'll need a degoogled phone.
Time to figure out how to live without a phone - gotta find some sort of ultramobile pocket pc with 5G and run your own FreePBX for text and calling, etc. I've been wanting to do this forever, anyway. Using Starlink 5G would make it palatable, or maybe even preferable, assuming the performance is solid.
I have been thinking of secondary machine that would just use my phones wifi and encrypted vpn tunnels. Basically, the phone is only used for the banking app and whatever future government ID app will be required.
The secondary device would basically be built on a open platform etc. Once we can't use the phone for sharing the connection, then we are basically stuck using other wireless connections, LoRa for short to medium connections, direct wifi links and offline home cloud environments. It gets a bit grim when you think about it, but there are always options. Now, would you travel with a home made tablet phone in an airport for example? What a about a train station with xray scanners. Cyberpunk always comes to mind as well when thinking of these possible futures.
Seems like setting up a shareable wifi6 hotspot should be trivial, in this scenario - either a wifi 6 usb dongle or an m2 board like Intel WiFi 6 AX200/210 , can turn on hotspot mode for other devices.
WRT banking, you'd just use the browser - the whole point is to get away from the whole 'you need to spend $150/month and subscribe to a device and open yourself up to a whole suite of third parties in order to use an "app"'
You could use AI to build convenience scripts and UI tweaks, depending on your use case. Use tampermonkey or other script engine browser tools if you need to recreate a UI feature that a banking app provides.
I can build a much better machine for less than a flagship phone costs me, including video glasses and a few power packs. A wireless video stream to a dumbed down phone that only serves as the interface for swype style keyboard or something like that would also be an option - I think this might be a viable strategy.
I've seen raspberry pi phones and tablets that would absolutely terrify TSA agents, but I'm thinking more along the lines of a modded framework laptop with display hacks, or a boxy little pocket PC with a chonky battery - nothing that would alarm people unnecessarily.
I think I mostly take issue with the idea that the walled garden is necessary, or even preferable. Google at least had the barest shred of "the user has control" left - eliminating sideloading just eliminated any possible reason I would bother with them as a company.
There are a number of banks that require the use of an app now, using a browser is not permitted
I used a super-cheap Android phone with a Win tablet over 10 years ago, but couldn't come up with a decent "phone" option. I started using the phone itself for calls, everything else I did on my tablet.
Why would google implement a restriction then allow someone to disable it? That's literally how it works today. By default your Android phone with Googled-OS installs only from Play store, where all apps are verified. When you want to install non verified apps you need to explicitly allow it first.
Because F-Droid is going to regulators.
"We urge regulators to safeguard the ability of alternative app stores and open-source projects to operate freely, and to protect developers who cannot or will not comply with exclusionary registration schemes and demands for personal information."
https://f-droid.org/2025/09/29/google-developer-registration...
No, I like F-Droid, but I don't want them to need an official Google status to operate, or for anyone who wants to compete with F-Droid to have to obtain that special status.
edit: because the next step would be Google paying F-Droid a half-billion dollars for default search engine placement, or something else stupid. It becomes a captured organization, an excuse subsidiary.
I like your point. Never thought of it that way. Totally agree
indeed, but they're not talking about your phone, they're talking about android, which is something you don't buy nor own, you buy a license to use it on the provider's terms.
linux phones can't come soon enough ...
your point about the termn "sideloading" is spot on, though. perverting the language is the first step of manipulation: installing software is "sideloading", sharing files is "piracy", legitimate resistance is "terrorism", genocide is "right to defend oneself" ...
> which is something you don't buy nor own, you buy a license to use it on the provider's terms
The distinction between "own" and "license" is purely a legal one. If I buy a kitchen table I own it, I can chop it up and use the pieces to make my own furniture and sell it. When I buy a copy of a Super Mario game I cannot rip the sprites and make my own Super Mario game because I don't own the copyright nor trademark of Super Mario. But I do own the copy, and Nintendo does not get to march into my home and smash my games because they want me to buy the new one instead of playing my old ones.
> linux phones can't come soon enough GNU/Linux. I used to think Stallman was being petty for insisting on the "GNU" part, but nowadays I understand why he insists on calling it GNU/Linux. There is nothing less "Linux" about Android than Debian, Arch or any other GNU/Linux distro, but GNU/Linux is fundamentally different in terms of user freedom from Android.
> Nintendo does not get to march into my home and smash my games because they want me to buy the new one instead of playing my old ones.
This is a really interesting example to choose because the new Nintendo Switch 2 cartridges have literally no data storage except to hold a license key. The content has to be downloaded from their servers, which they absolutely will take offline eventually.
> linux phones can't come soon enough ...
That would require a lot tighter and broader (but not corp-controlled) organization than what open source is accustomed to - making cheap and capable phones that aren't tied to a big corp is big challenge.
> "your point about the termn "sideloading" is spot on, though. perverting the language is the first step of manipulation [...]."
Precisely.
> when in reality it is what we have been able to do on our computers since forever
You do realise that's been changing right? Slowly of course, there's no single villain that James Bond could take down, or that a charistmatic leader could get elected could change. The oil tanker has been moving in that direction for decades. There are legions defending the right to run your own software, but it's a continual war of attrition.
The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.
"Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that."
https://www.gnu.org/philosophy/right-to-read.en.html
Yeah in the name of "security".
Unfortunately it also means giving the key to the Kingdom to a company like Microsoft or Google which are definitely adversaries in my book. Keeping them in check was still possible with full system access.
Even Apple I don't trust. They're always shouting about privacy but they define it purely as privacy from third parties, not themselves.
And they were the first to come up with a plan where your phone would spy on you 24/7.
> The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.
I've been in tech and startup culture for over a thousand programmer-years (25-30 normal years). It wasn't dot-com or the crash. It was mobile. The mobile ecosystem has always been user-hostile and built around the exploitation of the customer rather than serving the customer. When the huge mobile wave hit (remember "mobile is the future" being repeated the way political pundits repeat talking points?) the entire industry was bent in that direction.
I'm not sure why this is. It could have been designed and planned, or it could have evolved out of the fact that mobile devices were initially forced to be locked down by cell carriers. I remember how hard it was for Blackberry and Apple to get cell carriers to allow any kind of custom software on a user device. They were desperately terrified of being commoditized the way the Internet has commoditized telcos and cable companies. Maybe the ecosystem, by being forced to start out in a locked-down way, evolved to embrace it. This is known as path-dependence in evolution.
Edit: another factor, I think, is that the Internet had no built in payment system. As a result there was a real scramble to find a way to make it work as a business. I've come to believe that if a business doesn't bake in a viable and honest business model from day zero, it will eventually be forced to adopt a sketchy one. All the companies that have most aggressively followed the "build a giant user base, then monetize" formula have turned to total shit.
Ironically, to take it full circle, I think that the thing that led to mobile being so user-hostile was the lack of sideloading of apps.
I remember sites on the early web like Hampster Dance, where monetization happened as an afterthought. But if you have to pay $99 annually and jump through hoops just to get your software even testable on the devices of a large number of consenting users, the vast majority of software is going to be developed by people who seek an ROI on that $99 investment - which wasn't cheap then and isn't cheap now. Hampster Dance doesn't and wouldn't exist as an app, because Hampster Dance isn't made as a business opportunity.
Similarly, outside of a few bright lights like CocoaPods, you don't get an open-source ecosystem for iOS that celebrates people making applications for fun. And Apple doesn't want hobbyist apps on its store, because Apple makes more money when every tap has a chance of being monetized. Killing Flash, too, was part of this strategy.
Apple certainly could have said "developers developers developers" and made its SDK free. But it realized it had an opportunity to change the culture of software in a way where it could profit from having the culture self-select for user-hostility, and it absolutely took that opportunity.
It's not a bad place, the environment we live in. But IMO, if Apple had just made a principled decision years ago to democratize development on its platforms, and embraced this utopian vision of "anyone can become a programmer"... it could have been a much brighter world.
