This shouldn't just be "questions"; this should be a full-on opposition. Do not give them even an inch, or they'll take a mile.
"debugger vendors in 2047 distributed numbered copies only, and only to officially licensed and bonded programmers." - Richard Stallman, The Right to Read, 1997
I only have Linux PCs (laptops) and servers, 100% of my work and personal stuff is done there (though for work I do need to hop into MS365, Google Workspace, Zoom, etc, hooray for browsers, my final firewall between me and the walled gardens, though we can have a whole discussion on that).
For mobile, we have PostmarketOS, Phosh, Ubuntu Touch. I really must try living in them, is it on me? IDK, our government even has an identity app for iOS and Android. I should not be using it, I should stick to web. But its so much more convenient. I'm just weak, aren't I?
Maybe I should go for Ubuntu touch, with an iPad on the side or something. At least my most personal device is something I control then. Or just keep my Linux laptop handy (or make a cyberdeck!). But I want a computing platform that does not require carrying a bag. It's kinda sad. Even GrapheneOS (one of the most personal and secure mobile computing experiences out there)'s future is in the hands of its greatest adversary, the one that does not want you to have a personal computing experience.
My bank blocks my mobile with Lineage OS, and it's not even possible to login to the web site without the mobile app. Absolutely pathetic.
Now I have to keep my 4 year old phone with 2 year outdated Android to access the bank application. Which deemed more safe then my mobile with latest security updates. Haha
Unfortunately, I can say with 100% confident, the customer service of my bank will not freaking understand what is a rooted phone, or LineageOS ...
And my bank's web app developer couldn't even fix their log in bug for several months. I realize, now, it's because they want to sunset their web portal.
Which is extremely annoying ... what if I don't have my mobile!!
Lazy, and greedy corporates, just trying to save their costing with shortcuts, never realizing security is never achieved by taking shortcuts.
This is not too hard. What is hard is to trust it enough. A FOSS OS, by definition, allows to install whatever software, and allows for modification of itself. It is built to overcome limitations, not impose them. In this regard, it's a perfect tool for a criminal who wants to circumvent security measures, because these are limitations. It's the same problem as with cheaters in online games, only with more than games on stake. Banks and payment systems want guarantees of integrity and protection, including protection from user's actions.
A FOSS OS also assumes that the user values the freedom, and is competent in its technical aspects. This is emphatically not true about many users. They choose iOS because it's locked down and thus they cannot inadvertently do something they don't understand, and can't be bothered to learn. More importantly, their grandmother cannot do something she doesn't understand but scammers persuade her to do.
It's a bit like driving on public roads. If you want to drive yourself, you have to reveal your identity and obtain a license. If you want the hassle, take a bus, but buses only go along their routes. Letting unlicensed people drive cars where they see fit was found unacceptably dangerous for everyone eround. Maybe mainstream mobile software development will follow this model, too :(
All this is true about Linux on desktop, though my bank still allows me to log in to online banking.
At least for now.
I'm not aware of any major issues this has caused.
The trust isn't the issue. Google and Apple has made DRM easy for these companies to integrate, and therefore they do it. There isn't more to it than that.
You'd need to make a case that proprietary OSes such as Windows or MacOS lessen the issue compared to FOSS OSes such as Linux. I doubt it considering that Windows is / was known to be the worst offender here.
In any case my bank has not banned the use of Linux to do homebanking. Why? Because there isn't a easy to plug-and-play API to do DRM and remove consumer rights. This is largely for historic reasons, but there is no reason a FOSS mobile OS couldn't work.
It's pretty obvious, it's costly to make one that is up to the level of quality of commercial ones. It's not a mistake that the 2 mobile oses are owned and created by some of the largest and most profitable companies in the world.
It’s costly, but those two companies also operate in a hierarchical manner (like the military or a feudal kingdom) which makes decision-making and accountability much easier. The FOSS world has been rife with petty agree-or-fork squabbles, often over relatively abstract philosophical concerns about license language.
It's the ecosystem. Without an ecosystem there will be less adoption and consequently less investment in the OS. Where I stay, so many services offered exclusively through Android/iOS apps with no alternative. Even government services are slowly excluding the web and becoming app only. There is an implicit expectation from everyone that one will have either an Android/iOS device and this only becomes stronger with time.
I don't know how many people realize but what can result from this can be very dystopian and is scary. But the best possible outcome from this I hope is that some day a wise government realizes how much of daily life is dependent on two corporations and passes regulations to standardize app runtimes. You should be able to publish applications that can run on any OS. Only then we'll see competition in the OS market.
Interestingly, we are, and have been, at a point were you can publish applications that run on any OS for a while, with PWAs.
There are very few software examples, that couldn't be distributed as PWAs, including secure things like banking, etc. With WASM in the mix as well, theoretically the sky should be the limit.
Even more interestingly it hasn't happened - mainly because Apple and Google haven't got behind PWAs for obvious reasons, so the app ecosystem just doesn't exist. It's hard to see how this will changes, when mobile operating systems are dominated by two players, with very obvious incentives to make things worse for consumers but better for themselves, by grabbing as much control of the apps on their system as possible.
In a way it's not. As you mention, we have several of them. But they won't have mass-market appeal until they can run the same sorts of apps that Android and iOS can run. And no, "just use the mobile website" is not an answer.
How do I deposit a check with my bank on my phone without the app? I can't; the mobile website doesn't have that functionality. How do I send someone money via Zelle without the app? I can't; the mobile website doesn't have that functionality.
How do I use contactless payments? I can't; the ability to build an app like Google Wallet or Apple Pay requires deep pockets and trusted payments industry connections that open source mobile OS developers will likely never have.
How do I use Google's productivity suite? I can't; the mobile websites aren't functional enough. How do I use Microsoft's? Ditto.
How do I use the remote-lock functionality of my car? I can't; that's only available through the Android and iOS apps.
I could go on, and on, and on, but I think you see the point. Many people who advocate for these alternative OSes don't get it. "Do you really need that functionality?", they ask. "Why can't you just do that stuff in a web browser on your laptop instead of on your phone?", they ask. "Just use a physical credit card like I do!" And then they wonder why their alternative mobile OS will never go mainstream.
People actually really care about those features and capabilities. It doesn't matter if the people who build these alternative mobile OSes don't care, or think they're stupid, or unsafe, or bad for privacy, or whatever. If you don't build what people want, they won't use your stuff.
Emulating Android sufficiently well enough to run Android apps is a decent start, but so many apps rely on Play Services and Play Integrity that it's a losing battle, or at best a cat-and-mouse game to keep things working.
On top of that, mobile chipset BSPs require financial commitments and being a Real Company. Most open source outfits can't cross that bar, and the likes of Qualcomm will be wary dealing with an organization that wants to do open source.
Mostly because the "web" was sabotaged. I use archlinux and my only GUI application is a web browser. On mobile, I need an email app, maps app, food delivery app and a communication app. Even whatsapp doesn't work on the web (on purpose).
If the web was enabled, app stores wouldn't be possible and you could run anything without an installation. But somewhere along the line both Google and Apple realized that this isn't really to their benefit and "walled ecosystems" are an advantage.
> I use archlinux and my only GUI application is a web browser.
Debian here, and... yup. It's so weird to realize this. I have lots of browser windows open with lots and lots and lots of tabs open, but the only other app I have open is a Matrix client (which honestly is not that great; Element's web version has more features and better polish), and a terminal. If you can call a terminal a GUI app.
Sure, I do use native apps sometimes. A calculator app, GnuCash, VLC, some others. But they're not open all the time; they're infrequent-use apps. And a lot of my VLC use has been replaced by streaming on the web.
I mean, that's a choice. Most of my activity is still native apps, because I hate web apps and avoid them like the plague. I don't doubt you could do the same, but you have chosen to use web based options - which, to be clear, is totally fine! But it's not the way it has to be.
Some things with massive value in excess of the cost of production cannot be pursued by capital nor bought by the individual. Your choices are government, non-profit, or something in between all three. PrizeForge aims to be between all three and to completely change how we do consumer open source, incidentally bringing billions of dollars into making it.
> For mobile, we have PostmarketOS, Phosh, Ubuntu Touch.
Why are you only listing DEs and not operating systems? (You also missed SXMo and more.) There are many more operating systems [0] and two working GNU/Linux phones, Librem 5 and Pinephone. Why people are ignoring them on HN?
> For mobile, we have PostmarketOS, Phosh, Ubuntu Touch. I really must try living in them, is it on me? IDK, our government even has an identity app for iOS and Android. I should not be using it, I should stick to web. But its so much more convenient. I'm just weak, aren't I?
Don't forget GrapheneOS, LineageOS and other de-googled FOSS Android Versions
That "F" (as in freedom) is certainly eroding. Perhaps not by its source availability directly (although without any drivers, what is the use?), but very much by a company trying to lock you out of all the goodies that once came with it.
Even if Google would stop open sourcing AOSP, I think it would be much easier to fork AOSP than to start a new Linux-based FOSS mobile operating system from scratch
Obviously even maintaining AOSP yourself requires a huge effort and a lot of people would need to donate development time/money.
Android is a proprietary operating system developed by Google. Try running your "free" modified AOSP in the real world, on a real device, like a real person would and see how far you get before being blocked and restricted due to hardware attestation.
I have been running AOSP-based LineageOS and now GrapheneOS for more than a decade now. While some apps are restricted to Google-certified operating systems, most are definitely not. I can use my countries eID apps and my banking app without issue. The only thing not working is nfc payments (since they are limited to Google Wallet)
I think that they are pointing at that using Android in daily life in a meaningful way requires installing Google Play Services because many apps require it.
And my point is throwing out all of AOSP because of that is throwing out the baby with the bathwater. Whatever other FOSS OS someone comes up with won't have Google Play Services built in either.
Well the nice thing about the spectrum is that we are all on it and that we draw imaginary lines ourselves.
All wisdom aside... I think you're right. I takes a certain grit to start to appreciate the ultimate effect of software freedom culture and licensing. Never mind the the whole philosophy.
It's like explaining CRISPR (yeah I'm a biologist) to a normie... Ok, so lets start with what DNA is... proceeds to guide someone through a lifetime in the molecular biology field....
This is irremovable tension - FOSS in its ideals is democratic, yet it can never succeed in democratization. This is why I think preaching freedom and agency is a bad strategy for the FOSS, even if its members believe them.
Linux is 30 years old, and still it has a laughable percentage of desktop usage. Plus, the only reason it's even usable is because of the relentless work by thankless developers for reverse engineering device drivers. On smartphones this is orders of magnitude more difficult. How do you properly profile and debug a random modem in a phone? What about the cameras?
