| ▲ | palata a day ago |
| Respectfully, I think this is the wrong fight. And I fear it may be counter-productive, because all the effort put into asking Google to make it a little less painful to install an unverified app is not put into the real fight. IMHO, it should be fine for Google or Apple to do whatever they want with their OS. What should be forbidden is to prevent people from installing an alternative OS on their hardware. But this is not all Google's doing there: all the Android manufacturers are actively preventing users from doing it. When I buy an Android phone, I should be able to unlock the bootloader, add custom signing keys, install whatever OS I choose, and relock the bootloader. Interestingly, currently this is possible on Google Pixels, but not on most other Android devices. When I use an Android phone, a company building an app should not be allowed to ban my OS "because it is not the Google OS". That is, using Play Integrity or whatever they do to ban alternative OSes should be forbidden. But again, this is not entirely Google's fault: the companies choose to add those checks in their ** app. And it is a bigger problem there, because while I can install an alternative OS on my Android device (e.g. GrapheneOS or LineageOS), I can NOT install an alternative client for e.g. my bank. Back to side-loading: really it's mostly a problem for F-Droid on Stock Android, as far as I can see. And really, people who care about using F-Droid would probably be happy to use an alternative OS, if it was reasonably possible. We should fight for that. |
|
| ▲ | storus a day ago | parent | next [-] |
| ARM doesn't have any initialization/boot standard enforced on phone manufacturers so everyone is doing their own and never upstreams anything. It's a general ARM problem. PC with some lucky coincidence avoided that fate and we got used to it. RISC-V is in even worse shape than ARM as the fragmentation is even at the CPU instruction level. Both ARM and RISC-V have some discussions/proposed standards but nothing enforced anywhere. |
| |
| ▲ | palata a day ago | parent | next [-] | | Interesting insights, thanks! If I may ask: is that a reason to prevent me from unlocking, adding custom keys and relocking the bootloader? It feels like you are talking about the implementation details below that. I don't really mind if it is different, I just want a common API, and it seems like whatever is done on the Pixel phones is totally fine. Why not make that mandatory for all manufacturers? | |
| ▲ | fsflover a day ago | parent | prev [-] | | Nevertheless, postmarketOS manages to run Linux without Android on quite a few phones. | | |
|
|
| ▲ | codedokode a day ago | parent | prev | next [-] |
| This should apply not only to phones. Every device with CPU and programmable memory should allow user to reprogram it. However, the user may waive this right for purpose of theft protection. |
| |
| ▲ | palata a day ago | parent [-] | | Agreed. And it does not mean that they should open source everything. If I buy a connected fridge, they should give me a technical way to flash my own OS on it. Maybe I will lose most functionality by doing that, and maybe it will be a lot of work for me to get the OS working properly with the fridge. But it should be possible. |
|
|
| ▲ | 1vuio0pswjnm7 18 hours ago | parent | prev | next [-] |
| "But this is not all Google's doing there: all the Android manufacturers are actively preventing users from doing it." Google is (a) restricting "Android" functionality through trademark and software licenses with manufacturers and (b) paying the manufacturers, e.g., through placement agreements and revenue sharing agreements Given Google's actions in this regard, why would a manufacturer want to allow hardware purchasers to remove Android and install an OS of their own choosing, e.g., one that does not enable Google data collection, surveillance and ad services and generates no revenue for the manufacturer The idea of regulating manufacturers that partner with Google seems far-fetched, not serious. For example, I don't see HN comments suggesting Apple should be prohibited from interfering with buyers who want to remove iOS and install another OS in its place Meanwhile the control, privacy, etc. problems with these corporate OS are avoidable right now by choosing different hardware, specifically hardware that allows installation of open source OS that a concerned buyer can edit, compile and install themselves |
| |
| ▲ | xphos 15 hours ago | parent | next [-] | | I feel like you haven't read enough HN reply but I've said the exact thing about Apple OS they can have it and have HW but they should be seperate companies and the OS regulated like the monopoly service it is. OSs are few in number and are special pieces of software supported by extreme network effects and locking in effects. Its virtually impossible to abandon mainstream OSs even in the desktop world which is much more permissive their are basically 2 OSs. You can count Linux as a third but its not a serious market share competitor yet! EU and France might change that. But essentially total OS control allows a type of anti competitive behavior that is unavoidable. You either need 10s of options which are different in the services which isn't viable because modern OSs are some of the most complex pieces of software in existence. Your only other option is to regulate them like the power company because its not practical to build your own grid to have fair pricing and access | | |
