Google does waive the requirement for developer certification for one particular type of user, and in doing so, highlights the only group of users Google truly cares about: enterprise users. Any application installed by an enterprise on managed devices will not need to have its developer certified. Google states that in this particular use case, the enterprise’s IT department is responsible for any security issues that may arise. Isn’t it funny how the only group of users who won’t have to deal with this nonsense are companies who pay Google tons of money for their enterprise tools?
If the rest of the non Chinese world can get its act together, there's a possible silver lining that a)non American alternatives rise up or b) American companies in search of international...
If the rest of the non Chinese world can get its act together, there's a possible silver lining that a)non American alternatives rise up or b) American companies in search of international headquarters are forced to give a little.
...Here's hoping there's a silver lining because the regular lining ain't so good.
If the discussions I've read so far on this are correct, non-certified systems (such as devices running GrapheneOS or LineageOS) should still be able to install APKs that have not been signed in...
If the discussions I've read so far on this are correct, non-certified systems (such as devices running GrapheneOS or LineageOS) should still be able to install APKs that have not been signed in such a way without issue, but this is another meter added to the walled garden of Google, and it makes me despair.
Especially since Google is pulling aspects of AOSP from distribution, or limiting distribution- with the refusal to release reference device trees and kernel sources for devices such as the Pixel line. Additionally, the Android Security Bulletin patches are not materialising for August and it's already October. Google engineers claim that Google is committed to AOSP support and experimentation but will refuse to explicitly promise that essential parts of Android won't be stripped from the source in favour of proprietary code in future releases.
I'm still working on solutions for mirroring and re-signing a cut of the Play Store in a personal Fdroid repository so that I can continue to use the banking apps I need without running Google Play Service nonsense, but the constant struggle gets tiring.
Google really should divest from Android, but that's never going to happen, and the EU is toothless or complicit (depending on what sub-group you're talking about).
The non-certified systems are also seeing newfound difficulties with recent google changes to AOSP to kill them off as well. They're powering through for now, but I'm not expecting them to last...
The non-certified systems are also seeing newfound difficulties with recent google changes to AOSP to kill them off as well. They're powering through for now, but I'm not expecting them to last too much longer.
You will bow to your Google or Apple corporate overlords and like it.
My hope and pipedream is that this will push just enough people to get a critical mass for getting linux phones to production-ready. Or, and god I can't believe I'm saying this.....I'll take a...
My hope and pipedream is that this will push just enough people to get a critical mass for getting linux phones to production-ready.
Or, and god I can't believe I'm saying this.....I'll take a Windows phone comeback at this point.
I think this will kill custom roms in the long run as well. Mainly because developers are not going to keep building and maintaining apps when most users will never be able to use them. The user...
I think this will kill custom roms in the long run as well. Mainly because developers are not going to keep building and maintaining apps when most users will never be able to use them. The user base for those apps was already tiny compared to the app in the google play but removing most of those users will be a death spiral. Less user -> less apps -> even less users.
Surely this means the end of Signal messaging on Android or at least secure use of it. Google could replace the binary with a compromised one for specific users at the direction of governments and...
Surely this means the end of Signal messaging on Android or at least secure use of it. Google could replace the binary with a compromised one for specific users at the direction of governments and surely will be compelled to in secret courts.
Which makes me wonder how do Google's signing rules compare with that of Apple?
Due to the EU's competition rulings, Apple is loosening their policies from "you may only distribute on the App Store with Apple's permission and yearly developer fee, and cut of sales" to "you...
Due to the EU's competition rulings, Apple is loosening their policies from "you may only distribute on the App Store with Apple's permission and yearly developer fee, and cut of sales" to "you may only distribute with signing by Apple's permission and yearly developer fee", so the upcoming looser rules are about the same as Google's new rules.
The EU has indicated that they think that Apples new plan is still too strict to comply with the ruling against them
They and Apple always could via backdoored updates via the Apple App Store or Google Play Store. They broadly cannot force this using out-of-store distribution methods for a number of reasons: for...
Google could replace the binary with a compromised one for specific users at the direction of governments and surely will be compelled to in secret courts.
They and Apple always could via backdoored updates via the Apple App Store or Google Play Store.
They broadly cannot force this using out-of-store distribution methods for a number of reasons: for example while they can pretend to be Signal and sign it, unless Google messes with this which is a non-zero chance, Signal and similar apps can also independently sign their APK and require you to verify them somehow.
But trusting trust is a whole can of worms: how do you trust your operating system isn't intercepting your openssl execs and such. There is always some risk.
I honestly don’t see what that has to do with anything at all. Can you elaborate on why this would come as a result of this new requirement?
Surely this means the end of Signal messaging on Android or at least secure use of it. Google could replace the binary with a compromised one for specific users at the direction of governments and surely will be compelled to in secret courts.