So, how can anyone expect FOSS mobile OSs to ever exist unless forced by law by the US or something?
Are you aware of the PinePhone and Librem 5? As others have said, it's already been tried.
I bought a PinePhone, and after a few too many show-stopping issues (not being able to receive a call for a scheduled job interview was the last straw), I went back to using LineageOS without gapps. I'm not a developer either, just a fairly technical user, so when the device wasn't working, all I could do was report bugs, and things weren't improving fast enough. I haven't checked on progress in a while now. postmarketOS seemed like the one to follow, and they do also support some beefier devices like the OnePlus 6T, but then you'd miss out on the PinePhone's ability to easily remove the battery and to boot off the SD card in addition to eMMC.
I also felt a bit bait-and-switched that the PinePhone Pro came out not too long after the original and then everyone seemed to switch to that one. It reminded me of the awful Gemini PDA and how quickly they rushed out a successor without fixing any problems.
This has been attempted multiple times, and always fails because followoing FOSS to the letter doesn't play with how hardware industry works, and when people aren't willing to make concensions they cannot ever deliver a product the general public would replace their Android/iOS phones with.
GrapheneOS and SailfishOS focus on a narrow set of devices and they can keep up with hardware support. I agree that you have to make concessions in terms of allowing proprietary firmware blobs and opaque baseband hardware. You also have to choose your hardware wisely (e.g. GrapheneOS can/could piggyback on Google's driver work).
I was just saying that you can make the problem more narrow by not trying to support every device out there. Start small and pick your battles (which probably means using AOSP and using sandboxed AOSP).
I think the main issue of many previous attempts was what typically happens in the FLOSS community: there are N attempts rather than one coordinated attempt (Ubuntu Touch, Plasma Mobile, PostmarketOS, PureOS, etc.) and everybody is targeting different hardware. It's similar to how the Linux desktop got fragmented, though it's even more problematic for mobile, since the usage is probably 1/1000th of Linux desktop usage.
> How do you properly profile and debug a random modem in a phone? What about the cameras?
This is a huge factor. Mobile chip sets (CPU/SoC, crypto enclaves, GPU modems/basebands) are buried under NDAs a mile thick, and you can't just whack an oscilloscope on the bus like its 1979. Those companies treat their opaque hardware as their defense against IP theft, they'll never, ever give it up in the current environment.
And the cameras are super complex and require a bunch of DSP and AI to even vaguely work let alone do all the headline features.
I know this isn’t what you meant but it’s important to remember there is some hope. Thirty years ago I was required by my CTOs to use Windows, Borland, AIX, and Solaris. Linux, FreeBSD, and Free dev environments were viewed with deep suspicion.
In 2025 you’d be viewed just as much suspicion for not building your stack on Freedom. I still have hope that we’ll get there with phones, too, some day.
In 2025, we all use Windows and macOS laptops around here, Linux is something we run on cloud environments, mostly the distributions of the cloud vendors themselves, which certainly don't upstream everything.
The use of managed language runtimes, and SaaS products with low code/no code, makes the OS kind of irrelevant, and many times we don't even consider Linux on the cloud vendor, it is seen as an implementation detail, as many workloads are done via managed deployments like Vercel, Netlify, Azure Web App Service, and similar services.
Because of hardware standardization Linux has become a pre-competitive layer, a commodity we have decided not to compete on. And it turns out that such a commodity by definition is private, because we don't want any one party to reap all the benefits of a commodity project (we'd rip it out before using it anyway), in the same sense that we don't want want 1 company sitting on all our water consumption data for example.
So, how do we get to a commodity layer for Mobile devices? It looked like it was going to be Linux (Android), and that was Google's intention. But now they are just using their significant resources to corrupt that original idea, using their trojan horse called "play services".
The public at large only cares about convenience, not about privacy. Why don't we? How much enshitification is enough to draw that line in the sand?
The Android stack, right back to the pre-aquisition "Danger" stack, ripped out everything GPL'd above the kernel, and Google has been investing in their "fuschia" project to make a non-GPL'dv kernel as well. Gradually making more and more of it proprietary was the plan.
Google is a big company and there may have been some factions pushing to make android an open ecosystem, but I don't see that that was ever the companies intent overall.
So the real question is: Why are people so social and pleasant, and why are companies so egoistic (and I mean egoistic in the cancer/parasitic/enshitifying way, not in the Ayn-Rand/social/We-are-all-equal way).
Is it the lack of deep, DNA encoded morality? What are we going to do about this? What is the DNA of an organization anyway?
How, as a society can we take away these stimuli that make it so natural to consume individual freedoms when we grow our tribe-size?
Maybe we need more freedom, more freedom to say: "F-this I'm out of here, I just like the set of rule of this other society better." Maybe we are still too constrained. By our ways of generating income, by our countries, continents and ultimately our planet. We have 1 lifetime, we have to make do with what we find.
There are mechanisms which make firms more social: cooperatives. In another world, public infrastructure such as android would be owned by a cooperative of it's users. Instead, users are tenants of infrastructure owned by others, always vulnerable to the owners changing the deal
The problem is that it's difficult for cooperatives to raise capital: they can issue debt, but not equity (because the definition of a co-op is that it is owned by members (usually customers and employees )-and no-one else). But debt is not really risk capital in the same way as equity and doesn't enable bold initiatives and innovation.
You can buy a completely open RISC-V chip and debug to your heart's content. x86 is also completely open, with only special outliers like XBox/PS5 even half-heartedly trying to disable third-party access.
Stallman's fallacy is thinking every system is perfect and unbreakable and that people have a perfect understanding of software and systems (for better or for worse)
People will be running pirated debugger copies if that comes to shove
99.9% of people DNGAF about OSS. They do care about doing what they need on their phone without malware/bloatware/nagware
Also publishing and development are separate activities
I doubt that Stallman, of all people, thinks literally that. But systems which are breakable have ways of improving themselves, closing off the exploitable holes. So it makes sense to regard systems as being eventually unbreakable. Or at least having an unacceptably long "mean time between cracks". The game plan cannot simply be "oppressive software and hardware systems will always have imperfections so the good people will cheerfully get around them", even if is is de facto that way at some point in time w.r.t. certain systems. That's actually a kind of defeatist attitude disguised as optimism; passively accepting crap based on the faith that you will scrape through somehow.
What an absurd ask. How is a $2.5 trillion dollar company supposed to make any money if it has to spend a bit of time on security? Did you even think about the economy?
Clearly it wasn't doing fine in 2018 when Apple became the first trillion dollar company. Nor was it when in 2012 when Apple's market cap exceeded oil companies, barely breaking half a trillion dollars. And the economy was definitely in shambles back in 2005 when no company even had a 400bn market cap! Seriously, how could the economy ever survive?!
Where would the wold be without all those innovations. Like the 2005 invention of YouTube, the 2007 release of the iPhone. Where would we be without such world changing technologies that followed with tech's rise in global dominance? Technologies like, Bitcoin, VR, and an even thinner iPhone? Do you even know how many peoples' lives these technologies have saved? Seriously? Because I don't...
> I doubt that Stallman, of all people, thinks literally that
Yeah I agree his opinion is probably more balanced, however Right to read is a short story displaying characters with too much learned helplessness and too little agency so I'm just going based on what he literally put to paper
I wouldn't bet on hackers saving us from everything. There are 150 million Nintendo Switches in the world, and nobody has figured out how to jailbreak one without getting into the hardware and shorting some wires (and even then only on early unpatched models). I don't think its out of the realm of possibility to make a best-selling phone that stays uncrackable for the general population for its entire lifecycle.
Your fallacy is thinking that authoritarian governments care about enforcement or successful enforcement of such laws. The goal is to create a status quo in which all citizens break many laws daily and so are already guilty if they ever rock the boat and disturb those in power.
Stallman's "Right to Read" is an accurate reflection of reality in that sense.
Yeah and people had gay sex when it was illegal but it still is a shameful injustice for the government to decide what software I run on my own hardware
Yep. PC openness is totaly a bug and not a feature of the capitalism. We should cherish this situation and fight for it because it really feels like the other long term alternative is techno-fascism.
I asked an LLM, so I think I get it but could you try to mention what is meant with "Stallman was right"? The reason I'm asking you and not posting the LLM answer is because it still feels a bit icky to post an LLM answer for everything I don't understand [1].
[1] Feel free to discuss this too, if you want. I'm developing my opinion on it.
Richard Stallman has spent basically his entire career trying to convince people that all software should be free as in freedom, so that people truly control the devices that they own--preventing things like Google being able to lock users out of the ability to install applications on a device that they purchased.
Read up on the principles of the Free Software Foundation if you want all the details.
Stallman has a long history of being very abrasive and ideological. He is the kind of guy who makes zero concessions for practicality, and he insists on prioritizing user freedom because he has always feared that otherwise users will be locked out of having the ability to truly control their computers. It's always been kind of easy to laugh at his crusade because of how zealous he is, and how absurd the scenarios he warns about seem to be. The thing is... he seems to have been right the whole time. Companies really do want to lock you out of controlling the devices you own, and do so at the first opportunity. So... Stallman was right.
Inasmuch as the GPL itself is not Stallman's preferred state of affairs (he would prefer to see copyright abolished altogether, at least for software, and copyleft is just a compromise for now), I suppose so. Otherwise I'm not aware of any wiggle room, was there something specific you had in mind?
> [H]e would prefer to see copyright abolished altogether, at least for software...
Oh? From the "Finding the right bargain" section of this 2002 essay [0]
> So perhaps novels, dictionaries, computer programs, songs, symphonies, and movies should have different durations of copyright, so that we can reduce the duration for each kind of work to what is necessary for many such works to be published. Perhaps movies over one hour long could have a twenty-year copyright, because of the expense of producing them. In my own field, computer programming, three years should suffice, because product cycles are even shorter than that.
> He is the kind of guy who makes zero concessions for practicality...
Respectfully, this claim is incorrect. See this 2013 essay [0] for one example out of many where concessions are made to practicality.
Folks who are unfamiliar with Stallman's writing and the general philosophy of the FSF and/or the GNU Project might find spending an hour or so reading through some of the essays here [1] (perhaps starting with this 1991 essay [2]) to be informative.
> The question here is, is it ever a good thing to use a nonfree program? Our conclusion is that it is usually a bad thing, harmful to yourself and in some cases to others. If you run a nonfree program on your computer, it denies your freedom; the immediate wrong is directed at you.