| ▲ | 1vuio0pswjnm7 14 hours ago | parent | next [-] | | "I feel like you haven't read enough HN reply but I've said the exact thing about Apple OS they can have it and have HW but they should seperate[sic] companies and the OS regulated like the monopoly service it is." Was this under a different HN account I went through all replies by xphos and found nothing that discussed removing IOs and running some other OS on an iPhone What I want is for Apple to sell hardware that has no OS installed. This is actually how I prefer to buy computers today, with no OS. I just want the Apple hardware, not the Apple software The AirPort Extreme was the closest I have seen to this wish for Apple hardware without Apple software coming true. It included Apple software, but it could be operated using a NetBSD 6.x kernel | | | |
| ▲ | kuhsaft 13 hours ago | parent | prev [-] | | Ironically, I think regulation is what keeps them in power. They are major companies that comply with government regulations. Why would the government regulate to allow people to have devices that forgo government regulations? If you want a successful mainstream operating system. It needs to work within the rules of society. It needs to comply with regulations. It needs to cooperate with mobile device manufacturers and network operators. These small grassroots operating systems fail because, to do all those things, you need to be pragmatic. The next major operating system will be backed by a business or government. | | |
| ▲ | palata 6 hours ago | parent [-] | | > If you want a successful mainstream operating system. It needs to work within the rules of society. It needs to comply with regulations. It needs to cooperate with mobile device manufacturers and network operators. Which can be done with a small team by building on top of AOSP, like GrapheneOS does. How is that not pragmatic? |
|
| |
| ▲ | palata 18 hours ago | parent | prev [-] | | Not sure what you are trying to say. My point is that technically, we have good alternatives. I am not talking Mobile Linux: we have Android alternatives that are indistinguishable from Stock Android to normal people... except for a few pain points. We need to fight to address those pain points, in order to have good alternatives. What this article is trying to do is not trying to address those pain points at all, it's trying to change something in the Google flavour of Android. At the end of the day, it will still be the Google flavour of Android. > why would a manufacturer That's why I say we need to fight for regulating it. Technically, nothing prevents it. It's just that the manufacturers don't want or don't care. And it's not just manufacturers: banks that ban your OS if it's not "the Android signed by Google" are part of the problem as well, and we need to regulate that. |
|
|
| ▲ | MathMonkeyMan a day ago | parent | prev | next [-] |
| I agree with you, but even with the ability to install your own OS properly, you can't necessarily use some of the hardware. As I recall from Ubuntu Touch, they had to build a system that was a thin wrapper around Android so that they had access to firmware blobs. I guess that would still be ok as long as the hardware component manufacturers don't start to require authentication from the OS. That would be along the same lines as the fight you're describing. |
| |
| ▲ | palata a day ago | parent [-] | | I think that for the first step, we need to make sure that AOSP forks can work. And those can just copy the binary blobs. Don't get me wrong: I like all alternatives. But the most realistic alternative to Stock Android is based on AOSP. In good approximation, today nobody would want anything else. If we get there, then the next step is to get open source firmwares. But I don't know much about that and it feels like it is a much harder fight. Hardware manufacturers probably strongly believe that they will lose their competitive advantage if they open source their firmwares, and I don't know how true that is. |
|
|
| ▲ | echelon a day ago | parent | prev | next [-] |
| > Respectfully, I think this is the wrong fight. Respectfully, no. There are no mainstream OS alternatives. You're standing up to fight for 0.000001% of users and leaving everyone else stuck. Fighting to win our phones back is fighting for the 99.99999%. These devices are the most important part of everyone's digital world. Certainly the non-technical folks. You can't even order food at restaurants anymore without them. You can't date or socialize as a young person without one. It's becoming your state-issued ID. It's everything. And two companies control everything you do. They need to be stripped of all of their power to constrain these devices. Once you buy the device, it's yours. These belong to society. Not the two giant monopolies that won a battle decades ago and forever get to sit atop their pile of gold like dragons. They should never be able to dictate the world downstream, and certainly not with the authority they have today. Web installs. No scare walls. No hidden menu settings. First class distribution and support for web sans app store. No ability