Your phone is about to stop being yours
keepandroidopen.org1314 points by doener 17 hours ago
1314 points by doener 17 hours ago
This change has served me well! I have been a Mac OS X users for years who used an android phone. As soon as google announced their impending walled garden status, I went out and bought into the ios eco system. I have really been enjoying my iphone, ipad, and apple watch.
You see, the only value that Android really offered me was the ability to run my own code on my own device. Since they are taking that away that just makes it a crappier shadow of the vastly superior apple experience. And, as it turns out, ios is less restrictive than it was 18 years ago when I left them for Android!
Even after Google puts this crap in place, you can still uplodad your own apps to your own Android devices, using ADB. Doing the same for iOS, using Xcode, costs you USD 100 or more (depending on country) per year.
I'm in no way defending Google here, just pointing out you're going from bad to worse and think it's a good thing.
Yeah but where you were losing a lot, you're now losing only a little bit.
And on the other side, the benefits of using iOS over Android spyware outweighs the cons now.
I haven't seen new data from celbrite in awhile, but I believe that grapheneos was the only truly secure phone from it for both bfu and afu as of a couple years ago.
Apple lost my confidence after they removed Advanced Device Encryption for British users (plus implemented age verification for them).
https://discuss.grapheneos.org/d/14344-cellebrite-premium-ju...
I think it's been said that nobody has yet cracked Apple's Lockdown Mode, but that's likely not truly comparable?
How is then law enforcement getting what they need from people's iphones? Because I understand they do, in some way. And I'm not asking about forcing people to hand over pin or fingerprints, but just by themselves.
You really think Apple doesn't gather data on what you do on your devices? This notion that Android == spyware is so old and boring but HN just loves Apple.
While not equivalent to a true iOS app, PWA is a decent option that allows you to circumvent the app store restrictions. If you are trying to build apps primarily for yourself, it's a decent option.
Actually I have been tinkering with PWA as a way to remake some of my toy apps. Though a lot of the automations I made for Android can be replicated through Apple’s Shortcuts app.
The biggest loss for me was Termux. I had lots of scripts and such that I ran, plus just having a Linux environment in my pocket was nice. Luckily I found ish which gives me alpine Linux on top of a virtual x86 machine as provided by a JITC layer. I can host PWA apps out of that environment for local use. Of course I can also ssh to my unix like machines from there too.
I am starting to tinker with swift a bit more too. As with google, I could buy a dev key to deploy my own apps only this way I have all the window dressing and end to end encryption on cloud storage.
Doesn’t that require you to host it and have it available on the open web, though? Is there a host that allows you to, for free, not only HTML/CSS/JS but also access to arbitrary tools and bespoke scripts on the backend?
I'm pretty sure that if you build your PWA in a way it works offline through caching (which is easy if it's just a static website), you could host/serve it temporarily and just install it once.
For free? No, but if you built a native app that needed a backend, you'd still need to host the backend somewhere too. I host my own web apps from a cheap mini pc at home and access them over tailscale for personal use.
I host my app on GitHub pages for free. But yes, it's just static which is really all you need with how powerful wasm and JavaScript are.
Yeah it stands for Progressive Web App - but there are lots of hosting solutions with generous free tiers.
As a lark, I built a set of personal productivity apps that are delivered as standalone local webpages. Works surprisingly well on Android, haven't tested on iOS.
I host a bunch of my own PWAs on Cloudflare using Pages and Workers. It's been free so far.
Sorry, even as a developer, "but, you can use ADB" is a big big copout.
What's the next step when ADB requires some hoops to enable? Will we say that but the eMMC has an unencrypted EXT4 partition, we can just desolder and write into it?
It's not a copout, it's a comparison to iOS. You're seeing an argument they didn't make.
There are ways to wrap adb in a friendly interface. I can totally see a desktop based manager and marketplace for phone apps as a workaround.
As a dev, i'd say having to use adb is a minor inconvenience.
Still unacceptable, a better option would be to use something like lineage or some other aosp distro without the google services (hoping that nothing makes you dependent on them).
This still doesn't address the vast majority of people though (and that's what I'm concerned about the most).
What we need now is:
- short term, work on pushing apps not to depend on the google services so phones preinstalled with something like /e/ become a viable option for most people. Push our public services to stop mandating Google and Apple OSes for random stuff.
- longer term, work on making alternatives to Android and iOS viable options for most people (stability, usability and availability of services people use). The best candidate for that today is Linux mobile.
Breaking network effect around proprietary services is one of the strategies towards this.
Another one is reducing our reliance on computers (of any shape) altogether, maybe.
This is not true, running your code on your phone with Xcode has always been free.
With a free account, it needs to be reinstalled every 7 days because the signature expires. It's hardly convenient for personal use.
even worse - if you need to build some app with entitlements or some features likes push notifications etc then you need non-free account
I would like to mention that although I’m aware of the limitations, I think it is worth designing and advocating for web app standards that could even at some point become a viable competitor to native apps, especially for apps that really don’t need to be native/wrapped apps in the first place since most are CRUDs anyways.
Maybe this will be a catalyst towards further evolution of the web app as Android devs want to carve out some freedom from the world domination corporate shadow government walled gardens.
Most apps can be a PWA nowadays. A Hetzner VPS costs roughly the same as the Apple dev membership. Saying this as a native iOS dev since iOS 4. For your average pretty json printer you don’t need to go native.
Offline PWA sites are very limited on iOS. If you force close Safari, look at your phone funny, or don’t visit the site regularly, the cache is cleared and you are stuck at a loading screen until you have internet again.
That’s what forced me to finally bite the bullet and pay Apple yearly so I could develop an app for my friends and I to use. Would have much rather kept it as a PWA.
Yeah they can’t make it too easy to bypass the App Store :( I don’t think that’s a super strong argument though. Native apps have downsides as well.
[flagged]
Every 7 days, forever?
At some point you have the thing working to your satisfaction and just want to continue using it.
Hell, maybe you just want it to not break during a long vacation.
Or maybe everything is normal, but, oops, you forgot the last renewal and it stops working exactly the moment you needed it most.
Heck, even "tinkerers" might want it to keep working during a long vacation.
Or maybe it's a normal day, and, oops, you forgot the last manual renewal, and now it's busted at exactly the moment you needed it most.
It happens. Sometimes you're done making updates to a personal app you use that you wrote.
Even free-er with Expo and React Native. Course then you have to touch JavaScript ;)
>free
You forgot to factor in the cost of a Mac.
You don't need a computer to develop Android apps?
All you need is a phone: https://github.com/atamshkai/Android-Studio-On-Android-Phone
I remember running kali linux once on my phone with (termux+vnc) and a vnc viewer app watching some random youtube videos a few years back
So I feel like, Something like this was/is possible but its immensely hard for something like this being used especially when a desktop os on a phone is so bad ergonomically speaking unless you have a keyboard mouse connected
A better option iirc is to use something like kivy[0] directly with termux, not sure if java might have direct options too or not.
You aren't even limited to android apps. You can install termux and write and compile your own code to run from there or to copy and run anywhere else.
You can use _any_ computer to make Android apps. For iOS you strictly need a Mac.
Not. You don’t need to pay $100 to upload your app to an iPhone, even with XCode for iOS 26
Technically not but the devil is in the details. Having to reinstall the app every 7 days and a limit of one app doesn’t even pass the bare minimum.
Jolla has a prelaunch campaign, decent phones for 200€. I might just as well grab one. Sick of having a phone which is more expensive than my laptop but I can barely use.
The limit is 3 apps AFAIK
Isn't keeping ADB enabled (most people who do this don't enable it and then promptly disable it) a huge security problem? ADB enabled means an adversary can completely own your device and "back it up" by simply plugging it in.
This is much worse than nagging about "untrusted sources".
No, there's a trust-on-first-use procedure where you have to accept the computer's key on your phone.
Not only is it TOFU but that comment is doubly wrong because you can't really back up much other than the bulk storage directory without adb root (which requires a custom build, which obviates the issue to begin with).
Apple has the same thing, but for some reason added Developer Mode which you must enter on the iPhone first. It’s quite involved, with a restart and 3 confirmation dialogs. That had me wondering why they are suddenly so cautious around this.
>ADB enabled means an adversary can completely own your device and "back it up" by simply plugging it in.
each adb host has to be individually white-listed by an unlocked device. also the current behavior is that it auto forgets any white listed host that hasn't connected within 7 days.
No it's not. Your computer creates a unique ID and you have to accept that on the unlocked phone the first time (or every time if you choose to).
So even when adb is on an attacker can't just plug into your phone and use it. Besides, I just switch it off when I don't use it
Here is a table I just made (edit: changed to list as HN wraps code blocks now), of iOS vs Android (now) vs Android (after Sep 2026 or 2027 or whenever these announced changes take effect):
•1. Where most users can install software from:
↠↠ iOS: official store (App Store) + (in EU) other stores
↠↠ Android (now): official store (Play Store), other stores (e.g. F-Droid), arbitrary APKs
↠↠ Android (after changes): official store (Play Store), other stores (e.g. F-Droid), arbitrary APKs
•2. Who the developers of software can be:
↠↠ iOS: registered developers ($99/year)
↠↠ Android (now): any developer
↠↠ Android (after changes): registered developers ($25 one-time) + hobbyists (small distribution) + any developers (for advanced users)
•3. Installing your own apps on your own phone, without becoming a registered developer:
↠↠ iOS: using XCode: need to reinstall every 7 days.
↠↠ Android (now): using ADB
↠↠ Android (after changes): using ADB
The second row (•2) is what is changing in Android. I think "the ability to run my own code on my own device", narrowly speaking, is closest to the third row, which is not changing.
Comment about point 2: As a CEO who recently tried to make personal Android and iOS Dev accounts for my hobby apps on my +20 year old Google and Apple accounts, let me just say that the processes are alot more complicated to apply than is pointed out here.
The key difference being that when I needed help I called Apple Support who transfered me once to their EU Developer support who, while I talked to him, setup and approved my Dev account. While my Google account still is in pending limbo with their new verification system with no support to contact... I have since giving up getting access after multiple tries.
So Google changes do hit alot harder than the summery makes it seem.
Android does indeed still look better. But, I would not consider having to send a copy of my government ID to Google, or having them be able to block apps when so ordered by government, to be acceptable.
I agree it’s not acceptable. so then iOS is just as not acceptable as it has all the same issues and worse. this thread started as switching to iOS
Yeah but the situation used to be you don't need to jump through flaming hoops on android and you do need to jump through flaming hoops on ios for installing. Now it's you have to jump through X flaming hoops on android and X+Y on ios for installing. If I'm not going to jump through flaming hoops then I'm not installing so it doesn't matter what Y is in the equation and I'm not taking into account installing when comparing those devices, which mean ios might be a better proposition.
Alternatively if the difficulty of moving from 0->X is not negligible but moving from X->X+Y is then I may still be installing but I'm not considering the Y in the comparison then either. i.e. If I have to show my id to google once and apple twice it's the initial showing that is the turn off, or if it's the action of getting my credit card out in the 1st place rather than the cost difference that concerns me.
> stop being yours
As if most android maker phones don't already fully own your device - preventing you from unlocking of bootloader and installing an OS that actually doesnt enforce the restriction google is introducing in their flavour of android.
To pretend that with this change android becomes exactly like iOS is... ridiculous? I can pick any 10yo old android phone from my drawer and develop for it, no problem and without asking for permissions. And if I'm already this motivated I'm certainly motivated enough to wait 24hs on future (more locked down) devices.
Do you think people who download NewPipe and alike - to circumvent ads and enable premium features - would think twice because they need to wait 24hs? Will NewPipe devs stop developing (anonymously) because of a small fraction of users who refuse to (or won't) go through unlocking steps?
Show me all these "rebel" apps on iOS ecosystem that can be easily distributed on any channel: fdroid, github, telegram groups, etc.
But sure, if you thinking moving to iOS is the same, sounds like you never really made use of any of the freedoms android used to and will continue to provide
I hear what you're saying, especially around just moving to iOS not being a better argument. However with > And if I'm already this motivated I'm certainly motivated enough to wait 24hs on future (more locked down) devices.
But I don't think that's the point. It's a continual erosion of people's ability to use hardware _they own_ in ways _they want_ under the guise of 'security' - which to be fair google does fuck all to actually prevent malicious, scammy and misleading apps from appearing on their play store.
Like, why make it harder _at all_? I develop Android apps for a company that is used only internally. I don't want to have to release apps to the play store so that they have to go through a bs review period before I can get them out the door users. Currently I have a <10m turn around from starting the build to having an app in user's hands, ready to go... Every other time we've had to use the play store it's 2+ days, and they don't test or verify anything meaningful.
I recognize my experience isn't universal, but I'm pretty opposed to changes like this. I'm not American so I don't really have underlying rhetoric around freedom etc, but this is an impingement and part of continuing anti-consumer trend. Google's not the only one, but certainly the one under the spotlight here.
> It's a continual erosion of people's ability to use hardware _they own_ in ways _they want_ under the guise of 'security' - which to be fair google does fuck all to actually prevent malicious, scammy and misleading apps from appearing on their play store.
A lot of people don't seem to understand this and point out that Android is still more open and free than iOS, but iOS has never been about openness and freedom. People believed in Android, and in Google. Now they either see Google betraying them (once again) or only see the Android vs iOS comparison, forgetting about the implications about autonomy, agency and about the future of Android. Many people don't care which actors control their digital lives and what motivations they have. People should be made aware that Google is on their side and that they have shown many times that they have no honor.
> People believed in Android, and in Google.
I wonder why. The last time I considered believing in Android was in 2008 when I was choosing between getting an Android phone or Openmoko phone. Went with the latter and never regretted, as Android quickly turned out to be a disappointment. This is just the continuation of the slow crawl they've been on since 20 years ago and it's been really obvious that it's going to happen. The answer is to reject Android just like iOS, not to keep hoping that inevitable isn't going to happen.
It's the slippery slope that's the issue, 24hrs is just the first iteration of the restriction. After couple of iteration of restrictions, they could force everyone to have govt-id approved by goog to install any app.
In the words of a Great American:
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."I used to own a house, I could decorate it the way I wanted. It was hard work, but it was mine!
Then they locked it, so I went to live in a luxury hotel, it's more expensive, I can't decide how I want it and I don't own anything, but it's such a superior experience!
Some want ownership, some want experience. People differ, who might have thought.
No, Android still offers way more features than iOS.
Replace the lock screen with a custom app
Replace the home screen with a custom app
Set default apps for SMS, phone service, assistant, camera, photo gallery. all things you can not change on iOS
Always on widgets and dynamic wallpapers
It has a much more customizable inter app communication system so that you can get more apps to be the default viewers
At allows true background tasks like say a BitTorrent client
It supports shared storage like SMB and a user accessible file system
Custom NFC apps
USB host mode
Multiple users/profiles
And about 70 other things
As a wise man once said - Android when you want to do thing TO your phone, iOS when you want do to thing with your phone.