That is most certainly not making concessions for practicality in my book. So if anything, the citation you provided is IMO evidence for my claim.
To continue with the text of the rest of the section (with the footnotes present in the original removed):
If you run a nonfree program on your computer, it denies your freedom; the immediate wrong is directed at you.
That does not mean you're an “evildoer” or “sinner” for running a nonfree program. When the harm you're doing is mainly to yourself, we hope you will stop, for your own sake.
Sometimes you may face great pressure to run a nonfree program; we don't say you must defy that pressure at all costs (though it is inspiring when someone does that), but we do urge you to look for occasions to where you can refuse, even in small ways.
If you recommend that others run the nonfree program, or lead them to do so, you're leading them to give up their freedom. Thus, we have a responsibility not to lead or encourage others to run nonfree software. Where the program uses a secret protocol for communication, as in the case of Skype, your own use of it pressures others to use it too, so it is especially important to avoid any use of these programs.
But there is one special case where using some nonfree software, and even urging others to use it, can be a positive thing. That's when the use of the nonfree software aims directly at putting an end to the use of that very same nonfree software.
Thanks, I wasn't trying to cherry pick or anything. But I don't think that the full text changes the substance of what is laid out in the first couple of paragraphs. The FSF (and by extension Stallman) refrains from calling the user names if he chooses to use nonfree software, presumably because they recognize that freedom must include the freedom to run any software at all, even if they consider it harmful. But they are quite clear that they do consider it harmful both to oneself and others to run nonfree software, even if it is useful. That, to me, is very much refusing to make concessions to practicality within their ideology. The only concession they do make is an explicitly ideological one, not a practical one! So again, this piece seems to me to support my claim, not to disprove it.
> But they are quite clear that they do consider it harmful both to oneself and others to run nonfree software, even if it is useful.
As we're seeing, time and time and time again, it is harmful. The benefits may outweigh the harms today, but unless the steward of that nonfree software is extraordinarily careful and forward-thinking (as it were), those relationships inevitably go bad and become coercive over time. As we know, Stallman is (and always has been) right about this.
> That, to me, is very much refusing to make concessions to practicality within their ideology.
1) The last paragraph of the opening section is a plain and obvious concession to practicality: "But there is one special case where using some nonfree software ... can be a positive thing. That's when the use of the nonfree software aims directly at putting an end to the use of that very same nonfree software."
2) I'm not sure how saying "We'd be sad and would all be worse off if you used nonfree software, but do understand that there can be compelling real-world reasons to do so. Please don't use nonfree software, or -if that's not possible- consider small ways to avoid using it whenever opportunity presents itself." is anything but a concession to practicality. A hard-liner that refuses to make concessions to practicality wouldn't incorporate such a thing into their philosophy!
Respectfully, are you sure you're not letting knowledge of how Stallman uses/manages/etc his personal computing devices influence your interpretation of what these essays and the FSF's philosophy are about?
Stallman himself was using a laptop with a proprietary BIOS before truly free laptops became available. I don't understand how this isn't a compromise.
I think I have an old comment about this, but there is an actual `adb sideload` command for installing an apk on your phone from your computer. Since it's from your computer and not the phone itself, it's sideloading and not frontloading, I guess. Weirdly, and wrongly, people have also started to use the term to refer to just installing apps from outside the official appstores, but that's not sideloading. It's just installing an app. It's a normal Android feature. You can just grab a .apk file with your browser and install it like you would a .exe file on Windows.
iOS on the other hand historically required a jailbreak for this. I think that's where the confusion started. Android doesn't need a jailbreak, it doesn't need root (privileges), it doesn't need a custom ROM. You can just install stuff, it's normal. I think iOS users don't realize how different Android is and they just start repeating words like sideload and root without knowing what they mean, assuming it's just Android-speak for a jailbreak. They don't realize there's no jail in the first place.
I am aware English is a living language, and if enough people are wrong for long enough, they stop being wrong, but it's certainly painful to witness.
Already starting on macos. Gatekeeper had setting where you could allow any app. Now it is removed. While still possible to allow individual app (you need to do it after every OS update), trajectory is now clear.
I'm all for calling out fascist behavior when it is spotted, but let's not muddy the waters further. This word is already denatured enough.
This is not fascism, this is just a rational move from Google in a market economy. It feels like every time something like this happens, Americans rediscover what capitalism is and implies, then blame it on "human nature", "greed" or "fascism".
This is intolerable. You own the device. You must be able to run whatever you want on it. Locking or limiting your access to the stuff you bought is not only unacceptable, it's basically like saying you don't really own anything. You're basically leasing a device until the OEM decides you can't run anything on it anymore. Would people accept if a car manufacturer prohibited you from driving their cars in certain places?
Back in the 90s Sun sold you computers with X amount of space. There was an option to upgrade. If you took it, they sent a technician around to do the upgrade. All they did was making the already existing space available. Sun always sold hardware with all the space installed but gave you only what you paid for.
Now is a time in history where any corporation worth its ill-gotten billions should take advantage of the government's whole-hearted encouragement to push through anti-competitve and anti-consumer decisions to dominate the market and the public.
I used to run Shizuku for my phone to run Hail (an app suspension tool). Now that my credit card bank start checking for USB Debugging I stopped using the app (and now my 3DS OTP has to be over SMS). I believe there's only two banks left in Thailand that do not check for one and it is just a matter of time, because any time these banks could have hired any of those "security" people who will ask why don't we block that.
So I moved to Dhizuku. It's a bit hard to setup, but once I'm done it's felt like untethered jailbreak - I don't have to complicated dance to start Shizuku now. Dhizuku basically make your phone a company phone, except it report to you. To setup a "managed main profile" you'd need to remove all accounts visible in Android account system and type a long ADB command so I don't think it can be maliciously done.
I suppose this will be how we'll use F-Droid in the next year for enthusiasts.
My bank retired their online banking website in favor of their app.
Not only that, but many of their core services (national payment network) are now exclusively offered in their app and no where else (yes, they will not allow you to do them in person or through their ATM). Your bank _will_ disable their website when you are the only one left using it.
I am not exaggerating. There is no way for me to use these core services if I don't use their app and they wont allow me to use their app thanks to their google play policy.
Unless otherwise mandated, their website will go away and they will have their way with your rights and make you pay for it.
Don't shrug this off. Fight this while you still can.
Perhaps there's another bank you can switch to? Here we have a few mobile-only banks, but traditional banks with websites and physical MFA devices as an option too.
Sadly, traditional banks are very eager to get rid of dedicated multi-factor devices in favour of their own mobile applications. I have seen strong encouragement via nagging and some going so far as to start charging for physical multi-factor authentication devices.
Likely this gives them another way to milk information out of you, push their marketing onto to you, and saves them from having to manage physical devices. The obvious downside is of course a degradation in security and further cementing the duopoly and more or less forced participation in it that we as citizens have to endure.
Don't know if it's the same there, but where live (and I guess all of the EU) most banks allow you to use the website, but require the phone to authorize logins and transactions (as 2FA basically)
Presumably this won't apply to Chinese OEMs, since even though their devices do ship a disabled by default Google Mobile Services (without the user facing Play Store APK), it obviously would not be suitable to require Google involvement for developing internal apps. The OEMs could set up such a debug licensing service themselves, but each of them would have to do it themselves, and then it would be impossible to debug Google-based apps on the devices.
Many Chinese OEMs are not Google certified, so it won't for sure apply to them. Some (Huawei) even had to implement their own app store and replacement for Google services. They are basically de-googled devices, though, sadly, often loaded with spyware from the other camp.
It must be left up to the device owner to decide if they want to have side loading app of unverified developer disabled or not. Period. There is nothing more to it. If there can be setting on phone to unlock bootloader, then there can also be a setting for this.
Those questions may make some users uncomfortable, but it's wishful thinking to believe they would make Google uncomfortable. Google doesn't care in the slightest about these issues.
Individual privacy and anonymity matter substantially less when Governments are basically decent and play by the rules, and so it seems there is a tendency to value convenience and utility over privacy and anonymity.
When Government goes bad, suddenly we are faced with the utmost need for privacy and anonymity, but we may by then be in a situation where privacy and anonymity are difficult to obtain, with all the consequences that then flow from that.
If anything, this is even worse than what Apple does. iPhone users frequently argue that the inability to install arbitrary software is a feature in their eyes, one of the things that attracts them to the platform. I disagree with their argument, but in fairness I must admit Apple has never pretended that an iPhone is a device you control. They have always been very up front that it is a curated experience, their way or the highway. It's distasteful to me but they're honest about it. What Google is doing is a bait and switch to so many users who chose their platform specifically because it was open.
Because most of us live in countries where an iPhone is two months salary at least, or a contract bound to several years before it can be cancelled, while Android is usually half of that, with the freedom of pre-pay.
I'd guess that the main reason Googel has done this is to prevent side-loading of messenger apps, such as Signal, with true end-to-end encryption. Such messengers would be very difficult to surveil at scale. You might ask why not to simply install these apps from Play Store? The reason is Google demands signing keys for all apps, so it can impersonate the developer, inject any spyware, rebuild the app, sign it and make it look untampered. Side-loading bypasses this entirely.
As far as I understand, verification is tied to the package name (or at least the prefix). Since F-Droid packages thousands of applications from different developers, I don't see how they could reasonably get verified.
They know the days of the app-store monopolies are ending so they are now implementing apple-style notarisation - which they could have done years ago, but never seemed to need to until now...
IMHO, thats is them still having an unfair control over the android market so the EU will come for them eventually - and no doubt they will implement some other devious bullshit.
Ideally the world will wake up and realise multi-sector megacorps simply should not exist and split them all up accordingly - but I'm not holding my breath.
Omarchy is just a set of defaults for an existing software stack. The problems here are at a much more fundamental level: getting devices that can be unlocked, getting device drivers/firmware that are also updated on a regular basis, supporting hardware attestation and getting app makers to support it without Google's support (assuming an Android compatibility layer), getting a healthy app ecosystem (if there is no Android compatibility layer).
Currently probably the best route is basing the OS on Android (so that you can benefit from all the existing apps), making a non-hostile reference device, and getting regulators' attention (the EU is probably the most likely to succeed) to break Google's monopoly on attestation.
This is largely what GrapheneOS is currently trying. I think what we can do as users is install GrapheneOS with sandboxed Google Play and for any apps that do not work, contact their developers. If GrapheneOS manages to get millions of users and get on the radar of app developers, that's the best shot I think.
