• elucubra@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    170
    arrow-down
    5
    ·
    1 month ago

    Their arguments are kind of lame. To install APKs from outside the store is already an involved process that generally makes it harder for the uninformed to sideload. Make sideloading a bit harder, but possible. My xiaomi makes me wait and read warnings before installing APKs, for example.

    • floofloof@lemmy.ca
      link
      fedilink
      English
      arrow-up
      70
      arrow-down
      2
      ·
      1 month ago

      Side loading will still be possible but the apps themselves will need to be signed by the developer through Google, so Google ultimately still controls what can be installed. Maybe someone will crack it.

      • Porco@feddit.org
        link
        fedilink
        English
        arrow-up
        40
        ·
        1 month ago

        [Installing software] will still be possible but the apps themselves will need to be signed by the developer through Google, so Google ultimately still controls what can be installed. Maybe someone will crack it.

        Fixed that for you :-)

      • devfuuu@lemmy.world
        link
        fedilink
        English
        arrow-up
        16
        ·
        1 month ago

        It’s a great way to workaround them being forced to open the ecosystem a little and allowing alternative stores and that stuff. It only took more than a decade, they obviously not happy about it, so gotta screw people in another way.

        • feannag@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          5
          ·
          1 month ago

          That’s apple. Android has traditionally allowed sideloading. They aren’t be forced to open up anything, they’re just adding restrictions.

    • LiveLM@lemmy.zip
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      1
      ·
      edit-2
      1 month ago

      “Uugfhh, but the users don’t read the warnings!! They just click yes until it works!!”

      And that’s my problem because??? For fucks sake

  • owenfromcanada@lemmy.ca
    link
    fedilink
    English
    arrow-up
    129
    ·
    1 month ago

    I know it’s not really ready for it yet, but I guess I’m gonna be looking into a Linux phone before I thought I would.

    • sk1nnym1ke@piefed.social
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      1 month ago

      My main problem with linux phones is that many apps only exist only for android or ios.

      Sure some apps are basically a website that you can acess by web browser but many apps cant be replaced able (banking, tickets, public transport, games)

      • toddestan@lemmy.world
        link
        fedilink
        English
        arrow-up
        20
        ·
        1 month ago

        My main problem with the current crop of Linux phones is, or at least it’s my impression - is that they still struggle with the basic phone part. As in network connectivity (at least in the US), making and receiving calls, SMS & MMS, and VoLTE support. If there’s a Linux phone where that stuff is solid and works, I’d buy one. I don’t really care about the whole app ecosystem - I barely have any apps on my Android phone now.

      • bdonvr@thelemmy.club
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 month ago

        Most Android apps can be run under a mini-VM in the Linux systems I’ve tried - but some apps won’t function well that way (banking, NFC tickets, etc)

      • owenfromcanada@lemmy.ca
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 month ago

        I think I’d be willing to let go of the handful of things that are exclusive, given that I could probably do more with a proper Linux system. It’s the basic phone functionality (as others have mentioned) that keeps me from switching.

  • HeavyRaptor@lemmy.zip
    link
    fedilink
    English
    arrow-up
    91
    ·
    1 month ago

    This is about Revanced, isn’t it? They failed to kill it via the YouTube backend so now it’s down to lock down the os and browsers as much as possible to keep feeding people the juicy ads.

    • ook@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      50
      ·
      1 month ago

      This is bigger than “just” Revanced though. It is about using any open source software that could replace a Google app and losen Google’s grip on your data.

        • jacksilver@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          1 month ago

          Yeah, but that doesn’t help if you can’t make apps that support the hosted services. Google is trying to have complete ownership of what runs on your phone.

          • chisel@piefed.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 days ago

            I hate this move and love my sideloaded apps. However, there are plenty of self hosted apps on the play store. It’s just putting in a unique address at setup, not compiling a whole unique app for each server.

      • HeavyRaptor@lemmy.zip
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 month ago

        I don’t see how the DMA would cause this other than Google preemptively setting themselves up for malicious compliance. The whole point of the DMA seems to be to give users choice not take it away.

        • Xatolos@reddthat.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 month ago

          DMA is only partly for choice. Sorry, different act, but same group (EU). But the rest pretty much stands the same, the EU won’t see it as malicious compliance, but as a great design choice.

          https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/digital-services-act_en

          This is also huge part of it about being able to “prevent illegal” content.

          “easier reporting of illegal content” “less exposure to illegal content” “level-playing field against providers of illegal content”

          This will help give paper trails for everything, and that allows for easy reporting which is the bigger part of the DMA.

        • Mavytan@feddit.nl
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          I think you’re on point with the malicious compliance. Google doesn’t want to give up power and control. Requiring all installations to run through them seems to be their workaround.

  • OboTheHobo@ttrpg.network
    link
    fedilink
    English
    arrow-up
    87
    ·
    1 month ago

    Something kind of concerning I just found - there’s an option for “limited distribution” which is “Intended for ‘students, hobbyists, and other personal use.’” One of the differences is the following:

    Has “capped number of apps and installs”(specific limits not disclosed)

    Doesn’t this imply there’s going to be global tracking of what apps people are installing even through sideloading or APKs? I can’t think of any other way to enforce this. They would have to know how many times people installed an app even when its not through any kind of app store or even from the internet at all.