I honestly don’t see what that has to do with anything at all. Can you elaborate on why this would come as a result of this new requirement?
I think it's unlikely that Signal will be affected by this new requirement. There's no reason someone at Signal couldn't register. They're a real company, after all. Actually, they distribute...
I think it's unlikely that Signal will be affected by this new requirement. There's no reason someone at Signal couldn't register. They're a real company, after all. Actually, they distribute Signal through the Play app store, so they must already be registered.
If you're worried about Google replacing one binary with another, then you should use something else because any OS vendor could do that already in a software update. (Doing that undetected might be harder, though.)
What this actually means is that they decided to start unilaterally dictating what you can do with the device you nominally bought. Even more so than they do now. They have the power to do this so...
What this actually means is that they decided to start unilaterally dictating what you can do with the device you nominally bought. Even more so than they do now.
They have the power to do this so they are doing it. Android was never actually open and now they are abandoning even the thin pretense.
Fifteen years ago it would be significantly easier as an end user to reject anti features of smartphones. Five years ago it was already pretty hard and now it will be harder.
The solution always was education and willingness to learn but most people apparently prefer fake convenience that will be taken away.
Meanwhile smartphone and actually just Android/ios is basically mandatory to participate in society.
On desktop, Linux is very easy to setup and use but mobile has far worse options.
What’s Linux support for PC cell modems like? If it’s decent, for some an ultraportable with a cell modem could fill the smartphone gap pretty well. Many Android apps run fine through Waydroid and...
What’s Linux support for PC cell modems like? If it’s decent, for some an ultraportable with a cell modem could fill the smartphone gap pretty well. Many Android apps run fine through Waydroid and banking, etc could be done through a web browser.
There aren't that many hardware options out there that are open enough. Besides with Waydroid you are still running (outdated) android with extra steps and overhead. Not to mention that my bank...
There aren't that many hardware options out there that are open enough. Besides with Waydroid you are still running (outdated) android with extra steps and overhead.
Not to mention that my bank uses their own app as a second factor to log into the website. Technically I can get a hardware type token device that is custom to my bank. But last time I checked they made it incredibly difficult to find out how to order it. To the point that I feel they only "offer" it to be able to claim that you don't strictly need an Android or iOS smartphone.
Most of my usage is navigation, calls, sms, email, very light internet browsing, alarm and whatever is effectively forced on me. Mostly done when walking around since when I am not I have...
Most of my usage is navigation, calls, sms, email, very light internet browsing, alarm and whatever is effectively forced on me. Mostly done when walking around since when I am not I have incomparably better options(as a side note I don't think I would be able to downgrade to a phone for more than necessary, the experience is atrocious). That wouldn't carry over to any bigger form factor well.
My thinking right now is that I will either move to Apple, as a single monolithic entity that pays lip service to privacy might be preferable at that point to multiple ones that have no compunction or real need to be selective about forcing any kind of monetization.
Alternatively I might keep around cheapest random g-compliant device to do anything that would be too onerous otherwise and carry around whatever would be least compromises needed phone with whatever the most stable mobile linux distro at the time is.
The few years ago I used PinePhone the daily it was almost as much as I needed. The biggest problems being battery life, random ui problems and stability. Maybe it will get better by then with one device or other.
Where? Why not quote or link to it? The only new post I found was this one. I see that developers will be able to work around it: Building Android apps from source isn't as easy as it should be....
Google details Android developer certification requirement
Where? Why not quote or link to it?
The only new post I found was this one. I see that developers will be able to work around it:
Android Studio is unaffected because deployments performed with adb, which Android Studio uses behind the scenes to push builds to devices, is unaffected. You can continue to develop, debug, and test your app locally by deploying to both emulators and physical devices, just as you do now.
Building Android apps from source isn't as easy as it should be. Maybe someone should create a source-based distribution scheme like Gentoo?
Android needs to be decoupled from Google.
If the rest of the non Chinese world can get its act together, there's a possible silver lining that a)non American alternatives rise up or b) American companies in search of international headquarters are forced to give a little.
...Here's hoping there's a silver lining because the regular lining ain't so good.
If the discussions I've read so far on this are correct, non-certified systems (such as devices running GrapheneOS or LineageOS) should still be able to install APKs that have not been signed in such a way without issue, but this is another meter added to the walled garden of Google, and it makes me despair.
Especially since Google is pulling aspects of AOSP from distribution, or limiting distribution- with the refusal to release reference device trees and kernel sources for devices such as the Pixel line. Additionally, the Android Security Bulletin patches are not materialising for August and it's already October. Google engineers claim that Google is committed to AOSP support and experimentation but will refuse to explicitly promise that essential parts of Android won't be stripped from the source in favour of proprietary code in future releases.