I will do the same if they lock down Android. If I must be in a walled garden, then I'm going to choose the better kept garden, and it sure as hell isn't Google's. There is absolutely zero reason to tolerate the shittiness of Android if they take away the relative freedom it gives us. GrapheneOS is the last hope of the Android ecosystem, and if Google keeps locking things down that's not going to last either.
So you moved into a walled garden in an attempt to escape what's essentially a 3 foot picket fenced garden.
If there are two walled gardens, you might as well choose the prettier one.
Or choose freedom. I've been enjoying GrapheneOS for a couple of years now and recommend it.
Do you run into issues with apps not supporting it? Things like banking or auth? That is the main complaint I see for alternative phone OSes, and I don't know if that has gotten any better.
GrapheneOS user here, on my only phone, aka my daily.
I love my phone and when I replace it, I will be flashing GrapheneOS again. This is my second phone with it so far, and roughly year 4 or 5.
With that said, it isn't for everyone. I definitely remember some issues upon first install, a learning curve if you want to call it that. I also introduce intentional obstacles in certain "workflows" in my life that dissuade certain usage, like excessive social media use. With that said, I no longer remember what I introduced myself and what was an OS characteristic. I do remember having frustrations with most banking apps IF I didn't log into the play store mirror. Since I'm "hardcore" and am not willing to sign into a Google product on my phone, they just don't work. However I don't think they would be an issue for most people.
If you are on the fence, you can make a backup of your phone, try it out, and if you don't like it, you can reinstall the default Android and restore your backup. I've done it before when I used my previous GrapheneOS phone for store credit for my next phone, and figured they'd want a factory reset default OS on there.
I've been dailying GrapheneOS for more than 2 years. I haven't had any issues with any of my bank apps. Although there are apparently some that do block usage on non-google-certified OSs. The only limitation in my use cases pre-GrapheneOS that I've found is not being able to make NFC payments through Google Wallet, but I found a bank in my country whose app implemented NFC payments, and made an account with them to be able to convenintly pay with my phone.
edit: and I'd like to add, GrapheneOS brought me back the joy of using my phone. Since 2018 or so I started to dread my phone (and the internet) more and more. Installing GrapheneOS brought back the joy on using these marvelous computers (and self-hosting brought back the joy of using the internet)
There are essentially two separate issues here.
The first is the anti-trust angle. Some subset of bank apps don't work because of attestation and that's a significant barrier to adoption for switching to competitors, so it ought to be an anti-trust violation for the platform to do that.
The second is, you try it and discover that your bank doesn't work. If you want it bad enough you can switch banks, and the fact that it doesn't work is a signal that your bank has a weak security team who is just cargo culting deleterious vendor nonsense without evaluating whether it has any real security value.
(The use case for attestation is completely orthogonal to bank apps because it can't prevent credential stealing from compromised phones running a fake app since the fake app won't require attestation, and it can't prevent attackers from using stolen credentials to transfer funds because once they have the credentials they can just use a normal phone, and that's the case even if the attestation was completely airtight, which it isn't. Meanwhile the devices that can pass attestation are generally more vulnerable because it implies they're running the more-likely-to-be-outdated OS that came with the device rather than a third party upgrade with more recent patches, so they're essentially encouraging their customers to not upgrade their OS. Banks that do this are wearing clown makeup and you have to ask if you trust them with your money.)
The replies whenever this question is asked remind me of when I used to have a Windows Phone and was trying to convince myself it was the best phone on the market. Yeah, I couldn't use YouTube because Google blocked Microsoft's YouTube app; and I wasn't able to deposit my paychecks because my bank didn't have a Windows Phone app or mobile deposit support on their website; and sure, using Messenger or Snapchat (which was exploding at the time) meant using somebody's reverse-engineered WP version of those apps...
But look at all the information I can get from the Live Tiles! Oh and isn't Cortana neat! A little more self-flagellation for the penitent ones who've traded corporate app stores for daily inconvenience.
Whatever issues I've run into I've been able to work around. I don't use tap-to-pay with the phone at all so that's not an issue. The things I get in return for using GrapheneOS all outweigh any downsides.
My bank detected someone logging in with my password from a GrapheneOS phone and made me change my password and scan my face. That was dumb.
With that out of the way, and the device now seemingly authorized, it still doesn't work, because when I log in, the app restarts. That could be a real compatibility problem.
Yeah, I tried that out last year when this whole debacle was announced for the first time.
I'm not going back to paying without my phone. So yeah, I'm not going to a free platform either.
the choice really is mostly down to Google's Android or iOS - unless you're ready to make sacrifices. If you are... More power to you! I'm not (at this point in my life) right now.
Unfortunately, there is no way to use Google Pay on it. I'm all for trading some convenience for privacy, but not having to carry all my cards is too much of a convenience for me :(
Graphene sounds great in theory. Until you read the device compatibility page and see you're still at the mercy of Google. In order to support graphene you must first pay Google for one of the most expensive android devices on the market. Oh and Google never sold this device in my country so I guess I'm out of luck even if I wanted to do that.
> Until you read the device compatibility page and see you're still at the mercy of Google.
Alternate take: good. I'd rather the GrapheneOS team pick standardized (if limited) hardware configurations to support and then spend their (many multiples less than Google) resources on the platform rather than device compatibility.
The Android OEM diversity mean the time/economics of supporting every phone with a non-Google OS were never going to work, and I'd rather have it working well on a limited number of platforms than poorly on more.
Firmware engineering and patching sucks and delivers little value to the user, because best case (you solved the issue or patched the hardware errata) something basic that a user expects is now working.
Nobody is going to switch to a platform because a phone can now make calls. Even if there are 1000+ human hours in patching some cheap clone LTE chip it uses.
Motorola devices that match the GrapheneOS requirements are coming next year. It's good thing they're not compromising on hardware requirements that would undermine the goals of the project. If there's anyone to blame it's the dismal state of affairs on the hardware security side of my most Android phone manufacturers.
This will not help you in your country, but in places where it is sold, you can buy used one of the prior generation phones, which are also supported.
My plan is to follow and hop on this train, hope it’s available in other countries also:
Uh huh. Freedom. In some empty rhetorical sense. Meanwhile you still have 99.999% of the usual obligations.
Go freely walk out your local supermarket without paying.
But your Android phone is unlocked #winning
>Go freely walk out your local supermarket without paying.
that's your definition of freedom?
It's an example of constraints that still apply.
Don't pay taxes. Steal cars, punch Trump, call a black person the N-word ... see how it goes
Paper and pencil offer a far more blank canvas compared to the very specific hardware constraints of a phone, and ecosystem of software limited to the common languages
Software dev and use is, comparatively, heavily constrained and on rails compared to sitting by a tree and imagining
To buy the phone ones agency is coupled to the subset of legitimate options to make money
Same for electricity to charge it, battery replacement, screen repair if it breaks.
Really just quickly becomes a ball and chain
So free!
Beauty is in the eye of the beholder. I use Android and iOS regularly and while Android's ugly, it's slightly less ugly.
For an Android user, iOS offers better privacy (which can change at any time), but it also comes baked in with better support for some open protocols. (SMB on Files, and CalDAV/CardDAV for Calendars/Contacts/Notes integration). This has been the case for years, while aspects of the 'walled garden' have eroded over time.
It's natural that this huge Android regression might be enough for someone to dip their toes into the other side.
> iOS offers better privacy
No, it markets lockin dressed up as privacy. Convincing you that they are the same thing is the real magic here.
No, it might sound smart, but it's incorrect to equivocate. You don't need to "lock in" to Apple's services either. Apple has a meaningfully better track record than Google on privacy in many regards.
(Apple's Terms of Service is also much better, for not having an arbitration clause anywhere except the Apple credit card, with a very easy opt-out flow.)
If you cant beat them join them
If you are stuck in a walled garden either way, might at least try to get the benefits of it.
The iOS app store is like the craigslist personals of online markets. I feel incredibly dirty just going on there. I have to scroll down 3-5 options just to find the exact match for what I searched for, many of the prioritized options being look-alikes that could easily fool people into installing some malware-esque garbage.
I love my 13 mini as a phone, but I don't understand how anyone could compare the two app stores and think iOS comes out on top. At least android has f-droid.
I almost never go to the app store to find an app, but I can understand how that would be really frustrating. Sounds like they need to get serious about curating the app store content.
From my perspective, the walled garden value I get is predominantly in the integrations between my phone, macbook, and watch. And to a lesser extent (because it's a bit buggy at times) the family integrations.
Includes status symbol and ecosystem lock!
If it is a status symbol, it really ain't working for me. I must be doing something wrong.
It depends where. In Spain people use it for that because iPhones are incredibly expensive here compared to the standard of living. What doesn't help is that the SE/e models are also way more expensive than in the US.
As a result it's mainly rich people and tourists that own them. Most people use budget android phones, the kind that still come with 3,5mm jacks. You still see wired earphones a lot.
So does Android, but without the status symbol, the high res screen, or the integration with your laptop.
I haven't found the need for deeper integration with my laptop beyond what KDE connect is capable of, and my Pixel has a high enough resolution that I can't notice pixels :)
It's probably worth mentioning that as far as i know this change does not affect AOSP phones[1]. I'm currently living with a Kyocera flip-phone[3] for the past few years. I even got F-droid installed, though it turned out to not work all that great on a flip. I wish more people wrote apps for flips. I keep intending to look into writing my own APK if i ever get the chance. As i understand it, it's a bit like The Wild West, though there are places where you can get flip-phone apps[2] like maps, media players, messengers, etc.. i just never seem to have time to look more into this(and i'm a little concerned about getting scammed). I did manage recently to successfully tether my old touch-phone to my flip for a car trip i took, so i could get data to the touch and run maps(i feel somewhat clever to have sidestepped Big Tech on that issue). Hopefully i'll get some time one day to look more into flip-apps.
[1] https://source.android.com/
[2] https://www.apkmirror.com/
[3] https://www.kyoceramobile.com/rugged-devices/duraxv-extreme-...
GrapheneOS is the answer. Apple's software is really buggy compared to Android and Linux.
Or /e/
GrapheneOS is significantly more secure, more private, and more free. Not sure why you would use /e/.
Because in order to use Graphene, you have to financially support the same company that is making Android less free.
and limited to one type of device that not everyone can get or wants.
Only because this is the one family of the devices secure enough to even bother with software security.
It's not their fault (plus since 2027 we expect the first Motorola handset secure enough tu be supported by GOS)
And at least they don't cheat on patches :)
Well, for one you can actually buy an /e/ device right now.
Also, once you have it, it just works.
Some people like that.
>Well, for one you can actually buy an /e/ device right now. Also, once you have it, it just works.
Does that not apply to GOS?
If there's one thing I've learned about the custom Android community (and to a lesser extent, the Android community) it's that "it actually works" isn't really important or convincing to them.
>Apple's software is really buggy compared to Android and Linux.
Anyone making this statement is not a serious person.
I have been around Mac, Windows, and Linux for both desktop, personal, containers/server (yes, even OS X Server) at a large scale, etc. use and there's no way this is a serious take from anyone with any breadth of real world experience, especially not in the desktop world.
The Apple/macOS experience is even now still above the rest by a serious margin that cannot be ignored.
The Linux experience on server/container, etc. is King.
The Windows experience is...well, yeah, still somewhat stable and they're doing their best to alienate anyone they can. But still a more stable experience by a slim margin than Linux.
I've used Debian, Ubuntu, Mint, Gentoo, Arch, Mandrake before Mandriva, macOS since before it was macOS, Windows since 95, and beyond. I'm writing this on a Nobara install right now, because my entire goal is to eradicate Windows from my life, which within the first minutes of setup already showed more quirks than even Windows 10.
Is the Linux Desktop experience better now? Yep, it's miles ahead of what it was, and yet it's still buggy as hell. I have intentionally gone between iOS and Android over the past decade-ish and a half and Android is a Playskool mobile OS compared to iOS. And yes, I even have used GrapheneOS.
I'm really tired of the Linux fanbase, and I include myself in that group, constantly lying in every thread about what it is and what it isn't. If you lie to people and tell them that it's better than Windows and macOS, they're going to immediately have a bad time and end up in a world of hurt because they're listening to nerds who barely go outside talk about how Arch is the greatest thing in the world and will solve all your computing problems.
Don't set people up to be disappointed if you actually care about Linux becoming a thing.
Also, and perhaps most importantly, I apologize if this comes off a bit harsh.
Maybe you're just used to your flavors of jank so you don't see it? Your goal is to get off windows, but I've had only Linux on my home computers for ~10 years and it's been working great the whole time. Literally nothing I can think of to complain about.
It's been a few years since I had to use OSX for work, but last I used it, you couldn't maximize windows without a 1+ second animation playing when you cmd+tabbed, which made maximizing completely useless. Docker was also super slow. There's no package manager and the usual recommendation (brew) for a third party one is trash that will update programs you didn't ask it to when you're installing something else. IIRC external monitors are completely unusable from blurry text.
I used a windows laptop recently for a year or so for work. Absolute jank. Sleep was just broken. Like wouldn't sleep/spin down the fan with the lid closed unless I unplugged it. Often completely frozen requiring hard reboots when opening the lid. Leaving it "sleeping" for an extended period would still heavily drain the battery. WSL barely works. For some reason I have to care whether things are in my Windows or Linux home directory. Wrong one and git commands take seconds. I'd get environment mismatches where the terminal in VSCode would fail to run commands that run in a normal CLI, etc. DNS would break inside WSL because it wouldn't propagate config from DHCP. UI is just slow to respond to anything. If you start typing in the start menu search (e.g. "shut down" or "power off"), the menu replaces itself with a different one, and you can't find the power options until you close and reopen the menu.
I agree with your sentiment, but I want 100% Linux about a year ago and it's been much better than OSX. Yes, there are downsides - I really miss the iPhone "continuity". But the bugs, gatekeeper, liquid glass, ads in system settings, etc in OSX dwarf the rough edges on Linux desktop.
For non-power users OSX is still a no-brainer, but for a programmer I feel like Apple's left us no alternative.
Now you just have to deal with Apple's hostile repairability situation. Cryptographically-mated parts are just the beginning.
> the vastly superior apple experience
After switching away from GrapheneOS to iOS after RCS stopped working for me, I can safely say my experience has been the opposite. The camera is the only thing better for me on iOS - everything else is buggier and worse. A few of my favorites:
1. Safari is buggy as hell, and requires installing apps to run things like ad blockers.
2. The settings are ALL over the place and very hard to navigate
3. The gestures are clunky - often have to try a couple times to get one of the settings quick menus to drop down
4. Why is the date not displayed at the top of the screen with the time outside of the lock screen?
5. The pin unlock is horribly broken - I have to slow way down to use it compared to Android.
6. Apple maps is hot garbage. I had to install Google Maps anyway to get decent performance.
7. The handling of audio devices seems intentionally malicious - like if I call someone from my car through car play, it shouldn't send the audio out through the phone earpiece. If a call begins with phone earpiece audio and is underway, it shouldn't switch several seconds in to bluetooth headset half a house.
I'm going back for my next phone.
I'm considering switching to GrapheneOS... What's this about RCS not working?