    • Peffse@lemmy.world
      link
      fedilink
      English
      arrow-up
      34
      ·
      1 month ago

      I’m pretty sure that was implemented a while ago. My install of VLC from F-Droid started showing up in Play Store’s update list.

      It couldn’t update since the signature didn’t match, but Google knew about it and included it anyway.

      • davidgro@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        edit-2
        1 month ago

        That has just always been the case as long as the app in both stores uses the same package string. (Like org.blitzortung.android.app or org.videolan.vlc)

        • Peffse@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 month ago

          Wasn’t always the case (I think it changed within the past two years), but upon doing research on when it changed I stumbled on this gem.

          • kopasz7@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            10
            ·
            1 month ago

            “Google would never do something like that” comments just one year ago. Oh my! Google dropped the “don’t be evil” motto a long time ago.

          • davidgro@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 month ago

            It’s been the case ever since I started using Android (and modded APKs such as old versions of apps re-signed to not update) in about 2011.

            Some of the root apps back then such as Titanium Backup had features to “unhook” an app so it wouldn’t appear as installed in the store, but my experience was that it never lasted long enough to be worth doing.

      • OboTheHobo@ttrpg.network
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        1 month ago

        Could be, but that could also just be done locally. Like your phone checking the apps you have installed and seeing if the same ones are on the play store. Having an install limit for an app - assuming that means that the app can only be installed some total number of times globally (a local install limit wouldn’t make any sense I think) - necessarily implies that when you install an app through an APK, it has to tell Google that you installed that app so it can track how many people have installed it and not approve installation of the app if it’s over whatever the limit is.

        • AbidanYre@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 month ago

          If your phone is checking for that information, it’s a safe bet it’s reporting it back to Google.

          • OboTheHobo@ttrpg.network
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 month ago

            Probably. But that might be under the umbrella of optional usage statistics/reporting that you can opt out of. Since this new tracking would be “necessary” for their “security” feature to work, there’s no chance that it could be avoided.

      • BananaOnionJuice@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        1 month ago

        I think that’s how it works when you have apps with the same name from different app stores, I noticed it with a different app like two years ago.

      • LifeInMultipleChoice@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        That’s interesting. I was just checking to see if Cromite showed up there but couldn’t find it, is there a menu you found yours under outside the update tab? If something as simple as a browser I use is going to be blocked from installs/monitored I can’t see why I’d stay in this ecosystem.

    • 0x0@lemmy.zip
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 month ago

      They provide the OS, what makes you think that kind of tracking isn’t already happening?
      App stores provide the apks but then you’ll use your phone’s installer to actually, well, install the apks.

    • JustARaccoon@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 month ago

      Presumably that will work like test flight does where you can only install the app through an invite system

    • olympicyes@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      1
      ·
      1 month ago

      Nearly 100% of the development for handheld Linux is Steam OS / Steam Deck. If Valve moves to ARM at some point then you might see useful improvements that benefit the mobile use case.

      • Vanilla_PuddinFudge@infosec.pub
        link
        fedilink
        English
        arrow-up
        23
        ·
        edit-2
        1 month ago

        the collaborative world works off of demand. Pocket laptops and linux phones have been a nice distraction for long enough. They may soon become more of a saving grace.

        I’m not saying you’ll be able to run Spyware Simulator 2000 on PostmarketOS. I’m more saying that any secondary device you use for foss software will be more focused upon as an actual decent alternative for getting work done without being spied on by capitalist nazis.

        These devices can run web browsers. That’s 80% of your needs already taken care of and we haven’t even left Firefox.

        CARRY TWO PHONES??!!

        What will the neighbors think!?

        • olympicyes@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          ·
          1 month ago

          It seems like fewer people care about being spied on, “I have nothing to hide”, and many people don’t even change the settings to prevent sharing contacts, photos, and location with privacy hostile apps like Facebook.

        • Korhaka@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 month ago

          It won’t do phone calls or SMS but otherwise sure why not. Just call/msg with matrix or discord

          • pirat@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            30 days ago

            Attach some dangling USB modem with a data SIM, or just keep a mobile router with a data SIM in your backpack, for 3G/4G/5G data connectivity over WiFi. Then, use some VoIP provider if you actually need a phone number as well.

      • LifeInMultipleChoice@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 month ago

        What is blocking it? I haven’t done much research yet but was hoping to find a new OS if this goes through. Wouldn’t it be the same as putting a sim card into a tablet/laptop? Or is there something specific to your country that stands out?

        • muhyb@programming.dev
          link
          fedilink
          English
          arrow-up
          8
          ·
          1 month ago

          Probably they need to pay for an IMEI fee their government wants. I know because it’s the same here. I got PinePhone for $200 and had to pay for $250 IMEI fee. What did I do? Changed the IMEI to my old dead phone’s.

