“Google stands for free and open internet”
https://blog.google/outreach-initiatives/public-policy/keep-internet-free-and-open/
Aged like milk.
Don’t be evilBe evil when it makes money.
And of course the motto should have been, “Don’t do evil.” That would have been a respectable goal. But it wasn’t, because even back then they only wanted to be slightly better than Microsoft.
aged like a corpse in a bathtub more like it.
Mmmm head cheese
Don’t be something or other, hey check out this week’s doodle!
I am really glad to see these articles popping up now. Since the news broke a week back or so it was suspiciously quiet about this, despite lots of negative comments here.
I’m frustrated that the article didn’t link to the “decree.” Do you know where it is?
EDIT: nvm think I found it
https://android-developers.googleblog.com/2025/08/elevating-android-security.html
Isn’t this illegal in Europe? Was that the whole point of forcing apple to allow alternative app stores?
Technically, third party app stores are allowed. Developers “only” register with google to receive a developer certificate. Isn’t apple doing the same thing in response to the EU regulations and that has been allowed?
Seems like a weasel around the requirement to get rid of the actual benefit of 3rd party stores.
I can’t believe how useless the EU regulations are.
There’s never been a more urgent time to switch to Linux on pretty much every device.
The mobile options for Linux are years out from being ready and the hardware vendors are locking them out as fast as possible.
So it would seem.
The stepping-stone would be de-googled Android like LineageOS or GrapheneOS. I think Linux is the end-game though.
deleted by creator
Ubuntu Touch works well on my fairphone.
Very cool! I’m thinking of going for ubuntu touch, seeing as Android has proven that it’s no longer worth the time investment. Also, Fairphone 5 is my next phone if the current one dies, so it works out.
Could you share what do you really like about it? And what is your biggest gripe or letdown with it? Thanks!
It’s using Hallium, which is still using Android kernel and drivers, hopefully they can keep that up while vendors are getting increasingly antagonistic.
It is private.
If you want to run some android apps you can use waydroid, but it torches the battery.
If you want to run arm linux apps, you need to dork around with containers as the root os is RO.
I’m sitting on the fence of shelling out for a decen FP
Beats me! I’m in the process of moving banking and payment off my phone in preparation for a Linux one. These things will very likely not work on non-proprietary devices.
These things will very likely not work on non-proprietary devices.
Depends on your bank. Most work on alternate OS (like GrapheneOS), and of course some don’t. https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
If an app (especially bank) doesn’t work, I forward them this and try to ELI5 that their current method is flawed and less secure: https://grapheneos.org/articles/attestation-compatibility-guide
Which is fine and all, but then you still have to run a release built and signed by the grapheneos devs.
Reverse the question:
Which bank can be used with a linux phone?
I’m in the process of moving banking and payment off my phone
Go on… How are you doing so?
Going for plastic when paying instead of using a digital wallet, using the banks’ websites for transactions instead of the app.
Oh, yeah, absolutely. Mobile apps should only ever be used for check-scanning or for features that the online banking simply doesn’t allow (which would be messed up of the bank to do); same with mobile wallets.
wish it would have support
I will literally go without a smartphone if Google does this, this is insane I would have bought an iphone if I wanted a junk device I don’t actually own.
If this effects de-googled android, I will probably start investing in Linux phones.
I would rather have a limited phone than has full freedom than one that makes everyone go through Google.
The crazy part is this may make iOS the better alternative when considering the emergence of third-party app stores and Apple’s loosening grip on their ecosystem.
LineageOS is still a good option too, for anyone who would prefer to keep the phone they have
Not really. They are converging onto the exact same thing. 3rd party stores are allowed, but needs [Google/Apple]'s approval.
If you are big and have teeth (like Epic Games), you will (probably) be allowed, if you are small like a single open source developer, the can shut you down city dubious “security”/“ToS” issue, and you probably don’t have the money to sue.
iOS would be the better alternative, if it wasn’t for the hardware they run on. After all, Apple is infamous for their blatant planned obsolescence on their iPhones since the iPhone 6. Unfortunately, Google seems to be following Apple in this way as well since they launched an update that made the Pixel 6a’s battery so much worse than before. Therefore, we must all have a dumb phone + Linux phone set up…or something
I can agree on Apple not really having a properly supported hardware repair ecosystem, and actively working against third party repair.