I suspect the average computer user is significantly smarter than the average phone user. The reason is that I've never seen a really dumb person using a computer, but I've seen plenty using phones. That might (or might not) be related to why the phone ecosystem evolved the way it did and computers didn't end up like that.
> I'm not sure why this is
I think a big reason was customers' ignorance. The manufacturers can come up with whatever they want, if no one buys it it does not matter. People accepted locked-down smartphones because they saw them a phones first and foremost. If I recall correctly the iPhone released without any app store, so it was really not that different from a dumb cell phone. If you had offered those same people a desktop PC or laptop that you could not install your own programs on, that had no file explorer, that could barely connect to anything else no one would have bought it. But because they say smart phones as telephones first it flew over their head. How many of the people who are upgrading to Windows 11 now because of lack of security support are still running an outdated smartphone? The phone probably has more sensitive data on it than the PC by now.
People are willing to accept restrictions when they come with newer technology. Why is that? I don't know, I'm just reporting on what I see.
It was mobile. The mobile ecosystem has always been user-hostile and built around the exploitation of the customer rather than serving the customer.
Right. It was infuriating when those of us criticizing the iPhone's restrictions were told "it's just a phone, who cares", when it was clear that mobile computing was going to take over quickly.
If you want a real blackpill (I think this is the right word), consider the famous Cathedral and the Bazaar.
I recently had a realization: I can name Cathedrals, that are 800 years old, and still standing. I can't name a single Bazaar stall more than 50 years old around any Cathedral that's still standing. The Cathedral's builders no doubt bought countless stone and food from the Bazaar, making the Bazaar very useful for building Cathedrals with, but the Bazaar was historically ephemeral.
The very title of the essay predicts failure. The very metaphor for the philosophy was broken from the start. Or, in a twisted accidentally correct way, it was the perfect metaphor for how open-source ends up as Cathedral supplies.
There are definitely bazaars which have a very old history. Being that the word "bazaar" has middle-eastern origins it feels appropriate to highlight middle eastern bazaars. Al-Madina Souq in Aleppo is one such bazaar with quite a few shops/stalls/"souqs" dating back to the 1300's or 1400's, such as Khan al-Qadi (est. 1450). Khan el-Khalili in Cairo has its economic marketplace origins rooted in the 1100's-1300's.
Name a single bazaar vendor that's still going more than 50 years in any of them. The bazaar as an institution remains, as it does today, but there's no permanence with a bazaar, just as open-source will never have a permanent victory without becoming a cathedral. Bazaars persist through constant replacement, churn, not victory.
Windows NT will be with us longer than systemd and flatpak.
No I meant there are individual shops inside the bazaars that are still going under the same brand name for hundreds of years. The El-Fishawy Cafe inside Cairo's Khan el-Khalili bazaar has been operating under the same name since the 1700's[0]. Bakdash ice cream parlor inside Damacus' Al-Hamidiyah Souq was established in 1895.
For me, walking through an old Souq gives me a similar feeling of awe / mortality / insignificance as viewing a cathedral or looking from the Colorado ranch land up to the Rocky Mountains.
Also some cathedrals have remained "Catholic" since their raising, but there are a lot that have changed from Christian to Islamic to Protestant ... both the cathedral and the bazaar's physical buildings are still present from the same era and both are used for their original purpose (marketplace or worship). And both have delibly shaped their regions by being engines of culture, innovation, and power.
0: https://en.wikipedia.org/wiki/El-Fishawy_Café
1: https://en.wikipedia.org/wiki/Bakdash_(ice_cream_parlor)
Windows NT is younger than Unix. I'd say the smart money is on the Unix-derived line of operating systems outliving Windows NT by a considerable amount.
However ... the domain of operating systems is subject to weird constraints, and so it's not really appropriate to make some of the observations one might make in other domains. Nevertheless, I thought the point was that we want things to improve via replacement (a "bazaar" model), rather than stand for all time. We don't actually want technology "cathedrals" at all, even if we do appreciate architectural ones.
> "I'd say the smart money is on the Unix-derived line of operating systems outliving Windows NT by a considerable amount."
Are you referring to the *BSDs? Linux isn't Unix derived. It's a re-implementation with no code traceable back to the original Unix or any of its descendants.
Aside from that, Windows has a revenue stream behind it that looks to continue indefinitely paying for its development and Linux has...? The half-digested carcass of Red Hat within IBM? Canonical?
Cathedrals change organizations too. You can't compare the longevity of a physical edifice (a cathedral) to an individual or organization (a bazaar vendor). They are different classes of things.
I fail to see the link, businesses come and go. Their software dies with them.
Businesses die. Cathedrals don't. IBM is 114 years old. Microsoft is 50. Google is 27. Disney is 101. Nintendo is 136 (they'll outlive Steam and the next nuclear war at this rate). The COBOL running banks is 65 years old. Windows NT architecture is 32. The platforms become infrastructure, too embedded to replace.
How many bazaar projects from even 10 years ago are still maintained? Go through GitHub's trending repos from 2015. Most are abandoned. The successes transform - GitLab, Linux, Kubernetes, more Cathedral than Bazaar.
> How many bazaar projects from even 10 years ago are still maintained?
Uhh, all the big ones in common use? GNU’s massive portfolio of software, Linux, multiple BSDs, Apache, Firefox, BusyBox, PHP, Perl, the many lineages of StarOffice, LaTeX, Debian, vim, fish, tmux, I mean this barely scratches the surface. Are you kidding me?
How many startups have failed over the last decade? I would argue that the norm is for any project to eventually cease. Only useful things with an active community (whether that community is for-profit or not) tend to last, until they are no longer valued enough to maintain. This goes for things in the physical world just as it does for software.
Any of the BSDs (well 2BSD is the oldest on a quick search), the linux project, the GNU C lib and GCC, etc. Just because you can't think of it, it does not mean it doesn't exist.
> Any of the BSDs (well 2BSD is the oldest on a quick search), the linux project, the GNU C lib, etc. Just because you can't think of it, it does not mean it doesn't exist.
Did BSD defeat Linux? No. Which BSD is even the right one? BSD's biggest success is living on as the foundation of Apple's Cathedral in XNU, and PlayStation's Cathedral in the PS4 and PS5.
Did Linux stay a bazaar vendor? No - 90% of code has been corporate contributed since 2004. Less than 3% of the Linux Foundation budget goes towards kernel development. Linux is a Cathedral, by every definition, and only exists today because Cathedrals invest in it for collective benefit. It's a Cathedral, run as a Cathedral joint venture, to be abandoned if a better thing for the investing Cathedrals ever came along.
GCC? Being clobbered by Clang. Less relevant every year. Same with GNU coreutils, slowly getting killed by uutils.
Firefox? Firefox only still exists because a Cathedral called Google funds it.
LibreOffice, Apache, PHP, Blender? Professional foundations that get very picky about who is allowed to contribute what. They aren't amateurs and they all depend on Cathedral funding. Blender only got good when it started collecting checks from Qualcomm, NVIDIA, AMD, Intel, and Adobe. Blender is a Cathedral funded by Cathedrals.
That's such an American take. Something doesn't have to be a "winner" to be useful. I enjoy using FreeBSD on my desktop and I don't care about the 0.01% marketshare.
I really dislike all the corporate involvement in Linux. I don't believe in win-win with commercial. That was the main reason for my choice though there's other things I like too such as full ZFS support and great documentation.
Wtf is a bazaar vendor? A bazaar-style project is a project with a variety of contributors who aren’t necessarily affiliated with a central org, where decisions are made at least partially through consensus. Linux still fits this description although it’s more of a hybrid model at the moment, as decision-making is highly centralized. But as a free/open source project, that centralization exists with implicit community consensus. If a substantial portion of the community decided that Linus and his team were making poor decisions, a fork would emerge. This process of periodic de-/re-centralization is a common attribute of many long-term FOSS projects and is usually not possible with proprietary software, absent generosity or neglect from IP “owners”.
I feel like you're moving the goal posts and using the greed caliper for measuring open-source success. Open-source doesn't need "to win", because as long as they have developers, projects go on, and as long as they have any users they are still relevant.
