Google will require developer verification for Android apps outside the Play Store
(techcrunch.com)
from mas@jlai.lu to privacy@lemmy.ml on 25 Aug 23:58
https://jlai.lu/post/24787770
from mas@jlai.lu to privacy@lemmy.ml on 25 Aug 23:58
https://jlai.lu/post/24787770
cross-posted from: jlai.lu/post/24787719
Starting next year, Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store.
threaded - newest
The fuck…
😐
…googleblog.com/…/elevating-android-security.html
So this is the ID check… When do we get the full body security scans and cavity searches?
ELI5 if this will affect the use of F-Droid?
If you have the stock OS from the manufacturer, it will affect you. If you flash a custom ROM, it won’t.
Edit: You can still use F-Droid regardless of which android you’re running, but if you run stock you can only install the apps that have developers registered with google.
I hope there will be at least some bypass using ADB like with older apps.
The bypass is to just not install gspps…
Custom ROM usage is gonna explode
Probably why Google is also taking steps to make custom ROM development significantly more difficult. They evidently want to kill off all Android ecosystems except the ones they control and watch.
Whoa, whoa, whoa! What the actual fuck, Google‽
I swear to Hephaestus, at this point I’m considering switching to UBPorts or Sailfish OS or something…
I think Sailfish is banned outside of Scandinavia. The company will not allow others to have it if you dont live there.
I think you're pulling things straight outta your ass.
It’s the next levels for magicians to master, after they’ve perfected the top hat.
Well fuck, if I was off my face, I look again.
If it helps, my comment was more riffing off of noodlejetski’s phrasing than what you’d originally said. “pulling things straight outta your ass” felt like some off-brand magician so I wanted to make a joke about that.
I swear I just saw something the other day that said it was unauthorized outside the region. I remember thinking it was strange. I swear I remember seeing it.
This is from their site:
Sounds like another lawsuit waiting to happen
They’re fucking with us
…googleblog.com/…/elevating-android-security.html
iOS has had this same system for forever and nobody’s ever (seriously) claimed you could sideload on there.
You’re free to distribute your app wherever you like, but no one will be able to use it.
setting up walled garden using security excuse. What's the next excuse?
It’s always the same nonsense. “Safety”, “security”, “privacy”, etc.
They won't ever say for ma profits
We all know the reason.
<img alt="" src="https://lemmy.world/pictrs/image/af513693-b5a5-463f-954a-96536eb707e1.jpeg">
Won’t somebody please think of the children!
While I won’t tell people exactly what to search, I can guarantee that I can find malware first try on Google Play. Google Play Integrity is just as dodgy.
When a preventative measure very obviously won’t solve the stated problem, that may not be what it’s really there to solve. This is another of Google’s anti-open-source moves designed to bring all Android devices entirely under their control and surveillance. It goes along with their bringinh all Android development in house and making it harder for third parties to make their own custom versions of Android (Graphene OS etc.). It also seems a little odd that this happens right when several countries are introducing requirements that users supply ID to visit websites.
It is like the whole world becomes a psychopathic dictatorship overnight.
And, just like that, no more modded apps, no more custom stores, everything is tightly under control unless you install a custom ROM (and then it's no more banking apps,etc.). And it's all for our own good, after all, big brother Google knows what's best for us!
Some banking apps do work so it would be helpful not to spread that misconception.
True. Also, most banks offer a web interface.
For now… :(
My (major Canadian) Bank app (TD) has always just worked, no matter the state of my bootloader or root, and I’ve never bothered with Magisk Hide or anything like that to try to dodge root checks.
Requirement of authentication apps is making it trickier too. If you want to go to a concert or sporting event vended by ticketmaster, you’re fucked outside of Android and iOS.
Clocking into jobs increasingly requires Android or iOS.
yeah, I had to resurrect an old phone to go to a concert last week. It’s possible I’ll never go to one again. I wouldn’t have bought the tickets had I known about that bullshit.
Yes, there used to be papers for “coordinate systems” you could use as 2FA, and SMS one-time-passwords… but they are slowly being rolled out in the EU due to security concerns and the “Strong Customer Authentication (SCA)” standards mandated by PSD2. EU banks are transitioning to app-based and biometric authentication now… here you literally need a phone if you want any form of online banking.