But the software? When Samsung and friends had 2-4 years of security updates, Apple had almost twice that. The iPhone XS still has support, 6 years after end-of-sale, 7 years from release. Normal people can’t be expected to flash their phones with LineageOS. The situation is slightly better nowadays, but Samsung still seems to be depreciating 3 year old devices: https://endoflife.date/samsung-mobile
To add, Apple has actually been making amends regarding repairability. It’s small steps, but leagues ahead of what’s offered for popular android manufacturers, while still maintaining their IP68 ratings on most devices.
I can’t speak to how they make their parts available to third parties (seems to be a grey area), but there has been a reasonable focus with the last couple generations of iPhones that ensures the device can be repaired from either side.
Overall, the tide seems to have shifted. If you’re going to be at the mercy of a corporate giant in order to keep up with modernity, then Apple is currently holding the dimly lit torch of consumer rights.
Apple is infamous for their blatant planned obsolescence on their iPhones since the iPhone 6
They learned from it. The phone toggles itself when the battery health is at 80% max capacity, but this is toggleable. Also, the iPhone 11 still runs smooth.
iOS would be the better alternative
- Already can’t “sideload”. iOS will be just as restrictive as Android in 2026-2027.
- Apps immediately gets killed in the background. Can’t even transfer data to a USB Drive without needing to downloading a separate app, and need the app in the foreground.
- iPhones cannot multitask
- Developer account costs $99 **per year. On Google its only a $25 one time fee (for the near future, at least, I can’t predict what they will do in like 2035)
Yeah, if Android effectively kills fdroid, then it essentially becomes like iOS. Whilst you can technically still sideload, apps must get certified by Google themselves and there’s no way they’ll allow 90% of fdroid unless its their Google Play versions.Tbf though, I didn’t know the background thing, which just goes to show that neither of them are ideal. Especially since Apple locks down their devices really hard which turns things like transferring files without a cloud service into a challenge. Therefore, in the future, I might just use a dumb phone for basic phone calls and text messages (meanly just for things like job applications or services like pharmacies) and a Linux phone for everything else. That’s assuming Linux phones have evolved just enough to be usable alongside a dumb phone for what it can’t do, which is SMS.
They both go for the least open option. If asking for all devs registration and validation from google is viable and legally sound, apple will do the same if that’s not already in the pipe.
Both “stores” are targeted for the same issues.
Where are the third party app stores on iOS. Apple is delaying and fighting every inch in the EU.
I’m starting to think these for-profit companies only care about making money.
Open source community keeps trusting Google and they keep using the Embrace, Extend, Extinguish https://en.m.wikipedia.org/wiki/Embrace,_extend,_and_extinguish
What pisses me off it that they say they do this for security. It changes absolutely anything.
They really think that malware developers will say “oh no! I need to submit a picture of an id card to sign my malware! It’s literally impossible to submit a jpg of a stolen id card, I’m ruined and out of a job!”
What does it change? Waste 20 minutes of some malware developer while they register under a stolen id? They already have a system that scans for known malware and automatically remove it.
It’s always security when someone wants to take our freedom away. Always security…
Not always. It can also be about the children.
About keeping the children safe
That’s also security.
Not really, it’s more about children not being exposed to things usually. Hence starting with age requirements for porn and they move forward to other things.
“Protecting the children from harmful content and predators”, “protecting people from terrorists and criminals”, “protecting users from hackers” are all forms of security, and are all used as arguments to erode freedoms.
It all boils down to: just give up this bit of freedom so we can keep everyone safe.
Thing is, Play Store is already filled with malware or near-malware from seemingly verified developers. I ran into several scam clone apps just today. It’s even snuck in through OEM apps.
Same on iOS, which supposedly verifies devs.
If ‘verification’ and curation is their idea of security, well… It appears their system is already overloaded, yet they want to expand it?
That was fundamentally F-Droid’s retort.
It’s absolutely insane that anyone pretends Google Play and the App Store are fine though.
Has anyone scrolled through any search and not seen a sea of heavily marketed scam apps?
Of course they know that. It’s about power and money. After all, they already have a security program that filters out malware. If we believe their stated reasoning (which we don’t), they’re tacitly admitting that their current security program is a complete failure, and also that they will not try to fix it.
They really think that malware developers will say “oh no! I need to submit a picture of an id card to sign my malware! It’s literally impossible to submit a jpg of a stolen id card, I’m ruined and out of a job!”
Which is irrelevant. They can block any malware - now impossible to do with sideloading of apps during pop-ups.
Both things can be true. It definitely is better for security. It’s pretty much indisputably better for security.
But you know what would be even better for security? Not allowing any third-party code at all (i.e., no apps).
Obviously that’s too shitty and everyone would move off of that platform. There’s a balance that must be struck between user freedom and the general security of a worldwide network of sensitive devices.