But it feels like the window is closing quickly. So if you care at all about any of this, today is the day to get a GrapheneOS device and make yourself heard.
I'm a nobody, but let me answer these questions in 60 seconds.
1: None, no anonymous accounts allowed. 2: None. Civil what?. 3: It's the Google's company policy, don't use our products if you don't agree to it. 4: If devs write apps for this nearly impossible to develop Mac AppStore ecosystem, I don't see even a slightest problem here. 5: Just change package IDs.
Arguing that developers should be able to be anonymous so that they can make apps to help break the law is not as convincing as an argument as I think the author think it is.
Reading between the lines though I think it's likely that you can still install apps whose package has not been registered. Potentially this will require adb or putting your device into developer mode. For the sample app scenario you may be able to still install via adb. For example adb install does not trigger Play Protect.
In regards to the privacy policy, it's misleading to also not including the part of "based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures." The why for this clause is so that Google can avoid NIH, not having to build everything their business needs in house.
Break the law? The app mentioned isn't unlawful. Many map apps track speeding camera locations. Asking for badge numbers from a police officer is also normal.
And why is a phone different from a computer? Nobody bats an eye when downloading program on computer, or visiting a website with arbitrary code.
The example was recent and very clearly put the developer at personal risk. But there are many gray-zones.
An app to decode car diagnostics codes isn't unlawful, but being personally identified could get you in alot of trouble by car companies anyway.
And what about making an independent news app in Russia? More clearly ok by our morals and law, but very dangerous for the developer.
History has shown time and time again that it is dangerous to centralize power into the hands of few. A lot of mechanisms have been invented and subsequently dismantled again in attempts to protect us from this. Fascism is real.
It's also really stupid to drive a car in a flood, but we don't have cars check the weather forecast before starting up( maybe I shouldn't post this, might give someone some ideas).
I don't think anyone is arguing that they want app developers to break the law, but rather that Google must not take away the device owner's choice to install any app he so chooses. But even to the extent that does involve lawbreaking... yes, that's the price you have to pay for freedom. You cannot give people freedom without some people misusing it to do bad things, but that does not mean freedom should therefore be abrogated. In the extreme, you could have a very safe society without any crimes if you locked every citizen inside a small cell that they couldn't leave. But nobody, not even the most ardent tough on crime advocates, would contend that such a trade would be worth it. We all agree that some amount of criminal activity must be tolerated for the sake of living freely, then... the only question is where each person thinks that line should be drawn.
While I am against the policy, Google only publishes developer's full legal name and email address if the app is monetized [0].
If the app is monetized, then the full mailing address is shared.
If money is involved, it’s fair for users to know who they’re dealing with. Developers who want to hide their personal identity can still do so legally with a shell company.
Taking it a step further, if I am going to run your code on my device, I want to know who I'm giving access to my data/cpu/hardware.
Just like with offline transactions, customers should know who they are giving money to.
----
> Google will display your legal name, your country (as per your legal address) and developer email address on Google Play. If you decide to monetise on Google Play, then Google will display your full address.
All of those are fine things to expect from Google Play but the point is moot because this verification would also apply to apps installed from external sources where they shouldn't have any jurisdiction.
Google, just like Apple, should be free to enforce any kind of verification they deems necessary on Google Play, as long as they allow third party stores to be on equal footing, which they don't.
I agree. we should be able to install apps we want to install. But if you're installing them from the Google Play store (which is what is discussed) then you should be allowed to know who you're doing business with.
> But if you're installing them from the Google Play store (which is what is discussed)
Maybe there's been a miscommunication somewhere but Android Developer Verification (what this thread is about) applies to all apps, even those installed outside of Google Play store.
I know I risk being down voted remorselessly but I have to put this in context. Where in the real world is anonymity considered ok? If I only put a flyer through someone's letterbox here in the UK, I have to identify myself. If I sell a physical product I not only have to identify myself but take on serious legal liability. An author can take on a pseudonym but only via an identified publisher.
In fact that latter example might provide a solution. Set up a company willing to publish apps whilst hiding the actual developer's identity.
> Where in the real world is anonymity considered ok?
You've listed commercial activities. The vast majority of non-commercial activities don't require any sort of registration or identification.
Installing an app that your friend or internet stranger developed in their spare time is not a commercial activity and people shouldn't be forced to publish their personal information in order to do so.
The thing is that so many people are used to doing whatever they want from behind the safety of their screen and are now able to do a lot of things they don’t want anyone to know about. Now the law and common sense is catching up and we’re starting to see things we take for granted in the physical world are coming to the digital world. And I think a lot of people are scared of not being able to do what they used to or being found out for doing it.
Plus, and doing what you suggest but in a country where board directors don’t need to be public really solves it.
Yea, cus when I write a fanfic I should show my id to the company that owns the printer I purchased and own, before I print out a copy to give for my friend, ffs. Does that analogy make sense to you?
I don't think anyone is saying Google must allow anonymous apps on their app store. Nor is there anything wrong with giving the user of a phone the option to only install apps which have been vouched for by some trusted third party. The problem is, Google wishes to take away my choice to install apps that don't follow their rules. And that's bullshit. It's my device, which I own. Nobody except me should be able to restrict what does and does not run on that device.
> If I only put a flyer through someone's letterbox here in the UK, I have to identify myself.
Has the UK gotten rid of public postboxes? Do you have to present government-issued ID to post a letter, flyer, or other mailpiece? Do the UK post-handling companies check the sender's claimed name and address on the mailpiece and toss it in the trash if it doesn't correspond to a registered combination of name and address?
> Where in the real world is anonymity considered ok?
Tons of places in the US, and I expect most everywhere else in the world... including the UK. (Or has the UK prohibited things like anonymous food pickup and late-night back-alley dalliances?)
If one is selling computer software, it makes some sense to keep track of the receiver of those funds... if for no other reason than to know who to go after if taxes on the sales aren't paid. However, if someone is giving away software perhaps on an AS IS basis and especially with NO WARRANTY, there's no reason to proactively keep track of who is offering that gratis gift. If some sort of legal problem ever arises because of the contents of that gift, go call the cops in and they can investigate after the fact.
I've been paying some attention to the conversation about Google's proposed policy for the past several days, and I've not seen anyone talking about the significance of the set of countries where this is rolled out to first: Brazil, Indonesia, Singapore, and Thailand. Perhaps there is no connection, but I haven't seen anyone asking what relevant repressive policies these four countries might have in common.
This shouldn't just be "questions"; this should be a full-on opposition. Do not give them even an inch, or they'll take a mile.
"debugger vendors in 2047 distributed numbered copies only, and only to officially licensed and bonded programmers." - Richard Stallman, The Right to Read, 1997
Why is it so complex to have a foss mobile OS.
I only have Linux PCs (laptops) and servers, 100% of my work and personal stuff is done there (though for work I do need to hop into MS365, Google Workspace, Zoom, etc, hooray for browsers, my final firewall between me and the walled gardens, though we can have a whole discussion on that).
For mobile, we have PostmarketOS, Phosh, Ubuntu Touch. I really must try living in them, is it on me? IDK, our government even has an identity app for iOS and Android. I should not be using it, I should stick to web. But its so much more convenient. I'm just weak, aren't I?
Maybe I should go for Ubuntu touch, with an iPad on the side or something. At least my most personal device is something I control then. Or just keep my Linux laptop handy (or make a cyberdeck!). But I want a computing platform that does not require carrying a bag. It's kinda sad. Even GrapheneOS (one of the most personal and secure mobile computing experiences out there)'s future is in the hands of its greatest adversary, the one that does not want you to have a personal computing experience.
I could be one of the people running an ungoogled phone, but my bank refuses to have an app that runs on an ungoogled OS for "security"
My bank used to block VPNs “for security reasons.”
Now they very kindly just display a warning.
Gas station app I use asks to turn VPN off every launch (even when it is disabled)
Why does a gas station need an app?
Bonus/loyalty programm
My bank blocks my mobile with Lineage OS, and it's not even possible to login to the web site without the mobile app. Absolutely pathetic.
Now I have to keep my 4 year old phone with 2 year outdated Android to access the bank application. Which deemed more safe then my mobile with latest security updates. Haha
last time I walked into the bank to do something, they tried to peddle their app. I giggled and said no, their developers don't understand security.
my phone is rooted and their app won't work.
Unfortunately, I can say with 100% confident, the customer service of my bank will not freaking understand what is a rooted phone, or LineageOS ...
And my bank's web app developer couldn't even fix their log in bug for several months. I realize, now, it's because they want to sunset their web portal.
Which is extremely annoying ... what if I don't have my mobile!!
Lazy, and greedy corporates, just trying to save their costing with shortcuts, never realizing security is never achieved by taking shortcuts.
Write them. My bank's app had safetynet, but they disabled it and now it is usable over GrapheneOS.
Unfortunately no NFC Payments though, since they are only available for Google Wallet (which uses safetynet)
> Unfortunately no NFC Payments though, since they are only available for Google Wallet (which uses safetynet)
A workaround for NFC payments I've heard about for folks running OSes on their Androids that don't support that feature is a smartwatch with NFC.
> Why is it so complex to have a foss mobile OS.
This is not too hard. What is hard is to trust it enough. A FOSS OS, by definition, allows to install whatever software, and allows for modification of itself. It is built to overcome limitations, not impose them. In this regard, it's a perfect tool for a criminal who wants to circumvent security measures, because these are limitations. It's the same problem as with cheaters in online games, only with more than games on stake. Banks and payment systems want guarantees of integrity and protection, including protection from user's actions.
A FOSS OS also assumes that the user values the freedom, and is competent in its technical aspects. This is emphatically not true about many users. They choose iOS because it's locked down and thus they cannot inadvertently do something they don't understand, and can't be bothered to learn. More importantly, their grandmother cannot do something she doesn't understand but scammers persuade her to do.
It's a bit like driving on public roads. If you want to drive yourself, you have to reveal your identity and obtain a license. If you want the hassle, take a bus, but buses only go along their routes. Letting unlicensed people drive cars where they see fit was found unacceptably dangerous for everyone eround. Maybe mainstream mobile software development will follow this model, too :(
All this is true about Linux on desktop, though my bank still allows me to log in to online banking.
At least for now.
I'm not aware of any major issues this has caused.
The trust isn't the issue. Google and Apple has made DRM easy for these companies to integrate, and therefore they do it. There isn't more to it than that.
>I'm not aware of any major issues this has caused
Decades of desktop malware used to drain bank accounts are not a major issue?