I just use the web browser instead of a banking app.
Wow thanks for posting this. I read the whole thing but what I’m not getting is the fact that their started concern is apks “side loaded”. This is aimed directly at the foss community as normal people already won’t I stall anything outside of the play store. No non tech enthusiasts go straight to git hub …
shit like this really should be illegal
Probably is
Yeah but with dumpy in the wh, who’s gonna stop them?
Apps that use dark patterns (aka almost everything in the play store) are more harmful than apps commonly flagged as malware.
Harmful to who? People? Perchance.
Googles bottom line? Give them all the dark patterns in the world twice.
wdym flagged as a malware? the ones I ahve seen are all about unknown unsources
Fuck you Google no one is gonna buy your bull shit anymore. Fork android!!!
Fairphone 6 looks quite interesting and has a Google-free option. People are saying it’s a bit buggy but they’re fixing the bugs rapidly. And two-day battery life sounds pretty good.
shop.fairphone.com/the-fairphone-gen-6-e-operatin…
I take anything at this point. Jfc. Google needs to fucking die already.
.
Use Aurora Store and a separate profile if necessary. Avoid apps that require strict level “Google Play Integrity”.
Switched a few months ago. It is such a good OS. I’m never using stock android ever again.
fuck google and all, but yes they will. what other mainstream phone is any better? apple? give me a fucking break.
android without gapps will be a niche for the foreseeable future, and niches get ever easier to kill. with the play integrity thing and banking apps, i don’t see linux phones getting real traction either as much as i’d like it to.
Yeah the real problem is somewhere else this just symptomatic of the capitalist mode of production and classes society. But no one want to talk about it! So we are getting fuck in the ass by those who possess the means of production and the product of our labour, understood? Alienation big time. The brave new world.
Welcome to Chinatown world!
American company Americanly doing some American shit:
What is this, Asia??
I think you didn’t get the subtility of my irony. That wasn’t an interogative phrase but and exclamative one accompanied with an adjectives: World. I should have said welcome to the brave new world social credit score coming soon.
WHAT. THE. SHIT. ಠ_ಠ
This is reality.
Indeed.
Wish we lived in a world where open source was funded even at a single percentage of what this oligopoly pulls in each year. We’d have a viable alternative to the duopoly by now.
The world is ruled by force and not by justice which does not exist, so soon we will most likely live in a dystopia.
Baby steps: I wish it was mandated that any software receiving even a penny in public funding must be open source down to the last byte.
Luigi #2 where are you?
.
We’ve read that Apple was doing this for a while, but Google is joining in.
Apparently they’re doing it to comply with the EU’s Digital Services Act. But they’re doing it in the USA too.
For fucks sake, let’s find out what Fairphone needs in the US to be used with other services and create a gofundme for them to get it. Goddamn I am beyond sick of Google’s shit right now. It is constantly a nightmare to get around their bloatware and deal with the rest of the surveillance nightmare on a daily basis. Fairphone works on T Mobile but they suck!
.
My personal favorite is how they are doing it to prevent data theft and malware. All they have ever done is trick people out of data. All of their shitty apps that I can not remove from my Samsung phone ARE the malware I do not want. Fuck Google and every person that works there!
yup, they are closing in. i wonder why the surveillance wing of the fascist regime wants to control everyone’s digital life that more tightly.
you guys may have the power to protest this before it goes worldwide. i wonder if there will be real pushback.
I mean, some of us did when GrapheneOS and folks started to bootlick goolag for their walled garden in pro of security as well as the economical breach they did not cover (Pixels are not available to everynyan) and even incentivated.
Yet here we are again.
It is unlikely that there will be a real resistance, the majority will resign themselves like submissive cattle and only a few will try to fight to the end, I have already seen this in history.
Is sad that PinePhone are inaccesible in a lot of places. They dont send where I live because they use DHL (shitty service which charges 34 euros to send from the capital city to where I live because is “remote area” despite is the city in the airport and is nearer than the capital city) and the pricing was 1.5 times the price of the product so they cancelled the option (as well as they dont know the different custom that may exist in special zones in the same country).