If you don't want to invest in getting your contacts on Signal, you can try OpenBubbles. It gets iMessage on Android devices and works fine.
I highly recommend switching to GOS, it is wayyy better than iOS UX-wise and obviously better privsec and freedom.
One thing that I had to do when I first got GOS, to get a better experience, was find all the Open Source apps that I needed. Otherwise, it looks rather bland and the apps are mid. Once you find the right apps and launcher, everything works much better.
RCS is proprietary so it only works on GrapheneOS if you have Google's Messages app. At least, that was the case a year ago, but I'm assuming it hasn't changed.
On the bright side, Messages works without linking to a Google account
RCS can be hit or miss on GrapheneOS, but they have made significant progress recently. It requires using Google Messages rather than any other messaging app, and may require enabling an ICC authentication option that is disabled by default. And it may depend on your carrier. RCS is kind of a pain in the butt but the messaging improvements over SMS are substantial which is why I wanted it.
When I first tried last fall I had it working for a few weeks then it stopped entirely delivering messages and I fell back to SMS only. After the recent system updates and enabling the ICC option it has been working well for me.
The official page explains briefly, https://grapheneos.org/usage#rcs
There is a very long discussion threat going back several years that is now considered resolved, which seems to be the case for me. https://discuss.grapheneos.org/d/1353-using-rcs-with-google-...
RCS barely works on regular Android.
In the last week or so, multiple people have told me they cannot text me. I found that I was getting a "verification limit exceeded" error (perhaps because of my unusual behavior of usually being at work or at home, both which have known wifi networks, and sending maybe half a dozen texts any day?). I got the error to go away for half a day and they were still unable to message during that time, and now that I have it disabled I still appear as online on RCS (yet still unreachable?) so they still cannot message me lol.
I've been on the other end many times across multiple Android devices across multiple years, being able to send messages to some RCS users, being unable to send messages to other RCS users, not being able to receive messages in group chats entirely comprised of Android users, etc.
SMS/MMS: Handled by carriers, you can send messages to people who are offline and they'll get the messages when they turn their phone back on.
Telegram/FbMessenger/Whatsapp/etc: Handled by individual corporations, you can send messages to people who are offline and they'll get the messages when they turn their their device on.
RCS: Handled by both Google and carriers at the same time for some reason, maybe 80% chance of being able to send a message to somebody who's online, let alone offline.
I'm sure there are multiple reasons it was challenging, but Google and friends have not risen to the occasion at all. Truly a garbage protocol.
I've found that RCS works ok-ish on the Owner user, but doesn't work at all on any other (it appears as an empty message). Moving to the Owner account you can tap to redownload the message and then it appears correctly in all accounts. It's a mess that makes daily driving a secondary account not worth it
SMS is pretty horrible yes but I don't know anyone that uses it anymore. The only ones I get are spam from my phone provider and some MFA systems that are stuck in the past. Oh and the odd shipping notification.
RCS I didn't even bother to set up. I don't want to use yet another system. If people want to reach me they have WhatsApp, Signal or Telegram to choose from.
> Apple maps is hot garbage. I had to install Google Maps anyway to get decent performance
I hear this and wonder how much must be regional. I'm experiencing the opposite. Apple Maps has gotten quite good, while Google Maps seems to just be rotting away. Both do work reasonably well in my home area of the PNW, but Apple Maps is a bit more polished. But in some places, like recently when I was on a business trip in Austin, Google Maps was comically terrible at routing. I get that partly this is probably because Texas has interesting ideas about designing a road network, but still, Apple got it working just fine.
Same. Google Maps quality has gotten noticeably worse these past 2 years for me. It routinely tries to navigate me to making impossible turns or taking weird and sometimes more dangerous routes just to shave off a potential minute. I started using Apple Maps at the advice of a colleague and it’s given better directions. This is all local. I have no baseline comparison for using maps while on trips.
(4) is 100% you having a particular user preference and not a real bug with the system.
Agree and many more. I had an iPhone 15 Pro for about six months last year and one of the most infuriating things was that you can't get to Camera settings from Camera, you have to go out to Settings.
You just proved that the ability of installing whatever apps you want isn't that vital, don't you?
I'm on this path too. Waiting a few more months to see what happens. If they indeed block my 4 apps on my phone (which aren't published anywhere), I will simply move to Apple.
You should switch to GrapheneOS instead.
You mean buy a Google Pixel?
How many people can afford one?
In the USA, I think most people can easily afford a Pixel 9a at $56/year of device support starting from today.
Calculator checks yearly cost based on device support: (https://ibb.co/xq82YQCw)
Sources for device lifetime from calculator: (https://grapheneos.org/faq#device-lifetime)
I used a New+Unlocked+Pixel+X on eBay to find a rough price of the phone.
Most people get scammed by their carrier and pay $25-45 per month just for their wireless subscription, and many more get caught up in the device bundles which gets you the "latest and greatest", at a huge price. So people are paying, per month, what you can pay, per year for a Pixel.
You can use Silent Link to pay by the gigabyte with no expiration date. Most people don't need unlimited—I use a maximum of 5 GB per month, and my average is around 3. At $1.60 per month, that is $60 per YEAR for me.
Swap in https://jmp.chat for another 60 dollars per year for calls/texts and you get a $120/year phone bill which is just $10/month.
I will be moving from US Mobile to Jmp.chat once my plan expires.
You could also use US Mobile for $17/month which is unlimited and is user friendly. They also often have Pixels for a significant discount with no lock-in.
If you're considering buying an iPhone, you can definitely afford a Pixel
Yes, but no pixels in my country.
eBay International exists and I've shipped my laptops from the US to Bolivia, Guam, Sweden, and before the war, Russia. You can definitely get a Pixel unless maybe you live in the DRC or the PRK
Motorola + Graphene coming 2027. I'm at least waiting to see what comes of that before making any decisions on my next phone.
I am hyped for that partnership—they should have a flip phone supported(don't quote me), among other cool devices.
Not going to be cheaper than Pixels. The chips they need for the hardware security are the flagship Snapdragon chips iirc.
I love my Pixel now, I would have to see where Motorola is better than the Pixels other than the more computing power.
I bought an 8a new when it launched for the express purpose of installing GOS. It cost like $450, and will last me most of a decade. If you are using a phone that costs significantly less than that (and I am speaking from personal experience! I had an Obamaphone that I got at a foodbank for many years, as well as a number of crappy used Androids!) your phone storage is so limiting that you are struggling to install more than a few apps.
> If you are using a phone that costs significantly less than that (and I am speaking from personal experience! I had an Obamaphone that I got at a foodbank for many years, as well as a number of crappy used Androids!) your phone storage is so limiting that you are struggling to install more than a few apps.
The only phone I've ever had trouble installing more than a few apps was one with 512MB of storage. If I go check the second result on amazon for android phone it's a solid motorola option, unlocked for $127 and with 128GB. That's more than enough; even some flagships have 128GB.
The "just over $100" range has multiple options with good storage. Below that is a sea of locked/refurbished phones that are also good options in many cases.
Digging deeper I eventually hit a "BLU" brand phone for $50 with only 16GB, and that leaves you with not very much after the OS takes its space. But then you can add $10 to get another 16GB and have more than enough room for apps.
So you have to go really low to have the problem you're describing.
I have never had a cheap phone where OS updates did not make the category in storage swell to take up most of the phone's space.
Hardware may be cheap enough now that budget phones are more useable--32 GB for <$100 is a major improvement.
I'm used to fixed partition sizes. The OS eating into user space sounds pretty ugly. And updates to builtin apps since the last OS update eat space, but only so much.
Regardless, since they have a 16GB model I strongly doubt the 32GB model would ever have less than 16GB of usable space.
I've bought Motorola phones that cost less than half of that and still last for 3-5 years and I've been able to install far more than "a few" apps. Having an SD card slot is great for offloading the big storage uses like photos/video.
I get you. I used to buy Nexus devices as well as some of the first Pixels, until at some point the prices shot up to ridiculous levels for a phone and I went with other brands.
Last year though the Pixel 8a was selling for 350€ and I got one. Luckily, given the recent developments. Will be installing GrapheneOS.
That's £105-£150 for first two pixels 6a on ebay.
If you consider getting iPhone you DEFINITELY can afford something much newer than that.
Don't have pixels in my country. Apple only alternative. And a bunch of chinese brands which I wont touch in this scenario
Will your 4 unpublished apps be in your android-alternative apple device?
Android will still have the ability to install non-google-distributed programs. The problem is the ominous momentum, but it is still more open than the apple alternative
I'm not the commenter you replied to, but I'm doing the same math they are and coming up with the same answer.
From my perspective iOS is better than Android in a number of ways but Android always won out overall for me, in large part because of the freedom regarding software. Remove that freedom from the equation, I think the balance tips towards iOS.
I always wonder what these unspecified ways that iOS is better than Android actually are.
These posts always have a few comments like that, but they never actually say what they find to be better on iOS.
I'll bite.
For me, Google services are not an option, so my Android experience is sans-Google.
Until September 2025, I'd say iOS had actually gotten better than Android.
CalDAV, CardDAV, and SMB are baked into iOS, whereas these are onerous to set up on Android. These are very very nice protocols, and I use them all daily. (Contacts, Calendars, Notes, Reminders, and Files.)
Apple's developer ecosystem lacks the FOSS devs that make F-Droid so good, but they do have a number of devs who release paid apps with zero tracking, which is very nice. It's often the case an app exists on iOS as a $5 one-time fee with a two-paragraph privacy policy for which one does not exist on Fdroid.
Shortcuts work well enough, homescreen customization is good enough, etc. that a number of the original Android draws are gone. There are a number of points where iOS and Android are equals now.
iCloud's E2EE photo backup is something I reluctantly started using and found to be very nice, after having had de-Googled in 2018. I miss having my photos auto-upload and be available on other devices, and Apple has had iCloud Web for awhile. This is nicer than the options I have on Android.
And while Android's notification-panel tiles have gotten worse over the years (down from six to two controls on the first swipe, this was what alienated me and got me to try iOS), iOS now has a much denser "control center".
The big caveat is the gigantic regression that is iOS 26. The phone is slower, it kills battery, the native apps are constantly crashing, the lockscreen and homescreen often have broken navigation flows, etc. It's a travesty that never should have been released and iOS is easily worse than Android right now. If someone needed a phone today, I couldn't recommend an iPhone, but that might change with iOS 27.
>CalDAV, CardDAV, and SMB are baked into iOS, whereas these are onerous to set up on Android
I can only speak to SMB but it is not hard on Android. I use a longtime third party app so not sure what the state of native support is but it works just fine for me, including over VPN
Sounds like you're Apple now, but would love to hear what you're actually using for DAV on Android if at all?
Its more about the principle for me.I know I can jump through hoops for google but I prefer to say no-thank-you.
The long term fear/plan for google is that they know they days of SAAS and Apps are obsolete. People will just write their own platforms, apps, websites all from scratch using AI, which means the app stores becomes obsolete, which means no more ad revenue from shitty ads and no more control and unfettered tracking of your behaviour. AI will make these guys obsolete, they know it, this is them fighting back.
Apple still doesn't allow you to control individual app volume to silence/dim certain applications in multi-play mode though, right?
As someone who hates disturbances this is the killer feature that has kept me with samsung - well that and fdroid which is currently endangered.
You have bought a walled garden lock, it can be picked with a walled garden lock.
You're in an even worse ecosystem now, an apple phone never even has been yours.
iOS still more locked down than Google. When I started reading this I thought you were going true open source
Dumb question, can you explain the benefits of IOS? I've only tried using an iPhone ~10 years ago before I got into tech
It's unbelievably useful within its own walled garden. There are lots of instances where commands, tabs, and other pieces of data transfer seamlessly between your phone and computer. You can bring your phone up as a digital version ON your laptop so you can call, text, etc. straight from it while your phone sits in the bedroom charging or whatever. Everything works really, really well. Their walled garden has always been pretty top-tier.
So would you say that the value of Apple products increases as you have more of them (higher than just the linear benefit of more products)? I've used them, but always as one offs.
For example, Ive had a Mac(book? The one that you connect periphery to use) as a work computer at a previous software job, the iPhone because of a girl I dated who wouldn't be with a green bubble man, and iPad also in a previous job, so never together or actually adopted in personal life, so I didn't get sold.
I'm so tired of this false dichotomy. Sent from my daily driver Librem 5 running GNU/Linux.
I did this too, but it happened almost 10 years ago when Google started locking down Android in the name of battery life. I saw the writing on the walls and said if Android is going to be just like iOS because we collectively can’t have nice things, then at least I’ll live out that sad reality on better hardware.
Leaving one abusive partner for another is hardly a win. It's pathetic.
This is literally the dumbest take I have seen!
iOS charges you and limits your custom app until a few days and you have to "renew" Even before this change, I have my custom apps running forever.
Someone here on HN used the term "cloud terminal" for modern electronic devices, and I think that is a very fitting name for phones and tablets. They are definitely not computers because they do not actually give the user access to general purpose computing in the sense that the users can control exactly what computations the device is going to execute. They are just terminals whose production costs we cover but which are actually owned by the cloud providers.
Also: The internet is slowly turning into a handful of clouds, and it is only a matter of time before you cannot meaningfully host anything by yourself outside of these clouds because your cloud terminal will refuse to talk to it.
Speaking as someone who has built local-only apps (partially because I don’t want the hassle of maintaining a server):
There are plenty of useful apps that run locally on a phone. You can even run a whole LLM on your phone.
The shiniest and most popular apps are cloud terminals but the iPhone is actually a pretty darn powerful device.
> The shiniest and most popular apps are cloud terminals but the iPhone is actually a pretty darn powerful device.
They are powerful from a computational perspective, but the point was that it's a hassle to run a custom binary on them as compared to regular computers. You get a powerful device that is not flexible in this specific sense, so much of that power is not utilized
Plenty of useful apps != general purpose computing capabilities.
You are not allowed to run computations that have not been approved by Apple if you are using an iPhone. Yes, the hardware is powerful, but it is cryptographically locked down. It is physically local, but the control of the hardware is entirely non-local and 100% owned by Apple.
Well, they can do computing, but it's awkward and most people don't use them for that, it's true.
The question of ownership is interesting. If I buy a chair, it doesn't make a very good table, does that mean I don't own it? Most people don't know what general purpose computing is. To them a cloud terminal is a computer. So, to them, they do own their devices because that's all they are.
I feel like some of us think we got close, or anywhere near, what Stallman has been advocating for most of his life. But I'm afraid we didn't. We all chose convenience. We chose to believe that one man was enough to hold back the tide against enormously powerful corporations and governments. Some even turned their back on Stallman. And some even work for the enemy.
We haven't really lost anything here. It's just becoming more clear what we actually have.
We did not all choose convenience over freedom, but the majority did. Those of us who chose freedom were still able to participate in digital society, albeit with a bit of added inconvenience, but this is becoming increasingly difficult as cloud terminal use is becoming a prerequisite for doing banking, using public transport or even verifying your age on the internet.