          • LifeInMultipleChoice@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            1 month ago

            Nice, that makes sense. Doesn’t is store more data than just an IMEI number though, like make/model, did you have to spoof that as well or was that easily ignored

            • muhyb@programming.dev
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              1 month ago

              Normally, yes. As for my government concerns, I’m using Nexus 5X. They probably would notice if they investigate but as long as there are no more than 1 active phones with the same IMEI, they most likely won’t notice.

        • DeathByBigSad@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 month ago

          Look up Australia’s whitelisting system.

          If you phone isn’t manually approved, it won’t be able to connect to a cell tower, not even for emergency calls.

            • DeathByBigSad@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              8
              ·
              edit-2
              1 month ago

              https://www.youtube.com/watch?v=zIJavqEzEIw (sources in video description)

              If your phone isn’t manually approved, its assumed your phone doesn’t support 4g/5g, therefore, blocked.

              4G/5G phones have already been blocked

              Fairphone isn’t certified in Australia, Pinephone also isn’t, nor Librem 5.

              Custom ROMs on an approved phone might work for now, but they could potentially start verifying OS in the future if the autocratization trend continues. Also, manufacturers could starts start locking the bootloader.

              The best realistic way forward is have two devices, one is the “normie” phone, the other is your own pocket PC running a Libre OS.

  • RedFrank24@lemmy.world
    link
    fedilink
    English
    arrow-up
    78
    arrow-down
    7
    ·
    1 month ago

    If Google is going to lock down my device to the point where I can’t install apps without their permission, I might as well dump Android and go straight to Apple. I sacrificed my phone being good for the openness of the platform, but if Google loses that openness, why shouldn’t I go with Apple?

    • DeathByBigSad@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      34
      arrow-down
      4
      ·
      1 month ago

      Because the cheapest new iPhone is $600 and you can get a cheap new android phone for around $100-$200 and get 6 years of security updates (Galaxy A16 for example)

      If a smartphone is no longer a computer where you can install whatever you want, why bother investing so much money on a very locked-down phone? You can use the hundred of dollars you saved to spend on a small portable PC or something to run any software you want.

      • RedFrank24@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 month ago

        Yeah but my banks don’t support my small portable PC, nor does my mobile phone provider. If I wanted a small portable PC I’d get a small portable PC. What I want is a smartphone.

      • Psythik@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        24
        ·
        1 month ago

        $600 is pocket change for a phone these days. And for that $600 you’re getting a flagship phone. You couldn’t pay me enough money to put up with a non-flagship. Been there, done that. They’re too slow and frustrating, and apps keep closing due to lack of RAM. Never again. I much rather spend $600-800 on a high-end device that’s a couple of generations old.

        • DeathByBigSad@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          32
          ·
          edit-2
          1 month ago

          A $200 phone in 2015 is not the same as a $200 phone in 2025. I know from experience.

          Those phones in 2015 were awful, but in 2025, they feel more like mid-range phones.

          Edit: And $600 is pocket change? Sound like someone lived a privilaged life.

          • Zen_Shinobi@lemmy.world
            link
            fedilink
            English
            arrow-up
            14
            ·
            1 month ago

            This 100%

            I have used tracfone since 2012 and only bought phones from their store, sub $150. The budget phones today are so much better than the last 10 years.

            I just can’t wrap my head around sinking that much into a phone when you replace it every year and it cost as much as a decent budget computer, but worse.

            • Ilandar@lemmy.today
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 month ago

              I just can’t wrap my head around sinking that much into a phone when you replace it every year

              Usually the people who replace their flagship phone every 1 - 2 years aren’t paying full price for it, or at least not upfront. They are receiving trade-in and pre-order discounts, or spreading the cost out over a 12 - 24 month period through a plan with their telco.

            • Honytawk@lemmy.zip
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 month ago

              People who upgrade every year sell their old one at >50% the price.

              So they don’t fork over €600, they only do €250 or so.

          • Psythik@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            7
            ·
            1 month ago

            I make $19/hr and live paycheck to paycheck. I’m just being realistic about the current cell phone market.

            • Ilandar@lemmy.today
              link
              fedilink
              English
              arrow-up
              6
              ·
              1 month ago

              Surely cost relative to income is more relevant than cost relative to the rest of the market? Something doesn’t magically become cheap just because everything else is ridiculously expensive.

    • willington@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      22
      ·
      edit-2
      1 month ago

      Openness isn’t just a nice to have. It is essential.

      The difference between general purpose computing and gatekept walled garden computing is night and day.

      Identifying the devs is not in the “need to know” for Google. Google sells or helps to sell a general purpose open device where it is on us to exploit that device however we will.

      Now Google wants to switch to a walled garden, moderated development model.

      If Google promises it won’t use those dev IDs to moderate development, their promise is only worth the wind it moves and the sound it makes.