I'm still working on solutions for mirroring and re-signing a cut of the Play Store in a personal Fdroid repository so that I can continue to use the banking apps I need without running Google Play Service nonsense, but the constant struggle gets tiring.
Google really should divest from Android, but that's never going to happen, and the EU is toothless or complicit (depending on what sub-group you're talking about).
The non-certified systems are also seeing newfound difficulties with recent google changes to AOSP to kill them off as well. They're powering through for now, but I'm not expecting them to last too much longer.
You will bow to your Google or Apple corporate overlords and like it.
My hope and pipedream is that this will push just enough people to get a critical mass for getting linux phones to production-ready.
Or, and god I can't believe I'm saying this.....I'll take a Windows phone comeback at this point.
I loved widows phone. It was really good. Easy to use. Still have my 950XL in a drawer somewhere, though it’s not much use for anything now sadly.
I think this will kill custom roms in the long run as well. Mainly because developers are not going to keep building and maintaining apps when most users will never be able to use them. The user base for those apps was already tiny compared to the app in the google play but removing most of those users will be a death spiral. Less user -> less apps -> even less users.
I hate this timeline.
Surely this means the end of Signal messaging on Android or at least secure use of it. Google could replace the binary with a compromised one for specific users at the direction of governments and surely will be compelled to in secret courts.
Which makes me wonder how do Google's signing rules compare with that of Apple?
Due to the EU's competition rulings, Apple is loosening their policies from "you may only distribute on the App Store with Apple's permission and yearly developer fee, and cut of sales" to "you may only distribute with signing by Apple's permission and yearly developer fee", so the upcoming looser rules are about the same as Google's new rules.
The EU has indicated that they think that Apples new plan is still too strict to comply with the ruling against them
They and Apple always could via backdoored updates via the Apple App Store or Google Play Store.
They broadly cannot force this using out-of-store distribution methods for a number of reasons: for example while they can pretend to be Signal and sign it, unless Google messes with this which is a non-zero chance, Signal and similar apps can also independently sign their APK and require you to verify them somehow.
But trusting trust is a whole can of worms: how do you trust your operating system isn't intercepting your openssl
execs and such. There is always some risk.I honestly don’t see what that has to do with anything at all. Can you elaborate on why this would come as a result of this new requirement?
I think it's unlikely that Signal will be affected by this new requirement. There's no reason someone at Signal couldn't register. They're a real company, after all. Actually, they distribute Signal through the Play app store, so they must already be registered.
If you're worried about Google replacing one binary with another, then you should use something else because any OS vendor could do that already in a software update. (Doing that undetected might be harder, though.)
What this actually means is that they decided to start unilaterally dictating what you can do with the device you nominally bought. Even more so than they do now.
They have the power to do this so they are doing it. Android was never actually open and now they are abandoning even the thin pretense.
Fifteen years ago it would be significantly easier as an end user to reject anti features of smartphones. Five years ago it was already pretty hard and now it will be harder.
The solution always was education and willingness to learn but most people apparently prefer fake convenience that will be taken away.
Meanwhile smartphone and actually just Android/ios is basically mandatory to participate in society.
On desktop, Linux is very easy to setup and use but mobile has far worse options.
What’s Linux support for PC cell modems like? If it’s decent, for some an ultraportable with a cell modem could fill the smartphone gap pretty well. Many Android apps run fine through Waydroid and banking, etc could be done through a web browser.
There aren't that many hardware options out there that are open enough. Besides with Waydroid you are still running (outdated) android with extra steps and overhead.
Not to mention that my bank uses their own app as a second factor to log into the website. Technically I can get a hardware type token device that is custom to my bank. But last time I checked they made it incredibly difficult to find out how to order it. To the point that I feel they only "offer" it to be able to claim that you don't strictly need an Android or iOS smartphone.
Most of my usage is navigation, calls, sms, email, very light internet browsing, alarm and whatever is effectively forced on me. Mostly done when walking around since when I am not I have incomparably better options(as a side note I don't think I would be able to downgrade to a phone for more than necessary, the experience is atrocious). That wouldn't carry over to any bigger form factor well.
My thinking right now is that I will either move to Apple, as a single monolithic entity that pays lip service to privacy might be preferable at that point to multiple ones that have no compunction or real need to be selective about forcing any kind of monetization.
Alternatively I might keep around cheapest random g-compliant device to do anything that would be too onerous otherwise and carry around whatever would be least compromises needed phone with whatever the most stable mobile linux distro at the time is.
The few years ago I used PinePhone the daily it was almost as much as I needed. The biggest problems being battery life, random ui problems and stability. Maybe it will get better by then with one device or other.
Where? Why not quote or link to it?
The only new post I found was this one. I see that developers will be able to work around it:
Building Android apps from source isn't as easy as it should be. Maybe someone should create a source-based distribution scheme like Gentoo?