You'd need to make a case that proprietary OSes such as Windows or MacOS lessen the issue compared to FOSS OSes such as Linux. I doubt it considering that Windows is / was known to be the worst offender here.
In any case my bank has not banned the use of Linux to do homebanking. Why? Because there isn't a easy to plug-and-play API to do DRM and remove consumer rights. This is largely for historic reasons, but there is no reason a FOSS mobile OS couldn't work.
It's pretty obvious, it's costly to make one that is up to the level of quality of commercial ones. It's not a mistake that the 2 mobile oses are owned and created by some of the largest and most profitable companies in the world.
It’s costly, but those two companies also operate in a hierarchical manner (like the military or a feudal kingdom) which makes decision-making and accountability much easier. The FOSS world has been rife with petty agree-or-fork squabbles, often over relatively abstract philosophical concerns about license language.
> The FOSS world has been rife with petty agree-or-fork squabbles, often over relatively abstract philosophical concerns about license language.
You cannot say that. This means we have thousand half-baked projects to choose from, and choice is good. At least this is what I was told.
It's the ecosystem. Without an ecosystem there will be less adoption and consequently less investment in the OS. Where I stay, so many services offered exclusively through Android/iOS apps with no alternative. Even government services are slowly excluding the web and becoming app only. There is an implicit expectation from everyone that one will have either an Android/iOS device and this only becomes stronger with time.
I don't know how many people realize but what can result from this can be very dystopian and is scary. But the best possible outcome from this I hope is that some day a wise government realizes how much of daily life is dependent on two corporations and passes regulations to standardize app runtimes. You should be able to publish applications that can run on any OS. Only then we'll see competition in the OS market.
Interestingly, we are, and have been, at a point were you can publish applications that run on any OS for a while, with PWAs.
There are very few software examples, that couldn't be distributed as PWAs, including secure things like banking, etc. With WASM in the mix as well, theoretically the sky should be the limit.
Even more interestingly it hasn't happened - mainly because Apple and Google haven't got behind PWAs for obvious reasons, so the app ecosystem just doesn't exist. It's hard to see how this will changes, when mobile operating systems are dominated by two players, with very obvious incentives to make things worse for consumers but better for themselves, by grabbing as much control of the apps on their system as possible.
As far as I am concerned a Raspberry Pi 4G/5G/LTE-edition would be 50% of getting there.
> Why is it so complex to have a foss mobile OS.
In a way it's not. As you mention, we have several of them. But they won't have mass-market appeal until they can run the same sorts of apps that Android and iOS can run. And no, "just use the mobile website" is not an answer.
How do I deposit a check with my bank on my phone without the app? I can't; the mobile website doesn't have that functionality. How do I send someone money via Zelle without the app? I can't; the mobile website doesn't have that functionality.
How do I use contactless payments? I can't; the ability to build an app like Google Wallet or Apple Pay requires deep pockets and trusted payments industry connections that open source mobile OS developers will likely never have.
How do I use Google's productivity suite? I can't; the mobile websites aren't functional enough. How do I use Microsoft's? Ditto.
How do I use the remote-lock functionality of my car? I can't; that's only available through the Android and iOS apps.
I could go on, and on, and on, but I think you see the point. Many people who advocate for these alternative OSes don't get it. "Do you really need that functionality?", they ask. "Why can't you just do that stuff in a web browser on your laptop instead of on your phone?", they ask. "Just use a physical credit card like I do!" And then they wonder why their alternative mobile OS will never go mainstream.
People actually really care about those features and capabilities. It doesn't matter if the people who build these alternative mobile OSes don't care, or think they're stupid, or unsafe, or bad for privacy, or whatever. If you don't build what people want, they won't use your stuff.
Emulating Android sufficiently well enough to run Android apps is a decent start, but so many apps rely on Play Services and Play Integrity that it's a losing battle, or at best a cat-and-mouse game to keep things working.
On top of that, mobile chipset BSPs require financial commitments and being a Real Company. Most open source outfits can't cross that bar, and the likes of Qualcomm will be wary dealing with an organization that wants to do open source.
As Microsoft how is it so difficult to have a mobile os
Mostly because the "web" was sabotaged. I use archlinux and my only GUI application is a web browser. On mobile, I need an email app, maps app, food delivery app and a communication app. Even whatsapp doesn't work on the web (on purpose).
If the web was enabled, app stores wouldn't be possible and you could run anything without an installation. But somewhere along the line both Google and Apple realized that this isn't really to their benefit and "walled ecosystems" are an advantage.
> I use archlinux and my only GUI application is a web browser.
Debian here, and... yup. It's so weird to realize this. I have lots of browser windows open with lots and lots and lots of tabs open, but the only other app I have open is a Matrix client (which honestly is not that great; Element's web version has more features and better polish), and a terminal. If you can call a terminal a GUI app.
Sure, I do use native apps sometimes. A calculator app, GnuCash, VLC, some others. But they're not open all the time; they're infrequent-use apps. And a lot of my VLC use has been replaced by streaming on the web.
It's incredibly sad.
I mean, that's a choice. Most of my activity is still native apps, because I hate web apps and avoid them like the plague. I don't doubt you could do the same, but you have chosen to use web based options - which, to be clear, is totally fine! But it's not the way it has to be.
Mobile OSs are very consumer focused. I have criticized the FSF for, in there lengthily argued ways, abandoning the consumer.
You have to commercialize openness if you want the muscle of the consumer to be able to produce it.
Short presentation of the basic concept: https://youtu.be/SO46oEdlkY8
Some things with massive value in excess of the cost of production cannot be pursued by capital nor bought by the individual. Your choices are government, non-profit, or something in between all three. PrizeForge aims to be between all three and to completely change how we do consumer open source, incidentally bringing billions of dollars into making it.
> For mobile, we have PostmarketOS, Phosh, Ubuntu Touch.
Why are you only listing DEs and not operating systems? (You also missed SXMo and more.) There are many more operating systems [0] and two working GNU/Linux phones, Librem 5 and Pinephone. Why people are ignoring them on HN?
[0] https://pine64.org/documentation/PinePhone/Software/
PostmarketOS is, as the name implies, an OS. And I don't think OP was trying to make an exhaustive list.
The point is, there's plenty of "competing" options, but hardly anyone uses them.
Money
> For mobile, we have PostmarketOS, Phosh, Ubuntu Touch. I really must try living in them, is it on me? IDK, our government even has an identity app for iOS and Android. I should not be using it, I should stick to web. But its so much more convenient. I'm just weak, aren't I?
Don't forget GrapheneOS, LineageOS and other de-googled FOSS Android Versions
These aren't GNU/Linux, they have to follow Google's development strategy. It's like fighting with Chrome by using Chromium.
Do not forget Android is also a FOSS mobile OS.
That "F" (as in freedom) is certainly eroding. Perhaps not by its source availability directly (although without any drivers, what is the use?), but very much by a company trying to lock you out of all the goodies that once came with it.
Even if Google would stop open sourcing AOSP, I think it would be much easier to fork AOSP than to start a new Linux-based FOSS mobile operating system from scratch
Obviously even maintaining AOSP yourself requires a huge effort and a lot of people would need to donate development time/money.
Android is not FOSS in any sense of the word and doesn't produce any user benefits that FOSS is meant to produce.
Most of AOSP is licensed under the Apache 2.0 license and GPLv2 for the Linux kernel. These are FOSS licenses recognized by the FSF.
https://www.gnu.org/licenses/license-list.html#apache2
https://www.gnu.org/licenses/license-list.html#GPLv2
Android is a proprietary operating system developed by Google. Try running your "free" modified AOSP in the real world, on a real device, like a real person would and see how far you get before being blocked and restricted due to hardware attestation.
I have been running AOSP-based LineageOS and now GrapheneOS for more than a decade now. While some apps are restricted to Google-certified operating systems, most are definitely not. I can use my countries eID apps and my banking app without issue. The only thing not working is nfc payments (since they are limited to Google Wallet)
AOSP is only a subset of what makes Android, an actual mobile phone OS.
I think that they are pointing at that using Android in daily life in a meaningful way requires installing Google Play Services because many apps require it.
I wouldn't say that means it's not FOSS, it just means things being FOSS isn't enough to ensure things are good.
And my point is throwing out all of AOSP because of that is throwing out the baby with the bathwater. Whatever other FOSS OS someone comes up with won't have Google Play Services built in either.
Oh yes, I fully agree. AOSP is the best shot at getting an alternative OS and sandboxed Google Play (like in GrapheneOS) is a good transition method.
Isn't AOSP developed behind closed doors, with infrequent code drops & zero community participation ?
Good luck building anything on top of that & keeping it in sync long term.
You can use microG which provides a lot of Google Play Service functionality.
at the mercy of Google, yes.
Foss people are on the spectrum and so never understand the common man. Simple as that I guess.
Well the nice thing about the spectrum is that we are all on it and that we draw imaginary lines ourselves.
All wisdom aside... I think you're right. I takes a certain grit to start to appreciate the ultimate effect of software freedom culture and licensing. Never mind the the whole philosophy.
It's like explaining CRISPR (yeah I'm a biologist) to a normie... Ok, so lets start with what DNA is... proceeds to guide someone through a lifetime in the molecular biology field....
This is irremovable tension - FOSS in its ideals is democratic, yet it can never succeed in democratization. This is why I think preaching freedom and agency is a bad strategy for the FOSS, even if its members believe them.
Linux is 30 years old, and still it has a laughable percentage of desktop usage. Plus, the only reason it's even usable is because of the relentless work by thankless developers for reverse engineering device drivers. On smartphones this is orders of magnitude more difficult. How do you properly profile and debug a random modem in a phone? What about the cameras?
So, how can anyone expect FOSS mobile OSs to ever exist unless forced by law by the US or something?
This is 'easily' solved by following the Apple road - focus on one or two devices. I think many FOSS enthusiasts would be happy to buy such devices.
(I am holding out hope for the phone that the GrapheneOS project is planning to make.)
Are you aware of the PinePhone and Librem 5? As others have said, it's already been tried.
I bought a PinePhone, and after a few too many show-stopping issues (not being able to receive a call for a scheduled job interview was the last straw), I went back to using LineageOS without gapps. I'm not a developer either, just a fairly technical user, so when the device wasn't working, all I could do was report bugs, and things weren't improving fast enough. I haven't checked on progress in a while now. postmarketOS seemed like the one to follow, and they do also support some beefier devices like the OnePlus 6T, but then you'd miss out on the PinePhone's ability to easily remove the battery and to boot off the SD card in addition to eMMC.