Users should be allowed to do insecure things with their devices as long as they are (1) informed of the risks, (2) prevented from doing those things by accident if they are not informed, and (3) as long as their actions do not threaten the rest of the network.
Side-loading is perfectly reasonable under those conditions.
It’s pretty much indisputably better for security.
I dispute this. While adding extra layers of security looks good on paper, flawed security can be worse than no security at all.
Android packages already have to be signed to be valid and those keys already are very effective in practice. In effect these new measures are reinventing the wheel as to what a layperson would think this new system does.
Adding this extra layer in fact has no actual security benefit beyond posturing/“deterrence”. Catching a perpetrator is not the same thing as preventing a crime. Worse - catching a thief in meatspace has the potential to recover stolen goods, but not so in digital spaces - either the crime is damage or destruction of data for which no punishment undoes the damage or the crime is sharing private data which in practice would almost certainly have been immediately fenced to multiple data brokers.
And were only getting started with this security theater:
- Nothing prevents an organization from hiring a developer for long enough to register before being flushed (or the same effect with a burner account on fiver)
- Nothing in this program does anything to get code libraries vetted - many of these developers may accidentally be publishing code from poisoned wells that they have no practical knowledge of.
- None of these measures make scams less profitable.
- None of this addresses greyware - software that could technically qualify as legal (because the user agreed to terms of service for a service of dubious value)
- All of this costs time and resources that will likely inevitably be shouldered on low paid engineers that could have put that effort to better uses.
- Metrics and statistics may likely be P-hacked to reflect that the new system as a success (because there’s internal pressure to make it look good) this turning-security-into-press-releases would have collateral of making accountability overall worse.
But you know what would be even better for security?
While we’re at it we could add the tropes of removing network connectivity, or switch to using clay tablets kept in a wooden box guarded by a vengeful god. Both of those would be more secure, too.
Users should be allowed to do insecure things with their devices
100% agree with you here - it’s fundamentally the principle of “Your liberty to swing your fist ends just where my nose begins”. Users should be given the tools and freedom to do as they want with their property - up until it affects another person or their property in an unwanted way.
I think we mostly agree. And I do agree that “flawed security can be worse than no security at all.” I think, though, that this doesn’t make security worse, just that it doesn’t make it that much better.
But even simple filters can make a significant difference: maybe you remember the early-ish Lemmy debacle of turning off captchas for signups by default, ostensibly because captchas are now completely defeated… which led to thousands and thousands of bot accounts being created pretty much immediately across a bunch of instances, and the feature being turned back on by default.
I’ll agree to that.
And I also think that there’s no way I trust Alphabet (holding company of Google) to be the sole arbiters of who gets to run code - neither in a philosophical sense nor as a gatekeeper to one top five compute platforms used by a substantial chunk of the world population.
It absolutely does not justify creating a policy that would wholesale obliterate F-Droid, arguably one of their larger competitors.
100% agree
Most Android owners don’t even know they have Android phones. They are not informed.
Linux mobile
Yea… I’m really disappointed with the timing of FuriLabs new phone which is mostly a downgrade over the previous one. I’ve been window shopping phones for a couple of months and am at a loss for what to do. Even spent some time considering a dumb flip phone that can work as a wifi-hotspot and use a small linux tablet or something for the more involved stuff, but couldn’t find a good tablet option that wasn’t huge (would still want it to fit in my pocket) or come with the same problems.
Shift phone 8 from murena?
As far as I can tell, it’s just de-googled android… It is going to have the same eventual problems as any LineageOS, e/OS/, or GrapheneOS phone will have.
Unfortunately we need to come to terms with the fact that 1) Android is not Linux after all of the bastardizations Google has done to it and the control they maintain. 2) We need hardware mfrs on board for fully Open Source drivers for mobile hardware.
Basically all of the Linux phone options I’ve looked at have been disappointing. You’ve got people making open source OS like Sailfish or PostmarketOS or UbuntuTouch, but they only work for pretty narrow (and old) hardware and they don’t get 100% functionality on basically any of the hardware. FuriLabs was the first one I’d seen claiming you could use all of the features of the hardware, but even then it is using a bunch of (basically) compatibility layers to trick android apps into running, so I don’t even know if that will work after Google gets done with their plans.
deleted by creator
Let’s hope that the rest of the world, specifically Europe smash this ridiculous proposal apart for what it is. Europe has already sorted out USB-C etc. Its not perfect and they don’t get everything right, but certainly big enough to make stuff right.
They’re too busy forcing chat control and age gates through our collective throats.
