Google confirms Android dev verification will have free and paid tiers, no public list of devs
- Thread starter JournalBot
- Start date
You can still install an Android version without this. Android is still open source. Lots of ROMs out there. I believe this just describes how stuff will work when a device is certified and Google services are installed/pre-installed.
Upvote
-6
(1
/
-7)
I don't see how this does anything for their commercial problems, I see this as at best security theater because the student, hobbiest, and the unconfirmed third-party store "bypass key" are huge holes in any security improvement this may have had.
Upvote
-6
(1
/
-7)
You can for now. Google stated that they're going to update AOSP quarterly instead of monthly, and even then they haven't posted Android 16 QPR1 yet, which was released on devices a month ago. They've also removed Pixels from the device trees and are no longer providing driver binaries, making it more difficult to support Pixels with an alternate OS.
Upvote
8
(8
/
0)
Tragically, Stallman was only partially right in the sense that it’s worse than he anticipated. He’s not wrong about who software you can’t modify works for; but tivoization/crypographic lockdown(especially in ‘remote attestation’ scenarios) allows for control even when the user is provided full source access and has the technical chops to use it.
It matters less on the PC-and-similar side; because there’s still a lot of value in being able to take advantage of Linux features someone committed for their lockdown widget on your normal computer; but in mobile it’s bad news.
Upvote
1
(4
/
-3)
@RyanWhitwam, author of TFA, please consider writing an article outlining the current state of mobile Linux, both software and hardware. It appears to have become a relevant topic, given the overall state of the (corporate quasi-totalitarianism in the) mobile field.
Upvote
9
(10
/
-1)
And the dev not dual publishing it means apple could remove it and no chance for people to compare them against android… since its not there either.
Major failing
Upvote
1
(1
/
0)
Google has pulled all of their ICE tracking apps, so it can be assumed they would have also pulled ICEBlock.
Upvote
3
(3
/
0)
I think that’s part of it, but the more relevant legal event was probably how Apple is complying with the DMA in the EU: they are allowing third-party stores and direct installation from the web, but requiring everyone involved to complete an enormous number of verification steps and submit all individual apps for signing, just like Google wants to do here.
The issue, of course, is that Apple argued that all of those steps are somehow required to keep iOS’ security intact (despite Apple silicon Macs in Full Security Mode offering effectively the same security guarantees while still allowing arbitrary third-party apps and even custom OSes and OS downgrades, but nobody ever brings that up) and the EU has apparently accepted that, although they may reconsider if Apple starts blocking apps from the program for non-security reasons. Since that seems to have gone down well, Google has decided to take this opportunity to step in and start ramping up lock-in on the Android side, knowing that they can just point at Apple’s legally-cleared plan if anyone complains.
The bigger problem is that general knowledge of how cybersecurity actually works doesn’t seem to be improving, and tech companies have started to realize they can cite “security” to get away with pretty much anything anti-consumer, in the same way that companies turned the DMCA from an overly broad copyright enforcement mechanism to a complete lock-out from using anything more complicated than a toaster in a way that’s not “approved” by the people who made it.
Chrome’s Manifest v3 doesn’t meaningfully improve browser extension security at all. The biggest threat from extensions remains unpublicized transfers of ownership followed by stealth updates, and Google has shown no desire to address that issue at all. All Manifest v3 actually does for “security” is limit how extensions that modify pages can load their rule systems, and prevent extension subsystems from updating themselves outside of a full extension update. The first thing was never a security threat to begin with; while it could be argued that it was a minor performance issue, but most people who use ad blockers would rather have a performance hit than less effective blocking (and one of the big selling points of Firefox is that it’s the only browser that actually waits for extensions to load before starting page navigation; while all other browsers lazy load extensions in the name of faster navigation, resulting in the common “partially blocked page” appearance when starting a browsing session too quickly). The second thing sounds like a security issue, and probably could be, but in practice it was just like the complaints over “curl | bash” scripts in the Linux world: there’s way better ways to deliver an exploit than doing weird background stuff with web requests, and well-designed malware shouldn’t need that anyway.
