• MrSulu@lemmy.ml
    link
    fedilink
    English
    arrow-up
    50
    ·
    2 days ago

    Let’s hope that the rest of the world, specifically Europe smash this ridiculous proposal apart for what it is. Europe has already sorted out USB-C etc. Its not perfect and they don’t get everything right, but certainly big enough to make stuff right.

    • SpaceCadet@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      34
      arrow-down
      2
      ·
      2 days ago

      They’re too busy forcing chat control and age gates through our collective throats.

    • kalkulat@lemmy.world
      cake
      link
      fedilink
      English
      arrow-up
      18
      ·
      2 days ago

      Yep. The E.U. has allowed itself to be dominated for too long by the US megacorps. It has the talent, ideas, and manufacturing to tell US firms to bugger off … and the sooner, the better for us all.

      • Tollana1234567@lemmy.today
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 day ago

        they are also going hard on surveillance, private info too, backed by RU of course.i think russell vought is behind the anti-porn verifications in the EU

  • Wispy2891@lemmy.world
    link
    fedilink
    English
    arrow-up
    53
    ·
    2 days ago

    What pisses me off it that they say they do this for security. It changes absolutely anything.

    They really think that malware developers will say “oh no! I need to submit a picture of an id card to sign my malware! It’s literally impossible to submit a jpg of a stolen id card, I’m ruined and out of a job!”

    What does it change? Waste 20 minutes of some malware developer while they register under a stolen id? They already have a system that scans for known malware and automatically remove it.

          • boonhet@sopuli.xyz
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            3
            ·
            2 days ago

            Not really, it’s more about children not being exposed to things usually. Hence starting with age requirements for porn and they move forward to other things.

            • SpaceCadet@sopuli.xyz
              link
              fedilink
              English
              arrow-up
              10
              ·
              2 days ago

              “Protecting the children from harmful content and predators”, “protecting people from terrorists and criminals”, “protecting users from hackers” are all forms of security, and are all used as arguments to erode freedoms.

              It all boils down to: just give up this bit of freedom so we can keep everyone safe.

    • brucethemoose@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      2 days ago

      Thing is, Play Store is already filled with malware or near-malware from seemingly verified developers. I ran into several scam clone apps just today. It’s even snuck in through OEM apps.

      Same on iOS, which supposedly verifies devs.

      If ‘verification’ and curation is their idea of security, well… It appears their system is already overloaded, yet they want to expand it?

        • brucethemoose@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 day ago

          It’s absolutely insane that anyone pretends Google Play and the App Store are fine though.

          Has anyone scrolled through any search and not seen a sea of heavily marketed scam apps?

    • JeremyHuntQW12@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 day ago

      They really think that malware developers will say “oh no! I need to submit a picture of an id card to sign my malware! It’s literally impossible to submit a jpg of a stolen id card, I’m ruined and out of a job!”

      Which is irrelevant. They can block any malware - now impossible to do with sideloading of apps during pop-ups.

    • fodor@lemmy.zip
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 days ago

      Of course they know that. It’s about power and money. After all, they already have a security program that filters out malware. If we believe their stated reasoning (which we don’t), they’re tacitly admitting that their current security program is a complete failure, and also that they will not try to fix it.

    • keegomatic@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      3
      ·
      edit-2
      2 days ago

      Both things can be true. It definitely is better for security. It’s pretty much indisputably better for security.

      But you know what would be even better for security? Not allowing any third-party code at all (i.e., no apps).

      Obviously that’s too shitty and everyone would move off of that platform. There’s a balance that must be struck between user freedom and the general security of a worldwide network of sensitive devices.

      Users should be allowed to do insecure things with their devices as long as they are (1) informed of the risks, (2) prevented from doing those things by accident if they are not informed, and (3) as long as their actions do not threaten the rest of the network.

      Side-loading is perfectly reasonable under those conditions.

      • TeddE@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 day ago

        It’s pretty much indisputably better for security.

        I dispute this. While adding extra layers of security looks good on paper, flawed security can be worse than no security at all.

        Android packages already have to be signed to be valid and those keys already are very effective in practice. In effect these new measures are reinventing the wheel as to what a layperson would think this new system does.