for these companies to strong arm. They're taxing all of human innovation. Any time you want to reach someone, they stand in the way. They ask for 30%, they mandate the tech, the updates, they divorce you from choosing payments, login, your ability to talk to your customer. As a consumer this means new tech companies can't start and grow big and fight the incumbents. The incumbents can move anywhere and dump on it. They can put a ceiling on outside innovation and copy or acquire it on the cheap. All of tech is becoming a lock and shackle authoritarian regime with permanently fixed leaders, ossified tech, and banana republic fleecing of everything new. This is bad for consumers and freedom and innovation. Respectfully - no. You're wrong. These companies need to be slapped hard by every regulatory body in the world. They shouldn't have freedom. They should have responsibility they're fearful of. And they should have competition. Competition is good. Capitalism should be hard. Apple and Google should be sweating, not coasting. This should be a responsibility, not a fish in barrel situation. |
| |
| ▲ | palata a day ago | parent [-] | | I feel like you missed my point. I am fighting for the 100% (and you are not, as you say). We should all own our devices, and owning a device means that we can install whatever OS we want on it. The beauty of it being that if you can install whatever OS you want on it, then the problem raised by the article does not exist anymore. Today, if you own a Pixel, you can just install GrapheneOS and it will mostly work. Why just "mostly"? Not because of GrapheneOS. Because of some goddamn companies (usually banks) who want to lock you into the Google flavour of Android. If you own another device, maybe you could install LineageOS or /e/OS, but chances are that you won't be able to relock the bootloader, so you will lose the security model of Android. For many people, this should mean that it's not a reasonable option. But that's not LineageOS' or /e/OS' fault: it's the manufacturer's fault: they are locking you into the Google flavour of Android (which many times also means their own flavour based on top of the Google flavour). And on many other devices, you just cannot install an alternative OS at all, so you are stuck with the Stock OS. You are essentially saying "it is fine that 99.99999% of the people are locked into their manufacturer flavour of Android, as long as we can keep using F-Droid" (because really, the changed discussed here mostly affects F-Droid, and it would be debatable whether or not F-Droid's design is fine or not). I disagree, it is not fine. When we buy an Android device, we should be able to install an alternative OS, period. All of us. | | |
| ▲ | busssard a day ago | parent | next [-] | | well if in the 10year future new OS are as easy installed as apps now, maybe. But that future is far off.
Getting my grandma to install NewPipe is easier if Fdroid works on her phone, than to get her to install the new totallyFLOSS-OS | | |
| ▲ | palata a day ago | parent [-] | | Have you tried installing GrapheneOS? I don't think it's harder than properly installing F-Droid and then installing NewPipe with it. > the new totallyFLOSS-OS Nobody said it has to be new and totally FLOSS. Just build on top of AOSP, which is open source and very mature, and that everybody knows (because it is Android :-) ). |
| |
| ▲ | echelon 21 hours ago | parent | prev [-] | | > When we buy an Android device, we should be able to install an alternative OS That's not freedom for the world. That's freedom for you and ten people. The bigger thing to fight for is removing Apple and Android's power over what happens post-sale. And that can include your demand, but it also includes a whole hell of a lot more about vanilla/stock Android/iOS. | | |
| ▲ | palata 20 hours ago | parent [-] | | Only because you don't know what those alternatives are. I can take a random person in the street, show them my /e/OS or GrapheneOS phone and ask them what it is running. They will 100% say Android. I can ask them to use it for 10min (write messages, open the browser, swipe TikTok) and they will never realise that it is not running "the Android signed by Google". It is so, so close to the Android signed by Google that it's not worth "improving" the Android signed by Google! If you want to remove the power of Google over Android, just use one of those alternatives and the problem is solved. The pain points with those alternatives are what we need to fight. And really it's just a few small things that need to be regulated. | | |
| ▲ | fooqux 19 hours ago | parent [-] | | This is an idealism vs realism fight. You're both right in that you're both fighting for the end user to have ultimate control of their device. However, there's a major caveat here. Google's play protect prevents me from using some apps on my phone running graphene. My banking app is one of them. Yes I know there's technical workarounds. Yes I know they have a website (for now). But the point is, this is the direction stuff is moving. Fully signed devices from power-on through the entire stack and a flag that warns software if that breaks. Yes, it's a win for security. But I have zero control. Google has all the keys to all the doors and graphene can't do anything about it. Nor can I. And Google has very little incentive to change this. I fear this is the direction things are moving to. Phones will be tied to our identity. Web will be depreciated as a security risk. Only one of the two options you two are fighting over fixes this: power must be taken from these mega corporations. | | |