The chair analogy is a bit weird, because I am actually free to buy a chair, disassemble it and somehow use it as a table if my needs for a table for some weird reason happens to coincide with the form factor of the chair. I don't think the analogy really works, but if a chair worked as a modern phone then it would be built with one-way screws and in general be built to lose structural integrity if you try to disassemble it.
A better analogy is roads. Anyone can put any car on the public roads (they may be breaking the law if the car is not legal). But we are moving towards a world where the roads will slash the tires of any car which isn't approved by Ford or Tesla. Ford and Tesla didn't build the roads, but they somehow took over the control of them.
A phone is a computer whose creator is incentivized to make it pretend it isn't a computer, because it harms profits if they don't.
Increasingly, so is the government, because freedom of computing is incompatible with surveillance, age verification etc.
>Android's openness was never just a feature. It was the promise that distinguished it from iPhone. Millions chose Android for exactly that reason. Google is now revoking that promise unilaterally, on devices already in people's pockets, because they've decided they have enough market dominance and regulatory capture to get away with it.
This is why I've stuck with Android for the past 15 years.
This is a very HN view of Android. The "openness" of Android was for mobile device manufacturers, not app developers and end-users. Android's prominence was driven by the myriad of low-cost Android devices by multiple device manufacturers, whereas iOS is only available via iPhones.
The vast majority of users don't care about "openness" of the OS. They care about the utility of their phone in everyday life.
Can I access digital payment systems, social media apps, and entertainment apps? How's the camera on the phone? How big is the screen? Is it waterproof? How expensive is it?
These are the questions the majority of phone buyers care about. Not, can I download an app off of a random website and install it?
---
I would say that the majority of developers don't care about the "openness" either. They care about accessing a wide audience and getting revenue from their work. Free apps without ads or in-app purchases (zero-revenue apps) are the minority.
Google is also fine with losing the zero-revenue app developers because they provide no value for Google. Actually, they are probably a loss for Google, since Google provides Google Play Services.
> This is a very HN view of Android.
Just because you're HN dweller doesn't make it HN view. The openness, freedom, customizability and accessibility (money wise) were the tenets that differentiated Android from Apple devices.
>The openness, freedom, customizability and accessibility (money wise) were the tenets that differentiated Android from Apple devices.
i have never heard someone outside of tech circles (e.g. HN) mention openness, freedom, or customization, even as a passing comment.
they use a phone to access mainstream apps (youtube, instagram, reddit, maybe their bank) and text/call. mention "apk" or "fdroid" and their eyes start to glaze over.
cheaper devices, sure, i agree with that as being the differentiator to the average non-techie. the rest is, at least in my experience, absolutely a "HN view".
> i have never heard someone outside of tech circles... mention "apk" or "fdroid" and their eyes start to glaze over
My no-tech middle-aged uncles and aunts know what apks are, and that you need to install apps from somewhere apart from the main Play store if you want them to have no ads.
> i have never heard someone outside of tech circles (e.g. HN) mention openness, freedom, or customization, even as a passing comment.
And how do you qualify "(e.g. HN)" for this purpose? Places where people value openness?
These feels like a no-true-scotsman.
Android is developed by the Open Handset Alliance, a consortium of mobile industry giants.
https://web.archive.org/web/20260420021444/https://www.openh...
Openness for end-users was never a tenet. It is a very HN view to think that open-source equals freedom for users, and to state that it was a promise when it never was.
Freedom for users was the motivating factor that created open source in the first place. Rewriting history to serve your own ends doesn't help your credibility.
> can I download an app off a random website and install it
This is a straw man. This change hurts third party app stores such as F-Droid the most. I vastly prefer it to Play Store for the same reasons I prefer GNU/Linux to macOS or Windows (discounting the fact that Linux no longer needs hacks to "just work").
nah it was considered more open for users.
This is the initial press release for the Open Handset Alliance, the collaborators for the creation of Android: https://web.archive.org/web/20260420021444/https://www.openh...
Nowhere is their goal to allow users complete control of their device. Android was built as an open-OS for the mobile device industry, not end-users.
Android might have been considered more open than other mobile OSes by users, but it was never a promise or goal.
> Nowhere is their goal to allow users complete control of their device. Android was built as an open-OS for the mobile device industry, not end-users.
The fact that having root access is not the default supports that. Without root we're just "consumers" and that's how they see us. There's a lot of discussion about the security model of Android and how root is bad. But we've come to the point to argue that having root access is not only less secure but that we don't need root at all. A lot of replies, even on HN, are like:
> Why would you even need root access? What is it you're trying to accomplish?
That's a much bigger security smokescreen than the one in TFA. Sure, having root may be dangerous, especially if you don't know what you're doing, but it's still a choice. Having no phone or doing banking IRL or not downloading apps from the Play Store you haven't heard of before would also be more secure. But these 3 options don't align to the financial gain the consumers would bring to the providers. The consumers having no root, on the other hand, benefits the providers.
When a platform ditches openness, you lose more than a seemingly insignificant market segment that makes no money. Using money as the only metric is stupid and myopic.
> When a platform ditches openness, you lose more than a seemingly insignificant market segment that makes no money.
Openness for users/consumers was never a goal for the Open Handset Alliance.
> Using money as the only metric is stupid and myopic.
Publicly traded companies will be publicly traded companies.
This is going to make it more difficult for non-open source projects to get a foothold in the future because people are not going to trust a promise any more. Like, I have this thing called a smart phone. Is it open source? No? Oh well.
For you, is the openness of Android appealing as a matter of principle or does it enable you to do things you couldn't otherwise do?
I developed my first Android app when I was around 16 years old and I remember distinctly wanting to publish it on Google Play, but couldn't because they required developers to be 18+, and this was even before they introduced strict identity verification requirements. And iOS was a lost cause as XCode famously requires an operating system that only runs on very specific hardware for which I had no money. No matter, I published an apk on a website and ended up reaching a few tens of thousands of users that way. My app ended up transforming a (niche) industry and making a real impact on the world.
If Android isn't open, we lose the last open mobile operating system, which will have immeasurable negative effects on computing as a whole. People will need permission from either Apple or Google to create any mobile program. If you don't fit into their neat little system, you don't get permission. If I hadn't been able to publish my app for another 2 years I probably would've shelved it, decided it was stupid, forgot about it, got busy with other things, and never published it.
This is why I really wanted Capyloon to take off [1]. The idea was to build a whole mobile OS around PWAs. App Stores are just CDNs. There are no weird rules about payment processors. The ecosystem did not need to start from scratch.
Unfortunately, it just never gained the necessary momentum.
I always wonder how different it would look for the myriad of failed open source projects like that, if they had just picked a more marketable name
I've still got a firefox OS phone in a drawer somewhere. I was disappointed it got discontinued like so many other mozilla projects.
I actually use the ability to install custom software on Android. I actually use the ability for Android apps to bundle JITs, and language interpreters, and other things that allow you to extend the app at runtime. The Apple walled garden would be unusable for me. And moves like this one to turn the Android ecosystem into the Apple ecosystem will generally be regressions.
If anything, I'd like more openness in Android. For instance, apps should not have any control over what data I can back up; I should be able to back up every aspect of every app, restore it to a new phone, and apps should not be allowed to care.
I modify several apps for my own use in ways that wouldn't get accepted upstream (or are proprietary), and I modify OS components to reduce the impact of opinionated Google UI design (and Apple is worse in this context).
You can download torrents on an android and plug usb media devices into it. When I was bicycle touring Europe with my wife a couple years ago we constantly downloaded books for direct input into our kobos and shows and movies to fall asleep to at night you could play from random, often old and crappy, hotel and airbnb televisions. You can’t do any of that on an iPhone.
That said; iPhone is my main phone, has been for a decade or more. But I deeply appreciate what you can do with an android.
Android to me is like a tool. I use it and then I want it as far away as I can when I don't need it.
Iphones makes my life easier but are too limited.
Best case scenario, carry both.
I used to build custom apps for my Android all the time, install APKs, transfer files over USB, use USB tethering on my Linux computer, torrent, use a mouse and keyboard (I think iOS can do this now though), use the integrated terminal, etc.
A few years ago, iOS lacked basic features like widgets, NFC, calculator on their tablets, etc. And iOS still has a completely inferior keyboard (I used to write code and essays on my Android while walking) and a completely inferior notification system. Androids are also the only phones still offering a fingerprint scanner, which is way better for me. These nice things all combine well with the oppenness.
What's worse is that we're clearly in a progression of restriction. Bootloader restrictions, app installation restrictions, "age verification" requirements, etc. Openness is being locked down from every angle with serious momentum, it's not anticipated to stop here.
>For you, is the openness of Android appealing as a matter of principle or does it enable you to do things you couldn't otherwise do?
Both. I don't like the idea of locked down computers and that includes phones, especially now that they're so prominent in our lives.
I dabbled in Android development for fun a decade ago and I loved how there was no barrier to entry. I've loaded apps that aren't available on the Play Store and have loaded apps that my friends have made just as fun side projects.
There was a handheld gaming system in the early 2000s called Cybiko. Cybiko and Sega Dreamcast homebrew opened my mind up to the power of computers and having control of your hardware. These things should not be locked down. I liked messing around with making little programs on the Cybiko and downloading homebrew games for it and the Dreamcast. The openness of Android really excited me when it was new because I thought of it the same way as a Cybiko or Dreamcast or PC and not a locked down device where I can only run software approved by the hardware manufacturer.
The openness of Android also acts as a check of sorts on how restrictive the walled garden can get. If google were to clamp down on useful functionality in the play store, then you could always install apks yourself. But if the latter is no longer an option, then there's much more temptation to google for the former.
I get the feeling that clamping down on useful functionality is often an unfortunate side-effect of closing down paths that are being exploited by criminals to harm users.
What should Google do when a change they are making to protect regular less-technical users breaks functionality needed by more advanced users?
I reject your premise. I do not believe that the primary motivation here is to protect less technical users. However even were I to accept that, I would say the change is an unacceptable one thus they should either figure something else out or do nothing.
What's the threat model here?
If the user must click through a tons of disclaimers (including locked 60-second timeouts with huge WARNING: SCAM ALERT or something) in something buried in settings to get scammed, I think the few edge cases may be worth the tradeoff of being able to install apks.
Remember there is already malware-scanning by default (by Google play), apps need to ask for permissions, they generally can't read other app data or control say banking apps, modify system data (at all), etc..
The threat vectors seem already restricted. I haven't met anyone which has fallen to actual Android malware ever (that I can remember), but I can remember several close family members which were victims of simpler social engineering scams (mostly unsuccessfully) recently.
Requiring every package in F-Droid to pay a developer licensing fee is not protecting anyone, in fact it will make people less safe. The whole model of F-Droid relies on free software, needing to pay a license fee to Google banishes people who have no profit motive - Google is explicitly banning a nonthreatening group of developers.
> What should Google do when a change they are making to protect regular less-technical users breaks functionality needed by more advanced users?
Have people read and type in a message saying "I'm not on the phone with a potential scammer who is trying to get me to install a package that may be dangerous", trust people to actually read what they're typing, and if they can't read and comprehend that, stop getting in the way of them shooting themselves in the foot.
> What should Google do when a change they are making to protect regular less-technical users breaks functionality needed by more advanced users?
Put it behind an USB ADB only toggle and be more transparent to avoid slippery slope?
That requires having a PC to unlock basic functionality on your Android device, assuming the change we're talking about is still app installs.
I don't think OS vendors should be expected to keep people from doing dangerous things. A warning label saying "hey that's dangerous because..." is reasonable, but anything more and they're trying to be my sysadmin against my will.
The sysadmin part is their value-add. One reason my current phone being an iPhone after being 100% Android for a decade are the better walls and nicer garden.
These are sold as consumer devices and not general computers. It sounds like you want something different. They’re selling cars and you want a motorcycle.
Android was very open when it was released and for some time after. Installing APKs directly was easy. Most devices had unlocked or unlockable bootloaders. An Android phone treated its user much like a PC did.
More sysadmin-as-a-service type stuff is fine as long as the opt-out is easy. This isn't. I'm upset about the rug pull.
I understand. I was one of the 25 people excited about the OtherOS option on the PS3. When Sony removed that in an update I was bummed because that’s one of the reasons I bought it.
You never know though. Sometimes things go the other way. When the iPhone launched there was no way to create apps for it or install third party applications except as web apps.
Oh yes, a very unfortunate side-effect that companies are implementing with tears in their eyes, tearing their clothes apart.
The problem with the toxic max-security[0] arguments is that it is always possible to invent a more gullible fool. There is no security measure that will perfectly protect a user from getting scammed out of everything, save for scamming them first and then treating their property as your own. That's the Apple argument. The only way you can keep people secure without falling into the same rhetorical trap Apple employs is with bright red lines that you swear not to cross, no matter how many people wind up getting scammed, because at the end of the day, people are adults, and their property is theirs.
Furthermore, we have to acknowledge that scam-fighting is not Google's job. They can assist with law enforcement (assuming they do not violate the rights of their customers while doing so) but they should not be making themselves judge, jury, and executioner in the process.
If you want a more concrete technical recommendation, locking down device management profiles would be a far more effective and less onerous countermeasure than putting a 24-hour waiting period on unknown app installs. Device management exists almost exclusively for the sake of businesses locking down property they're loaning out to employees, but a large subset of scams abuse this functionality. Part of the problem is that installing a device profile is designed to sound non-distressing, because it's "routine", even though you're literally installing spyware. Ideally, for a certain subset of strong management profile capabilities, the phone should wipe itself (and warn you that it's going to wipe itself) if you attempt to install that profile.
Both, very much both, and I would assume that the 'actually being able to use the device in whatever way I want' feeds back into the 'this should be a thing we can do with purchased-to-own hardware' feeling
I'll chime in with a really basic example. On my Android phone, I can have syncthing run as a background task. I can point other applications to use a data folder, in my syncthing share, and store their persistent state there. The Camera app, for example. Or Obsidian, my current favorite note taking app. Syncthing, by virtue of being always on and manipulating a decades old, very well understood filesystem concept, "magically" syncs all of these changes to every other device I own. Entirely offline, even if the internet is out, because the devices can just talk to each other.
So far, I have been utterly incapable of getting my iPad to do anything remotely similar. It can run syncthing, technically, but not in the background. Apps don't have a shared filesystem structure, so it's difficult to get anything else set up to "save within my shared folder" in a way that would work, and that disregards that the syncing cannot occur when anything else is open. There's all sorts of cloud backup options, but those require the internet and even when they're working, there's this awkward import/export flow that adds friction to the whole dance.
In isolation this would just be a small papercut, I guess, but these sorts of limitations are all over iOS. It's just terribly hostile to anyone not fully committed to the Cloud-first, Apple-hardware ecosystem. Android doesn't care, and doesn't have to care, because it lets me run the software I want. It's a really small set of programs too, at the end of the day. (Firefox with real extensions is the other one.)
This is the exact reason we switched my wife from iPhone to Android – because her iPhone couldn't sync reliably for our shared password vault or for Immich.
