F-Droid calls for regulators to stop Google’s crackdown on sideloading
- Thread starter JournalBot
- Start date
Ditto - and I could see Google trying to push "Hey, but we have the terminal available now" as their answer/alternative to Termux, but my understanding is that's only an option if you get a new device. And, not having a new device, I don't know how comparable they would be.
Upvote
0
(0
/
0)
Did you confirm that for sure? GrapheneOS works with a lot of banking apps - not all, and not to say an app that works will stay working forever. But it's not true to say banking apps don't work with it.
Even if they don't, the fallback option is just to use your bank's website like you would on a laptop. Yes it's not a 100% replacement but it may be enough.
A few banks are 'app only', and in that case you could have a second phone you keep in a drawer just for them. Perhaps an old phone you've retired?
It's not perfect but there are multiple workarounds if you are prepared to pay a tiny bit of inconvenience.
Upvote
0
(0
/
0)
Older phone will not work for long. Sooner rather than later the app will decide that your OS is too old, unpatched and for "your security" you cannot use it anymore.
In the browser i can still fiddle with user agent, unfortunately android cannot masquerade as a newer version and tell those nosy apps only what they want to see.
Android should let users prevent apps to tell if a phone is rooted or not, nor what OS is running.
Upvote
2
(2
/
0)
The problem with this is that a lot of the malware essentially roots your phone so it can stay hidden, which is why the Play Integrity API exists. What really needs to happen is that there needs to be a way that custom ROMs can be easily signed and have their signature added to the bootloader, so that the bootloader can be re-locked and the ROM still boot for all us that don't want to use the Android that Google creates, and apps know that it is all still secure. (there are ways of doing this on certain devices by yourself, but it isn't generally easy enough for Lineage to release a signed version and have it just work). While this would still give the potential to have a compromised phone, it moves the process from "install app that uses exploit to gain root", to "figure out how to install a completely new rom without the user noticing, and add the signature to the bootloader".
Upvote
6
(6
/
0)
Gmail -> access form website or just use another provider ( protonmail, for example)
Google Maps -> website, OSM for navigation: works offline and it's probably better than gmaps anyways
YouTube -> website
Goole Wallet -> what? If you do not want a phone loaded with gooogle tracking and limiting software, why in the world are you painting yourself in the corner by depending on their stuff?
Upvote
2
(4
/
-2)
Love F-Droid and it's a shame they're getting screwed over like this.
Same honestly.
Upvote
4
(4
/
0)
...waits for an EU anti-trust case to slap Google...
Unfortunately I have no hope the US will do the same... Good bye FTC...
Unfortunately I have no hope the US will do the same... Good bye FTC...
Upvote
0
(0
/
0)
"The restrictions are expected to expand globally in 2027.". Good to have the heads-up for when I switch to an IPhone. If I am gonna have Apple-like restrictions I might as well go Apple all the way.
Upvote
-1
(1
/
-2)
I guess google will just do a pilot program and then this "brilliant idea" will go quiet, hopefully.
Upvote
1
(1
/
0)
Regarding Waze:
Baaaaaaaals...
Still, for me navigation apps are the least problematic to renounce, and there are alternatives.
Regarding ReVanced:
Yes, thats what ReVanced is and does, witch is among the reasons why sideloading cheeses Google's onions.
What is the problem there? That I'm using youtube without Google profiting from it?
What are they going to do? shut down their API's?
Can't see that happening anytime soon, it would cause too much strife in their "normal" userbase
Upvote
-3
(0
/
-3)
To answer your last question first, they can do that because they have a license to use the Android name in their product. The whole point of trademarks is to show the source of goods in the marketplace. When you sign a package, you're saying that you created it and that you own or have licensed the name you're using for it. If F-Droid wants to be able to sign packages in their name, they would, at a minimum, need a license for the name, but even that's a bit dicey. The one thing they can't do is just up and start signing everything willy-nilly.
I probably should have mentioned the possibility of getting licenses but that's even more difficult. It also leads to the next problem, which is that if even one piece of malware slips through the cracks and F-Droid signs it and then it gets caught, F-Droid loses their certificate and gets banned from obtaining a new one. Now, Google would probably relent and give them a new one after it becomes clear that F-Droid was scammed themselves, but that's definitely not a rabbit hole I'd want to go down.
Upvote
0
(0
/
0)
Yes - and that's absolutely typical of Open Source projects that have a TM.