| ▲ | palata 18 hours ago | parent [-] | | > Google's play protect prevents me from using some apps on my phone running graphene. My banking app is one of them. Well, your bank is the one choosing to prevent your from running it on GrapheneOS. That's my whole point again! We need to regulate that: it should be forbidden to ban alternative OSes! Now complaining about the fact that side-loading will require a ONE TIME, "annoying" procedure is not helping this AT ALL. It's just "oh no, I could do it with one click, and now I have to do it in 9 clicks, that's terrible, we need to bring it back to 2 clicks because anyway we won't win if we hope to bring it back to 1 click". I'm exaggerating of course, it is a big problem for e.g. F-Droid (and maybe others?). But my point is that it's just cosmetic, it's not helping the cause. It's not moving us one inch closer to a better world. On the contrary: it's monopolising the attention of policymakers. They already don't understand much, and we flood them with complaints they don't understand (because really, 99.99% of the Android users don't give a shit about side loading, why would the policymakers care?). The solution is simple: make it mandatory to allow alternative OSes (which is pretty much as simple as making it mandatory to unlock/relock the bootloader, and maybe remove a few other barriers that exist just for locking us in) and making it illegal to ban alternative OSes with Play Integrity (which is what banks are doing). That's all. No need to fight every decision Google makes and still lose every single time. We need to get our act together and get the policymakers to do the right thing. But to be fair to the policymakers, technical people on the internet are asking for everything and its contrary. | | |
| ▲ | fooqux 18 hours ago | parent [-] | | I'd be happy with either approach, frankly. I just think yours is slightly less realistic. > Well, your bank is the one choosing to prevent your from running it on GrapheneOS. That's my whole point again! We need to regulate that: it should be forbidden to ban alternative OSes! The bank isn't banning graphene os. They're banning anything Google labels as untrusted. I think that's an important distinction. This is Google's doing. I don't have the ability to declare "this is my device and I trust it and everything on it" to the banks. And I can see Google's point in that it would be extremely difficult to do this in a way that couldn't be exploited maliciously. Are there ways for the .001 percent of people out there who understand this? Absolutely. But only if our overlords let us and even then we're back to the point that this is only for the people in the know. Which is why I personally don't think enforcing alt OSes will help. We have it now; most people don't know and wouldn't care if they did. Play protect is the same. The amount of people this would impact is beyond minimal. However the problem isn't minimal; this is already a huge problem and it's getting bigger quickly. Giving people the keys won't fix it fast enough, or for enough people. Tech already controls our life and that fact is only getting more worrisome. It's past time for the governments to treat this the same as electricity. Everything standardized, everything regulated, and I can plug whatever the hell I want into it. I don't want to just break free for myself. In order to really make change, my grandma needs to think of her phone like a power outlet. This is a great discussion, by the way. | | |
| ▲ | palata 17 hours ago | parent [-] | | > The bank isn't banning graphene os. They're banning anything Google labels as untrusted. I don't agree here :-). AOSP provides an attestation mechanism that totally works with GrapheneOS [1]. Google provides Play Integrity on top of that, as an easy way to check that the phone is signed by Google. It doesn't say "it's unsafe if it is not signed by us", it just says "here is a way to verify that it is signed by us". The bank chooses to check that it is signed by Google and to refuse everything that is not. The bank chooses that. First, they don't need to check at all. Many banks don't, it seems like it's a new thing. I don't believe that there is any security concern there: it probably has to do with policy, or security theatre. It isn't serious security, because serious security would not ban GrapheneOS. I doubt it is to help Google, I think it's just incompetence (and a cheap way to do security theatre). Most apps run on GrapheneOS, most apps don't use Play Integrity. Those who do choose to do it. And there are banks that choose to support the GrapheneOS attestation, though it's the exception. [1]: https://grapheneos.org/articles/attestation-compatibility-gu... | | |