Not op, but I used to be a mobile app.
I use this to occasionally build and install Android apps from github.
These are often out of date and need some tweaks but I can do it on a whim (I certainly wouldn't bother if there was a paywall).
Yes.
Can you expand on that? I'd like to understand the kinds of things millions of people are no longer going to be able to do.
Well for instance the top app on fdroid is apparently "simpmusic" which would be impossible to run on an iphone because apple doesn't allow apps like it [1]... and it has 800k downloads from f-droid by itself.
To be clear though android isn't stooping to Apple levels yet. You can still do anything, it just makes it obnoxious to do so.
[1] https://arstechnica.com/tech-policy/2025/05/musi-strikes-bac...
> Millions chose Android for exactly that reason
Citation needed.
But even if millions did bought an Android phone for ill-defined defined, about 15 billion Android phones were sold over the years, which could very well make those millions a minority, with most having other reasons for their purchase.
There's no point anymore.
There is still a point to making a choice. Inconvenient sideloading is still better than no sideloading.
In principle I could never reward Apple with my business for having originated and normalized this.
And pragmatically, I'd like to hold on for as long as I can to the next set of rights that Apple will take away five years before Google does.
From what I can tell, Graphene OS will be unaffected. Some of the app stores like Aurora and F-Droid may run into problems during the verification process. Best I can tell (and read from other sources) is an inconvenient 24 hour wait period and many have said the Graphene team will overcome that in short order.
I would say keep the faith as I'm in the same boat and have made my choice for privacy and control. Giving up everything when it could very well be a minor setback is worth holding the line.
Downvoted for posting facts? Wow, big shocker. Seems HN dislikes facts even more so than Reddit, imagine that?
Just an FYI:
GrapheneOS is an independent operating system based on AOSP (Android Open Source Project) and does not come with Google Mobile Services (GMS) or Google’s proprietary "certified" software, meaning Google's rules for Play Protect-certified devices do not apply.
- Operating System Level: GrapheneOS is not a "certified" OS in Google’s ecosystem. It has full control over its own package management and installation processes.
- Sandboxed Google Play: Even for GrapheneOS users who choose to install Sandboxed Google Play Services, these are treated as regular, sandboxed apps and cannot restrict or block the installation of other third-party apps.
- Sideloading Freedom: GrapheneOS will continue to allow users to install apps from any source (like F-Droid or Aurora Store) without requiring developer identity verification
You have been able to sideload on iOS for years; I first did it in 2021 but I think it was earlier than that. You just needed to create a server on a Mac and you could easily load apps on, all without any kind of special jailbreak. When Delta got released on the App Store, that was cool and all, but I wasn't as impressed as others because I had already been playing emulators on my iPhone for years.
Was it convenient? No, of course not, but it's been an option for quite awhile; to me the biggest advantage for Android was the fact that it was relatively easy to sideload apps.
To be clear, I don't like that Google is doing this, and I think arguing that it's for security is a half-truth at best. I could make my phone 100% "secure" by pounding a nail through the NAND chip; no one is getting into my phone after that.
With the advent of vibe coding, a part of me wonders how hard it would be to hack together my own phone OS with a Raspberry Pi or something and a USB SIM card reader. Realistically probably too much work for me, but a man can dream.
> Millions chose Android for exactly that reason.
Millions? Are you sure?
Even so, Android has billions of users who want secure app management by default.
Don't buy the FUD claiming this is about "secure app management".
Just to play devils advocate, the petition is a bit of FUD too, no? I ask as an F-droid user and downloader of unofficial apks. Speaking purely from my own experience, all the side-loaded apps I care about are fungible; I could get them or similar quality equivalents from GPS. With the exception of a 4chan reader, that hasn't been hosted there and likely won't be. I don't mind the 1 day wait too much.
I understand political dissidents and those living under authoritarians may have much more concrete Fs and Ds but for me (us?) it's mostly U.
> I don't mind the 1 day wait too much.
I do. It's my device. And I've been in the position of having to buy a replacement phone in a pinch; having to wait an extra day before having a usable replacement is not acceptable.
In terms of apps I might not be able to get from the Play store:
- Signal, depending on what country I'm in in the future and whether they've tried to restrict things they can't backdoor.
- Vanilla Music, which remains the best music player I've used. (I wish there were an Android version of Quod Libet.)
- A fully capable version of Termux. (the Play store currently has a less capable version that's maintained separately, which could go away if someone decides to stop putting up with it).
- Syncthing-Fork, which has at times been undermaintained in the Play store.
I'm gonna try out Vanilla Music now. FWIW I use Musicolet from GPS and it's quite nice. I hope to learn whether and how our criteria intersect by exploring Vanilla....
Update: out of the box it seems to be reading tags strangely. Maybe I could fix this studying the settings more, but I'd say you have an upgrade opportunity switching off Vanilla. Signal is hard to replace though.
Honestly, the only thing I want out of Vanilla is the filesystem view. The only modes I ever use with a music player are to browse files as I organized them into folders, queue them up, and play the queue on repeat and/or shuffle.
The problem is the slipper slope. If we let Google get away with this, it will only get worse.
Just see the Play Integrity API making the user experience more difficult on more secure devices like GOS with mo security benefit.
>Play Integrity permits a device with years of missing security patches. It isn't a legitimate security feature. It checks for a device in compliance with Google's Android business model, not security.
(https://xcancel.com/GrapheneOS/status/2036610983888588818#m)
> all the side-loaded apps I care about are fungible; I could get them or similar quality equivalents from GPS
You're missing out then!
Let me play out a scenario, imagine to use a Desktop Hardware like a complete built rig, you would need a specific OS like Windows 11 and you could not run Linux on it, just because it's a vendor lock-in.
Why is this acceptable for phones but would not for the case above?
I know a lot of people don't care, and that's ok, but we should root for an open choice for the users.
> Why is this acceptable for phones but would not for the case above?
PCs happened by accident.
Before the PC, people had TVs - devices not for creating, but for passively consuming content made by big corporations and the state. And we had games consoles - devices not for creating, but for playing games made by a medium-sized company, with strict approval by a huge company (who want a cut). Strictly censored to be age-appropriate, naturally. Pirate radio? Straight to jail.
Before that people had newspapers - media for passively consuming, intended for mass readership, written at the behest of rich newspaper barons with certain political opinions they're keen to push.
And after the PC, we have smartphones - devices not for creating, but for consuming content feeds, curated by big corporations, with rich owners with certain political opinions they're keen to push. A huge company eager to take a cut. A tiny screen, and a keyboard that puts curly braces three keypresses deep. Can't even debug a web page without connecting to a PC. And soon to be strictly censored to be age-appropriate.
The PC is really the outlier here.
Alongside TV we had cameras, and families across the country filming birthdays and other special occasions.
Alongside newspapers we had 'zine culture and mail-order pamphlets.
There has always been the option to contribute - the Apple iPhone is quite possibly the first exception.
You could film and put it on your tv, but you couldn’t create and distribute to the medium at large
Not with the same reach, but some people kinda could! Specifics depended on where you were in the world, but it existed and to some extent still does. In spite of a very rough decade and a half since 2010 culling many of them.
https://en.wikipedia.org/wiki/Public-access_television https://en.wikipedia.org/wiki/Community_television_in_Canada https://en.wikipedia.org/wiki/Swindon_Viewpoint https://en.wikipedia.org/wiki/Community_television_in_Austra...
I think this was because of the “IBM PC Compatible” market. IBM was using off-the-shelf components for its PC system and other manufacturers reverse engineered and cloned the system and started selling IBM clones. Interestingly Microsoft who controlled the OS became the monopoly and gatekeeper of that market, not IBM (hardware). MS was making a ton of money by selling OS licenses and online software stores was not a thing since the Internet was nonexistent/limited. “Developers, developers, developers” were the king in that business model so they didn’t need to give a cut to MS or IBM to build on a PC system.
Saying that I think the situation in the smartphones today is less about the business model and more about control and surveillance.
That's really not true at all. Are you aware of the entire home computer industry of the 70s and 80s? Before PCs, you had a beige box you plugged into your TV and typed in games line by line out of a magazine. They DIY scene was enormous as a percentage of total users.
They also blur the line between "computer" and "console", since the NES is practically the same architecture as many contemporary "computers". Homebrew games existed, and weren't that far out of reach. Homebrew has existed on pretty much every console ever.
PCs weren't an accident in any way. They are a direct descendant of "home computers". That's why they were called "personal computers" in the first place.
It’s the same situation as game consoles. Custom built hardware that is only meant to run the one specific vendor OS. There have been many other computing devices like that in the past as well. The general purpose desktop computer that allows a choice of operating systems is actually less common than the other way. Historically, people didn’t expect to run alternate operating systems on a mainframe, 80s and 90s computers like a Commodore 64, Power PC Macs, Amigas and DOS/Windows machines until Linux came along.
That’s odd, because I remember being a user of MUSIC on the university System/360. I imagine it also sounds odd to all those people who ran AT&T Unix on their PDP/11 systems instead of a Digital OS like RTS/11. Or the people who ran Xenix on their PCs. Or the folks like me who installed OS/2 on what was sold as an MS-DOS machine. Then there were the folks who ran A+ on their Atari.
Oh yeah, odd. Anyway, I’m aware of alternate mainframe OSs but I’m not sure how common using one was. Other than OS2, alternate OSs for other systems were rather rare, though it is worth noting that they were not forbidden or blocked.
> I’m aware of alternate mainframe OSs but I’m not sure how common using one was.
Extremely common at major universities and research centres. CTSS, ITS, TENEX, Multics, Unix and even VM/370 were all alternate operating at some point.
> Other than OS2, alternate OSs for other systems were rather rare,
You weren't there, were you? A lot of people replaced MS-DOS with DR-DOS before Microsoft deliberately broke it with Windows. A little later, a number of people were running Unix System V on their PCs, to the extent that there was a regular column about Unix in Byte.
Didn’t Microsoft somehow ruin Dr DOS? Not technically, but didn’t they sue them or something? Which would mean this is the same issue, 40 years later. Yes, I was there on the 80s, but I had a Commodore 64. We did use GEOS, if that counts. I was not present for the 70s.
> at major universities and research centres
So not common outside of ivory towers, no?
Before IBM PC computer's weren't particularly commonplace outside of ivory towers either.
Out of all the things that have computational power, PC is pretty much the only one that comes with a built-in way to replace its own system. Xbox, PlayStation, Telsa, Smart Fridges, etc. don't have this ability from the beginning.
So yeah, the society has largely accepted this. PC is the exception.
> we should root for an open choice for the users
I see what you did there... and agree completely. If you don't have root, it's not yours. All my Androids (none from this decade) are rooted and I plan to keep them that way.
The vendor lock-in scenario for desktop hardware already exists with the latest x86 generation of gaming consoles. Gaming consoles are locked down because the hardware is subsidized with the expectation of revenue from the digital marketplaces they provide.
The yet-to-be-released Steam Machine is not subsidized and is unlocked. Steam is a OS agnostic digital marketplace, so it doesn't matter what OS you install on the machine.
Microsoft doesn't see a threat in allowing other OSes on their Surface hardware because the majority of their revenue comes from M365.
It's just market forces really. In the end, phones provide enough utility for the majority of users while being locked down. There's nothing stopping you from buying a fully-open phone, but there's just very little utility in it for the majority of users.
We have vendor locked-in hardware as well (blowing fuses on threadripper/epyc to disable running on a different mainboard)
No need to play this scenario in your head, here it is in the real world: https://en.wikipedia.org/wiki/Windows_RT
Few interested hardware vendors, discontinued after 4 years. "mixed reviews at launch, while critics and analysts deemed it to be commercially unsuccessful"
Windows 10 S was another attempt that "Similarly [restricts] software installation to applications obtained via Windows Store." Cancelled after one year.
Exactly the fate I wish upon closed ecosystems. The only question is why iOS is different. I am inclined to say it's the brand status that overpriced luxury goods have that draws rich people initially, making it lucrative and perhaps even a tad prestigious to be there, but surely it's more than that?
I think it’s because the Microsoft Store barely has any apps that users use. The Microsoft Store didn't support the Win32 API, so developers had to rewrite their apps.
iOS was a new SDK from the start.
The open open choice already exists. Sent from my Librem 5 running GNU/Linux.
A GrapheneOS phone is just as open as the Librem 5. They both use proprietary blobs and hardware. Librem just tries to hide that fact.
https://news.ycombinator.com/item?id=47935853#47943179
GrapheneOS is probably more secure also.
> The open open choice already exists.
Unfortunately, not in my country.
> Sent from my Librem 5 running GNU/Linux.
Can I buy a Librem 5 here in Brazil? (Unless it has ANATEL certification, which I doubt it has, buying online from outside the country is not an option, since it will be rejected by customs.)
If computers were invented by the Silicon Valley of the 2020s, this would absolutely be the case.
From the state's perspective, probably along the same lines as why long guns are allowed with permit in many countries where handguns are banned.
Because you can conceiled carry a smartphone? Please explain.
Yes? Modern portable computing enables counter-surveillance of police, better communication and knowledge access for dissidents, and interface with institutional computer systems for any number of ends. The George Floyd protests don't happen if the bystanders didn't have smartphones, or if protestors had to carry around an Alienware tower; the Snowden leaks don't happen at the magnitude they did without memory miniaturization. There are international examples, too, and commensurate crackdowns on computing freedom (particularly in Hong Kong).
You've got a supercomputer and a library and a set of video production equipment in your pocket, among other things. The capabilities of such a device are fundamentally different from something that's tethered to a desk or that's conspicuous when out-and-about. The idea of it being open and untrackable is exciting for some and terrifying for others.
This is the most important part:
>> Developers
Do not sign up. Don't join the program by signing up for the Android Developer Console and agreeing to their irrevocable Terms and Conditions. Don't verify your identity. Don't play ball.
Google's plan only works if developers comply. Don't.
Talk other developers and organizations out of signing up. Add the FreeDroidWarn library to your apps to warn users. Run a website? Add the countdown banner.
Unfortunately not gonna work.
Developers either want to make money or work for someone who wants to make money.
In either case they will be forced to.
To be sincere, they were never truly ours. A proof of that is they were able to come up with this, and you don't have a way to reject it.
What we actually need are (open) alternatives, not to double down on Google's ecosystem and Google-controlled OS. We need to control the device we bought and be able to run whatever we wish on it. Just like we do on PCs.
https://postmarketos.org is working on developing a Linux distribution for mobile devices (including smartphones), aligned with these goals: free open source software, empowering users to control their own devices.
I won't deny that a lot of application support still needs more work. But this is definitely moving in the right direction.
Is it time to bring back the Windows phone?
I keed I keed!
But unfortunately there really isn't a great alternative. I painfully attempted to use Ubuntu Touch and its always the same thing. The lack of available apps, the lack of app development in general for the platform was pretty eye opening. Add in having it only run on really old devices isn't much help either. Its promising, but a long ways off even from some of the non-standard roms I've used like Evolution X which is a Lineage fork.
If this really does cripple a lot of the known custom roms out there without any solid alternatives other than Graphene? It could really be a huge turning point.