        Adding this extra layer in fact has no actual security benefit beyond posturing/“deterrence”. Catching a perpetrator is not the same thing as preventing a crime. Worse - catching a thief in meatspace has the potential to recover stolen goods, but not so in digital spaces - either the crime is damage or destruction of data for which no punishment undoes the damage or the crime is sharing private data which in practice would almost certainly have been immediately fenced to multiple data brokers.

        And were only getting started with this security theater:

        • Nothing prevents an organization from hiring a developer for long enough to register before being flushed (or the same effect with a burner account on fiver)
        • Nothing in this program does anything to get code libraries vetted - many of these developers may accidentally be publishing code from poisoned wells that they have no practical knowledge of.
        • None of these measures make scams less profitable.
        • None of this addresses greyware - software that could technically qualify as legal (because the user agreed to terms of service for a service of dubious value)
        • All of this costs time and resources that will likely inevitably be shouldered on low paid engineers that could have put that effort to better uses.
        • Metrics and statistics may likely be P-hacked to reflect that the new system as a success (because there’s internal pressure to make it look good) this turning-security-into-press-releases would have collateral of making accountability overall worse.

        But you know what would be even better for security?

        While we’re at it we could add the tropes of removing network connectivity, or switch to using clay tablets kept in a wooden box guarded by a vengeful god. Both of those would be more secure, too.

        Users should be allowed to do insecure things with their devices

        100% agree with you here - it’s fundamentally the principle of “Your liberty to swing your fist ends just where my nose begins”. Users should be given the tools and freedom to do as they want with their property - up until it affects another person or their property in an unwanted way.

    • JeremyHuntQW12@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      1 day ago

      This involves paying a fee, agreeing to non-negotiable terms, and uploading personal government ID documents.

      False.

      There is no fee.

      This article is garbage.

      • Paddy66@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 day ago

        I’d be more worried about having to send gov ID docs - more creepy control by Google.

  • interdimensionalmeme@lemmy.ml
    link
    fedilink
    English
    arrow-up
    35
    ·
    2 days ago

    The justification is simple, I don’t see the confusion, they want absolute power and for all alternatives to wither and die ? What is there not to understand ?

  • EzTerry@lemmy.zip
    link
    fedilink
    English
    arrow-up
    38
    arrow-down
    1
    ·
    2 days ago

    I am perfectly ok with android apps being required to be signed by not just a certificate (they always were just it could be self signed and just needed to match to upgrade without removing data) but a list of trusted entities.

    As long as:

    • I can install my own key on my phone (I’d I am trusted)
    • major distributors like fdroid and have a key installed without friction (like web CAs)
    • Google let’s me mark their key as untrusted (I probably won’t but I should be able to refuse things they trust (at install time, not disabling preloaded apps like settings)

    Without this it feels too much extending the monopoly despite being forced to allow 3rd party stores.

  • Johnny101@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 days ago

    Google’s developer verification will only run on mainstream Android with play services. It’s not supposed won’t be running in standard AOSP so the easiest solution would be to switch to a custom ROM like GrapheneOS.

    • Crozekiel@lemmy.zip
      link
      fedilink
      English
      arrow-up
      23
      ·
      2 days ago

      They are also working to similarly kill custom ROMs. Just recently the GrapheneOS team mentioned that Google is no longer making their hardware drivers Open Source, and so compatibility with new phones means reverse engineering their own drivers - which is a big reason that custom ROMs support such narrow hardware options already and very often come with limitations and/or features that just don’t work. At best, they figure out how to make it work, but it takes time and updates can lag significantly behind.

      We have a lot of options on the software side for avoiding google (or android), but very limited options on hardware. We need open source mobile hardware support ASAP.

      • Tollana1234567@lemmy.today
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 day ago

        even the OP is softlocking thier newer phones(arbitrary online application to unlock it) in the near future, i expect a full lock sooner or later

        • hietsu@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          3
          ·
          2 days ago

          Also, aren’t some critical apps like banking apps starting to ban unlocked / non-stock systems? Heard someone complaining about this a while ago.