This is why you use a proxy service. Also more secure against interdiction attacks.
Those proxy services usually do not target custom stores (Banango and Guanxe Prime).
Also, it leaves you unprotected if something is bad with the goods, as the return parcel ticket targets the initial destination.
ProxySto.re
Anonshop.app
You definitely can buy from custom stores. Just send them the URL and the Monero.
They dont send to my place :3
The second one has the same problems I mentioned in a post before and in the service to send anywhere, 600 USD is prohibitive.
The provided (Pine64) could just use a different shipping company for those cases, such as Seur which is more reilable and fair than DHL. Yet they hold themselves in that.
Time to fund /e/OS GraoheneOS etc but also bridges like Waydroid until we can use e.g. PmOS and avoid Android altogether.
no.
those are just android with some modification. two years from now google can easily disrupt them too.
phones need a copyleft new OS. not a foss one, an actual copyleft one. with an independent group managing it.
an OS that a company can decide what app I can run on it is just a surveillance apparatus gadget.
google never wanted user to have control of their phone even 10 years ago.
the easiest way to check this is to see if you can stop an installed app to ever do stuff without you explicitly opening it. they are so many “triggers” that apps can register and run based on them that user cant do anything about them. “wifi connected” “wifi disconnected” and so on.
if an app can “listen” to these triggers and I cant disable it from listening to them (even for non-system apps) them I don’t really own my phone. then android is just a attention stealing spam machine at best and spying and terror gadget for world’s supremacist regimes too.
I think even apple iOS has that option (disabling backgournd refresh per app ) and in that regard is better than android. If I wasn’t against non-foss software and I didn’t live in Iran, at this point apple iOS is not that different fro google and is more polished too.
Sure I’d support that, is there such a project or starting one? If not what’s the closest?
I made fun of the Liberux Nexx before due to its outdated cpu being promoted as new but this is making me change my mind. Speed isn't worth the walled garden. I have concerns about the battery life but all it takes to remedy that is a powerbank. Banking apps might be a problem but if I find their websites wanting I can just use them on an old cheap android.
It is disappointing that the Liberux Nexx missed its fundraising goal and had to open a new one. And the new one is only 10% of the way there, with no prototype and delivery on next summer. That's cutting it very close with the timeline of these restrictions. <https://www.indiegogo.com/projects/liberux-nexx--3#/>
BTW, the Google
blog postwebpage has a link to a feedback form. Doubt it will do anything, but if you want an abyss to yell that's good as any: https://docs.google.com/forms/d/e/1FAIpQLSfN3UQeNspQsZCO2ITkdzMxv81rJDEGGjO-UIDDY28Rz_GEVA/viewformThe terrible risk that you install apps which don’t use google-tagmanager, googleanalytics and don’t send logging and user data to Alphabet.
It seems Google has been tightening control over Android in recent years and this looks like the next major step. Most people probably won’t care and the only realistic option for users who value software freedom and privacy is to wait until Linux or another free and open-source OS becomes a viable alternative. Overall a disappointing turn of events for the mobile computing space
FairPhone with /e/OS by default is the EU answer by the e-Foundation
Only available to people who can afford nearly an iPhone x3
Well, it’s not a cheap phone, but it’s a phone for the rest of your life, it’s full modular, that means, you can fix and change everything by yourself any component of the phone, no need to pay money to an technic workshop. Apart it offers also sys specs which fits the price.
All this still does not matter if you cannot afford it. It is as simple as that.
Well, even if you can’t afford the price for an FairPhone, you can use /e/OS or also LinageOS in your Phone instead of Android, they are free and full based on the Android code, so all your apps will work in these without problems, but without Google breathing in your neck, dictating which app you can use and which not. You can also use some Linux distros made for Mobile, like Ubuntu Mobile and others, but these are not so compatible with Android apps, despite that Android is also an modified Linux, so it’s better to use the mencioned de-googled forks.
I use LineageOS4microG but as far as I can read, this will apply to Android itself and I am yet to see if LineageOS devs will avoid implementing the measure or what.