      • gandalf_der_12te@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        6
        ·
        edit-2
        1 month ago

        now while at first view, your sentiment is understandable, i actually kinda differ.

        when you buy any product at any store, i believe that there has to be a legal entity behind the store that sells you this product, and the legal entity needs to be identifiable. i.e. if you run a shop and give packages to people, you need to show ID to open up that shop. i believe it is the same for charity organizations which give away packages for free.

        now, why would it be different for apps? apps are software packages, and if they’re given away, there should be a legal entity behind it that is identifiable. this isn’t to surveil or suppress people, it’s just how business has always been done, and for good reason so. businesses need legal representatives to operate, even if it’s a charity, because otherwise there’s nobody to “talk to” when there’s issues, and also imposters would have an easy game.

        that doesn’t mean that you can’t donate packages away on the streets. just put it in front of your front door and wait until somebody passes by and takes it, or give it directly into the hands of your friends, you don’t need to open a business for that. just, if you do it regularly, interacting with people you don’t personally know, there is a legal entity that represents that recurring activity, like a business or charity.

        If i understand it correctly, even with the new changes, what can be done is that open software distribution sites like F-Droid can sign the packages instead of the original developers and therefore circumvent the identification of the original developers, and also you can still install unsigned third-party apps if you enter a command on the command line to disable ID certificate checking. it’s just an extra step, not a block-all.

    • Lost_My_Mind@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      1 month ago

      The only answer is money at that point. I don’t know how much phones are these days, but aren’t iPhones like $1400, but Android is like $900?

      I may be wrong though. Last time I bought a phone was 2018, and it was $600. Still using it.

      • viking@infosec.pub
        link
        fedilink
        English
        arrow-up
        26
        ·
        1 month ago

        You can get Android phones with reasonable specs around $200. No need for the so called “flagships”.

          • willington@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            6
            ·
            1 month ago

            You probably didn’t do it on purpose, but you made a comparison on Apple’s terms, thus implicitly priveleging Apple.

            Last thing Apple needs is us priveleging it.

            • Lost_My_Mind@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              6
              ·
              1 month ago

              I’m just saying Apple doesn’t make anything close to a cheap stripped down $200 model.

              I made the comparison based on feature set. For that you need an android flagship phone. Android DOES make cheap phones…but therexs no 1:1 comparison for Apple.

      • RedFrank24@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 month ago

        I already tend to buy the expensive flagship models of phones. I buy unlocked and it lasts me ~5+ years, so I get the best phone I can get at the time and make it last, so money isn’t as much of an issue if I were to move to an iPhone.

    • humanspiral@lemmy.ca
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      10
      ·
      1 month ago

      Apple hardware has always been a generation ahead. Even when android/qualcom catches up, next generation is out already. The reason to avoid apple was it being a closed system money grab.

    • MrSqueezles@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      This change requires you to attach your real name when publishing software. That’s all. You can still publish to and install packages from anywhere. This doesn’t come close to Apple’s complete control.

      Google already scans packages you’re installing for malware and alerts you and allows you to install them anyway. This gives that scanner one more tool to identify bad actors.

  • Ilandar@lemmy.today
    link
    fedilink
    English
    arrow-up
    77
    arrow-down
    7
    ·
    1 month ago

    I find it very strange how many people in the comments here think the solution is to buy an iPhone. Maybe you are all just rich and can afford to spend $1000+ based on vibes, but considering the Android market still has a massive value advantage I’m not really sure what the point of switching is. This all feels very similar to how some Westerners decided Chinese tech and even the Chinese government were suddenly problem-free just because Americans elected Trump for a second time.

    • benjaminb@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 month ago

      Can you even (easily) install custom apps on iOS? The last thing I remember is it being a huge pain in the butt…

      • Ilandar@lemmy.today
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 month ago

        If you’re in the EU there is now at least one alternative app store. iOS hasn’t opened up anywhere else in the world AFAIK, so it’s still a pain for everyone else. You used to be able to use the AltStore without jailbreaking iOS (maybe you still can), but the process was annoying and didn’t feel particularly secure as you had to provide your Apple account details.

    • wetbeardhairs@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      6
      ·
      1 month ago

      The upgrade cycle on iphones is longer than that on android. $1200 flagship samsung phone turns to shit after 2 years. $1100 iphone keeps chugging for 4-5. The android rot is real. Apple is far from perfect but the phones last way longer on average and end up having a lower cost overtime. That is if youre not buying bottom of the barrel budget phones to compare against.

      • Cenzorrll@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 month ago

        All of my old phones work fine as the last time they were updated. My 10 year old Sony xperia z3c would be fine except for security updates and it’s only 3g, and the storage on it is quite measly. I still use it everyday for playing music, though.

        Most of the speed issues are google bloat. Play services are absolute hogs, and anything that needs them will not work on this phone, but everything that doesn’t is perfectly fine. So I’m basically stuck with f-droid apps. Which is fine, because it’s a glorified iPod at this point

    • H0neyc0mb@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      23
      ·
      1 month ago

      …Used or refurbished iPhones are relatively cheap and better for the planet.

      • Ilandar@lemmy.today
        link
        fedilink
        English
        arrow-up
        23
        ·
        1 month ago

        Relative to what? Better for the planet than what? I’m not really sure what your point is here, you seem to be implying that a secondhand market for Android phones doesn’t exist (note: it does, and Android phones are still much better value secondhand because they lose value so quickly relative to iPhones).