So we ultimately end up just blocking stuff that black hats aren’t using for exploitation, while also blocking stuff that legitimate developers actually are using, and always in a way that somehow conveniently financially benefits the big corporation in charge of all of this. It’s exactly the same way with apps now: there are already effective exploits for hacking iOS devices through mechanisms like iMessage. The existence or non-existence of third-party apps doesn’t meaningfully change how protected people are from bad actors because the protection is all based on OS and API design anyway.
It’s the same thing with this mechanism on Android: Google already has the ability to push out an update to shutdown known malware as is, and giving them a database of revocable signing keys doesn’t actually make that any easier, especially since they (supposedly) aren’t actually holding a database of apps, just of app developers. All a malware dev would have to do is rotate identities and pay Google another $25. Google would have to blacklist the app itself based on some kind of detectable signature…whoops, we just invented anti-virus software. Oh, and Google was already doing that anyway. (All of the above also applies to Apple, whose XProtect platform does a great job at stopping malware on macOS, and doesn’t require a single signing key. Windows also has Defender and the Malicious Software Removal Tool, which aren’t as effective as XProtect for a number of reasons, but do pretty well for what they are. Both of these platforms do have and use application signatures, but only for developer verification and anti-tampering, the things signatures are actually good at, and both have a way to bypass signature verification after a bunch of scary warning screens.)
None of this is actually necessary, but as long as cybersecurity remains dark magic in the eyes of the general public, and nobody in a position of power actually has any understanding of what a threat model is, we’re going to keep seeing stuff like this, and it’s going to keep hurting the amateur and open-source software industries that have previously been a huge source of new talent in this industry.
Upvote
12
(13
/
-1)
My phone: I should be able to decide which signed code I trust... F-Droid or Google play would be my choice: not Google.
I simply does not trust them to choose for me.
I simply does not trust them to choose for me.
Upvote
3
(3
/
0)
You almost have to admire the boldness of Google getting hit for unfair trade practices over the way it influences the app ecosystem so their next move is to try to exert even more control over the app ecosystem.
One can only hope they get dumpstered by regulators for this flagrantly anticompetitive move masquerading as security theater but I'm not expecting much.
One can only hope they get dumpstered by regulators for this flagrantly anticompetitive move masquerading as security theater but I'm not expecting much.
Upvote
8
(8
/
0)
Yea... Phosh is controversial. But my phone is a vessel for making phone calls and running Firefox, so it does not bother me so much. Else, I use Chatty and GNOME Calendar, which work ok. I am curious about PostmarketOS but can't go through a reflash now and I don't have a spare phone.
Well, I don't use Telegram anymore, but both worked fine under Waydroid. I think if you install Google Services under Waydroid, everything basically works.
But there's no solution for the TCP connections dying as of now, because keeping them up would mean the modem would not sleep. Even Signal itself uses a lot of CPU to stay up when you don't have push notification support. However, if your background applications do not, in general, use so much battery, I can afford 8h per day out without going into suspend and 20+ hours with suspending (I recently replaced my battery after two years).
When I am out for long, I got used to killing Signal and checking it now and then if I need to coordinate with people, or just calling them. At home, my Librem 5 is connected to my monitor via USB-C, thus staying awake and charged. I limit charging to 70% for the sake of battery health via a script.
Upvote
1
(1
/
0)
Could a phone manufacturer choose to patch Android to remove the verified apps only requirement and advertise that as a feature?
Upvote
0
(0
/
0)
Won't the lose google's approval to use the playstore and stuff?
The woould have to go the way of Huawei....
Upvote
1
(1
/
0)
There is alternatives to all the google apps. I'd rather buy a phone that I can choose to install what I want and live without the play store, google maps etc.
Upvote
0
(0
/
0)
We can no longer block stores so we'll block developers and force them through our programme
Upvote
1
(1
/
0)
If you do decide to go Windows and web only, take a good luck at Flutter. You can use one code base to write for Windows, the web, Android, iOS, and other platforms. I didn't realize this until recently, but Flutter is about 8 years old now.
Upvote
0
(0
/
0)
What do you mean? People are always bringing that up - apparently wilfully unaware of that fact that home computers are began from a starting point of utter insecurity and have slowly had security applied over the years.
Given the wild-west starting point of the home computer there is a lot more that is permissible on a Mac than is or should be on an iPhone. Because the iPhone didn't start out insecure by design.