          • Johnny101@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 days ago

            Yes, banking apps, streaming apps, even some shopping apps. This has been a problem for a long time. Sometimes its for “security” reasons and sometimes its simply because the app uses Play Service APIs. Another issue on de-googled systems is push notifications, though that is often fixed through alternates like Unified Push

    • coolkie@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      2 days ago

      But remember, unlocking bootloader is harder and harder for many devices. And Google’s Play Integrity and API changes makes removing trace of unlocked bootloader harder. Many apps not just banking, ChatGPT, games, some of social media is completely unusable in that scenario.

      • Johnny101@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 days ago

        Like other people have suggested, maybe get a second phone (one of those really cheap ones with play Services) and use that for that stuff, and keep your main personal phone google-free.

                • MrScottyTay@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 day ago
                  • Carrying two massive slabs because a few apps won’t run on one of them

                  • Having a second home because some nights you can’t sleep in one due to noisy neighbours

                  Where the more simple solution would be:

                  • Have a phone that can run all of the apps you need so you don’t need to buy and carry around a second phone
                  • deal with your neighbours and sort stuff out rather than buy and travel to and from a second home.
  • General_Effort@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 days ago

    European devs: Our laws will protect us!

    Meanwhile, our laws:

    Article 30

    Traceability of traders

    1. Providers of online platforms allowing consumers to conclude distance contracts with traders shall ensure that traders can only use those online platforms to promote messages on or to offer products or services to consumers located in the Union if, prior to the use of their services for those purposes, they have obtained the following information, where applicable to the trader:

    (a) the name, address, telephone number and email address of the trader;

    (b) a copy of the identification document of the trader or any other electronic identification as defined by Article 3 of Regulation (EU) No 910/2014 of the European Parliament and of the Council (40);

    Article 30, DSA

    • take6056@feddit.nl
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 days ago

      How is trader defined? Is it a developer that’s selling apps or also one that’s just providing it for free?

      • General_Effort@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        22 hours ago

        Bear in mind that an open source license is a contract and it usually involves some form of reciprocity, like crediting the dev by name. That’s in principle not different from a sponsorship deal, where some sports stadium gets the name of a corporation.

        The actual definition is even wider, though. I don’t see who you get out of that.

        Trader defined in the DSA

        ‘trader’ means any natural person, or any legal person irrespective of whether it is privately or publicly owned, who is acting, including through any person acting in his or her name or on his or her behalf, for purposes relating to his or her trade, business, craft or profession;

        https://eur-lex.europa.eu/legal-content/En/TXT/HTML/?uri=CELEX%3A32022R2065#art_3

        If F-droid ever has more than 50 employees, annual turnover over EUR 10 million, or over EUR 10 million on the balance sheet, then they will have to collect the same information.

  • barnaclebutt@lemmy.world
    link
    fedilink
    English
    arrow-up
    112
    ·
    3 days ago

    Isn’t this illegal in Europe? Was that the whole point of forcing apple to allow alternative app stores?

    • progandy@feddit.org
      link
      fedilink
      English
      arrow-up
      33
      ·
      3 days ago

      Technically, third party app stores are allowed. Developers “only” register with google to receive a developer certificate. Isn’t apple doing the same thing in response to the EU regulations and that has been allowed?

      • Jason2357@lemmy.ca
        link
        fedilink
        English
        arrow-up
        34
        ·
        3 days ago

        Seems like a weasel around the requirement to get rid of the actual benefit of 3rd party stores.

  • supersquirrel@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    73
    arrow-down
    4
    ·
    3 days ago

    I will literally go without a smartphone if Google does this, this is insane I would have bought an iphone if I wanted a junk device I don’t actually own.

    • Jinni@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      54
      ·
      3 days ago

      If this effects de-googled android, I will probably start investing in Linux phones.

      I would rather have a limited phone than has full freedom than one that makes everyone go through Google.

    • Flatfire@lemmy.ca
      link
      fedilink
      English
      arrow-up
      36
      arrow-down
      1
      ·
      3 days ago

      The crazy part is this may make iOS the better alternative when considering the emergence of third-party app stores and Apple’s loosening grip on their ecosystem.