I we're doing bad analogies my mom's open source duck recipe has been around for hundreds of years.
The title also correctly describes the relationship between FOSS and cloud SaaS. FOSS is the bone yard and parts catalog that devs go to when building closed platforms to lock in users. It largely exists today to be free labor for SaaS and training data for AI.
I'm not there yet, but I am perilously close to tipping over into believing that making open source software today is actually doing harm by giving more free labor to an exploitative ecosystem. Instead you should charge for your software and try to build an ecosystem where the customer is the customer and not the product.
I stress today because this was not true pre-SaaS or pre-mobile. FOSS was indeed liberating in the PC and early web eras.
I always found this term utterly bizarre. It first showed up in the early days of the mobile "revolution" and felt astroturfed, since no developer would think we need a fundamentally new term for downloading software. It felt like something some dark patterns team came up with to discourage free installation of software on your own device.
Of course maybe I'm overthinking it. It's common for people deep in the bowels of an industry to invent pointless jargon, like "deplane" for getting off an airplane. Anyone know where the term "sideload" was coined or by whom?
No I don't know.
But: "side talking" Is a worthwhile distraction to Google and look at Nokia N-gage memes.
I prefer the term "unlocked install". Consumers are already familiar with the terms: locked phones and unlocked phones.
I call "running unsigned binaries"
They are signed, though. Just not by Google.
“Running binaries signed either by yourself or by whoever wants to spy on you.”
That last part there is the problem.
Let's ignore all of the preinstalled programs, which are signed by Google and do a great deal of spying.
Do you think the 100 most popular F-Droid apps do more spying than the 100 most popular Play store apps?
No, that’s a straw man. The popular ones are not the concern.
A straw man in your favor, maybe. Shall we compare the 100 least popular of each store?
Those are more likely to be outright malware on Play.
The popularity in app stores has no bearing. Some problem apps can be on no store, just locally installed. This has been well covered in the past and you are playing catch up. It’s about abusive household members who spy on their grown children, siblings, roommates, girlfriends, parents, etc. with apps they install on their devices if given a route to do so.
It's an excuse. Give me the option to install the software I see fit. Period.
Is this not a meaningless differentiation if Google does no assume any responsibility for apps on the Play Store?
This is laying the groundwork for mandatory software. Soon after this browsers and messengers will be required to install tracking components to be included in the app stores or approved for sideloading.
This is how the surveillance blob will get around the huge backlash to Apple's mandatory on-device child abuse scanning, close off any avenues to escape it before re-introducing mandatory on-device spying.
If you focus on the fact that Google fraudulently marketed an operating system that allows users to run any software they like (until they successfully drove other open options out of the marketplace) you have all the legal justification you need to force Google to back down.
What country requires that?
In the US, there's no requirement for a company to honor the claims of prior advertisements for things that they might do in the future for a different product. And even if a company does lie about the features of their product, advertising law does not require a company to change the features of their product to meet those claims. What could be required is a change in the advertising, or a refund for people who bought the devices under the false terms.
But if you advertise a certain side of feature features in a phone three years ago, and sell something completely different next year, that's entirely legal.
It's certainly possible for the same company to create an open platform in addition to a separate platform that is a walled garden.
Microsoft Windows is an open platform that is open to running whatever software you want, while Xbox is a walled garden.
That doesn't mean that Google can fraudulently market an open platform and then close it after driving competing platforms out of the market without running afoul of antitrust law.
However, if Google wants to create a new platform that is a walled garden, as long as they are honest with users about what they are selling, that would be perfectly legal everywhere except the EU.
> That doesn't mean that Google can fraudulently market an open platform and then close it after driving competing platforms out of the market without running afoul of antitrust law.
But they haven't done these things. If they violate the law, they will have violated the law. Google hasn't imposed the discussed requirements yet. However, even if they imposed them today, I do not believe they currently advertise that they allow side-loading.
Also the commercial market for sideloading is basically nil. I'm not sure what antitrust angle you'd take here -- whose market would they unfairly disadvantaging? Basically all antitrust actions thus far regarding mobile platforms have been regarding their gigantic commercial app stores. That is entirely unaffected by these changes.
> However, if Google wants to create a new platform that is a walled garden, as long as they are honest with users about what they are selling, that would be perfectly legal everywhere except the EU.
The policy they are proposing is the same policy that Apple recently switched to in order to comply with EU regulations! Apple is doing it precisely because it complies with the EU's demands.
> Basically all antitrust actions thus far regarding mobile platforms have been regarding their gigantic commercial app stores. That is entirely unaffected by these changes.
This is more or less true. Epic Games is most likely not going to fight Google any further in the U.S., assuming they actually get what the recent injunction promised them (which does not include unrestricted sideloading, but does include better protections for verified third party app stores on Android).
But at the same time, I don't think it's invalid to say that antitrust law provides a pretty solid framework for a hypothetical "sideloading mandate". The EU's Digital Markets Act comes very close, but falls short of declaring exactly what a "third party app store" should be. That is, "an independent source of applications without any oversight whatsoever from $BIG_TECH_CO".
However, they probably specifically avoided doing that because they knew it would lead to malware on iOS, and a huge win for Apple in the court of public opinion. Will the EU or any of the other regulators actually ever go any further than "third party app stores"? Probably not, to be honest.
What? The parent comment alleges that your claim that Google engaged in fraudulent marketing is false, but your reply just restates your original claim without addressing their argument.
> except the EU
Also Australia, Japan, Brazil, and the United Kingdom, with others sure to follow.
You keep repeating this argument, but it doesn't hold up upon critical examination.
I already replied here: https://news.ycombinator.com/item?id=45512015
I think the reason you keep reiterating this is because once you realize that there is no legal justification to go after Google for this move under current US law, the only real solution becomes obvious: new legislation, and you really don't want that, because you know it will apply to Apple devices as well, which would be The End of the World.
If you want to see what the solution to this problem looks like, take a look at the bipartisan App Store Freedom Act: https://www.congress.gov/bill/119th-congress/house-bill/3209...
(This is before Apple/Google lobbying efforts result in either the death of the bill or a bunch of exceptions allowing companies to do "notarization" or "developer verification".)
Sorry, but when you create an open platform, you are choosing to create a new market where antitrust law will apply.
Google has to live with the consequences of it's decisions.
Open platforms mean more growth more quickly, but they also place restrictions on what you are allowed to do in the future.
Antitrust law applies to any company of massive size that engages in anticompetitive conduct, not just companies who create "open platforms" [1], otherwise there would never be any antitrust cases. An antitrust case would be your best hope under current law, but it already happened and the remedies did not include a mandate to keep allowing unrestricted sideloading indefinitely.
Anyway, you're now moving the goalpost, because you were originally talking about a case based on the premise that they engaged in fraudulent marketing, not a case based on the premise that they currently hold a monopoly. The former would never hold up in court, the latter already happened but the remedies were insufficient to stop Developer Verification.
[1] The reason Apple wasn't forced to allow third party app stores as a result of Epic Games v. Apple was not because iOS is a "closed platform"; they simply weren't found to be a monopoly in the "mobile gaming transactions" market (which does not preclude them from eventually being found a monopoly in the "mobile app distribution" market).
See also:
https://en.wikipedia.org/wiki/Epic_Games_v._Apple
https://en.wikipedia.org/wiki/Epic_Games_v._Google
https://www.theverge.com/24003500/epic-v-google-loss-apple-w...
This is a massive stretch. What marketing campaign said that?
And even if it did, it’s not like marketing campaigns make claims that last forever.
Red Lobster doesn’t owe you anything because endless crab legs isn’t a thing anymore.
embrace, extend, extinguish
Now I’m just talking to a parrot whose been living in Richard Stallman’s house.
The EU doesn't need a legal justification. They can stop Google but they actually love this because it helps their total surveillance state ideas.
The Android Developer Blog called it "an ID check at the airport which confirms a traveler's identity but is separate from the security screening of their bags."