  • Singletona082@lemmy.world
    link
    fedilink
    English
    arrow-up
    62
    arrow-down
    1
    ·
    1 month ago

    Apple now allows sideloading of apps and Google is trying to get rid of sideloading.

    What… the Fuck?

    • Luffy@lemmy.ml
      link
      fedilink
      English
      arrow-up
      28
      ·
      edit-2
      1 month ago

      Apple now allows sideloading of apps

      Apple allows as much sideloading as google wants to next near.

      Yes, you can install from .iPa files, but you still need to pay 100€ a year to be able to sign the IPA files, otherwise you cant run them. as much as with googles new policy you now need to pay 25€ + your full name to get a signature, to sign the Apks with

      • monogram@feddit.nl
        link
        fedilink
        English
        arrow-up
        26
        ·
        edit-2
        1 month ago

        This ⬆️ Apple has set the lowest bar, and google is simply following the trend of “how to keep your App Store the monopoly while conforming to the dma“

      • eleitl@lemmy.zip
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        19
        ·
        1 month ago

        The EU is no longer an ally in such matters but a bad actor.

        • webghost0101@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          17
          ·
          edit-2
          1 month ago

          Gonna have to elaborate on this because the European union has both good and bad people pulling strings.

          If this is about chatcontrol. Scary as it is that the idea keeps coming back it has also always gotten shot down.

          • gandalf_der_12te@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            9
            ·
            1 month ago

            them bringing it up again and again is a very significant problem. Imagine you’re spending time with a girl and asking her to have sex with you. She says “no”, and you simply keep asking her daily until she says “yes” once, probably because she’s just not paying attention to your actual question on that day. Such a behavior would be recognized by most people as being improper, immoral and not in the spirit of “consent”.

            Now, the same is happening on the EU. They keep asking the same question after they already got an explicit answer, and such a behavior should be illegal by itself. No means No.

          • simsalabim@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 month ago

            As more countries within the EU shift to right wing governments, the EU as a political body itself will also shift more to the right.

            • greenacres3233@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 month ago

              Ah, yeah I don’t like that trend that’s been going on. Or like chatcontrol that somehow seems to find it’s way back despite being shot down again and again.

    • Mwa@thelemmy.club
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 month ago

      Apple now allows sideloading of apps and Google is trying to get rid of sideloading.

      afaik only in the EU?

    • squaresinger@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      29 days ago

      To be fair, they are now both on the same level. Both now allow sideloading from “trusted” sources, aka developers verified by Apple/Google.

    • ilmagico@lemmy.world
      link
      fedilink
      English
      arrow-up
      44
      arrow-down
      1
      ·
      1 month ago

      Sure, but the problem is the ecosystem of alternatives stores effectively collapsing or falling under Google’s control. That will affect everybody who uses them, whether on GrapheneOS, LineageOS or certified devices.

        • floofloof@lemmy.ca
          link
          fedilink
          English
          arrow-up
          24
          ·
          edit-2
          1 month ago

          For my next phone it will be between a used Pixel with Graphene OS and the Fairphone 6 with the de-Googled e/OS option. A modern Pixel would be a little better for CPU, camera and RAM, but the Fairphone has decent hardware specs and tries to be more ethical about the environment and its suppliers, and it has a replaceable battery. The Fairphone is expensive in the USA though.

          https://shop.fairphone.com/the-fairphone-gen-6-e-operating-system

          https://www.wired.com/review/fairphone-gen-6/

          Edit: After reading this thread I would lean towards Graphene OS:

          https://lemmy.ca/post/50750274

          • napoleonsdumbcousin@feddit.org
            link
            fedilink
            English
            arrow-up
            10
            ·
            1 month ago

            Recently a user here did the math on that and the fair/eco part of fairphone is really miniscule (they spend less than 5$ per phone and a big part of that are fairwashing credits). Unless you need the repairability or the specific specs, you might be better off to buy a cheaper phone and just donate money to a good cause.

            Here is the original post: https://lemmy.world/post/32013987

          • DaddleDew@lemmy.world
            link
            fedilink
            English
            arrow-up
            9
            ·
            1 month ago

            I’ve quickily looked up Sailfish and am shocked that we haven’t been hearing more about it. Why is so? Where’s the catch?

            • sickday@fedia.io
              link
              fedilink
              arrow-up
              11
              ·
              1 month ago

              We currently sell and ship Jolla C2 within the European Union, the United Kingdom, Norway, and Switzerland.

              From a cursory glance, they don’t ship to any of the largest smartphone markets. That’s likely why you don’t hear much about them as opposed to any of the global distributors.

            • floofloof@lemmy.ca
              link
              fedilink
              English
              arrow-up
              5
              ·
              edit-2
              1 month ago

              It actually looks decent, and their C2 phone looks reasonable though not premium (8GB RAM, 4G LTE, a 1600x720 screen and no fingerprint reader are not brilliant specs, though they’ll do the job and it’s a nice looking phone). The OS subscription might put some people off though: you get one year of updates and then have to pay about €5 per month.