I also felt a bit bait-and-switched that the PinePhone Pro came out not too long after the original and then everyone seemed to switch to that one. It reminded me of the awful Gemini PDA and how quickly they rushed out a successor without fixing any problems.
Don’t worry, the PinePhone Pro is now EOL while the original one will go on for 2 more years!!!
> after a few too many show-stopping issues (not being able to receive a call for a scheduled job interview was the last straw)
When was it? There are no complains from people daily driving both phones in the last couple of years AFAIK.
This has been attempted multiple times, and always fails because followoing FOSS to the letter doesn't play with how hardware industry works, and when people aren't willing to make concensions they cannot ever deliver a product the general public would replace their Android/iOS phones with.
GrapheneOS and SailfishOS focus on a narrow set of devices and they can keep up with hardware support. I agree that you have to make concessions in terms of allowing proprietary firmware blobs and opaque baseband hardware. You also have to choose your hardware wisely (e.g. GrapheneOS can/could piggyback on Google's driver work).
I was just saying that you can make the problem more narrow by not trying to support every device out there. Start small and pick your battles (which probably means using AOSP and using sandboxed AOSP).
I think the main issue of many previous attempts was what typically happens in the FLOSS community: there are N attempts rather than one coordinated attempt (Ubuntu Touch, Plasma Mobile, PostmarketOS, PureOS, etc.) and everybody is targeting different hardware. It's similar to how the Linux desktop got fragmented, though it's even more problematic for mobile, since the usage is probably 1/1000th of Linux desktop usage.
Law is no longer interested in giving freedom to people
> How do you properly profile and debug a random modem in a phone? What about the cameras?
This is a huge factor. Mobile chip sets (CPU/SoC, crypto enclaves, GPU modems/basebands) are buried under NDAs a mile thick, and you can't just whack an oscilloscope on the bus like its 1979. Those companies treat their opaque hardware as their defense against IP theft, they'll never, ever give it up in the current environment.
And the cameras are super complex and require a bunch of DSP and AI to even vaguely work let alone do all the headline features.
I know this isn’t what you meant but it’s important to remember there is some hope. Thirty years ago I was required by my CTOs to use Windows, Borland, AIX, and Solaris. Linux, FreeBSD, and Free dev environments were viewed with deep suspicion.
In 2025 you’d be viewed just as much suspicion for not building your stack on Freedom. I still have hope that we’ll get there with phones, too, some day.
In 2025, we all use Windows and macOS laptops around here, Linux is something we run on cloud environments, mostly the distributions of the cloud vendors themselves, which certainly don't upstream everything.
The use of managed language runtimes, and SaaS products with low code/no code, makes the OS kind of irrelevant, and many times we don't even consider Linux on the cloud vendor, it is seen as an implementation detail, as many workloads are done via managed deployments like Vercel, Netlify, Azure Web App Service, and similar services.
> In 2025 you’d be viewed just as much suspicion for not building your stack on Freedom.
Tell me you live in the web bubble without telling it.
Because of hardware standardization Linux has become a pre-competitive layer, a commodity we have decided not to compete on. And it turns out that such a commodity by definition is private, because we don't want any one party to reap all the benefits of a commodity project (we'd rip it out before using it anyway), in the same sense that we don't want want 1 company sitting on all our water consumption data for example.
So, how do we get to a commodity layer for Mobile devices? It looked like it was going to be Linux (Android), and that was Google's intention. But now they are just using their significant resources to corrupt that original idea, using their trojan horse called "play services".
The public at large only cares about convenience, not about privacy. Why don't we? How much enshitification is enough to draw that line in the sand?
The Android stack, right back to the pre-aquisition "Danger" stack, ripped out everything GPL'd above the kernel, and Google has been investing in their "fuschia" project to make a non-GPL'dv kernel as well. Gradually making more and more of it proprietary was the plan.
Google is a big company and there may have been some factions pushing to make android an open ecosystem, but I don't see that that was ever the companies intent overall.
So the real question is: Why are people so social and pleasant, and why are companies so egoistic (and I mean egoistic in the cancer/parasitic/enshitifying way, not in the Ayn-Rand/social/We-are-all-equal way).
Is it the lack of deep, DNA encoded morality? What are we going to do about this? What is the DNA of an organization anyway?
How, as a society can we take away these stimuli that make it so natural to consume individual freedoms when we grow our tribe-size?
Maybe we need more freedom, more freedom to say: "F-this I'm out of here, I just like the set of rule of this other society better." Maybe we are still too constrained. By our ways of generating income, by our countries, continents and ultimately our planet. We have 1 lifetime, we have to make do with what we find.
There are mechanisms which make firms more social: cooperatives. In another world, public infrastructure such as android would be owned by a cooperative of it's users. Instead, users are tenants of infrastructure owned by others, always vulnerable to the owners changing the deal
The problem is that it's difficult for cooperatives to raise capital: they can issue debt, but not equity (because the definition of a co-op is that it is owned by members (usually customers and employees )-and no-one else). But debt is not really risk capital in the same way as equity and doesn't enable bold initiatives and innovation.
You can buy a completely open RISC-V chip and debug to your heart's content. x86 is also completely open, with only special outliers like XBox/PS5 even half-heartedly trying to disable third-party access.
So the "Right to read" is still bonkers.
Stallman's fallacy is thinking every system is perfect and unbreakable and that people have a perfect understanding of software and systems (for better or for worse)
People will be running pirated debugger copies if that comes to shove
99.9% of people DNGAF about OSS. They do care about doing what they need on their phone without malware/bloatware/nagware
Also publishing and development are separate activities
I doubt that Stallman, of all people, thinks literally that. But systems which are breakable have ways of improving themselves, closing off the exploitable holes. So it makes sense to regard systems as being eventually unbreakable. Or at least having an unacceptably long "mean time between cracks". The game plan cannot simply be "oppressive software and hardware systems will always have imperfections so the good people will cheerfully get around them", even if is is de facto that way at some point in time w.r.t. certain systems. That's actually a kind of defeatist attitude disguised as optimism; passively accepting crap based on the faith that you will scrape through somehow.
What an absurd ask. How is a $2.5 trillion dollar company supposed to make any money if it has to spend a bit of time on security? Did you even think about the economy?
Clearly it wasn't doing fine in 2018 when Apple became the first trillion dollar company. Nor was it when in 2012 when Apple's market cap exceeded oil companies, barely breaking half a trillion dollars. And the economy was definitely in shambles back in 2005 when no company even had a 400bn market cap! Seriously, how could the economy ever survive?!
Where would the wold be without all those innovations. Like the 2005 invention of YouTube, the 2007 release of the iPhone. Where would we be without such world changing technologies that followed with tech's rise in global dominance? Technologies like, Bitcoin, VR, and an even thinner iPhone? Do you even know how many peoples' lives these technologies have saved? Seriously? Because I don't...
> I doubt that Stallman, of all people, thinks literally that
Yeah I agree his opinion is probably more balanced, however Right to read is a short story displaying characters with too much learned helplessness and too little agency so I'm just going based on what he literally put to paper
> They do care about doing what they need on their phone without malware/bloatware/nagware
Yeah you're absolutely right, tell that to Facebook/Instagram/Temu/TikTok/Pinduoduo/(any other _spying_ apps) users.
Their spying doesn't prevent anyone from using their bank app, or using other apps on their phone, or consume (too) much battery
I wouldn't bet on hackers saving us from everything. There are 150 million Nintendo Switches in the world, and nobody has figured out how to jailbreak one without getting into the hardware and shorting some wires (and even then only on early unpatched models). I don't think its out of the realm of possibility to make a best-selling phone that stays uncrackable for the general population for its entire lifecycle.
Your fallacy is thinking that authoritarian governments care about enforcement or successful enforcement of such laws. The goal is to create a status quo in which all citizens break many laws daily and so are already guilty if they ever rock the boat and disturb those in power.
Stallman's "Right to Read" is an accurate reflection of reality in that sense.
Yeah and people had gay sex when it was illegal but it still is a shameful injustice for the government to decide what software I run on my own hardware
The requirement of verification to side-load any app is fascist control. It is clear as night and day.
Shame on Google and Apple, it was always clear this was the end goal and next up is also your PC.
Right after will come the removal off apps they don't like and there is nothing you can do about it.
Stallman was right
PC only turned out open, because IBM never saw it coming, and when they tried to get control back it was too late.
Yep. PC openness is totaly a bug and not a feature of the capitalism. We should cherish this situation and fight for it because it really feels like the other long term alternative is techno-fascism.
I asked an LLM, so I think I get it but could you try to mention what is meant with "Stallman was right"? The reason I'm asking you and not posting the LLM answer is because it still feels a bit icky to post an LLM answer for everything I don't understand [1].
[1] Feel free to discuss this too, if you want. I'm developing my opinion on it.
Richard Stallman has spent basically his entire career trying to convince people that all software should be free as in freedom, so that people truly control the devices that they own--preventing things like Google being able to lock users out of the ability to install applications on a device that they purchased.
Read up on the principles of the Free Software Foundation if you want all the details.
Stallman has a long history of being very abrasive and ideological. He is the kind of guy who makes zero concessions for practicality, and he insists on prioritizing user freedom because he has always feared that otherwise users will be locked out of having the ability to truly control their computers. It's always been kind of easy to laugh at his crusade because of how zealous he is, and how absurd the scenarios he warns about seem to be. The thing is... he seems to have been right the whole time. Companies really do want to lock you out of controlling the devices you own, and do so at the first opportunity. So... Stallman was right.
> He is the kind of guy who makes zero concessions for practicality
Didn't he give some wiggle room in GPL license ?
Inasmuch as the GPL itself is not Stallman's preferred state of affairs (he would prefer to see copyright abolished altogether, at least for software, and copyleft is just a compromise for now), I suppose so. Otherwise I'm not aware of any wiggle room, was there something specific you had in mind?
> [H]e would prefer to see copyright abolished altogether, at least for software...
Oh? From the "Finding the right bargain" section of this 2002 essay [0]
> So perhaps novels, dictionaries, computer programs, songs, symphonies, and movies should have different durations of copyright, so that we can reduce the duration for each kind of work to what is necessary for many such works to be published. Perhaps movies over one hour long could have a twenty-year copyright, because of the expense of producing them. In my own field, computer programming, three years should suffice, because product cycles are even shorter than that.
Has his opinion changed since then?
[0] <https://www.gnu.org/philosophy/misinterpreting-copyright.htm...>
> He is the kind of guy who makes zero concessions for practicality...