Is it? Can you think of a high profile FOSS project that doesn't allow rebuilding and redistributing under its own name? It would certainly make it near impossible for inclusion in a Linux distro!
Here for example is what VLC has to say about use of their trademark:
The full usage is detailed under, in the French section, but you should know that those trademarks will not block any normal use and redistribution of the open source software from VideoLAN.
However, you should know that it is STRICTLY forbidden to use the VideoLAN trademarks to spread, distribute, advertise or sell software or hardware if the license is NOT open-source (OSI meaning).
This is fairly typical
That's a completely different problem. And nothing whatsoever to do with trademarks.
Upvote
0
(0
/
0)
The community was amply warned that AOSP was fake-FOSS, that could be rugpulled at any moment, and mobile alternatives that while not being FOSS contributed directly to upstream Linux and other telephony projects were available. You chose "free" instead of "freedom".
Upvote
2
(2
/
0)
Why would Google target Nova? It has little to do with their ad pushing or spying business. After all, major brands use their own launchers anyways, it's the most obvious way to differentiate your product after all. And then I install Nova to get rid of whatever "clever" ideas they thought I need to love.
Nova is available from play store since forever, it's not hacky at all, this is not iDevice where changing user experience is heresy.
Upvote
0
(0
/
0)
Brave browser should sort you out for now. Manifest v3 has no meaning if ublock is compiled as a part of the browser itself. As a bonus it'll get rid of YT ads, I'm sure sooner or later Brave will be poinked off Play store, though.
Upvote
1
(2
/
-1)
It isn't particularly clear to me how they do this. The core of Android, AOSP, is a variant of Linux and some other open source products similarly licensed, so it cannot be turned into a proprietary OS, and restricting software installs seems like a step in that direction to me. And no one is required to use GSM apps. Amazon doesn't. Is this mod going to hit the Fire Store?
I'm sure F-Droid knows a lot more about the situation than I do, but these are serious open questions to me.
I'm sure F-Droid knows a lot more about the situation than I do, but these are serious open questions to me.
Upvote
1
(1
/
0)
With phones getting 7 years of support now, you could just keep a 5-6 year old phone around. Even with the longer support lifetimes Androids still seem to depreciate as much as ever, so the cost of doing that is lower than keeping an equivalently old iPhone around. Google's habit of exploding batteries is not helping though.
Upvote
1
(1
/
0)
Getting support information out of Google is like getting customer service at Comcast. They're both purely notional.
Upvote
2
(2
/
0)
AIUI this check can be done in PackageInstaller. It's similar to the checks for MDM to allow only company approved apps to be installed - Google may be building on top of that using something from Play Services that implements the checking logic.
If you're running a custom OS they can always bypass the check, but most people aren't doing that. It means F-droid suddenly is only usable by people running custom OSes. With locked bootloaders that becomes impossible - then you're into the realm of building your own phone hardware.
Upvote
0
(0
/
0)
Upvote
3
(3
/
0)
Upvote
0
(0
/
0)
This might be a good approach. Start writing to Samsung, Moto, etc. telling that if Google does this they will not get a sale. They would be much more impacted by a lost sale than google itself.
Upvote
1
(1
/
0)
honestly I wouldn't be surprised if the 7 years of support continues on paper but those "battery updates" keep happening three years in especially with how scummy the redemption choices can be once you get beneath the surface.
Upvote
2
(2
/
0)
I"m on app only banking, though the website may still work through sms authentication. But to access every feature and service you need the app.
As for an older, retired phone... nope. Old security patch, old OS, old API, name your poison. For a while it looked like I could get away with an smartwatch for contactless payments, but right now it looks like you'll need a phone that still receives regular updates from the manufacturer to use any "sensitive" app.
And GrapheneOS I assume only works on a relatively low number of phones. (edit: yeah, pixel only. so more niche than I imagined) My previous phone (that I bricked while trying to restore it to factory condition so banking worked...) never had any custom rom to install, even though the manufacturer let me open up the BL.
Last edited:
Upvote
1
(1
/
0)
Gnafu the Great
Ars Centurion
Oof, I'd run, not walk, to a different bank if mine ever tried to pull that. I do 100% of my account management in a browser, and one of my banks even allows check deposits in a browser (my credit union only allows it in their app).
Upvote
6
(6
/
0)
The problem is that YouTube keeps being THE streaming site. And G doesn't really care if an insignificant percentage of their user are using Vanced or adblock. Sure, they are locking stuff down, and making it inconvenient, but they don't want to lock you out for good.