              • GreyEyedGhost@lemmy.ca
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 month ago

                I’m pretty curious about the C2, as well, but don’t live in their market, and don’t want to pay 100% of the phone cost in shipping fees, etc. And after all that, I have no guarantee of support. As for the €60 per year, my latest phone is an S22 Ultra, half of whose features I no longer use due to the updated Samsung TOS. I can absorb that cost for the sake of updates, if they’d let me.

                • floofloof@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 month ago

                  The forums suggest there are quite a lot of bugs and the device is slow. I hope Sailfish OS continues to improve but for a daily driver I’m leaning towards Graphene OS as the best option for now.

        • dufkm@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          4
          ·
          1 month ago

          Probably own a privacy-invasive phone and use it as little as possible.

    • neo2478@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      2
      ·
      1 month ago

      Just give google more money, no thanks. Fairphone with lineage OS is a better option in my opinion.

        • neo2478@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 month ago

          That’s keeps the used price for pixels high, which encourages people to buy new pixels cause they know it has a good resale market.

          • extremeboredom@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 month ago

            Child slaves labored to make raw materials for the device you’re holding. Your purchase kept the market rate for raw materials high, encouraging the continued use of slave labor. Don’t you feel bad?

            We do the best we can with the decisions we have available to us.

        • neo2478@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 month ago

          Plus their mission to try to make a phone with fair materials and compensation in their entire production chain. Is it perfect, of course not, but a lot better than all other brands.

    • Akasazh@feddit.nl
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 month ago

      The delictable irony that if you don’t want to use their os, you need to use their phone

      • TheTechnician27@lemmy.world
        link
        fedilink
        English
        arrow-up
        34
        arrow-down
        2
        ·
        edit-2
        1 month ago

        Purism scams their customers left, right, and center and have for effectively their entire existence. They should not be trusted, and their phone specs are basically from 2013 sold for $800.

        So even if you’re idealistic enough to pay $800 for a phone that’d be in a landfill if it didn’t have hardware privacy features, Purism will take that trust you have in them and screw you over – delay you for as long as they need to/can/want with no recourse for a refund outside of maybe the courts. After which you hope you either get a functioning product or get good luck with a disorganized, opaque, scumfuck company like that.

        • Canuck@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          3
          ·
          edit-2
          1 month ago

          You’re not being honest. They struggled to deliver their ambitious mainline Linux phone on time during Covid yes, but they eventually delivered. The fact that they did is a huge win for the mobile Linux ecosystem becoming a real contender just when we need it. All their other products are just fine.

          NXP i.MX family debuted in 2013; Intel i7 family in 2008. Their phone uses a 2017 i.MX 8M Quad, the same year they crowdfunded their phone. 2017 i7 computers are equally not from 2008…

          It still today remains one of the best ARM processors with open source drivers without an integrated baseband. It means basically any flavour of Linux can install on the device, with a significant layer of protection from carrier conduited attacks. Other modules have similar tradeoffs between performance and interoperability/security.

          Want better specs? We either need SoC companies to release more of their drivers open source, or more people to patiently reverse engineer closed source ones.

          • TheTechnician27@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            1 month ago

            They struggled to deliver their ambitious mainline Linux phone on time during Covid yes, but they eventually delivered.

            And for the people who requested refunds who waited months if not never received them? Despite them moving back their timeline literal years with repeated delays? I don’t care what challenges they faced; they knowingly took people’s money and refused to give it back to them when they couldn’t deliver. It’s their responsibility to be prepared for challenges. And in some extreme edge case where they couldn’t have been prepared, it’s their responsibility to be transparent about that to the people who gave them over a million dollars (let alone purchased the product after the Kickstarter was finished). I suppose too that the pandemic affected Purism in January 2019 when they were supposed to deliver their product?

            The fact that they did is a huge win for the mobile Linux ecosystem becoming a real contender just when we need it.

            The Librem 5 is not a contender for shit. It’s so overpriced that it can only be successfully marketed to people who care so deeply about their privacy that they’re willing to use an inconvenient mobile OS, get completely boned on hardware specs, and deal with a company notorious for fucking over its customers. Purism’s behavior is a fucking embarrassment to the Linux ecosystem.

            NXP i.MX family debuted in 2013; Intel i7 family in 2008. Their phone uses a 2017 i.MX 8M Quad, the same year they crowdfunded their phone.

            That CPU is based on the ARM Cortex-A53 and Cortex-M4, launched in 2012 and 2009, respectively.

            2017 i7 computers are equally not from 2008…

            When I say “2013”, I’m not talking about the debut year of i.MX. I’m talking about the fact that you can compare this phone side-by-side with a Galaxy S4 or S5. 3 GB of RAM, 32 GB of eMMC storage, a 720 x 1440p IPS display, no NFC, USB 3.0, an 8/13 MP front/back camera (which they inexplicably call “Mpx”; good job, guys), 802.11n Wi-Fi, no waterproofing, and a shitty-ass i.MX 8M CPU. I still remember watching a trailer for the Librem 5’s continuing development, and as they were scrolling through a web browser, it was noticeably stuttering. This was years and years ago; I can’t even imagine it today.