I wouldn’t mind a 64-bit build of Symbian or WebOS on my phone, actually. Or, hell, Plan 9.
Security is essential for an appliance like a smart phone. I fight the general purpose computing battle on my desktop with Linux, but on my phone I just need something that won’t be hacked.
I really don't understand this mentality at all. Freedom is about the ability to do more stuff, not the requirement to do more stuff. Meaning, everything you want to do with a locked down phone, you can do with an open one.
There's no, like, gun to your head saying you HAVE to side load apps. You can just... not... do that. If you think side loading is insecure. You can download 100% of your apps from the play store. In fact, that's what 95% of people do.
I mean, what's the threat model here? That you somehow forget your own belief about side loading being insecure and then accidently side load an app? Does that even seem possible?
I can kind of understand this argument for granny who doesn't know where she is. Kind of. But for you, it makes no sense. I mean really, think about what you're saying here about you as a computer user or even as a person.
Well people can be tricked into sideloading apps if it’s possible.
To be clear I’m totally on your side and I think that’s a ridiculous reason to not have an open system, but let’s not pretend it’s not a possibility because doing so harms our otherwise very solid argument
I've resigned to the fact that I'll need to use two phones, one with locked down Android/iOS for banking applications and government services (those require strong bank ID around these parts), another with some kind of a Linux or unlocked Android for literally everything else. Oh well, such is life, most people don't care enough about this to pressure Google/Apple/banks/governments into yielding.
A big reason why a non-locked-down OS is absolutely vital to me is that sometimes I (reluctantly) have to travel to places where I need to install obscure VPN/proxy services to be able to access international internet. Most services present in app stores have been banned for years now, and the government sometimes even succeeds in making Apple/Google remove the more effective ones from the stores.
What we need to push back on is making a phone a requirement to do routine banking and conducting other necessary business. There is no reason I should be required to have a phone in order to query my balance or transfer money to someone, when I have a perfectly good computer sitting here.
The physical keys, like Yubico, help with that. However, I have not been convinced that a password manager with unique, strong passwords on all my accounts shouldn't suffice. I don't know why I have to be penalized because other users don't use best practices.
Bank apps in India don't run on rooted phones, need developer mode and adb disabled. At the same time, their website works fine on Firefox on Linux where I can literally go through all their front-end source, attach and run debuggers.
What even is going on? Why are banks doing this security theatre when all their apps are doing is calling some backend apis?
I think most bank apps in the western world also refuse to run on rooted phones. To my pleasant surprise my banking app worked on GrapheneOS though.
In my informed opinion, anybody who does banking on their phone is taking a big and unnecessary risk. I wish I could say more.
> anybody who does banking on their phone is taking a big and unnecessary risk
It is not necessarily a matter of choice. Besides what the other commenter notes about 2FA, in some countries banks have been removing functionality from their online-banking website, and you can only do certain things in the phone app.
This annoys me to no end. I have an old phone that I boot up occasionally because it holds all the apps that I only need once per year for a niche feature that is only accessible in their app. I don't need 200 apps on my main that I would otherwise never open.
> in some countries banks have been removing functionality from their online-banking website, and you can only do certain things in the phone app.
The most infuriating I've seen, is a bank which removed the anual tax report (which you need to do the anual income tax) from the online-banking website, requiring you to use the phone app... to download a PDF file, which you then have to transfer to the computer anyway so you can print it!
Fwiw, iOS lets you print to network attached printers directly, no macOS needed.
See, the thing is, here you can't use banking on your computer without having a bespoke authentication app on your phone. There used to be a system of one-time codes sent via paper mail, but even that has been scrapped by now, so using bank ID apps is literally the only option across all of the local banks. In my bank the ID app and the bank app are even different apps, and it's the ID app that's the truly important one to have (and that, of course, hates rooted/modified phones with a passion).
The government services also go through these ID apps, although there is a poorly supported alternative that uses USB smart card readers. I have not seen a single person actually use it, probably for a reason, though I'm planning to get one just to have a backup...
I see you suggest you can't say more, but I'll still ask the questions:
Is it a privacy or financial risk to have banking on your phone?
How is banking on a phone app more dangerous than banking via mobile or desktop websites?
It is a privacy risk, a financial risk, and a security risk.
The issue is the platform. Obviously there are issues with desktop platforms too, but those are easier to mitigate.
Not a choice if you live in a "developed" country
I live in a "developed" country and don't have a banking app on my phone. It's a choice. Sometimes it's a choice of which bank you bank with. Sometimes it's a choice to stick with more traditional means of interacting with that bank and not even checking your account using a website, but it's absolutely a choice.
I think this is the only long term solution, even if cumbersome.
I’m curious what secondary devices people are using. I have a second hand Surface Go running Fedora 43 with Gnome, it’s a bit big but it’s doing its job well.
> "dismiss more scare screens"
This whole website is a scare screen. There's a lot that is not being said on this page, such as the advantages of the new system, and the motivations of the authors of this site.
There's a reasonable discussion to be had about trade-offs here, but this is entirely one sided, in somewhat bad faith in my personal opinion.
Sometimes reality is one sided, I personally see zero advantage to the new system.
And I don't see how this change adresses the number one source of scams, the Play Store.
Is the Play Store the number one source of scams though? It might be in absolute terms, but Google has said malware off Play is 50x higher, and clearly Google does a huge amount of work to keep scams off Play. It seems logical to have a multi-faceted approach and try to reduce malware distribution elsewhere.
When I search for ChatGPT right now on the Play Store, the first result on my phone is a counterfeit app with a fake logo, I don't think even basic diligence has been done on the play store, it's the far west.
As for the apk, of course not many people distribute legitimately this way ... because it's already too complicated! Even Fortnite couldn't make it work, so if they cannot, how can your average developer do it?
If you want more legitimate apks, the solution is to remove friction and make them easier to install.
Google has been acting in two steps here:
- first make apks too complicated for legitimate developers
- then claim that no legitimate developer use them...
I agree. I don't like the idea of Android being locked down, but the conversations around this topic are tipping into disingenuous.
Your phone is still yours, you can still install third party apps, and you can still develop apps without a verification. But now there's a one-off hurdle to install them.
Not ideal, but when we think of the people that it's trying to protect, this feels like a reasonable middle ground.
Exactly. Nuance and good faith is in desperate need here. Google hasn't been perfect here by any stretch, but they are clearly responding to feedback. This side however seems to stick its head in the sand over security, "I wouldn't fall for it therefore it's not a problem" sort of stance, which is just talking cross-purposes. By all means push back on security being a concern, but the numbers don't support this.
> Starting September 2026, a silent update, nonconsensually pushed by Google, will block every Android app whose developer hasn't registered with Google, signed their contract, paid up, and handed over government ID.
This is false. Google will provide two other flows for app distribution that are different than this.
> Every app and every device, worldwide, with no opt-out.
Again, false. There is an opt-out called the "advanced flow".
https://android-developers.googleblog.com/2026/03/android-de...
But the "opt-out" will not prevent ecosystem effects caused by the default shutdown of convenient app installs due to the policy. Not even for GrapheneOS users. It's a global policy by a body we never voted for. You can't opt-out of that different world by waiting 24-hours, the ecosystem could have permanent effects. This is coming from a company that doesn't even bother to expose a permission to disable Internet access per app. It's there underneath, but they just ... don't expose the choice.
Is it really going to have ecosystem effects? Surely the small portion of power-users who are bothering to intentionally sideload apps can click a couple of buttons. Or just load via ADB and avoid the entire thing.
The entire point here is to prevent scam actors from using a false sense of urgency to defraud people. That is a serious vulnerability that needs to be addressed somehow, and I think this is a good compromise that doesn't impact people's ability to sideload.
I say this as someone who sideloads apps literally every day.
> The entire point here is to prevent scam actors from using a false sense of urgency to defraud people. That is a serious vulnerability that needs to be addressed somehow
Does it, and if it does, does it need to be addressed by an OS vendor creating a mechanism to ban developers for most users? I'm not convinced of the former, and I'm certain the latter is bad. I predict within ten years, we will see this used against something that is not malware.
What do you mean "ban developers for most users"? Most users get their apps through the play store, which will still exist here. Some users sideload apks, which is also a functionality that will still exist.
> we will see this used against something that is not malware.
See what exactly used against something that is not malware? The Play Store already has requirements other than "don't be malware". If you're talking about the sideloading requirements, all of these requirements apply to every app, not just malware.
Recently, both Apple and Google banned apps for reporting immigration raids in the USA from their respective stores. Android users can still trivially download such apps from other sources. After the verification requirement, nothing changes as long as the developer has a permission slip from Google. If they don't, users have a waiting period that could be a critical delay in an emergency like a crackdown by an oppressive government.
Google has stated that it will only withhold such permission from developers who distribute malware. I imagine they'll stick to that promise at first, but long-term I think they won't. Once it's possible for them to impose partial bans on developers, governments have every incentive to pressure them to do it.
You deliberately took the second quote out of context, in order to (attempt to) refute it. Here's the quote, with context:
> Starting September 2026, a silent update, nonconsensually pushed by Google, will block every Android app whose developer hasn't registered with Google, signed their contract, paid up, and handed over government ID. Every app and every device, worldwide, with no opt-out.
That is not false, it's completely accurate. You don't have to take my word for it, though, the Android developer docs have a helpful page detailing the plan [1].
As for the "advanced flow", the article discusses it in detail.
??? We literally quoted the exact same text.
The plan does not outline what that quote does. You only have to do all of the things the quote claims you do in one of the three possible deployment flows. In "advanced flow" you don't have to do any of them.
No, you quoted some of the text. Hence my statement that you removed the context. If you read the full quote, it's clearly stating that you cannot opt-out of the update.
Please read it again. We quoted exactly the same thing, to the character.
Also, you can certainly opt to not install android updates, if that's your preferred reading here -- so that is also false.
The author as well as commenters in this thread are claiming that people choose Android over iOS or vice versa
One could argue this is false dichotomy
These people are actually choosing a particular form factor with particular specifications that, more or less, only runs corporate mobile OS^1 instead of form factors that run non-corporate OS
1. Or some derivative of one that relies on the corporate distributor and replicates the tethering to a third party, e.g., "phoning home" to the OS distributor, "automatic updates" (remote code execution), etc.
There are other form factors of computers that can run non-corporate OS, where "phone home" and RCE code does not exist or, if necessary, any undesired code can be easily removed by concerned users
In sum, one could argue that with respect to control, privacy, etc. (a) choosing to use one corporate mobile OS over another is not a meaningful "choice" when compared with (b) choosing to use a non-corporate, open source, "compilable by the user" OS instead of a "locked down" corporate mobile OS
This choice can be made on a case-by-case basis depending on what computing problem the user is trying solve. With respect to anyone who seeks to use their "phone" as a general purpose computer to solve every computing problem, one could argue the "choice" of one corporate mobile OS over another is not meaningful with respect to user control, privacy, etc.
Instead "tech journalists", "tech blogs" and online commenters prefer to argue over which is the "better" corporate mobile OS. The truth is, with respect to control, privacy, etc., they all suck
Right on the nose. And to make that problem worse we've integrated a fair share of our lives into these devices, for which there is only 2 terrible choices. I can't tell you how many friends have expressed to me that they'd love to try GrapheneOS or get out of the mobile ecosystem entirely, but all of them use mobile apps for banking which effectively locks them in. It's basically the devil's bargain because we've added so much ease of use functionality to our day to day lives through these devices. In exchange Google is now showing us it was never ours to begin with.
I agree with your post however further info on one point:
> but all of them use mobile apps for banking which effectively locks them in
Many banking apps work fine with GOS. But given banking and money is such an important part of our lives it is easy to see why people might be hesitant.
It doesn't guarantee future compatibility.... but linked below is a GOS [banking app] status list, crowdsourced info by country.
https://privsec.dev/posts/android/banking-applications-compa...
Russian here, a former Android and iPhone user. I had to switch to Graphene OS in full paranoid more due to our worsening situation regarding VPNs and phone searches.
After about a month of using Graphene OS, I'm not looking back – it's great. I'm not recommending it as a 100% solution for everyone, but it's definitely a very solid practical step towards keeping the phone yours:
1. Your phone will be able to operate as a basic phone (calls, SMS, web, photos / videos, location, Bluetooth, eSIM) without a Google account.
2. You will always be able to install an APK. This helps you install apps that are banned from Google Play Store in your country.
3. There's a duress PIN that lets you wipe the phone completely from any 'Enter PIN' screen. (I tried it, it's a bit messy, but it does wipe the phone and in the end you return to a blank Graphene OS installation – no need to reinstall.)
4. There's a setting that lets you disable any USB port functionality other than charging.
5. The permission system is amazing. If you are forced to install a state-mandated spy app (like the Max messenger in Russia), you can put it into a "permission jail" where the app assumes that it has access to the requested data but actually receives what you explicitly give it. For example, you can select individual photos and contacts to make available to the app – while the app will think that it has access to all contacts and photos. Bonus: the new Internet permission, which lets apps think that they are connected to the Internet while they are actually blocked from it.
6. You can have a separate profile for data and apps you don't want to expose. (There's also a Private Space for that, it's very convenient but it exposes installed apps via app search from the main space.)
7. There's an End Session function for a logged-in profile that stops it from running, wipes it from memory, and puts the data at rest.
8. You can have a separate VPN in each profile. This should help against situations where your local equivalent of Roskomnadzor sniffs out your VPN connection settings via state-mandated changes in apps operating in your jurisdiction, and bans that particular VPN later. Just make sure you install all spy apps under a profile with a disposable VPN that you aren't afraid to lose.
9. Each profile (and the Private Space too, because technically it is a special kind of Profile) can have a separate Google account. For example, one profile can have a Russian Google account (for banking and state apps), while another profile can have an Armeninan Google account (for things that are banned in Russia, like Spotify and Kindle.) However, to arrange this, you have to physically be in the desired country – Google doesn't let you change the account country without being there.
To sum up – if you are concerned about this situation, buy Pixel 10 (excellent hardware btw.), install Graphene OS (very easy, their web installer is great), and try using it for a while.
It is going to sound odd, but.. why do we need a phone number at all ( I know why it is so entrenched -- I am asking about need )? Because, if phone number is not needed, we can move to bypass the annoying effective duopoly.
Phone numbers so far have been one of the most effective unique identifiers that companies can convince people to give them
"Tap the build number 7 times" ... "wait 24 hours"
Throw a pinch of salt over your left (wait, no ... right) shoulder. Spin around clockwise 3 times. Read the Rosary twice.
AHA! So, they are allowing users to keep doing what they want.
Start again. But this time, align your left top molar with the lower right canine.
I don't see why megacorporations and governments are allowed to control the computer I carry around in my pocket, while I'm not.
This is a bit related, but not precisely on top of the major topic we are discussing, but I'll say it anyway: I just got a brand new Samsung A56 for my personal use, and I just found out, like a minute ago, that I can't set a maximum battery charge (say 85%) without internet. It's asking me to turn on the WiFi. This makes no sense whatsoever. If I had to guess it's because Samsung wants to keep a profile of my battery settings and they need that telemetry, but not allowing me to set the bloody thing without internet is insane.