They’re closing in on alternative ROMs with their fucking shitty device integrity checks, I’m afraid it’s only getting worse. I literally had to switch back to stock Android because none of the e-government apps of the country I live in NOR two out of my three banks work on /e/. Literally impossible to participate in society unless I sell my soul to Google, sadly.
I really hope we’re able to fight back and win the war.
That’s sad, and so backwards…
If they really wanted to make sure the data on the phone is safe, the integrity checks should be about making sure the phone is built from FOSS with available source code, that can be publicly audited and even the banks themselves could check it for security… which should actually rule Google services out, not the other way around!
I’m starting to feel like the Mobile Computing space died somewhere around when the Subnotebooks and the PDAs died and we’ve been living illusions ever since.
It’s the Mobile Appliance™ space now.
So I guess my next phone will be a Chinese phone. Even if it spies on me, I’ll have the freedom to install whatever I want from anywhere.
The Chinese have a golden window of opportunity. Let’s hope they don’t mess this up.
Fuck off. This is my last android phone
What would you get instead? I think if Google actually follows through with this, I’ll switch to LineageOS, which is still Android. Obviously, iOS is much worse on this front.
Honestly, I don’t know. I’ll find something. Let the recommendations begin!
There’s no alternative that won’t have major limitations. I predict it’ll just be more like going back to the days of jailbreaking to install unsigned apps. Unfortunately AOSP is already pretty much unusable without Google services installed for the vast majority of apps.
I’ll thank you to not rain and piss facts on my moody parade. Just leave an irrationally cranky old man his delusions. Lol
A phone that isn’t smart, probably
I’ve already gone to an analog pocket watch. Might as well go that route
Maybe Sailfishos, but it isn’t open source and has practically no app support outside of android.
It might just be time to kick that “smartphone” addiction and just use burner phones.
Aside from Signal messenger, I feel like I could go back to having a casio watch, some sort of GPS in my vehicle, and a dumb phone. My phone is ancient and hasn’t gotten a security update in years, I was thinking of going Graphene next but maybe the solution is to just dump it and go full 1990s again.
Maps and encrypted messengers.
My blood glucose monitor is not on the play store. So one dy next year I’ll wake up and no longer be able to get that data…?
Sorry, your survival is incompatible with this version of Android.
You are probably half-joking, but… yeah.
I fucking hate this timeline. Actually, scratch that, that is way to placid and abstract.
I hate the assholes in charge. Fuck all of them. Luigi did nothing wrong.
Yeah sorry, I feel you. Things like these make me really cynical.
Fühl ich, Bruder.
Let Google know what you think about this: docs.google.com/forms/d/e/…/viewform
<img alt="" src="https://lemmy.world/pictrs/image/3c5ebe74-0edf-4694-a4a3-d9c0e57548c0.jpeg">
Love it!
one of those things that's good in theory but i have no trust in google handling it.
Yawn. Guess more people will just have to not install gapps…
I’m probably going to spam this around a bit, since most people don’t seem to know about it, but a reminder that FuriLabs has a (GNU+)Linux phone with decent spec.s and the ability to run Android app.s (from what I’ve heard) pretty decently: furilabs.com
Biggest drawback is it’s based on Halium. Usual growing pains of a new product/company apply but apparently the company is pretty responsive and their dev.s have worked with customers to get things like calling working with the carrier and bands of their country where it hasn’t worked before so improvements move pretty quickly.
Collection of different experiences I’ve variously seen online over the last year or so:
I don’t own one, myself, so I can’t give any personal experience but I’ve seen it around for a few years now but most people don’t seem to even know about it. Maybe there’s a reason for that? But none I’ve ever seen anyone say.
With a microSD slot and a 3.5mm jack, too. I’m just gonna go ahead and save this
Why does every interesting / unique phone have to be phablet sized. ;(
Is this just a signature check when installing? Could it be bypassed by getting your dev cert and just signing everything you want to install? Things like obtainium and fdroid could even have a “load your own cert” option and automate this.
Does this even effect GrapheneOS? Could they not use their own package installer by getting rid of the installer code?