Yep. The E.U. has allowed itself to be dominated for too long by the US megacorps. It has the talent, ideas, and manufacturing to tell US firms to bugger off … and the sooner, the better for us all.
they are also going hard on surveillance, private info too, backed by RU of course.i think russell vought is behind the anti-porn verifications in the EU
Hopefully they go to court to get an injunction. Hopefully, they also go to the powers that be in the EU, those same powers have been so focused on the Apple App Store they failed to take into account Google can do something like this with the Play Store. It would be a shame for the F-Droid project to end but it is completely avoidable.
To be fair, up until recently, there was no clear indication that Google would do this. Google made it so that installing non-play store apps was slightly more difficult, Apple made it pretty much impossible. So Apple was a pretty logical target at that point (and honestly, up until then, they had pretty much gotten a free ride - think of the default browser issue in Windows, no one every bothered with Apple).
“Year of the Linux Phone” has a nice ring to it.
Not for me, no. I love the sandboxing and permissions of android (GrapheneOS). Honestly, desktop OSs should learn from it. Also, android is a lot easier to use, especially on small form factor devices.
Idk about GrapheneOS in particular but I find the sandboxing solutions for GNU/Linux like bubblewrap to be much more granular than standard Android.
“give us access to manage phone calls or we won’t you me answer internet calls (which have nothing to do with actual SIM calls)”, “give us access to all your files or we wont let you share that file via the share function (which doesn’t need fs access to work)”.
On GNU/Linux I can only give a program exactly the resources it needs, I can disallow dbus, I can block it from accessing potentially troublesome things like /dev/dri, can overlay filesystems and pretend that’s my real home dir. Or can just mount the whole / to some other system.
I am not saying android is perfect, but too granular is also bad. I have better things to do then tweaking SELinux policies.
It seems to me that part of the problem is overreliance on phones as computing devices. A lot of things, like banking, are best done on an actual computer. We have become too dependent on phones.
Your phone has likely much better security for your banking apps than your computer, unless you run really niche setup like QubesOS.
I’m not sure how it works the way where you live but where I live, the way the banking apps are implemented completely violate MFA. They rely on SMS verification which is absurd since if you’re phone is already compromised, no doubt your SMSes are too. There’s no true multi-device authentication in place and this has led to a huge number of victims being scammed after their devices get compromised by a phishing attack.
The desktop and phone are both insecure, proper security should not have all your eggs in one basket.
Well, yes. But then again, I would trust my GrapheneOS phone not getting compromised over 3 linux devices. MFA is not some ultimate solutions and it is a pain to use.
I mean sure, but that’s not the case for the majority of the user base of these banking apps. Is it the most secure? No but it’s way better than it is right now.
So what is the case for most users? Are normal android phones getting compromised (in a way true 2FA would help) often enough it is an issue? I honestly haven’t seen any statistic regarding this and anecdotally I don’t know anyone whose internet banking was compromised. Whether on phone or desktop.
Yeah, SIM swaps are a concern too.
The phone is not insecure because of all eggs on basket.
You say “security” I say “a bug that won’t let me log in”. Which is it?
Which is the point. Why do we need this security when the most virus riden PC can access my banking website.
That’s a good point, time to ban banking websites and only allow people with locked-down phones to bank.
There are no banking apps on my computer.
Maybe we have this view because when we refer to computers we see a more open ecosystem that’s not found in the mobile phone era. I want that same liberty with my phone. When the word “sideloading” has disappeared, I think then we have known something has changed.
Yep I absolutely refuse to put any banking apps on my phone. The only thing that has access to my bank is me physically going there or logging into their website via my own computer. Fuck any app that asks for access to my bank account including autopay services thorugh third parties.
The only third party serive I use for payments is paypal and that only goes to my credit card.
Yeah guess what happens when access starts to be app-only?
no it’s not. takes me 2 seconds to log in into my banking up in my phone. anything basic will take a few taps to do (eg transfer money).
I am perfectly ok with android apps being required to be signed by not just a certificate (they always were just it could be self signed and just needed to match to upgrade without removing data) but a list of trusted entities.
As long as:
- I can install my own key on my phone (I’d I am trusted)
- major distributors like fdroid and have a key installed without friction (like web CAs)
- Google let’s me mark their key as untrusted (I probably won’t but I should be able to refuse things they trust (at install time, not disabling preloaded apps like settings)
Without this it feels too much extending the monopoly despite being forced to allow 3rd party stores.
The justification is simple, I don’t see the confusion, they want absolute power and for all alternatives to wither and die ? What is there not to understand ?