Another thing that happened yesterday when I was setting up the phone was the mandatory need of an internet connection, otherwise the phone would simply not allow me to move on with the setup.
I'm this fucking close to sell this thing and try my luck with a Chinese smartphone, which I'm pretty sure is not going to toss that shit on my face. (I had a Chinese one and a Galaxy S20 FE before, both on different Android versions, 10 and 11 iirc that wouldn't block me like that)
/rantOver
GrapheneOS proves it's not an absolute, that "the computer I carry around in my pocket" must depend upon a megacorp / gov. <3
The issue still is boiling down to GrapheneOS having less $$ for marketing vs GOOG / Alphabet / https://en.wikipedia.org/wiki/List_of_Google_products
Because it's their creation.
I don't know if that is sarcasm, but a chair I buy is mine to do whatever I want with it. Same goes for clothes, a mattress, paint, or any other non-software enabled physical item. Why does having software/hardware make a difference?
Because your clothes and paint do not need security updates, since they do not talk to the internet. Your mattress cannot be made part of a botnet.
You can do whatever you want with your phone too, it isn’t illegal to jailbreak an iPhone for example.
Because capitalists extend control wherever they can to maximize profitability.
If you want decisions that corporations make to be aligned with the desires of their users, you should be advocating for software/hardware built by consumer cooperatives.
I don't care, I run Graphene, and my phone is definitely mine. Most Android apps just work, and the ones that don't are the kind of malware I am happy to do without.
I use GrapheneOS too. Most of the time it works great, with some weird bugs around group messages and needing to restart every now and then to get to a fully functional state between the browser and keyboard properly working with each other and the network connectivity going away. I do enjoy full control on network connectivity and notifications.
But beyond whether the OS is good or not, "fuck you, I've got mine" is not only sad as a position in general, it is also a bad tactical choice, because over long enough timeframes you can't assure that you can keep yours if others are deprived.
I agree about "I got around the system so I don't care how bad it is.", but it is at least still a form of saying "an alternative to this problem is Graphene", and that can't be repeated enough until a whole lot more people are using it, or anything else like Lineage.
Graphene (or anything else) will only stay a useful option if a whole lot more people use it so that government agencies and banks can't ignore that many people. A whole lot more people need to feel they aren't completely alone if they thought about using it, that it's actually a real option and not a kooky crap option.
Right now agencies & companies can totally ignore them all, and everything that still works today is just luck.
I haven't used Graphene myself. At the moment I have a stock rom that's merely rooted using the official manufacturer supplied bootloader unlock, and my small local credit union bank apps work, and the LG app that controls my air conditioners and microwave does not. Even if the bank apps didn't work it wouldn't matter because they have working web sites, and I never wanted an an app for my appliances in the first place.
But any day that could change.
It's just luck the banks have web sites that work in firefox on linux, and just luck there are no functions I need on those appliances that require the app.
I'm running GrapheneOS too and while I've experienced the same, I'm dreading the day any of my banking apps update and suddenly start demanding full Play Integrity API support (GrapheneOS only has Basic) causing them to fail to open. Hasn't happened yet but it could.
It always feels like my phone experience is just a pleasant intermezzo. My banking app (ABN Amro) works, government apps (DigiD) work, everything just works, and I get security and a certain degree of distance between me and Google. I can use F-Droid to install useful apps, and incidentally use Google's app store for apps I need because the rest of the world uses them. GrapheneOS rocks.
Borrowed time. I hope not, but that's the prevailing feeling.
I have a pixel 10 pro and have tried no less than 5 times to get my apps to work on graphene, no luck.
I'm no slouch either, I've developed for android for almost a decade.
I'm not disagreeing with ya, just adding a comment so folks are aware that the "Graphene just works" crowd is sometimes a bit hyperbolic.
I've been using it for a bit over a year. Installed in a few minutes thanks to WebUSB. A bit of research needed to set the right permissions on Google Play Services.
After that? I only had one application fail due to Graphene's memory allocator. No weird bugs, no need to restart like some siblings are commenting. As close to the "Graphene just works" as it could be.
However, I'm not heavy into Google's ecosystem. Google Pay will not work but I'm not a user, some Google features won't tell you why they don't work but I'm not using them either (Quick Share for instance), none of my apps require the highest Play Integrity level. Maybe the person who say this are a specific type of person where use-cases don't overlap with what breaks on Graphene.
The interaction of secondary users with RCS is borked to all hell. It just plain doesn't work.
Firefox + stock keyboard stopped properly working three days ago, it's back to normal now. No idea what that was about. Restarting was the only way I found to get things working again during that period.
While on the stock Android keyboard, it is clear that the Google one is much better at correcting my taps than the stock one. My typo count has gone up significantly.
Every several weeks the mobile connectivity stops working and nothing short of a restart will get it working again. This might be a bad interaction of the very weird way Google Fi works with a secondary user account.
I've encountered one case of the phone shutting itself off to install an update overnight and not turning on, making me miss my morning alarm.
In the US, there's no way to side step the lack of tap to pay.
Getting apps to work with Android Auto requires some finessing.
These are the things I've encountered in the last 2 months of using Graphene.
Aside from all of that, I really like everything else about the OS. As it stands, it does lacks polish when straying outside of the common path. Not using a secondary account, nor Google Fi on an eSIM, and using the stock browser would likely improve my experience significantly.
I haven't encountered an app that wouldn't work yet (but have installed play services as I do want to use Android Auto).
I would still recommend Grapheme for normal-ish users, as long as you don't go "paranoid mode" with secondary accounts and skipping play services or don't want to use the phone for tons of things beyond phone calls and web browsing. The base experience is that much calmer than stock Android on Pixel.
What apps?
(idle interest; I use Graphene, but few apps, and everything worked so far)
> I don't care, I run Graphene, and my phone is definitely mine.
It helps, but your modems are still closed chipsets you have no ability to control constantly in communication with and controlled by third parties who can execute code on your hardware at any time without your notice or consent.
You should care because the install base could reduce drastically. Reducing the amount of Devs and contributions to the FOSS scene. This will degrade your experience
Sadly it works only on Pixel phones.
They’ve announced a partnership with Motorola to have it installed on some of their phones in the future, so not just Pixels for long!
Assuming that this Graphene partnership ends up working out, this is probably what I will end up doing once my current iPhone dies. I like my iPhone 13 Pro Max, it's a good phone and I don't really have a desire to get rid of it, but eventually it will break, or get stolen, or in some other way become unusable, and as such it will need to be replaced.
I really hated my Pixel 7 Pro, but I think that was bad hardware and not Android's fault, and since buying my iPhone 13 I have bought my Thinkpad and have been unbelievably impressed with Lenovo hardware (especially since the last Android phone that I bought that I actually liked was my Moto X3).
It would be great if Graphene ends up getting support from at least one first party, because at that point I think there's at least a chance it won't screw with banking apps and the like.
Ironically, you’ve had to pay Google for the privilege of opting out of their new rules.
Devs have been warning F-Droid about this for years:
It's quite problematic that someone can currently upload a package name belonging to another organization to the Play Store and that should have been stopped years ago since it was used in many cases for scamming and squatting on package names clearly belonging to others. Package names are meant to start with a reverse domain belonging to the owner such as app.grapheneos for our grapheneos.app domain. They could enforce this based on domains authorizing usage without enforcing ID verification and that's what we would have proposed.
This is one of the ways F-Droid has ignored standard best practices including security practices in a way that's already causing problems but is now a massive issue for them. If they had started doing things properly many years ago when it was first brought up, then they'd be in a much better situation today. They're going to need to deal with this by renaming all their package names to org.fdroid. to avoid issues with the proposed changes. This is problematic because existing users will stop getting updates. It's better to use a prefix than a suffix where a developer could end up changing their mind about whether it makes sense resulting in conflict over the name, which is fair since they still own it if it's their reverse domain.
Google could lock out Graphene too, whenever they like, with no warning. I hope Graphene has a plan.
First they came for the stock Android users, and I did not speak out for I was not a stock Android user.
Being a Graphene user is fine and all, but if this continues it will have a chilling effect on OSS Android development. And that will still effect you.
That's a great attitude until slowly but surely 90% of apps used in day to day life won't function for you: banking, dating, social media, e-commerce, communication/messaging etc slowly freeze you out.
Are banks and e-commerce going to get rid of their websites? I imagine some will, but I can’t imagine using one that did.
Dating… well, the goal for most people is to exit the dating pool anyway.
Social media is bad.
In many countries it's already impossible to use just the web for banking. They either make you install rootkits on your computer or move you to their mobile apps
Wow, that sounds awful. You say country, which makes me wonder—is this the result of a popular type of law or something? I can’t imagine every bank in a country deciding to make that same move. But I live in a large country with lots of banks so I’m sure I have a very biased point of view.
> I can’t imagine every bank in a country deciding to make that same move.
Many countries have only three or four full banks (the kind that can give you a Visa or Mastercard bank card, let you send and receive transfers, etc.), and all of them are making the same moves.
https://en.wikipedia.org/wiki/Payment_Services_Directive tldr: eu mandates secure 2fa for online banking and most banks only implement it using their app as second factor.
A hidden benefit is having to decide now whether you actually need these things.
Messaging apps will continue working.
Banking apps made by reasonable companies will also. In days of banking being competitive and rather open with many providers offering good value, it's so easy to switch providers. Granted I am relatively poor and keep my banking simple, but I doubt card providers want to increase friction either. After Revolut started requiring >basic integrity it took me appx 1 day to switch to n26 and nothing of value was lost.
Not being able to use socialmedia, e-commerce, and dating apps sounds great.
Well, that would be a very polite way for a mugger to describe his plan.
In all seriousness, Apple doesn’t even make you submit an ID to publish on the App Store.
You know, I'm fine with this (just as long as the opt-in is one-time, not for every install). A device maker needs to balance the interests of many different groups, including nontechnical users subject to scams, and it's pretty self-centered to get self-righteously outraged when things get a little harder for power users, when those changes may save the butt of a lot of other people.
The only thing that gives me pause is this:
> Worse: this flow runs entirely through Google Play Services, not the Android OS. Google can change it, tighten it, or kill it at any time, with no OS update required and no consent needed. And as of today, it hasn't shipped in any beta, preview, or canary build. It exists only as a blog post and some mockups.
I find it quite interesting that peoples talking on a website called "hacker news" find it fine that a company selling you an OS make it harder for you to install app not approved by them, notably so when there is enough scare screens as of now to discourage any too gullible peoples to do so.
What would we think if Microsoft decided all of a sudden to do something similar with Windows? How there is no outrage about this in that community?
Like the boiled crab in the chef's cuisine, we slowly accept the rising temperature around us as totally fine and normal.
Somewhat relevant article about the demise of a culture: https://aeon.co/essays/how-yuppies-hacked-the-original-hacke...
This keeps coming up and I just want to point out that it's the result of one judge using the book rather than their brain to make a ruling.
Google asked (the appeals judge) why Apple was not a monopoly with the App store. The judge told Google it was because they cannot be anti-competitive if they have no competitors.
Well, here we are.
So wait, does this mean that Google will forcefully uninstall the apps I currently have installed?! or disable? will the apps work again once I went through the 24h process?
Their FAQ states that previously installed unverified apps won't be able to install updates which suggests to me that they won't disable or uninstall them. Hopefully someone can confirm.
https://developer.android.com/developer-verification/guides/...
auto uninstall.
Is that actually confirmed anywhere? It certainly sounds possible given some of the wording ("At this point, any app installed on a certified device in these regions must be registered by a verified developer.") but it would be nice to get official confirmation.
Android's original openness did attract users, but the flood of poorly-made apps also created real fraud and crime risks. Those of us on HN have high security standards, but for older users, that old policy created genuine security vulnerabilities. Just observing my own family members.
But how does this help? I guess most of the apps used for fraud were installed through the play store anyway
Thank you for sharing this. It is sad that Google has by now destroyed every reason I wanted to run Android. Bye-bye.
Can't even run F-Droid any more? That's the only source of apps I use.
You can if you jump through Google's dubious hoops to enable "advanced mode" as described here: https://android-developers.googleblog.com/2026/03/android-de...
The steps are rather insulting and arbitrary, but at least there's some way out.
On my Android phone's home screen I have 23 apps, 11 of them are my own. If Android prevents me from installing my own apps I will switch to something else.
Unless you move to a linux phone (good luck finding one or daily driving it) your phone options are iPhone.
iOS restricts you to install only up to 3 personally signed apps which need to be resigned every 7 days only if you're in the same network of the computer that signs them. Or you live in europe and you can jump through much worse hoops to install AltStores which also break as soon as you travel outside of europe.
This is reason I don't use ios. I will be happy to use a new OS forked from android at this point of time. Any suggestions? I don't care where it originates from.
It runs a modified Debian and can run Android apps in containers. To my knowledge this is the closest we come to "open-source phone that actually works as a phone" today.
This is a wild misrepresentation of the situation. Saying there is no opt-out is just false, they even provide the information on how users can opt-out. The "mandatory 24 hour cooling-off period" is also misleading, it's easy to bypass the cooling-off period with ADB.
> Saying there is no opt-out is just false
I can't see where one can opt-out of this new behavior and into the existing behavior, only a description of the new behavior's bypass (which is not the same thing at all)
> easy to bypass the cooling-off period with ADB
I don't think this is a reasonable use of the term "easy". I should be able to give my non-technical friend an apk and they can use it right then, with the one "are you very sure" screen.
> . I should be able to give my non-technical friend an apk and they can use it right then
Unfortunately that is the same vector that scammers use to drain people's bank accounts
Such is the cost of computing freedom. This line of thinking is analogous to surveillance justifications in meatspace.
The concepts don't need to be at odds with each other.
But also, I don't think that "computing freedom" means you get to use other people's computers without consent. Let's be clear here: Google's requirement for ID only applies to apps distributed from their computer. Presuming that you do actually respect computing freedom, I'd guess you'd support them in this.
I think a good compromise is that they could permit you to sideload. Which they are doing.
But also, if you are very concerned about computing freedom you can also vote with your wallet when you purchase a device.
> But also, I don't think that "computing freedom" means you get to use other people's computers without consent.
Who said anything like that? This is about being able to install software on your own device.
> I don't think that "computing freedom" means you get to use other people's computers without consent
Consent from whom? Consent is already required, why are you discussing this as though consent is not required? Why are you stating it as if people are using other's computers without consent? Right now when I sideload an APK on _my device_, I have to explicitly consent to allowing it to install. And I do not require the author of that APK to have made any deals/interactions with Google. What you mean is Google's consent or a debugger's consent or my consent tomorrow.
So I, as the user, will no longer be able to provide consent alone. I wish that you were right and it was just "no running without consent", but that is today's behavior, and that is being altered.
> I think a good compromise is that they could permit you to sideload. Which they are doing.