From the mouths of rubes, I guess. The ID check at the airport has zero to do with safety or security and everything to do with the airlines' business model (no secondary market for tickets), enforced by government.
>The ID check at the airport has zero to do with safety or security and everything to do with the airlines' business model (no secondary market for tickets), enforced by government.
If it's really about protecting "airlines' business model", why did TSA recently start requiring REAL ID to board flights? Were airlines really losing substantial amounts of money through forged drivers licenses that they felt they needed to crack down?
> why did TSA recently start requiring REAL ID
Immigration politics
Source? The wikipedia article makes it pretty clear that it was in response to the 9/11 attacks. It got delayed several times so it ended up taking 2 decades to implement, but Trump had little to do with it. The May 7, 2025 deadline was set back in 2022, under Biden.
https://en.wikipedia.org/wiki/Real_ID_Act#Legislative_histor...
To my knowledge the deciding factor between which state ids were considered compliant and which were not was whether the state required disclosing and documenting immigration status to get a drivers license. In theory there are other rules, but the rest of them were pretty universally followed already anyway.
In addition, the source you linked explicitly points out that the id standards were just one part of a bill that "would repeal the provisions regarding identification documents in IRTPA, replace them with a version that would set the federal standards directly rather than in negotiation with the states, and would make various changes to US immigration law regarding asylum, border security and deportation."
This is nonsensical. The minute the government doesn’t check ID to get on a plane that coincides with your ticket, the airline will start doing ID checks before getting on domestic flights just like they do for international flights.
And some airports are now allowing non fliers inside the terminal.
Even hotels force you to verify your ID to check in even though the reservation I’d transferable - just add a guest to your room when you make the reservation.
Nope. Most of the world does the ID check, and it's recommended by the UN guidelines for security reasons.
I hope that F-Droid, the FSF or anything like that will initiate a complaint in US or EU. I would happily give a fund for that purpose.
> This logic is flawed: historically, we've seen malware slip through the Play Store—signed and “verified”—several times.
Yeah, check for all the fake sora apps in the play store.
This is a weak argument. If things have slipped through the cracks with someone actively reviewing it, the alternative cant be 'lets not do any checking whatsoever'.
There are better arguments against this that other commenters here have provided (including "my device, my rule") but this isnt a strong argument.
That's the thing, they don't review their apps, and they actively ignore people flagging apps that are scams or otherwise malicious. Much like their ad empire, its all bots and people making money for pretending to care.
The number of malicious apps that Google has removed from the Play Store is far from zero.
It is false to say they are great at it. It's also false to say they don't review it. They remove some, but they're not great at it.
It's not "let's not do any checking whatsoever", it's just "let individual users choose between Google's ineffective checking and alternative app sources that users can trust or not trust with zero involvement from Google".
This.
That would make sense except they aren't doing any app reviews lol. They're just scanning your government ID. It is a farce.
I know this is side topic but if buying the Android or iPhone hardware gives us hardware we don't control, then what alternatives we realistically have? I do own pinephone (and I was recently reading that they kinda staled with development of new phones hardware), I know about librem.. is there anything else on the market?
LineageOS? /e/OS? ArrowOS? Android has so much momentum that seems like it would be difficult to avoid a fork. I know Waydroid exists, but I'm not sure that's good enough. Ubuntu Touch sounds really cool too, but I've put effort into it with a used Google Pixel 3A and it's not an easy, cheap thing to try out right now. And it's still dependent on binary blobs for drivers, as far as I know. Not a great situation.
Regarding banking apps and things like that, I don't run into to any issues except for not being able to scan checks for deposit on the mobile website. And also I have to have physical credit cards. If you can't do what you need, consider changing to a local credit union which has your interests in mind far more than a for-profit bank.
I've never run into a need for apps for a government purpose, but perhaps I will someday.
I'm sure my situation where I live may be different than your situation where you live.
I don't use an open source fork of Android daily and from what I can tell the best option that exists today.
The only hardware that I know will continue to be open enough for this to be viable in the future is Fairphone. I hope there are others. I would definitely would NOT trust Google Pixel to remain open for the foreseeable future.
Personally, I'm trying to get out of the habit of using my phone anyway, so I might as well have laptop or desktop hardware that can fulfill my needs.
Probably Linux phones, they are not there yet, but maybe by the time Android becomes an iOS it will be there.
Problem will be with banking apps and such, well you can get an used iphone and in lockdown mode it should be fine even if it reaches EoL.
Bought a used iPhone 7 for a specific project requiring a supported OS (iOS15) and having a hardware security module and the phone worked fine for that but Microsoft Authenticator refused to install below iOS 16 for no obvious reason.
My bet is that YOLO is the reason for Microsoft being unable to make the authenticator work on an older iOS.
Yes, it's a very unfriendly decision by Google.
However, I don't think they haven't measured the number of users installing apps outside of the Play store. May be they just don't care about the small % of total users who are a large % here on HN.
This is a part of a bigger trend, Cory Doctorow spoke about 13 years ago in his "The coming war on general computing": https://www.youtube.com/watch?v=HUEvRyemKSg
And this will creep out to the major desktop systems too, Apple is doing it with their stupid "non-verified app" and Windows looks more likely to do so with their "need Microsoft account to login" to windows.
It's unfriendly to developers and power users, but very friendly to the other 99.999% of users.
I used to work for Google, on Android security, and it's an ongoing philosophical debate: How much risk do you expose typical users to in the name of preserving the rights and capabilities of the tiny base of power users? Both are important but at some point the typical users have to win because there are far, far more of them.
The article implies that this move is security theater. It's not. I wasn't involved in this decision at all, but the security benefit is clear: Rate limiting.
As the article points out, Google already scans all the devices for harmful apps. The problem is knowing what apps to look for. Static analysis can catch them, dynamic analysis with apps running in virtual environments can catch them, researchers can catch them, users can report them... all of these channels are taken advantage of to identify bad apps and Google Play Protect (or whatever it's called these days) can then identify them on user devices and warn the users, but if bad actors can iterate fast enough they can get apps deployed to devices before Google catches on.
So, the intention here is to slow down that iteration. If attackers use the same developer account to produce multiple bad apps, the dev account will get shut down, requiring the attackers to create a new account, registered with a different user identity and confirmed with different government identification documents.
Note that in the short term this will just create an additional arms race. In order to iterate their malware rapidly, attackers will also need to fake government IDs rapidly. This means Google will have to get better at verifying the IDs, including, I expect, getting set up to be able to verify the IDs using government databases. Attackers will probably respond by finding countries where Google can't do that for whatever reason. Google will have to find some mitigation for that, and so on.
So it won't be a perfect solution, but in the real world, especially at Google scale, there are no perfect solutions. It's all about raising the bar, introducing additional barriers to abuse and making the attackers have to work harder and move slower, which will make the existing mechanisms more effective.
> in the name of preserving the rights and capabilities of the tiny base of power users
These are the rights of all the users. Take that perspective.
Remotely pushing a code to billions of devices to lock their baisc function (running code user loads) unless the device owner pay and provide sensitive info is a full-scale global malware attack by itself.
It's not even about power users. The article describes this pretty well: It is about the fact that this action will destroy or at least severely harm the open source app ecosystem. What I can see is that this already has a chilling effect on app developers releasing apps on F-Droid. You might say why should I care about that when I am one of the 99 % of normal users. But it all comes down to freedom. If you destroy alternatives to the Play Store, you remove the freedom of choice that even the 99 % of users would have if they were willing to switch to proper open source solutions.
Does anyone know if there is a concrete evidence that bespoke measure violates the EU's digital markets act?
But those 99.999% of users won't be using F-droid or direct-installs to begin with.
Completely false dichotomy - you could release a separate android channel that would require flashing through fastboot but still be signed, don't require unlocked bootloader and fully pass "Play Integrity".
In that case, an ID-gated play store and a developer settings toggle with a scary warning message would serve the same purpose for that 99.999% while leaving the rest minimally affected. Clearly that's not enough for google.
Check Stallman's The Right to Read short story.