Respectfully, this claim is incorrect. See this 2013 essay [0] for one example out of many where concessions are made to practicality.
Folks who are unfamiliar with Stallman's writing and the general philosophy of the FSF and/or the GNU Project might find spending an hour or so reading through some of the essays here [1] (perhaps starting with this 1991 essay [2]) to be informative.
[0] <https://www.gnu.org/philosophy/is-ever-good-use-nonfree-prog...>
[1] <https://www.gnu.org/philosophy/essays-and-articles.html>
[2] <https://www.gnu.org/philosophy/shouldbefree.html>
From your link 0:
> The question here is, is it ever a good thing to use a nonfree program? Our conclusion is that it is usually a bad thing, harmful to yourself and in some cases to others. If you run a nonfree program on your computer, it denies your freedom; the immediate wrong is directed at you.
That is most certainly not making concessions for practicality in my book. So if anything, the citation you provided is IMO evidence for my claim.
To continue with the text of the rest of the section (with the footnotes present in the original removed):
Thanks, I wasn't trying to cherry pick or anything. But I don't think that the full text changes the substance of what is laid out in the first couple of paragraphs. The FSF (and by extension Stallman) refrains from calling the user names if he chooses to use nonfree software, presumably because they recognize that freedom must include the freedom to run any software at all, even if they consider it harmful. But they are quite clear that they do consider it harmful both to oneself and others to run nonfree software, even if it is useful. That, to me, is very much refusing to make concessions to practicality within their ideology. The only concession they do make is an explicitly ideological one, not a practical one! So again, this piece seems to me to support my claim, not to disprove it.
> But they are quite clear that they do consider it harmful both to oneself and others to run nonfree software, even if it is useful.
As we're seeing, time and time and time again, it is harmful. The benefits may outweigh the harms today, but unless the steward of that nonfree software is extraordinarily careful and forward-thinking (as it were), those relationships inevitably go bad and become coercive over time. As we know, Stallman is (and always has been) right about this.
> That, to me, is very much refusing to make concessions to practicality within their ideology.
1) The last paragraph of the opening section is a plain and obvious concession to practicality: "But there is one special case where using some nonfree software ... can be a positive thing. That's when the use of the nonfree software aims directly at putting an end to the use of that very same nonfree software."
2) I'm not sure how saying "We'd be sad and would all be worse off if you used nonfree software, but do understand that there can be compelling real-world reasons to do so. Please don't use nonfree software, or -if that's not possible- consider small ways to avoid using it whenever opportunity presents itself." is anything but a concession to practicality. A hard-liner that refuses to make concessions to practicality wouldn't incorporate such a thing into their philosophy!
Respectfully, are you sure you're not letting knowledge of how Stallman uses/manages/etc his personal computing devices influence your interpretation of what these essays and the FSF's philosophy are about?
Stallman himself was using a laptop with a proprietary BIOS before truly free laptops became available. I don't understand how this isn't a compromise.
Also: https://news.ycombinator.com/item?id=45025116
Probably https://www.gnu.org/philosophy/right-to-read.en.html , mentioned elsewhere in the thread.
> The requirement of verification to side-load any app is fascist control.
Even the language we are using to describe the situation is problematic. Why do we say "side-load an app"? It should be just "run a program"!
An OS that doesn't let you run programs of your choice is laughable.
I think I have an old comment about this, but there is an actual `adb sideload` command for installing an apk on your phone from your computer. Since it's from your computer and not the phone itself, it's sideloading and not frontloading, I guess. Weirdly, and wrongly, people have also started to use the term to refer to just installing apps from outside the official appstores, but that's not sideloading. It's just installing an app. It's a normal Android feature. You can just grab a .apk file with your browser and install it like you would a .exe file on Windows.
iOS on the other hand historically required a jailbreak for this. I think that's where the confusion started. Android doesn't need a jailbreak, it doesn't need root (privileges), it doesn't need a custom ROM. You can just install stuff, it's normal. I think iOS users don't realize how different Android is and they just start repeating words like sideload and root without knowing what they mean, assuming it's just Android-speak for a jailbreak. They don't realize there's no jail in the first place.
I am aware English is a living language, and if enough people are wrong for long enough, they stop being wrong, but it's certainly painful to witness.
> It should be just "run a program"!
More accurate would be "run a program not approved by Google"
> next up is also your PC
Already starting on macos. Gatekeeper had setting where you could allow any app. Now it is removed. While still possible to allow individual app (you need to do it after every OS update), trajectory is now clear.
boot into Recovery, run "csrutil disable" and do whatever you want (not a recommendation)
How many people would be able to use this workaround?
I'm all for calling out fascist behavior when it is spotted, but let's not muddy the waters further. This word is already denatured enough.
This is not fascism, this is just a rational move from Google in a market economy. It feels like every time something like this happens, Americans rediscover what capitalism is and implies, then blame it on "human nature", "greed" or "fascism".
This is intolerable. You own the device. You must be able to run whatever you want on it. Locking or limiting your access to the stuff you bought is not only unacceptable, it's basically like saying you don't really own anything. You're basically leasing a device until the OEM decides you can't run anything on it anymore. Would people accept if a car manufacturer prohibited you from driving their cars in certain places?
Meanwhile: VW is already limiting horsepower when the yearly subscription is ceased to be paid
It's already happening. The greediness of vendors, the ignorance of users...
Back in the 90s Sun sold you computers with X amount of space. There was an option to upgrade. If you took it, they sent a technician around to do the upgrade. All they did was making the already existing space available. Sun always sold hardware with all the space installed but gave you only what you paid for.
Do not forget the inaction and/or corruption of lawmakers.
Now is a time in history where any corporation worth its ill-gotten billions should take advantage of the government's whole-hearted encouragement to push through anti-competitve and anti-consumer decisions to dominate the market and the public.
I used to run Shizuku for my phone to run Hail (an app suspension tool). Now that my credit card bank start checking for USB Debugging I stopped using the app (and now my 3DS OTP has to be over SMS). I believe there's only two banks left in Thailand that do not check for one and it is just a matter of time, because any time these banks could have hired any of those "security" people who will ask why don't we block that.
So I moved to Dhizuku. It's a bit hard to setup, but once I'm done it's felt like untethered jailbreak - I don't have to complicated dance to start Shizuku now. Dhizuku basically make your phone a company phone, except it report to you. To setup a "managed main profile" you'd need to remove all accounts visible in Android account system and type a long ADB command so I don't think it can be maliciously done.
I suppose this will be how we'll use F-Droid in the next year for enthusiasts.
Perhaps using the bank's website is an option?
I don't have a banking app installed on my phone. When I need to make a bank transfer I sit down at the computer.
My bank retired their online banking website in favor of their app.
Not only that, but many of their core services (national payment network) are now exclusively offered in their app and no where else (yes, they will not allow you to do them in person or through their ATM). Your bank _will_ disable their website when you are the only one left using it.
I am not exaggerating. There is no way for me to use these core services if I don't use their app and they wont allow me to use their app thanks to their google play policy.
Unless otherwise mandated, their website will go away and they will have their way with your rights and make you pay for it.
Don't shrug this off. Fight this while you still can.
Not the parent poster but my bank uses its own mobile app for 2FA. No app, no website.
Perhaps there's another bank you can switch to? Here we have a few mobile-only banks, but traditional banks with websites and physical MFA devices as an option too.
Sadly, traditional banks are very eager to get rid of dedicated multi-factor devices in favour of their own mobile applications. I have seen strong encouragement via nagging and some going so far as to start charging for physical multi-factor authentication devices.
Likely this gives them another way to milk information out of you, push their marketing onto to you, and saves them from having to manage physical devices. The obvious downside is of course a degradation in security and further cementing the duopoly and more or less forced participation in it that we as citizens have to endure.
Don't know if it's the same there, but where live (and I guess all of the EU) most banks allow you to use the website, but require the phone to authorize logins and transactions (as 2FA basically)
I live in EU and my bank also offers a separate MFA code generation device
There’s a feedback form, in case anybody wants to tell Google what they think about all this: https://docs.google.com/forms/d/e/1FAIpQLSfN3UQeNspQsZCO2ITk...
Discussion: https://news.ycombinator.com/item?id=45030967
Presumably this won't apply to Chinese OEMs, since even though their devices do ship a disabled by default Google Mobile Services (without the user facing Play Store APK), it obviously would not be suitable to require Google involvement for developing internal apps. The OEMs could set up such a debug licensing service themselves, but each of them would have to do it themselves, and then it would be impossible to debug Google-based apps on the devices.
Many Chinese OEMs are not Google certified, so it won't for sure apply to them. Some (Huawei) even had to implement their own app store and replacement for Google services. They are basically de-googled devices, though, sadly, often loaded with spyware from the other camp.
It must be left up to the device owner to decide if they want to have side loading app of unverified developer disabled or not. Period. There is nothing more to it. If there can be setting on phone to unlock bootloader, then there can also be a setting for this.
Those questions may make some users uncomfortable, but it's wishful thinking to believe they would make Google uncomfortable. Google doesn't care in the slightest about these issues.
> To Google, these questions might be uncomfortable.
Not really, there is no discomfort from something they can easily ignore.
I wonder if this would give Epic cause against Google?
https://en.wikipedia.org/wiki/Epic_Games_v._Apple
If Google controls verification, then Google - not Epic - controls who can distribute Android apps on the Epic store.
Individual privacy and anonymity matter substantially less when Governments are basically decent and play by the rules, and so it seems there is a tendency to value convenience and utility over privacy and anonymity.
When Government goes bad, suddenly we are faced with the utmost need for privacy and anonymity, but we may by then be in a situation where privacy and anonymity are difficult to obtain, with all the consequences that then flow from that.
There goes one of the main arguments why I've been using Android over iPhone
If anything, this is even worse than what Apple does. iPhone users frequently argue that the inability to install arbitrary software is a feature in their eyes, one of the things that attracts them to the platform. I disagree with their argument, but in fairness I must admit Apple has never pretended that an iPhone is a device you control. They have always been very up front that it is a curated experience, their way or the highway. It's distasteful to me but they're honest about it. What Google is doing is a bait and switch to so many users who chose their platform specifically because it was open.
I also remember the early war between Androids and the iPhone. The main argument was that you don't need Google's permission to run applications.
Can Google be sued for misleading and defrauding phone owners?
Yes, and that may be something Google does care about in the end. If Android becomes as closed and as controlled as iOS, why Android??
Because most of us live in countries where an iPhone is two months salary at least, or a contract bound to several years before it can be cancelled, while Android is usually half of that, with the freedom of pre-pay.