Just like Microsoft doesn't care if you download Windows and activate it with Massgrave. Hell, they are even hosting the script on github. The money is in being THE standard, and milking the corporations for licensing.
As long as you use YouTube, they win. Yeah, sorry, I know I'm being preachy. And I don't know how to beat THAT.
Upvote
5
(5
/
0)
It's a neobank. Still beats anything the local banks offer, and their fees are highway robbery. They were expensive even before the government in it's infinite wisdom decided to put extra taxes on the banking sector, now it's not even funny.
Upvote
1
(1
/
0)
Gnafu the Great
Ars Centurion
I wasn't familiar with that term, but it seems one of the banks I use would be classified that way (purely online) and I've never touched their app. I've never paid for a bank account even when I worked with a local bank, but I recognize the earned interest rates tend to be next to nonexistent compared to credit unions or newer online-only banks.
Upvote
0
(0
/
0)
The attempts at this are less completely nonviable than they were say 3 years ago, so such an effort wouldn't be starting from zero by any means. Talented people are working on PostmarketOS!
Upvote
0
(0
/
0)
Why should Google care if Samsung or One plus desktop is replaced? It might annoy those companies rather.
Upvote
-1
(0
/
-1)
Upvote
0
(0
/
0)
Upvote
0
(1
/
-1)
No, you misunderstand what's going on. The problem isn't just the name, but the fact of who it's made by. It's one thing to compile VLC and call it VLC. It's another thing entirely to ship a copy of VLC authored by Chef Salad. That's why the signature things is a problem for them. By signing it under the scheme proposed by Google, F-Droid would be affirmatively saying that they wrote the software and that it was theirs. But they didn't write the software. This would be the equivalent of making a fork of VLC, and calling VLC by F-Droid. Now there's two VLC projects out there, one by F-Droid and one by VideoLAN. That's what's not allowed, and that's what the Google program would be saying if F-Droid did the signing themselves. You might say that this is ridiculous, but that's how trademarks work. Their express purpose is to show the source of something and it's a defend it or lose it proposition.
This would be the equivalent of Walmart buying some Disney movies, taking them out of the box, making some identical copies and selling them as Disney movies made by Walmart. Disney wouldn't be too happy about this and would have to put a stop to it. They'd have to even if Disney gave the movies away for free and let everyone make copies of them.
Upvote
1
(1
/
0)
People who read Ars know what sideloading is. The average Android user doesn't.
Upvote
3
(3
/
0)
Though this discussion was about choosing Android (over iOS) because of the ability to sideload. The Dexcom app is (as far as I can tell, not my area really) readily available on the iOS App Store. I doubt that people who want that app would choose Android over iOS in order to have a more convoluted way of installing the app.
Upvote
0
(0
/
0)
The diabetes monitoring space is weird. Because of the heavy regulatory burden of FDA/etc approval, a lot of vendor apps are locked down or blocked from territories where they haven't done all the paperwork yet. That's why there are a lot of third party apps that are 'not approved, just for information' so people can use glucose monitors in countries or phones where the vendor hasn't done the paperwork. The official apps are hidden in app stores where the vendor doesn't have approval, which means the only route for 'unapproved' users is to sideload. Blood glucose monitoring is so critical to diabetics that people are definitely buying Android so they can sideload.
Upvote
3
(3
/
0)
The whole point of FOSS is that I can use code that I didn’t write (under certain conditions), and that I have no copyright on. I can even use the code if the copyright owner doesn’t want me to use it, as long as I follow the license.
And trademark law doesn’t say it’s illegal to use a different name, it means the owner of the trademark can sue me. If you want F-Droid to make your app available, then all you do is not sue them for trademark infringement.
Upvote
2
(2
/
0)
As a developer of a high traffic app, I feel Google is making the right move. I've seen our app butchered and loaded with malware, and then distributed on these non-Google platforms. It causes endless headaches trying to support a system with this unchecked criminal element. The article claims that Google is going to require a registration fee. That's just fear mongering. Google Play is free to use for developers. It has always been that way.
Upvote
-8
(0
/
-8)
You're the frog in the pot from the story.
Listen, I know that seeing others stuff malware into your app isn't good, but that's an issue that shouldn't be solved by such an overbearing method. Further, it won't be. Malware keeps showing up on Google's store. All this is is a cash grab, and a slow turning up the temp.
Upvote
4
(4
/
0)