Link: https://www.gnu.org/philosophy/right-to-read.en.html
Meta: https://en.wikipedia.org/wiki/The_Right_to_Read
My hope is that this lets some more people wake up and finally make Linux on the smartphone a reality.
If that ever does happen I really hope they just focus on making a proper phone, not trying to make it a hybrid phone and workstation. When they were working on Ubuntu touch (or whatever their phone version was called), they would show off how cool it was that you could just plug your monitor and input devices into it and boom you’ve got an all in one device.
But who wants that? It’s cool. But I’d rather just have a fully functional phone that happens to be Linux.
> If that ever does happen I really hope they just focus on making a proper phone, not trying to make it a hybrid phone and workstation.
It's not a zero-sum game in that regard. The entire point of Linux phones is to get Linux distros working in phone form-factors. Getting them to work as general-purpose computers is the easier, already finished part. Getting them to work as phones is the harder-part, the new work. Removing the easy, already finished part doesn't make writing the camera drivers, modem-handling software, etc. any easier.
> But I’d rather just have a fully functional phone that happens to be Linux.
Without the "workstation" stuff? That's Android.
You've been able to do this on android since the Motorola Atrix.
I certainly want that. I use DeX all the time. It's amazing.
I'd love to see this. Could the community rally a phone manufacturer with phones at different price points and focus on that? Most projects I've looked at in the past have been as good as dead, or spread across a bunch of outdated or bad phones.
I secretly wish Framework will do this one day.
Yeah, all you need to add is a desktop environment and some kernel drivers that are specific for phone hardware.... except that's what AOSP already is.
This is the beginning of the end of Android.
Google have over-reached.
It is unacceptable to software developers to be unable to install software on their own phones, and this will lead to a successor to Android.
It will take time, but it will now happen.
Very few people care about this change. The current outrage will be a distant memory in a few months. I'm sure fdroid will find a path forward. Folks who want to install custom apps on their phone will still be able to do so, maybe with an extra tedious step in some cases but if you're motivated the changes won't stop you.
> beginning of the end of Android.
You underestimate how much money & effort it takes to make an operating system.
No - I'm not saying it will be soon, or fast. I am saying only it will now come, just as Linux did.
Wouldn't people just fork AOSP? Seems like GrapheneOS has a running start?
Forking a project isn't really the same as "ending" it, as much as it is becoming it. Even ignoring that, you can't be a meaningful competitor unless you actually ship on a phone, and support the features that the average consumer is looking for. Amazon even tried and failed spectacularly.
If that actually were the case, the iPhone would've died in 2007.
In reality, most people don't even know what sideloading is. Those are the people who are buying phones and supporting the market for their existence.
The 0.001% of people who want to side load applications onto their phone, can clamor for a new OS all they want, but unless they put the resources in place to make that happen, it won't.
> If that actually were the case, the iPhone would've died in 2007.
But there was Android. If you cared about loading, you could ditch Apple. You had something else to go to.
Now there's nothing.
There were zero Android phones in 2007. The G1 launched in 2008 as a brand new platform with no third party apps. In 2007, Windows Mobile was the popular platform for people who liked loading their own software on their phone.
If you were around for the early Android scene you might have heard of XDA Developers -- which was named for the O2 XDA Windows Mobile phone.
Can anyone say exactly what this would mean for F-Droid? For instance, not that I want this to happen but if F-Droid really wanted, they could conceivably get verified developer status.
And then they could offer apps, which (again I don't want this, just asking), could also be distributed if verified. F-Droid would have to be verified and would only be able to distribute apps from developers that are also verified.
And so conceivably you could still install apps from outside the Play store if they're verified. Unless the Play store is administering verification.
I'm not saying that would work, in fact, I think in practice it wouldn't. I'm just trying to play out what that would look like to understand the specifics of how F-Droid is being effectively dismantled. But I'm all ears if someone has a different interpretation about how F-Droid lives through this. It would seem that it would only survive on degoogled phones.
We wrote about what it means for F-Droid at:
https://f-droid.org/en/2025/09/29/google-developer-registrat...
And it has been discussed in a couple of HN threads:
https://news.ycombinator.com/item?id=45409794
https://news.ycombinator.com/item?id=45507173
Thanks! Macroexpanded:
Google's requirement for developers to be verified threatens app store F-Droid - https://news.ycombinator.com/item?id=45507173 - Oct 2025 (152 comments)
F-Droid and Google’s developer registration decree - https://news.ycombinator.com/item?id=45409794 - Sept 2025 (564 comments)
> we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.
Since these are open source apps, couldn't f-droid maintain their own fork of each app with a different application identifier?
It would give Google the ability to shutdown F-Droid at will by baning their account and thus far more power to control what F-Droid publishes and how it operates. However, it seems like anyone could fork an open source app and use their own account and setup their own unique identifier for their fork.
No question this increases Google's power but it doesn't seem like it technically makes it impossible to operate a store like F-Droid.
If nothing prevents this from happening, then when it does happen, I will make it a point to carry nothing but a laptop and a dumb phone, maybe a hotspot. If I need something from the internet, I will get it before the trip. If I can't get it on the trip, and forgot to beforehand, I will either find another way, or not do whatever it is.
I don't know why I don't do that now, honestly. Sounds pretty interesting.
You don’t because it’s not reasonable. It’s fun to play with (speaking from experience), but it’s not reasonable in day-to-day life. That’s why smartphones are so successful. That’s why we need to actually open platform.
People choose Android because they need / want more control over their system. If Google continues to remove that control, they lose the only thing that gives their OS an edge.
Some people do, most choose it because Android phones are a lot less expensive when you buy new (outside of the flagship/newest phones).
The share of users who find this business move to be a deal-breaker is likely small enough for most manufacturers to not care.
They saw apple getting away with it under the DMA so they're just doing the same. You can't do anything about it.
Android limits on "installing" software of your choice on your own consumer hardware are the most anti-consumer move yet.
Let's call it what it is. Attack on what ownership of our stuff means.
Realistically, what can be done to stop this?
In my eyes, Google is violating my rights because I did not agree to them stopping independent installation. I view them pushing this update as criminal vandalism.
A law with more teeth than the EU's Digital Markets Act (which, contrary to popular belief, does not actually require sideloading) could theoretically be passed. The current (pre-lobbying) iteration of the App Store Freedom Act looks pretty good (ctrl+f "security", "safety", "integrity" returns zero results).
https://www.congress.gov/bill/119th-congress/house-bill/3209...
Realistically speaking, that probably won't happen, though. What can you, yourself do to mitigate the impact?
Install a forked version of Android without Developer Verification. LineageOS, GrapheneOS and CalxyOS are all pretty good options. Stop using any apps with remote attestation via Play Integrity, which will mean sacrificing more and more functionality as time goes on. Try to use mobile sites instead of mobile apps as much as possible. Watch the F-Droid catalog get smaller and smaller until it crumbles completely when it becomes unusable by >80% of Android users.
This will shape the future of computing with how Apple being treated as the reference for the whole industry. (I know this is Google here. But our reference devices are iDevices that was unfortunately always locked in the Apple provisioned codesign)
Our “pocket” computers are locked in. The next computing platform will be more wearable such as AR glasses. We’re expected to have 3 players in the upcoming iteration - Apple, Google. Meta due to vivid services needed for valuable glasses services. Meta already shows how you don’t really own the device by what’s running on it. It’ll be very sad if next generations most used form of computing will be able to run only border-controlled software.
Of course as rubbish as this is, it could spawn a bunch of new commercial app stores and trigger competition there.
My understanding is side loading is only limited if play services are installed and Google mandates it.
This may give some room to some smaller phone makers to launch less encumbered phones.
It's a puzzle to me how Google moves to restrain app install out of its store, while Apple loses in court for similar practices.
This change would make Google's policies in line with the policies Apple has recently implemented to comply with those court orders you're talking about.
I was a big proponent of the nexus phones and Google's efforts in the space, but I am hundred percent not an android fan anymore.