This argument is akin to saying that because it is possible to break a window there is no point locking the door.
Upvote
-3
(1
/
-4)
Upvote
4
(5
/
-1)
It's in the proprietary closed-source Google Play/GMS stuff, similar to the blocking installation of APKs of apps downloaded from the Play Store.
Upvote
0
(0
/
0)
Nitpick: misleading. It’s actually easy and the whole point of code signing to “know” that a binary has been approved (signed) by a verifier. No database required.
The problem is that Google wants the signatures to be revocable to deal with malware. Allowing revocation lists to be updated is the source of the internet access requirements.
Upvote
1
(1
/
0)
It's possible to write a chat application that has a persistent TCP connection and doesn't hog the battery, Conversations is really great at that. It's not an issue of the modem being up, in fact the modem needs to be kept up, otherwise incoming phone calls wouldn't work either. The suspend is the main CPU being shut down (essentially s2ram, as known from laptops, leaving USB devices powered). I don't know if it's the software constantly doing something, or the NXP CPU being bad at low power states, but the main CPU is shut off.
The fact that other protocols/apps suck at being battery efficient without push notifications is a problem with bad design.
edit: Forgot to factor in the Librem+Waydroid factor, it might not be bad design, but also running Android in docker (Waydroid)
Last edited:
Upvote
1
(1
/
0)
I am not completely fluent in the inner workings of the Librem 5 (I run the default distro PureOS) but, as far as I know and as far as I can read from logs, when you do "Suspend", 3 cores out of 4 sleep.
You are right that the modem is up, but there's no communication between the phone and the modem in Suspend (again, if I recall correctly). The modem has the capacity to wake the system back up, which works via SMS or phone call but it doesn't work for TCP persistent connections (because the phone OS is gone). SMS works because the messages come as part of the standard signalling messages between modem and carrier.
The SD card also disappears when you go on Suspend (affecting battery life if you boot from the SD). I need a script to rewake the card otherwise things go bad, because I aggressively and creatively mount directories from the SD as part of the main file system to overcome the 32GB limitation (for example, waydroid and flatpaks are all in the SD card in my personal configuration). I think the SD reader is connected to the USB bus.
So I don't think all USB devices stay up either. Suspend in the Librem 5 is quite aggressive to save battery.
Actually - I should look more into how push notifications work. I think only one/few connections are up between phone and Apple or phone and Google and all applications push notifications through their infrastructure.
There are tons of discussions in the purism forums and the dev docs regarding these issues.
Upvote
0
(0
/
0)
Correct: All gets pushed through Apple/Google servers. Hence a privacy nightmare. And, funny thing: Apple's run on kind of XMPP...
My introduction to this was setting up an XMPP server. Getting it to work with iOS was a nightmare*, with Apple assuming that the app publisher is also the owner of the server, making the notification a 3 hop mess.
*I don't care about push notifications for google. F-Droid Conversations version which maintains an open connection.
Upvote
0
(0
/
0)
Yea...
Well, the same happens with Signal as I use it (under waydroid). And it's basically unusable out of home because it uses bursts of 20-30% of CPU time every 10 seconds. The Librem 5 CPU can throttle down to 100 MHz when there's no activity, but Signal will not allow that. =)
It is awful. I really don't get why it takes so much CPU to keep the TCP connection up and check for messages. So when I go out, I usually agree on what I am going to do with my friends and then I kill Signal or the entire Waydroid container if I won't need it.
Upvote
0
(0
/
0)
I thought the same thing. I mean, I spend about 50% of my time in Linux and I know the su password. 40% of my time in Windows, where I know the admin password, so ... I could do whatever. Destroy the OS or install anything malicious if I chose to. Of course, I can also write code and deploy it however. This is how nearly all Windows PCs, Macs and Linux machines are.
I do know that the answer to that is "control". Still, irks me.
Why do companies and users think phones are different? A friend at Google said there were banking concerns, but couldn't I wreak more havoc with a browser full screen on a PC than a phone?
Most of the Android security articles I read are about apps that are already in the Play Store, and I can't recall reading about one from F-Droid or sideloaded.
Upvote
0
(0
/
0)