            It still today remains one of the best ARM processors with open source drivers without an integrated baseband. It means basically any flavour of Linux can install on the device, with a significant layer of protection from carrier conduited attacks. Other modules have similar tradeoffs between performance and interoperability/security.

            I do not give even the slightest inkling of a shit try to confirm or deny this, so I’m just going to assume it’s 100% true, because it’s not relevant to the point that the spec is absolute trash and being sold for $800. If you are not absolutely married to privacy, this is not a sellable product in 2025.

            Want better specs? We either need SoC companies to release more of their drivers open source, or more people to patiently reverse engineer closed source ones.

            Actually, if I want better specs, I’m just going to go out and buy a phone that isn’t from Purism. It really sucks that it’s not open, private hardware, but Purism is such a scummy company that so wantonly fucks over their customers that I wouldn’t touch the Librem 5 even if I could justify spending $800 for that spec just for privacy’s sake.

    • PriorityMotif@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      5
      ·
      1 month ago

      Pixels are inferior to even the cheapest android phones out there. I have a two year old Motorola stylus that cost $100 and battery life is still over two days and I’ve dropped it a million times. Evey pixel I’ve owned had major issues with screen or battery life not worth the price when google can’t handle making reliable hardware. Plus I have a headphone Jack.

      • Statick@programming.dev
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 month ago

        I mean everyone has anecdotal evidence to “prove” their point… I have a Pixel 7a that still lasts 2 days and I’ve dropped it a million times and the screen hasn’t cracked. It’s also 2+ years old.

        • PriorityMotif@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 month ago

          We had a 4a (battery life) and 5a (sudden screen failure). Both failed just after warranty lapsed. The 5a made it just outside the extended screen warranty period. These are well documented issues and I’ve read about issues with newer gens as well. It just doesn’t make any sense not to support cheaper phones when it comes to custom roms because you’re voiding the warranty on it. With the pixels track record of poor quality I’d rather not risk $1k+ just to run custom firmware.

  • MystikIncarnate@lemmy.ca
    link
    fedilink
    English
    arrow-up
    51
    ·
    1 month ago

    This is the risk of “trusted computing” architectures. Who is governing the “trusted” part of that.

    These cryptographic signatures are not as much of a death knell for Android as some would have you believe. The trick is to get a common code signing cert into your device, that is then used to sign any third party APK you want to run. You can avoid the Google tax this way. I assume that’s how most sideloading sites and apps are going to handle this.

    The question is, how do you add that certificate? Is it easy and straight forward (with plenty of scary warnings), as a user? Or is it going to be a developer options deal? Or will I need root to add the cert?

    I’m not sure what that answer is right now.

    I just want to finish this post with a few words about trusted computing models. Plainly: Apple has been doing this for years … That’s why you download basically everything from an app store with Apple. Whether on your Mac OS device, your iPhone, iPad or whatever iDevice… Whether the devs need to sign it, or the app gets signed when it lands on the store, there’s a signature to ensure that the app hasn’t been tampered with and that Apple has given the app it’s security blessings, that it is safe to run. Microsoft and Google have both been climbing towards the same forever. Apple embedded their root of trust in their own proprietary TPM which has been included with every Mac, and iDevice for a long ass time. Google also has a TPM, the Titan security module, I believe that was introduced around pixel 3? Or 4?.. Microsoft made huge waves requiring it for Windows 11, and we all know what that discussion looks like. Apple requires a TPM (which they supply, so nobody noticed), Google has been adding a TPM and TPM functionality to their phones for years, and now Windows is the same. None of this is a bad thing. Trusted computing can eliminate much of the need for antivirus software, among other things. I digress. We’ve been going this way for a long time. Google is just more or less, doing what Apple has already done, and what Microsoft will very likely do very soon, making it a requirement. Battlefield 6 I think, was one of the first to require trusted computing on Windows and it will, for damned sure, not be the last that does. The only real hurdle here is managing what is trusted. So far, each vendor has kept the keys to their own kingdoms, but this is contrary to computing concepts. Like the Internet, it should be able to be done without needing trust from a specific provider. That’s how SSL works, that’s how the Internet works, that’s how trusted computing should work. The only thing that should be secret is the private signing keys. What Google, Apple, and Microsoft should be doing, is issuing intermediary keys that can sign code signing certs. So trusted institutions that create apps, like… Idk, valve as an example, can create a signature key for steam and sign Steam with it, so the trust goes from MS root to intermediary key for valve, to steam code signing key, and suddenly you have an app that’s trusted. Valve can then use their key to sign software on their store that may not have a coffee signing key of it’s own. This is just one example based on Windows. And above all of this, the user should be able to import a trusted code signing cert, or an intermediary cert signing cert, to their service as trusted.

    Anyways, thanks for coming to my Ted talk.

  • tias@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    39
    arrow-down
    1
    ·
    1 month ago

    If they only cared about thwarting malware they could have just relied on code signing via public certificate authorities, like with binaries on Windows.

    • arc99@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 month ago

      Code signing offers slight protection from malware but not as you might think. If a company signs an installer, or executable then it tells you it came from them but not what it does. It could still be malicious, or it could be inadvertently bundled with malware in DLLs or scripts and you wouldn’t know. You’re just hoping the company has done its due diligence and you trust them to run.