There's a study on positive or destructive workers, from a business management pov. The finding was that the "bad" employees and the "good" are often the same people: a "good" employee scorned becomes the worst type of employee.
I think Google will be discovering some variant of this from their previous fandom, and it will be too late.
You seem to be framing this as if it were a business decision to curtail competition. I and likely the team pushing these changes only see the security benefits for users through these changes. People have tinted lenses to assume malice when Google does things, but if you've actually ever been close to the decision making process internally it's never anything close to what people seem to imagine. People are overestimating how problematic these changes will be in practice.
Too late for whom though? I suspect it's not Google. The only companies with enough capital to take them on at their own game are somehow even worse, although admittedly the gap is getting narrower by the second.
And yeah, giants occasionally fall suddenly. But mostly just in the software world. Phones require extensive hardware and software knowledge, and increasingly also require playing nice with carriers/TLA government agencies.
A while ago I implemented some little feature I wanted for an open source app, and tested it on my phone. Only Android development I've ever done, a few hours' work: I wasn't going to get certified as an official Android developer for it. With this, I wouldn't be able to do it? Or rather I could, but could only test with the Android Studio emulator or similar?
Similarly if I just wanted to make something for myself, not distribute it at all, I know have to register with this program just to install my thing on my own phone? I don't think even Apple goes that far?
These restrictions won't apply to developer tools afaik. You will still be able to install anything using ADB.
(I'm not defending the practice — Android needs to be separated from Google, and it needs to be done 10 years ago)
No. You can still install apks through ADB, which is how you would do it during development. But you won't be able to distribute it without signing it through google.
If you can't install software on your own device, you don't own it.
You are renting a completely government and corporate controlled piece of hardware.
Agreed, and the only reason I bought a Pixel is because it supports Graphene. But as long as the masses value convenience over privacy and freedom, nothing will change, and Apple/Google will happily keep selling them devices that are now primarily designed to spy on them.
"But as long as the masses value convenience over privacy and freedom, nothing will change, and Apple/Google will happily keep selling them devices that are now primarily designed to spy on them."
When I have taken the time to educate someone on a very personal level about privacy, the person understands the value and will change some of their habits. We can win this.
I have this profound disgusting feeling when I think I'm going to have to ask Google to validate which app I am allowed to install on the phone I paid freaking money to get !
This is not about open source, the government being able to ban apps, or anything else but a principle.
I'm not a child and Google is definitely not an authority respectable enough to tell me what I can't install. They have lied, been sued countless times, had to pay billions of fines,..
At this point, there are 2 alternatives : iphone, grapheneos (don't even start with Linux phone).
Iphone suck just as bad on that matter but at least the software is more suited to professionals, it's not as half ass done as Google software.
Grapheneos, it runs just fine 99% of the time but these last 1% can be so annoying. Like how they disable face unlock, or how some apps refuse to work because of play integrity.
My last hope is that the eu will come once again to the rescue and bring the mfcker at Google who came up with this idea back to earth.
That or ban Google Android version and make an European Android alternative funded and developed by a consortium of tech companies that want to sell phone in Europe.
After all, Europe is even a more interesting market than the usa.
with all these folding phones and e-ink mobile sized e-readers having gone through several generations, I'm beginning to think the next big kickstarter[0] is a dumb e-ink phone/wifi modem connected as a 5g modem to an amoled linux tablet.
[0] No royalties required if you pick up my "fantastic" idea, just send me a free device
The Play Store should be taken away from Google and setup as a non profit to facilitate serving copies of software people upload.
If users are drawn to the "tree of the knowledge of adb install" then your first assumption should be that the menu in the walled garden is unsatisfactory, not the designs of a serpent.
There's an overarching lesson that FLOSS needs to learn from the last fifteen years:
If it's not copyleft, it's not free. Also, it's more than just a legal classification of IP law, it's an ethos. I don't care how "free" your underlying OS is, if most of the userland is proprietary and the only way to really effectively use the software on consumer hardware is to use a megacorp's implementation of it and to bow to their whims, it might as well be Microsoft Windows.
This is why I always thought Android never really was Linux. Sure, it has a Linux kernel, but that kernel just exists to run a bunch of software in a way that you have no real control over.
i am just waiting on the same thing that happened with sony and geohot to happen to google as well. blocking sideloading will annoy some very smart and maybe dangerous people
Sounds like we need either a viable alternative or a next thing.
The next thing will probably be AR glasses and we could use some alternatives to Meta and Google and Apple.
And I was willing to give BlissOS a try as a summer project. Guess Android just became less interesting for hackers in gener.
I just wish BlackBerry went in a different direction. If during the early-mid 2010s they decided to dedicate to open-source and privacy-first, as well as keeping their flagship QWERTY format with the optimized BlackBerryOS, they could still be around serving a particularly large niche in the smartphone market: Those who use their phone for communication and utility over entertainment.
Maybe they can make a comeback. If anyone at BlackBerry is reading this, just do it, please and thank you.
It's sad that basically anybody can type faster on a 15-year-old blackberry than on the latest and greatest touchscreen-keyboard phone.
It's logical, and comes down to accuracy and comfort. It's the same reason why mechanical keyboards are best on desktop, not those silly flat Apple butterfly keyboards.
What I'm sad about is the fact that the QWERTY format was completely abandoned to cater to the entertainment-focused users on Android and iOS. Those are also the people who "don't care about privacy" and are fine with walled gardens, as long as their TikTok, Facebook and Netflix work.
Is typing on a touchscreen phone really that difficult for people? I did a Monkeytype test just now on my iPhone. I got 50WPM in the 30 second test. For comparison, I get about 100WPM when I type on a regular computer keyboard.
I feel like getting 50% typing speed isn't so bad, and I doubt I would get a lot better than that with physical buttons. Generally I'd rather have more screen real estate.
That said, I definitely prefer physical buttons for games.
from what i understand:
- if you compile from source and deploy via adb nothing changes
- if you use a closed source binary, the identity of the owner becomes mandatory
so the issue is anonymously published closed source software?
> if you compile from source and deploy via adb nothing changes
That's not how I understand it. Do you have a source?
"Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices."
https://developer.android.com/developer-verification
https://android-developers.googleblog.com/2025/09/lets-talk-...
> Android Studio is unaffected because deployments performed with adb, which Android Studio uses behind the scenes to push builds to devices, is unaffected.
Thanks.
So, simply sending a download link for an APK to a friend is not enough anymore - I now have to teach them how to install and use adb.
EDIT
> we are also introducing a free developer account type that will allow teachers, students, and hobbyists to distribute apps to a limited number of devices without needing to provide a government ID.
Depending on how they implement that, this would at least partially improve the situation. Sounds like no ID is required, but I assume the whole ordeal with registering each app is still mandatory.
> anonymously published closed source software
Yes, like the software for my ebike conversion kit for which I only have the APK. I have vetted the software and would like to install it. If Google blocks that, then fuck them.
> - if you use a closed source binary, the identity of the owner becomes mandatory
So I can't just build an apk and distribute to others? What's the process for providing identity?
Paying Google $25 for the privilege of giving them a picture of your face and license to save in their cloud.
As someone who doesn't really care about apps, if I wanted to move away from Android what phones and OSs are worth considering?
Don't know how the Google's actions with affect AOSP. There are few options depending on location / country with base band frequencies.
Murena with e/OS/ [0], Purism with PureOS [1], Volla with Volla OS or Ubuntu Touch [2], and Furei Labs with FuriOS [3].
Those are the companies actually trying to sell a phone versus Pin64 selling a device to tinker with.
Alternative is checking personally managed OSes like postmarketOS [4] and Ubuntu Touch [5].
[0] https://murena.com/ [1] https://puri.sm/ [2] https://volla.online/en/ [3] https://furilabs.com/ [4] https://postmarketos.org/ [5] https://www.ubuntu-touch.io/
PinePhone
https://pine64.com/product/pinephone-beta-edition-with-conve...
> versus Pin64 selling a device to tinker with.