      LineageOS is still a good option too, for anyone who would prefer to keep the phone they have

      • DeathByBigSad@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        8
        ·
        3 days ago

        Not really. They are converging onto the exact same thing. 3rd party stores are allowed, but needs [Google/Apple]'s approval.

        If you are big and have teeth (like Epic Games), you will (probably) be allowed, if you are small like a single open source developer, the can shut you down city dubious “security”/“ToS” issue, and you probably don’t have the money to sue.

      • Auli@lemmy.ca
        link
        fedilink
        English
        arrow-up
        4
        ·
        2 days ago

        Where are the third party app stores on iOS. Apple is delaying and fighting every inch in the EU.

      • Pirate2377@lemmy.zip
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        5
        ·
        3 days ago

        iOS would be the better alternative, if it wasn’t for the hardware they run on. After all, Apple is infamous for their blatant planned obsolescence on their iPhones since the iPhone 6. Unfortunately, Google seems to be following Apple in this way as well since they launched an update that made the Pixel 6a’s battery so much worse than before. Therefore, we must all have a dumb phone + Linux phone set up…or something

        • enumerator4829@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          1
          ·
          3 days ago

          I can agree on Apple not really having a properly supported hardware repair ecosystem, and actively working against third party repair.

          But the software? When Samsung and friends had 2-4 years of security updates, Apple had almost twice that. The iPhone XS still has support, 6 years after end-of-sale, 7 years from release. Normal people can’t be expected to flash their phones with LineageOS. The situation is slightly better nowadays, but Samsung still seems to be depreciating 3 year old devices: https://endoflife.date/samsung-mobile

          • Flatfire@lemmy.ca
            link
            fedilink
            English
            arrow-up
            5
            ·
            3 days ago

            To add, Apple has actually been making amends regarding repairability. It’s small steps, but leagues ahead of what’s offered for popular android manufacturers, while still maintaining their IP68 ratings on most devices.

            I can’t speak to how they make their parts available to third parties (seems to be a grey area), but there has been a reasonable focus with the last couple generations of iPhones that ensures the device can be repaired from either side.

            Overall, the tide seems to have shifted. If you’re going to be at the mercy of a corporate giant in order to keep up with modernity, then Apple is currently holding the dimly lit torch of consumer rights.

        • Nikls94@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          3 days ago

          Apple is infamous for their blatant planned obsolescence on their iPhones since the iPhone 6

          They learned from it. The phone toggles itself when the battery health is at 80% max capacity, but this is toggleable. Also, the iPhone 11 still runs smooth.

        • DeathByBigSad@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          3 days ago

          iOS would be the better alternative

          • Already can’t “sideload”. iOS will be just as restrictive as Android in 2026-2027.
          • Apps immediately gets killed in the background. Can’t even transfer data to a USB Drive without needing to downloading a separate app, and need the app in the foreground.
          • iPhones cannot multitask
          • Developer account costs $99 **per year. On Google its only a $25 one time fee (for the near future, at least, I can’t predict what they will do in like 2035)
          • Pirate2377@lemmy.zip
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 days ago

            Yeah, if Android effectively kills fdroid, then it essentially becomes like iOS. Whilst you can technically still sideload, apps must get certified by Google themselves and there’s no way they’ll allow 90% of fdroid unless its their Google Play versions.Tbf though, I didn’t know the background thing, which just goes to show that neither of them are ideal. Especially since Apple locks down their devices really hard which turns things like transferring files without a cloud service into a challenge. Therefore, in the future, I might just use a dumb phone for basic phone calls and text messages (meanly just for things like job applications or services like pharmacies) and a Linux phone for everything else. That’s assuming Linux phones have evolved just enough to be usable alongside a dumb phone for what it can’t do, which is SMS.

      • cley_faye@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        3 days ago

        They both go for the least open option. If asking for all devs registration and validation from google is viable and legally sound, apple will do the same if that’s not already in the pipe.

        Both “stores” are targeted for the same issues.

  • ook@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    117
    ·
    3 days ago

    I am really glad to see these articles popping up now. Since the news broke a week back or so it was suspiciously quiet about this, despite lots of negative comments here.