I'd guess that the main reason Googel has done this is to prevent side-loading of messenger apps, such as Signal, with true end-to-end encryption. Such messengers would be very difficult to surveil at scale. You might ask why not to simply install these apps from Play Store? The reason is Google demands signing keys for all apps, so it can impersonate the developer, inject any spyware, rebuild the app, sign it and make it look untampered. Side-loading bypasses this entirely.
So no F-Droid?
Fdroid signs builds with own key, so it shouldn't be a problem if they pass this verification.
It won't be a problem. . . until Google revokes their accreditation for some reason they won't explain.
As far as I understand, verification is tied to the package name (or at least the prefix). Since F-Droid packages thousands of applications from different developers, I don't see how they could reasonably get verified.
Very good questions, and hope that they can get answers to them.
Did you actually reach out to Google?
They know the days of the app-store monopolies are ending so they are now implementing apple-style notarisation - which they could have done years ago, but never seemed to need to until now...
IMHO, thats is them still having an unfair control over the android market so the EU will come for them eventually - and no doubt they will implement some other devious bullshit.
Ideally the world will wake up and realise multi-sector megacorps simply should not exist and split them all up accordingly - but I'm not holding my breath.
This is the most terrible thing that I read in this year.
Maybe we can finally spark an omarchy style user driven linux mobile OS ala DHH?
Or are users just going to face network bans and additional tracking like with grapheneos?
Omarchy is just a set of defaults for an existing software stack. The problems here are at a much more fundamental level: getting devices that can be unlocked, getting device drivers/firmware that are also updated on a regular basis, supporting hardware attestation and getting app makers to support it without Google's support (assuming an Android compatibility layer), getting a healthy app ecosystem (if there is no Android compatibility layer).
Currently probably the best route is basing the OS on Android (so that you can benefit from all the existing apps), making a non-hostile reference device, and getting regulators' attention (the EU is probably the most likely to succeed) to break Google's monopoly on attestation.
This is largely what GrapheneOS is currently trying. I think what we can do as users is install GrapheneOS with sandboxed Google Play and for any apps that do not work, contact their developers. If GrapheneOS manages to get millions of users and get on the radar of app developers, that's the best shot I think.
But it feels like the window is closing quickly. So if you care at all about any of this, today is the day to get a GrapheneOS device and make yourself heard.
I'm a nobody, but let me answer these questions in 60 seconds.
1: None, no anonymous accounts allowed. 2: None. Civil what?. 3: It's the Google's company policy, don't use our products if you don't agree to it. 4: If devs write apps for this nearly impossible to develop Mac AppStore ecosystem, I don't see even a slightest problem here. 5: Just change package IDs.
Thank you for listening, see you again next time.
Do you work for Google?
No, but I was a developer of an app for iPhone, so I know the thought process.
Arguing that developers should be able to be anonymous so that they can make apps to help break the law is not as convincing as an argument as I think the author think it is.
Reading between the lines though I think it's likely that you can still install apps whose package has not been registered. Potentially this will require adb or putting your device into developer mode. For the sample app scenario you may be able to still install via adb. For example adb install does not trigger Play Protect.
In regards to the privacy policy, it's misleading to also not including the part of "based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures." The why for this clause is so that Google can avoid NIH, not having to build everything their business needs in house.
Break the law? The app mentioned isn't unlawful. Many map apps track speeding camera locations. Asking for badge numbers from a police officer is also normal.
And why is a phone different from a computer? Nobody bats an eye when downloading program on computer, or visiting a website with arbitrary code.
The example was recent and very clearly put the developer at personal risk. But there are many gray-zones.
An app to decode car diagnostics codes isn't unlawful, but being personally identified could get you in alot of trouble by car companies anyway.
And what about making an independent news app in Russia? More clearly ok by our morals and law, but very dangerous for the developer.
Many map apps track speeding camera locations.
Heck, even one of Google's apps tracks speeding camera locations and police: https://play.google.com/store/apps/details?id=com.waze&hl=en
History has shown time and time again that it is dangerous to centralize power into the hands of few. A lot of mechanisms have been invented and subsequently dismantled again in attempts to protect us from this. Fascism is real.
How about it's my phone.
It's also really stupid to drive a car in a flood, but we don't have cars check the weather forecast before starting up( maybe I shouldn't post this, might give someone some ideas).
I don't think anyone is arguing that they want app developers to break the law, but rather that Google must not take away the device owner's choice to install any app he so chooses. But even to the extent that does involve lawbreaking... yes, that's the price you have to pay for freedom. You cannot give people freedom without some people misusing it to do bad things, but that does not mean freedom should therefore be abrogated. In the extreme, you could have a very safe society without any crimes if you locked every citizen inside a small cell that they couldn't leave. But nobody, not even the most ardent tough on crime advocates, would contend that such a trade would be worth it. We all agree that some amount of criminal activity must be tolerated for the sake of living freely, then... the only question is where each person thinks that line should be drawn.
It is if the laws are fascist. Which is currently the case, and is the example given in the article.
ICEBlock isn't illegal.
"If you outlaw freedom, only outlaws will have freedom."
Until they get caught.
I don't see why Google would be considered a trusted party to judge that in the first place. Regardless of what they think about this app.
> so that they can make apps to help break the law
That's for a judge to decide, not for a supranational mega corporation.
> For the sample app scenario you may be able to still install via adb.
Keyword: may.
I mean this is also an enormous problem for nations which would like to provide intelligence capability to their agents.
A special carve out for anonymous apps only for people with government connections doesn't help because it fingerprints the operative.
Tor was originally a deniable communications tool.
While I am against the policy, Google only publishes developer's full legal name and email address if the app is monetized [0].
If the app is monetized, then the full mailing address is shared.
If money is involved, it’s fair for users to know who they’re dealing with. Developers who want to hide their personal identity can still do so legally with a shell company.
Taking it a step further, if I am going to run your code on my device, I want to know who I'm giving access to my data/cpu/hardware.
Just like with offline transactions, customers should know who they are giving money to.
----
> Google will display your legal name, your country (as per your legal address) and developer email address on Google Play. If you decide to monetise on Google Play, then Google will display your full address.
[0] - https://support.google.com/googleplay/android-developer/answ...
All of those are fine things to expect from Google Play but the point is moot because this verification would also apply to apps installed from external sources where they shouldn't have any jurisdiction.
Google, just like Apple, should be free to enforce any kind of verification they deems necessary on Google Play, as long as they allow third party stores to be on equal footing, which they don't.
I agree. we should be able to install apps we want to install. But if you're installing them from the Google Play store (which is what is discussed) then you should be allowed to know who you're doing business with.
> But if you're installing them from the Google Play store (which is what is discussed)
Maybe there's been a miscommunication somewhere but Android Developer Verification (what this thread is about) applies to all apps, even those installed outside of Google Play store.
Small developers need to be easy to contact. Meanwhile Google is notorious for being difficult to get human support. Seems fair.
I know I risk being down voted remorselessly but I have to put this in context. Where in the real world is anonymity considered ok? If I only put a flyer through someone's letterbox here in the UK, I have to identify myself. If I sell a physical product I not only have to identify myself but take on serious legal liability. An author can take on a pseudonym but only via an identified publisher.
In fact that latter example might provide a solution. Set up a company willing to publish apps whilst hiding the actual developer's identity.
> Where in the real world is anonymity considered ok?
I am allowed to invite guests into my home even if their identity isn't pre-registered with my landlord.
Personally I'm a big fan of not registering with the police every time a use a public restroom.
It's for security, like showing your ID at the airport! Airports have public restrooms, after all.
(/s)
Quick, show me your ID. That way if you get scammed I know know it was you that got scammed!
> Where in the real world is anonymity considered ok?
You've listed commercial activities. The vast majority of non-commercial activities don't require any sort of registration or identification.
Installing an app that your friend or internet stranger developed in their spare time is not a commercial activity and people shouldn't be forced to publish their personal information in order to do so.
Tell you what: Sign your post with your full legal name and address, and we'll talk.
The thing is that so many people are used to doing whatever they want from behind the safety of their screen and are now able to do a lot of things they don’t want anyone to know about. Now the law and common sense is catching up and we’re starting to see things we take for granted in the physical world are coming to the digital world. And I think a lot of people are scared of not being able to do what they used to or being found out for doing it.
Plus, and doing what you suggest but in a country where board directors don’t need to be public really solves it.
Yea, cus when I write a fanfic I should show my id to the company that owns the printer I purchased and own, before I print out a copy to give for my friend, ffs. Does that analogy make sense to you?
> Where in the real world is anonymity considered ok?
It should be everywhere, no matter the place or the platform.
I don't think anyone is saying Google must allow anonymous apps on their app store. Nor is there anything wrong with giving the user of a phone the option to only install apps which have been vouched for by some trusted third party. The problem is, Google wishes to take away my choice to install apps that don't follow their rules. And that's bullshit. It's my device, which I own. Nobody except me should be able to restrict what does and does not run on that device.
That's not even true for physical products. I can give away stuff anonymously at hackspaces, or in many other settings.
Identification is only required if I want to sell stuff, at large scale.
Google's plan would also utterly destroy fdroid and similar projects.
A coin-op vending machine is anonymous too. As were pay phones.
> If I only put a flyer through someone's letterbox here in the UK, I have to identify myself.
Has the UK gotten rid of public postboxes? Do you have to present government-issued ID to post a letter, flyer, or other mailpiece? Do the UK post-handling companies check the sender's claimed name and address on the mailpiece and toss it in the trash if it doesn't correspond to a registered combination of name and address?
> Where in the real world is anonymity considered ok?
Tons of places in the US, and I expect most everywhere else in the world... including the UK. (Or has the UK prohibited things like anonymous food pickup and late-night back-alley dalliances?)
If one is selling computer software, it makes some sense to keep track of the receiver of those funds... if for no other reason than to know who to go after if taxes on the sales aren't paid. However, if someone is giving away software perhaps on an AS IS basis and especially with NO WARRANTY, there's no reason to proactively keep track of who is offering that gratis gift. If some sort of legal problem ever arises because of the contents of that gift, go call the cops in and they can investigate after the fact.
I've been paying some attention to the conversation about Google's proposed policy for the past several days, and I've not seen anyone talking about the significance of the set of countries where this is rolled out to first: Brazil, Indonesia, Singapore, and Thailand. Perhaps there is no connection, but I haven't seen anyone asking what relevant repressive policies these four countries might have in common.
It's weird.