      Microsoft does have an antivirus system on top and fingerprints downloads too and applies some kind of trust score that is better if an exe is signed. There is probably no single mitigation that stops malware infection but apply lots of smaller mitigations in in depth and most people will be safe.

      The irony is Microsoft still lets people run files ending with .scr way too easily. Much of the malware on torrent websites is a file ending with .scr knowing the OS will hide the extension, e.g. movie.mp4.scr appears as movie.mp4 in File Explorer and people click through and get infected.

  • Zink@programming.dev
    link
    fedilink
    English
    arrow-up
    35
    ·
    1 month ago

    I think I am just done with the whole concept of the convenient prepackaged tech product, and especially staying “connected” with them.

    For example, I stopped wearing a smart watch this summer and it’s been a positive. I was the type to wear it 23 hours a day and track my sleep with it and everything. It turns out that not instantly seeing every notification or knowing the exact minute of the day are not a big deal, sans are even good for me.

    Part of what I’ve also done is use my phone a lot less and my linux desktop a lot more. I use it as a mobile communication device and not my computer for everything. I guess the next time I need to replace it I’ll either get an iphone since everybody in my family has one, or I’ll see where these wonderful Linux phone projects end up.

    • viking@infosec.pub
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      2
      ·
      1 month ago

      I’m wearing my smartwatch as a wristwatch. All notifications are off, but I see the temperature, UV index, step and calorie counters, which is nice. And if I ever want to review my sleep data, pulse, sPO2 saturation and location history, I got it available just in case. And for the very rare case that my phone is charging and I want to access messages from another room, I can do that manually.

      • Zink@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        In all fairness to smart watches, mine is what turned me on to regularly checking the UV index. That’s an important thing for all people, but especially me because I have an increased skin cancer risk due to unrelated medical stuff. And it was extra-extra important this year because I have done a ton of good work outside this summer.

        And to be more specific about my watch situation, there’s more going on than just avoiding notifications. I have been minimizing the amount of stuff I keep on my person in general, right down to finally getting my wedding ring tattooed on this year. There are various reasons ranging from abstract introspective life improvement stuff to the practical where that outside work I mentioned was constant and pretty rough on anything on my hands/arms.

        So even if I wore a nice mechanical watch, I’d probably still be going with the double bare wrists right now.

        • Ilandar@lemmy.today
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 month ago

          In all fairness to smart watches, mine is what turned me on to regularly checking the UV index.

          Can’t you just do that on your phone? Surely if the UV is high, you just plan accordingly for the day? Sunscreen, wide brim hat, stick to the shade where possible, etc. I can’t imagine what benefit constantly checking the UV on your watch gives you. Even if it did happen to fluctuate for some reason, you would be wasting so much time constantly ducking in and out depending on what your watch says at any given moment.

          • Zink@programming.dev
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 month ago

            Yeah you are absolutely right. I do just check it on my phone or PC now.

            But having it constantly visible for the months or years I had it on my watch face etched the habit into my ADHD brain. It also gave me a feel for how weather and time of day affect it. But not in a way where I try to vibe measure the UV index. It reminds me to check the weather data. :)

        • xep@discuss.online
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          I look at the length of my shadow, if it’s not taller than I am I use an umbrella.

  • SuperSpruce@lemmy.zip
    link
    fedilink
    English
    arrow-up
    31
    ·
    1 month ago

    How does this affect “second-party” apps (i.e. apps you have created yourself)? Are you still allowed to go to Android studio, make an APK, transfer it to your own phone, and install that app? If no, this spells the death of experimental indie developers on Android.

    • nutsack@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      21
      ·
      edit-2
      1 month ago

      yes. from what I understand, you will get a developer key from Google, and then you will sign your APK with your key.

      you’ll still be able to sideload apps that have been signed with developer keys. the main point here is that Google is forcing the developer to identify themselves.

      • Dr. Moose@lemmy.world
        link
        fedilink
        English
        arrow-up
        17
        ·
        1 month ago

        You don’t need to sign anything just turn off play protect with 1 adb command:

        adb shell settings get global package_verifier_user_consent
        adb shell settings put global package_verifier_user_consent -1  # disable Play Protect
        
    • progandy@feddit.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      They might copy from apple. 3 apps with a self signed cert that needs to be renewed every week…

  • F_OFF_Reddit@lemmy.world
    link
    fedilink
    English
    arrow-up
    29
    ·
    1 month ago

    So yeah we’ll do a decentralized Linux phone of sorts, if Google is going full 3rd Reich with Android we’ll move to a Linux based OS phone.

    Simple as that.

    • lemmyknow@lemmy.today
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 month ago

      Yes, learn the truth and be enlightened. Both Microsoft and Google have been secretly scheming for a while now, with the sole intent to get girthero closer to Linux

    • minkymunkey_7_7@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      1 month ago

      Windows 12 phones are going to come. Microsoft will have their own RISC chips to run mobile platforms. Their relationship with Intel has limited them too much while the rest of the Tech giants grew too powerful with their own branded chips and devices.