They always have, and that was a good compromise. They've now decided you can't sideload until tomorrow unless you break out debugging tools or require the author make special deals with a specific vendor. What exists today is a good compromise, the change is not.
I expect the same from my desktop and mobile devices here.
You mentioned surveillance -- I presumed you were talking about the ID requirement. This only applies if you're using Google's computers to push out your app.
If you sideload... what "surveillance" are you talking about?
> They've now decided you can't sideload until tomorrow
A single 24 hour waiting period, only the first time. Or just use ADB. The point is to prevent false-urgency scams. Honestly even this seems to me to be pretty weak.
Can you think of a single better option that has any efficacy at all?
If they're not surveilling what apps are being sideloaded, why is the bypass managed by google play services? There are at least 2 better options: - An option to not install the update which would fuck with my device - An option to use the OS layer instead of google play services for this fuckery. i disable gplay services the moment I get my hands on a new phone.
>Unfortunately that is the same vector that scammers use to drain people's bank accounts
Is the solution really that no one can use a computer without special permission and inspection of government issued identification? If we wouldn't tolerate this with our desktop/laptop OS, why is it suddenly okay for our mobile computing platforms?
If Microsoft required this to run software in Windows, there would be riots.
> Is the solution really that no one can use a computer without special permission and inspection of government issued identification?
No, that is neither the only solution nor is it the one proposed here by Google.
If someone is dumb enough to ignore a very explicit warning message, that's their problem. We also don't restrict the sales of kitchen knives just because some people inevitably are going to be dumb enough to hurt themselves with a knife. If they hurt themselves that's their problem, not the problem of more intelligent people.
I will say, an underrated use case for even small, local LLMs is making command line tools drastically more accessible to laypeople
I now know zero people I don't think should use linux, and people I know seems to run quite a gamut of technical know-how compared to most other technical folks I know
Having an LLM directly and autonomously drive command line tools outside of a strict sandbox sounds like a ticking time bomb.
Thinking tokens: "The files I'm trying to read are missing, I need to figure out why. I see the problem, I accidentally ran rm -rf /home/user. Let me run git restore. No that didn't work. Let me try git reset --hard origin/HEAD. That still didn't work. I should inform the user."
Output: "I was unable to complete the task you requested. Restore /home/user and I will try again"
I tend to set people up with a chat interface, which is pretty good for asking for commands or scripts that the user will then copy into their terminal. Most people I've gotten to try linux do pretty well with just a wiki, but once they run into something they want to do that's kind of idiosyncratic they tend to ask me for help. While I think running models that have access to a shell is dangerous and should be handled carefully, the fact that they've been trained for this use case generally means they're pretty good at shell commands and can give you one a decent chunk of the time. I'm never willing to inject an external dependency controlled by a company into people's computing needs unless they specifically ask for it, so this is usually a lightweight local model specialized in tool use, but not given shell access. This isn't much different from how they'd use search engine for this purpose these days, but if running locally, it can be more fault-tolerant to issues that affect their internet access as well as offering better privacy guarantees, albeit obviously a little less capable
ADB is not the only option. Do the 24hs wait then the experience will not be much different than what already happens today: https://imgur.com/a/Z9hoYIh
Doing a 24h wait _is_ much different from what happens today. That's the whole point. If my two options to run an application of my choosing are to use ADB to flip a switch or to wait a day, that is ridiculous.
I am only slightly comforted by the fact that desktop computing had set (some) self-ownership precedence before the current restrictive computing hegemony took control, though even that is eroding.
The way you give your non-technical friends an APK and they just install it is by you signing it.
I should not have to enter into a business relationship with google just to hand my non-technical friend an APK any more than I have to enter into a business relationship with the Linux Foundation to hand my friend an AppImage.
And then having Google approve it, so hopefully your app does not do anything that Google does not like, such as block ads.
But I want to let someone MITM my non-technical friend and repalce my APK with malware.
> I can't see where one can opt-out of this new behavior and into the existing behavior, only a description of the new behavior's bypass (which is not the same thing at all)
I don't understand this, the ability to bypass new behavior in settings menus is basically the defenition of a new feature having an opt-out. Can you elaborate?
You still need Developer's Options enabled and plenty of banking and other apps complain if you do that. Why do I need the Developer's option enabled to run an app I developed myself, to be used by myself? It's clear they're heading to a walled garden and this is just a step towards that.
And I kind of buy the intent behind the cooling-off period anyway. IIRC it's to prevent people from being pressured into installing apps by scammers that could then take their phones hostage
Yes. That attack is a very real attack. The attacker gets access to the victim's phone and sideloads additional apps that appear to be the victim's legitimate banking application. The victim logs into it and sees a fake balance (as the app is fake). Pressure and other social engineering tactics are invoked and the scammer walks away with all of the victim's money.
> Saying there is no opt-out is just false, they even provide the information on how users can opt-out.
The article states that you can't opt-out of the update, which AFAIK is correct.
[flagged]
"Please don't post insinuations about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data."
Yeah, saw that; rubbed me wrong. "If you disagree you are manufactured, a shill." This kind of condescension has never been very convincing. And I mostly agree with the petition.
My position regarding devices is that only 2 out of 3 should be satisfied:
1. Used as a proof of identity (for banks, govt services, etc.)
2. Is distributed to laypeople who have more pressing concerns in their lives than security.
3. Is an open platform where you can download apps arbitrarily from the Internet that can read your data and exfiltrate them to a malicious actor.
The mainstream today chooses 1&2. Novelty, underpowered devices choose 2&3. Hobbyists have option 3 (and those who like to live dangerously 1&3) with some inconvenience. You can still run GrapheneOS... and the mainstream apps that expect your device to be a proof of your identity won't work... and I find that quite reasonable.
I take issue with the idea that openness and freedom to install arbitrary software cannot occur without strong safety mechanisms. Android/GrapheneOS/iOS have sandboxing and permissions systems that put most desktop OSes to shame. The base platform can control apps' access to every resource, and an app store can put its own caveats and reminders to users for what kind of access is needed for the functions of a given app.
Sandboxing and permissions provide a different type of security than application signatures. Sandboxing can limit app capabilities, but it doesn't change the fact that you can accidentally grant a malicious application permissions.
Application signatures and developer identification bring a different kind of application security. It provides the security of societal legal systems and legal ramifications for malicious actors.
In the end, you still have the choice to trust the "system" or your own judgment.
> but it doesn't change the fact that you can accidentally grant a malicious application permissions
Do you also support the nanny states that decide how you should be parenting your children? (The age verification etc.)
You have a consistent habit of posing complex questions in your rhetoric. https://en.wikipedia.org/wiki/Complex_question
Please don't do that here. https://news.ycombinator.com/newsguidelines.html
It's a number of false choices. Google has complete control over Android and they could easily implement 1, 2, and 3 if they wanted. It's not as if they couldn't provide the means for certified secure enclave apps in addition to normal ones.
This is certainly bad news, but at least an escape hatch exists (the "advanced flow") and it appears to be a one-time pain in the ass. If that changes, I hope GrapheneOS and friends[1] can get Google Pay or some alternative working so I can comfortably jump ship, as I rely pretty heavily on the ability to pay with my phone.
I think it's time to visit an Apple Store and try out the Apple ecosystem. I haven't used an Apple device in a long time.
They are shiny. Many aspects feel more 'human', IMO.
If you use ad-blockers, I recommend exploring that use-case with Apple / Safari. It's doable though for me is a bit frustrating.
In fact, I urge creating a list of use-cases before heading out to the store, and cranking through those while at the store. Computers/phones are such a deeply entwined component of modern life it could be a long list.
Passwords, backups, bluetooth compatibility, connecting mass-storage devices to iPad / iPhone, etc.
The fact that many Android bootloaders are not allowed to be unlocked by users means, by definition, these devices were never yours to begin with. It is not Google taking away your ability to use your sideloaded apps on your device because true, unlimited device freedom was never yours to begin with.
Hence my phone selection spreadsheet having a column for unlockability, making sure I don't forget to check it. I'm so used to root, I'd full-on buy the phone just assuming it's a thing when some vendors indeed block you
That this is now rolled out ecosystem-wide by the central controlling party is a significant change from some vendors being assholes
If an update could silently block any app from working then your phone was never yours to begin with. Even if they never implement the update, the potential power means they own your phone.
We lost control of our hardware a long long time ago.
Really good timing for Jolla to produce a new phone :)
I still have fond memories of my 2013 Jolla, and I'm hoping that the 2026 Jolla will be just as lovingly crafted. Most importantly, Jolla is a company that seems to care about me, the user, whereas Apple and Google constantly treat me like a peasant that needs to be governed.
My Starlink receiver already isn’t mine. It’s locked to one account.
I can’t give it to someone else to use without contacting the company and registering it.
I can’t donate it to goodwill and have someone else use it.
It will end up badly for them in EU
If someone can push nonconsensual updates to your device then you never owned it in the first place.
Vote with everything you have/can. Money, attitude, consumption, political connections. Make these greedy (beep) regret it. Users and developers stop using Play store.
My phone has not been "mine" for a decade and a half now, and the ability to install a self signed.apk has very little to do with this.
I've found that releasing and maintaining production Android apps has become more difficult in the last decade as compared to iOS which (surprisingly) has improved slightly.
Google Play removed a perfectly functional NFC utility app we released after a year of no updates (despite the fact that it didn't require any to work on the latest Android version at the time). By contrast, the App Store doesn't care as long as we continue to pay the annual developer fee.
We opted to open source the app and let users sideload the app as an alternative; now that will be far more difficult as we are no longer "verified" Google Play developers.
Really unfortunate, glad I'm not an Android user myself.
I have tons of apps I installed (mostly from Play Store) since like 2012, and that were grandfathered in through Samsung Switch from phone to phone as I replaced them with one another. A lot of data in them, too. Will they, and the data, just ... disappear?! When exactly do I have to do the 24 hour song and dance to prevent that? All of this sounds too bad to be true, honestly.
I don't understand, there was all this regulation for force apple to allow alternative app stores, and now google are pulling this move?
How is this not the same walled garden approach apple was forced to change?
Alternate app stores are still allowed. It's just that they are restricted to applications signed by developers who have paid a tithe to Google.
Google are obeying the letter of the law, while openly violating its spirit. Perhaps it'll be possible to attack them in court, but it will take years, and by that time they'll have found another trick.
this change makes Android more restricted than it was but still not as restricted as Apple. If anything I'd guess the EU vs Apple situation made Google more confident that they could get away with this change.
The regulation has blatant loopholes, as usual. While it did force Apple to allow third party app stores, all apps still have to go through a review process by Apple themselves before they can be installed from any source, and they retain the ability to block any apps they don't approve of. Google is just following in their footsteps.
Is anyone considering a fork of Android that would not have this, um, "feature"?
This feature only exists for phones with Google Play Services, so yes.
Which is pretty much every Android phone. Again, is there any version of Android that doesn't have that service automatically installed and running?
GrapheneOS and PostmarketOS deserve more visibility
Also Mobian, PureOS, and many more: https://wiki.pine64.org/index.php?title=PinePhone_Software_R...
Okay, so buy a new phone I guess that is yours?
Sure, and don't get to go on public transport (or pay surcharges for paper tickets, depending on if your country still has that option), don't get to participate when everyone else can add music from their phone at a party, don't get to buy leftover food because the proprietary app doesn't run on there (it kicks me out for fraud detection half the time already), don't get to visit various websites that fingerprint your device and find that it might be a 'bot' (hello Cloudflare proxying about half of high-income countries' Internet), you pay extra for groceries compared to people that get discounts in some app, cannot login to government services, cannot do most things that requires being 13 years or older once this EU age verification app is implemented (no more HN for you!), etc etc. Very great option, welcome back to the soviet computing era
It's not optional anymore to own a Google/Apple smartphone in a lot of places. You can play this "just vote with your wallet" game but it's not a winning move
It is challenging, but fighting for your freedoms is the only way not to loose them. Sent from my daily driver Librem 5.
I imagine most of us here will look elsewhere when we next upgrade. But are those numbers large enough to form a viable alternative?
Dont get me wrong: I'd love the linux phone "rebel" community to be as large as the android one. But... i doubt it will be anytime soon? The problem is getting the hw investment done first.
Android ecosystem is equivalent to windows one: its open enough to sustain a large number of vendors and tinkerers.
I doubt this scare-campaign (OP link) will drive people constructively towards (effectively) innexistent linux alternatives. It's more likely to do nothing or push people towards iOS
I've been a happy user of several of those "effectively inexistent" devices for nearly two decades now and I'm typing this on one of them. Whether they "exist" for you or not is your choice.
I'm doubtful, I for a bit bought a lot of the Pine64 devices thinking about this eg. not just Android/iOS... but the lack of feature parity eg. missing drivers, lack of apps, old hardware.
Unless people are paid to do it vs. volunteer
That's the depressing part. I keep looking for something I could potential run the likes of kde mobile and maybe waydroid on, but there's really just nobody doing this. You are basically locked into a vendor kernel if it's even available.
People forget how much the mobile hardware industry relies on non-free infrastructure. Infrastructure developed by companies that make the standards. You really can't make a good open-source phone because you, pretty much, have to play by the rules of the companies in these consortiums.
Except Librem 5 has been created and is usable by the HN people.
Does the Librem 5 not rely on any non-free code or infrastructure?
It does. They obscure the usage of non-free hardware/firmware by not shipping it as part of the OS, but as a bundle on separate flash storage that is loaded into the OS by initrd. That blob is updatable as "firmware". The 100% free open-source is just marketing. It's just for the OS. A lot of the hardware and firmware is proprietary.
https://github.com/linuxboot/heads/blob/c859c28b88b7bc197c16...
> The 100% free open-source is just marketing.
100% FLOSS is in the OS: https://news.ycombinator.com/item?id=25504641. It is not the end of the road, but this is the only phone that can run such OS.
Depends where you draw the line. There is not a single non-free blob in the OS that runs there once the bootloader is up (unless you put some there by yourself, which you're of course free to do).
I think you misunderstand what the Purism Firmware Jail is. I don't blame you though. They seem to make it purposefully misleading. It doesn't isolate what runs in the OS. It just isolates the OS updates from the non-free blob updates. The OS still runs the non-free blobs. It just loads it from separate flash.
https://github.com/linuxboot/heads/blob/c859c28b88b7bc197c16...
It is you who is confused here. The first link is completely irrelevant to the Librem 5, and the second one points to a thread where the actual information present has been written by me.
The only non-free piece of code executed by the ARM Cortex-A53 cluster on the Librem 5 is the SoC's mask ROM bootloader. Once the control is passed to u-boot/ATF there is not a single non-free blob that runs there. Some peripherals may need blobs to be uploaded onto them to work, such as DP, DDRC and one of the used Wi-Fi cards (handled by ROM/u-boot/Linux respectively), while others boot from their own internal memories. Not all of those firmwares are non-free, but most are.
In the end, as I said earlier, the assessment depends on where you draw the line. I happen to draw it at the main CPU and the blobs that need to run within the user-controlled OS, which are unacceptable for me and which aren't present on the Librem 5.