| ▲ | fooqux 13 hours ago | parent [-] | | I feel like this is semantics. I don't know all what they say, but I'd eat my breakfast cold if the word "safety" didn't come up in the PowerPoint deck. We may have to agree to disagree on this. My point was that this is the direction the world is moving to. Maybe it's not total coverage yet, but every year more and more of our stuff only operates with verified trust through the entire process. Everything from video games to movies to programs. We're already sitting here complaining about Google enforcing developer verification, how long until Google turns on play integrity by default? And then how long until it's the only option? It'll come if something doesn't change. And I still agree with the post way up above that these devices are too important now. I don't care about Google's interests here. | | |
| ▲ | palata 5 hours ago | parent [-] | | > My point was that this is the direction the world is moving to. And I agree with that, but it feels to me like it reinforces my initial point: fighting the Google flavour of Android is a lost cause. > We're already sitting here complaining about Google enforcing developer verification Which isn't a problem on alternative Android OSes like GrapheneOS. > how long until Google turns on play integrity by default Agreed. The solution is to be able to use an alternative Android OS like GrapheneOS :-). > It'll come if something doesn't change. And what needs to change is that regulations need to make it illegal to actively choose to ban alternative Android OSes. The thing with regulations is that you need to find something applicable. When people complain about centralised system and lobby for regulations that will help their federated system, without even debating about whether or not the federated system is "better", the fact is that it is not applicable. It is not reasonable to say "so now, if you write a messenger app, it has to use the Matrix protocol because Matrix convinced us of it". If I want to write a different protocol, I should be able to do it, right? But what I am suggesting here is both reasonable and applicable: currently those banks have to add code to their app in order to ban alternative OSes. If a regulation makes it illegal, they just have to remove it, and banks who don't have it yet just don't add it. It's easy to verify: if my banking app doesn't boot on GrapheneOS, I can complain to the regulator, and the regulator can trivially verify it. Same thing for allowing to unlock/relock the bootloader: super easy to verify, a regulation would work great. Now back to the article: what are we asking? That the process of installing an unverified app manually is not made "so hard", with "hard" being some variant of "it's terrible if I have to wait 24h one time in order to enable this", for something that approximately nobody does. Look at all the effort that has been put against this change... and again they will lose. And if they managed (very unlikely) to get regulation for that, they would be screwed next week by the next change. That's why I say it's the wrong fight: not only it's a lost cause, but it is strictly less useful than the simpler solution of defending alternative Android OSes with simple regulations. |
|
|
|
|
|
|
|
|
|
|
| ▲ | eatsyourtacos a day ago | parent | prev [-] |
| Sorry but what a ridiculous take. There are two phone options in the western world: iphone and android. 99.99% of the people aren't' going to even fathom they could install their own OS on a phone or whatever. There is a clear MONOPOLY on phones and to even further take away the right to just install something on it is crazy. I already hate Apple for that, but there's no recourse in the monopolistic & capitalistic US and now it's going to be 100% gone. "it should be fine for Google or Apple to do whatever they want with their OS" Not when they are a MONOPOLY. |
| |
| ▲ | kuhsaft 19 hours ago | parent | next [-] | | I’d say that it’s more of a cartel. The mobile network operators, the mobile device manufacturers, the mobile OS developers. They all work together in their consortiums to make money together. It’s a bit obvious when you look at the supply chain where “competitors” supply each other with parts. RF hardware is heavily regulated by governments, so a truly open-for-consumer hardware solution won’t exist. | |
| ▲ | palata 21 hours ago | parent | prev [-] | | When you buy an Android phone, the Stock OS you get is AOSP (the open source Android base) + Google stuff + Manufacturer stuff. Now it sounds like you don't know about it, but if you take only AOSP and run it on your phone, you will not immediately notice that it is not "a normal Android you expect". There are alternatives based on AOSP, e.g. GrapheneOS, LineageOS, /e/OS. To 99.99% of the people, those would count as Android. The difference between e.g. a FairPhone Android and a Samsung Android is not smaller than the difference between FairPhone Android and /e/OS. What I am saying is that we should fight for those alternatives to run properly. Right now you may have heard that "it is not a full replacement because some things don't work". First, few things "don't work" (fewer than you may expect). Second (and more importantly), those few things that "don't work" are not the responsibility of those alternative OSes. It's precisely because Google + Android manufacturers prevent them from working that they don't. I don't think it is such a ridiculous take. Rather, I feel like you just have no idea about how it works, and therefore you cannot imagine how there are alternatives to the situation you know. |
|