PinePhone Pro sure, but PinePhone works AFAIK. Similar specs as Purism's (though weaker cameras), and 4 times cheaper.
They all died. There were Linux phones until Android and there were some non-Android phones until Android 8 or so, such as Qt Extended, RIM BlackBerry OS, Palm webOS, Mozilla Firefox OS, and Microsoft Windows Phone, to name a few. They all died from numerous footgun wounds as well as pressures from competition.
VoLTE was one of major contributors to the situation, by the way. Only iOS and Android supported voice call on 4G LTE for first 3-5 years, due to it being a huge pile of TBDs and transitional hacks. There were political fights in whether the LTE is to be 4G or it was to be 3.9999G and superseded quickly by a completely separate 4G standard. This meant that companies and consortium that maintained alternative OS could spend unrealistic amount of lobbying and engineering effort trying to get into it, risking investments needed for it, or give up and start procurement process for a white flag. All chose the latter, and we ended up with an iOS/Android duopoly with unprecedented totality.
I've been using Sailfish OS for quite some time, but I don't do all of my computing on the phone. There's quite a high friction for using any of the mainstream Android apps, so usually you have to find an alternative if possible.
I also use Sailfish OS - its not perfect, but useable. :) And the way Android and iOS goes to shit, its current state might already be better than them soon. ;-)
(Sailfish OS is improving over time, if a bit slowly. :) )
You don't really have a choice: it's either Android or Apple iOS.
PostmarketOS, Mobian, and GrapheneOS all seem to be good choices. Or simply not carrying a phone as I often do.
GrapheneOS on a Pixel
Let's see what will the future of Graphene be, since Google is not publishing the device tree anymore for Pixel devices...
That's a non-issue for them: https://grapheneos.social/@GrapheneOS/115299586595207105
It's not a non-issue i'm sure it's quite annoying to deal with, they just work around it. I hope the deal with their unnamed OEM works out and we get a native GrapheneOS Device. I'd buy it day one.
They are building their own device trees now.
It's kind of ironic that you have to actually give Google money in order to not use Android. I'm still amazed that there's no Graphene support for any other device.
They're in discussions with an OEM to produce their own device.
Graphene is still Android.
Truly the OS by and for people who are into excessive nitpicking. I suppose that's what you want for security.
Does anyone have a rough estimate for how many installation of GrapheneOS there are?
My next phone is gonna be a Linux phone.
Android is signalling that users don't own their phone anymore.
Maybe there will be options arriving in the market to re-introduce this concept.
I really would love to get rid of everything related to Google, Microsoft and Apple. Too bad I am completely depending on them. Business wise and privately. I wish I would wake up tomorrow with a Linux phone with no crippleware, no notifications, no crappy animations, no limits, no nothing.
Let's make life harder for the only mobile app store (F-Droid) that hasn't had any malware on it since it's inception - someone at Google probably.
I imagine custom ROMs would be able to work around this restriction, but I wonder if simply rooting the phone would also allow you to switch it off?
Yes, this verification will be implemented in the OS but not in the TEE, so rooting does give you the ability to affect it.
But Google is working hard to make sure important apps won't work anymore due to their "Play Integrity" crap.
it's always hilarious (and there's a lot of this going on right now) when major players eliminate themselves from the competition, while deluding themselves that they've eliminated the competition.
Meh, I can still install what I want via adb. It's probably a good thing most people won't be able to click a link and have a new program installed by an anonymous person. Especially in an ecosystem where .apks are passed around manually
Most consumers DON'T CARE. They want their phones to access Facebook, Instagram, TikTok, X, Bluesky, their banking, shopping, and food order apps, etc. If anything they'd be glad to know that Google is stopping entire classes of malware at the source. This is an anti-techie move, not an anti-consumer move. Only techies care about being able to run any software you want on a device you own. Most people don't really want to own a computer because owning one means you are responsible for administrating it, and that's well beyond normies' capability and/or well outside the things they want to spend time or energy fucking with. They just want access to what the computer enables.
Continuing to bang on this drum has "less space than a Nomad, lame" energy. Except it's political, so you sound even more like an autistic loon. Start thinking, techies. Not everybody is remotely like you. 99% of Google's customer base don't care about this, and Google may have actually increased Android's value to end users.
> Most consumers DON'T CARE
Why is this argument even a thing?
They want to use Facebook, Instagram, TikTok... The exact services that wouldn't exist in the first place if there wasn't for the open neutral Internet, something they didn't care about too.
does anyone know if this affects lineage os or are they able to work around the madness?
[dead]
As with manifest v3, Google is once again misusing their position as a source of open standards to benefit their adware business. Hopefully the EU fines them once again.
A weird hill to choose to die on given that in practice it's not really a meaningful percentage of people that are using adblockers and the negative PR they get from these oversteps is massive.
Didnt EU rule that it was OK for Apple to do, and Google is just just mirroring that?
I believed the EU specifically ruled that Apple's rules which include this are NOT ok. And they're currently fighting Apple about it. Unless I missed something.
At least these user hostile actions are a source of income for the EU.
The way Google is going, you might as well just have Apple and fully embrace consumer hostility.
Why having your own website is essential
Need something to view, edit and serve it through.
Dare I say it, I think we're being too harsh on Google here.
When you own a massively successful consumer product like Android, which is foundational to users' lives, you have an obligation to your users to keep them safe*. Sometimes you will have to choose between protecting users who don't know what they are doing at the expense of limiting users who know what they are doing. In this case, they have chosen to err on the side of the former.
I get it. It's OK to not like this development, especially if you use a lot of sideloaded apps. However, if you call this "anti-consumer", then perhaps you and Google have different notions of who the consumers are.
All said and done, Android/Pixel is still the most open mobile platform. Users are still free to install other AOSP-based OSes such as Graphene OS, which have no such restrictions on sideloading.
PS: I'm a former Google employee. I don't think I am a Google shill. I worked on mobile security, but I was not involved on this matter.
* I am using "safety" as a catch all for privacy and security as well.
AOSP is starting to be locked down. Google's idea of promoting safety is charging developers for recognition. When there's a profit incentive involved, no, we are not being "too harsh"
Almost all of the pushback I have seen is on the notion of "developer registration", not the cost. That's what I was responding to.
I don't know how much it costs. But if there's any pushback that it costs too much, my comment is not about that.
> Android/Pixel is still the most open mobile platform
There are 2 options in this space (practically). Being better than Apple, who is explicit about the fact that they own every iPhone on the planet, is not a flex.
Do you think Apple is being reckless not doing the same thing on MacOS, Microsoft on Windows? Is the population too stupid to be permitted general purpose computers?
>Is the population too stupid to be permitted general purpose computers?
I'm strongly against this Android change (for a simple reason written below) but the answer to this is a resounding yes! The general population is a complete security disaster with unsigned software! The latest generations being brought up within abstracted mobile ecosystems are no improvement either on that front (probably worse).
That said - and I think this is a key point in this debate - sideloading apps is already a fringe part of the Android ecosystem. The vast majority of average Android users will never interface with this functionality. Well there is still obviously a security risk as with any time unsigned software is offered, it doesn't seem to me to be a major issue in the ecosystem. This is clearly about control, not security. Let's say there is more antitrust action and Google loses more control over their preferred forced storefront monopoly within the ecosystem. With this change, at least according my understanding of it, they are still the arbiter of what is allowed on the platform and not even if an app comes from another app store.
No, I am not flexing. I am just stating a fact.
FWIW, I am also pissed that there are only two mainstream options.
> …perhaps you and Google have different notions of who the consumers are.
A relatively small percentage of HN users have empathy for people who haven't the faintest idea how their gadgets work and no curiosity about learning that. It can seem inconceivable.
I agree with you that normal people deserve safety when using their most intimate device, and that backdoors that can give technical people unfettered access will ultimately be abused by bad actors. I wish the world didn't work this way, but it's the one we live in.
> have empathy for people who haven't the faintest idea how their gadgets work and no curiosity about learning that.
I sincerely hope that a lot of people are actually better than how the stereotypes may make one think. Empathy (or lack of it) doesn't change the issue: users are deprived of choice and forced to go along a corporate decision, whenever it benefits them or not.
Ultimately, it all boils down to lack of informed consent and power/voice disparity between casual users and large corporations, especially when the choice is limited (and we have a de-facto duopoly). What you're seeing here is users expressing their dissatisfaction with a major decision that goes against their interests and that they had no say in. Have some empathy for those folks too.
I'm pretty sure most people who are unhappy about the news don't want to harm anyone and find no enjoyment if someone is harmed by lacking informedness. I'm very confident there are ways to present the issue and give a choice in a manner that is comprehensible to anyone, without requiring any technical knowledge. Every competent adult should be able to decide if they want to risk a thief gaining access to all their accounts at the benefit of ability to have extended control over their phone. Or be unable to install applications not blessed by the vendor, at the benefit of vendor promising to keep them safe from malware. I might not do the best job here, but I strongly believe that such things can be explained to anyone regardless of their life choices.
That's not what Google is doing, and their disrespect for user autonomy should not be confused for a lack of empathy towards those who don't understand computers.
Consider this framing: there's a controversy whenever it's acceptable that one could be punished for their choices on how their devices behave. I.e. whenever users willing to have better control over their devices should be punished by a refusal to access a lot of popular apps, sometimes even resulting in social awkwardness. I'm sure that empathetic people can see how this can feel unfair.
I have empathy for them, that's precisely why I made them much more secure by recommending mobile Firefox with uBlock :)
Yes, these big corporations are truly benevolent entities who are only looking out for the common man, and us software engineers are out of touch and "lack empathy".
It couldn't possibly be a frustration and concern that this is blatantly anti-competitive and serves to make Google considerably more money and leaves us with little/no options for people who actually know how to use a computer.
Frankly I think the security argument is largely a smokescreen to avoid discussions of anti-trust.
Let's take this to the logical extreme: I can make my phone even more secure if I pound a nail through it so that it doesn't turn on anymore. The phone is really secure now; it is impossible to install any malware on it, no one can install a bitcoin miner or track my credit cards or anything.
Even better, how about we replace the concept of "smartphone" with a glossy print of a Pixel phone that people can carry in their pocket? It would be lighter and completely secure as there would be no way to run any software on it.
Obviously I'm being farcical here, but ultimately I think there's a spectrum of security, and generally speaking these kinds of "security increases" end up making the phone less useful. Sideloading apps is already disabled by default. Most users aren't going to enable it; really the only people who are going to enable this are nerds who want to sideload stuff, and there's a strong selection bias towards people who know how to take care of themselves in the first place.
Also, frankly I don't really buy the "security" argument anyway. These companies aren't selfless benevolent entities who care so much about us, they are for-profit enterprises. If all apps need to be approved by and purchased through Google, then they can extract more money from users, which wouldn't be true with a side-loaded app store (e.g. what Amazon tried).
I currently run an iPhone, but I don't like how locked down it is and I have considered moving back to Android because of that, but now I'm not really seeing the point. I could of course install Lineage or Graphene or something else but that's considerably more effort.
I wish Ubuntu Touch had gained traction.
If I buy a Google Pixel device then I AM a consumer. You don't have to choose, you could release a separate device for those who know what they're doing, just like Mozilla releases a separate edition of Firefox that doesn't require signatures.
And yes, I while I can still install some alternative OS on my older Pixel (now Google has stopped providing device trees for the newer ones which I therefore won't buy), Google constantly tries to make this as insufferable as possible with their "Play Integrity" crap.
> now Google has stopped providing device trees for the newer ones which I therefore won't buy
Yeah, that sucks. I don't know if they made any official statement on that. I hope they will continue releasing device trees. It's a feather in their cap that the best mobile device to use for de-Googling so far was a Pixel device (with alt OSes). I hope they won't lose that distinction.
If you want to install software on your Microsoft Windows computer, it has to be signed by a verified developer, otherwise you get an overridable warning that the developer cannot be verified, the software may contain malware etc.
If you want to install software on you MacOS machine, the same thing applies. It must come from a verified developer with an apple account, otherwise you get a warning and must jump through hoops to override. As of macos15.1 this is considerably more difficult to override.
If you want to install iOS apps, the apps have to be signed by a verified developer. Theres no exceptions.
I just dont see a future where being able to create and publish an app anonymously is going to be supported.
Becoming a verified developer is a PITA, and can take a while or be impossible (i.e. getting a DUNS number if you're in a sanctioned country might be not at all possible) but at the same time, eliminating the ability of our devices from running any old code it downloads and runs is a huge safety win.
I'm okay with overridable warnings, having to open system settings to override the verification, etc. It's a "huge safety win" for the 80% of users who don't really know what they're doing, security wise. But not for me.
I won't be using any OS that doesn't allow me to step outside its walled garden, if I have any alternatives at all. With macOS it's quite simple - the second they won't allow apps from unverified/unsigned developers, I'm switching to Linux. On mobile, I might as well switch to iOS, since I'm not really sure what else Android offers anymore that's so compelling, other than being able to install apps directly. And then I'll just wait for a Linux phone or something.
Or you can try not updating Android or continue using a device already EOL. Can't have your cake and eat it too on releases and security patches.
There is a world of difference between "the OS throws up a bunch of warnings" and "the OS won't let you run unsigned software"
But Apple will change those "warnings" into straight-up lies, and fail to mention the user can override them, and hide those overrides in non-discoverable places:
Whenever I try to open an unverified app, this popup comes up saying "[AppName] Not Opened" "Apple could not verify [AppName] is free of malware that may harm your Mac or compromise your privacy." Then there's only two options to either press "Done" or "Move to Trash." - https://old.reddit.com/r/mac/comments/1ekv55h/cant_right_cli...
Your only option is to click on OK button, which won’t open the app. So how do you do it? - http://www.peter-cohen.com/2016/12/how-to-open-a-mac-app-fro...
Apple knowingly falsely claiming unsigned apps are "damaged": https://appletoolbox.com/app-is-damaged-cannot-be-opened-mac...
This also implies that Apple does verify that app store apps are free from malware, when that's not the case. It only verifies that they are from a developer who paid the fee and whose apps pass Apple's automated screens.
Apple does verify that App Store apps are free from known malware. https://support.apple.com/guide/security/about-app-store-sec...
And yet, that is still less bad than what Android is doing.
> I just dont see a future where being able to create and publish an app anonymously is going to be supported.
This is strongly needed if surveillance laws like Chat Control are not to be trivially bypassed. This way applications that don't offer governments the required surveillance features can be banned and the developpers can be sued. Not looking forward to that.
I'd be fine if it was just any old code "it" downloads. The problem is that it's any old code "I" download too.
I dunno man, it doesn't feel like a "huge safety win" that my computer has to check with a singular US tech company before it will let me use any software on it.
That's only sorta how it usually works. The developer has to check with a singular US tech company before they can sign the software they've given you.
Except yeah, the way this android stuff works is closer to that way. Instead of Google giving out a key for signing, they instead ask for one and tie a developer to a namespace, so yeah, I guess your Android phone has to check whether or not that namespace is "in the clear"
Right, Google could revoke that signature at any time and my device would refuse to install that software. The exact mechanics don't really matter, the end result is the same, my device will only install software that one company approves of and can change at any time, huge win for security right?
> eliminating the ability of our devices from running any old code it downloads and runs is a huge safety win
No, this is just false. There's numerous, well-documented instances of malware making it past gatekeepers security checks. This move is exclusively about Google asserting control over users and developers and has nothing to do with security or safety.
The only "huge safety win" comes from designing more secure execution models (capabilities, sandboxing, virtual machines) that are a property of the operating system, not manual inspection by some megacorp (or other human organization).
Thats a false equivalency. I didnt say that software was safe because its been checked. Just that at the least, one can somewhat figure out where the software came from.
Getting a DUNS number obviously doesn't make it so that you cant publish malware. It just provides a level of traceability/obstacle that slows down the process of distributing malware.