While it is technically feasible, it is not a good idea to try and find a technical solution to a people/organisation problem.
Do not accept the premise of assholes.
I hope we can get the EU to fund a truly open Android Fork. Maybe under some organisation similar to NL Labs.
--- edit ---
Furthermore, the need for a trustworthy binary to be auditable to a certain hash or something would make banning this a simple task if Google would want to go that route.
> Furthermore, the need for a trustworthy binary to be auditable to a certain hash or something would make banning this a simple task if Google would want to go that route.
This is actually the advantage of doing it. You make the thing (call it a "personal app loader" or something rather than a "circumvention tool"), they ban it, now you campaign against them or make antitrust arguments presenting the ban as an anti-competitive practice or use the ban to refute claims that they're not inhibiting third party app distribution.
Even if you know they're going to be the villains, you still want to make them actually do it so that everyone can see them doing it.
It would be hard to find manufacturers to use it. None of the existing Android phone manufacturers would be able to release phones with this fork without also abandoning the official Android platform on all markets. Google are very strict with this in their tos. You cannot release devices using non official Android builds without losing your right to use GMS and Android Brandice on your other Android devices.
The same EU of which parts are trying to make chat control work and are once again abandoning it. Politician get this particular fancy idea every other year in all kinds of countries, not just EU. Overreach out of desperation for a problem that cannot simply be solved is wrong but understandable.
They are trying to stop crime, including sex/drug trafficking and child exploitation. If you want to have an intellectually honest debate, you need to be clear that private communication apps do make it more difficult for police to conduct legitimate investigations. You do yourself no favours painting all politicians as power-hungry caricatures.
So do private in person conversations. Going the route of North Korea putting two way speakers in each house would help make those conversations available to the government. Think of all of the child exploitation you could stop by removing any sense of privacy. Of course they would figure a way around this and everyday citizens would have to deal with the lack of privacy but at least they thought of the children so we should keep voting them in.
If chat control is a good-faith effort to stop crime, why can't Android developer verification be a good-faith effort to stop cybercrime?
If politicians are not all power-hungry caricatures, is it possible that the same is true for businesses?
Android has millions of users worldwide, many of whom are far less computer-literate than HN users. I think it's very reasonable for Google to put speed bumps in front of malware developers trying to distribute through the Play Store. If you're a half-decent dev, $25 is nothing compared to the opportunity cost of your time in developing your app.
This whole thing seems to be a fairly recent announcement on Google's part, so it's unsurprising they're still hammering out details for hobbyist devs? How about making constructive suggestions for ways that Google can protect ordinary people without stopping power users?
I think the issue is not about distribution in the Play Store (I don't actually have any problem with that: their playground, their rules) but the fact that they are going to break sideloading and alternative app sources like F-Droid.
I struggle to see any good-faith need to erect additional barriers to protect users from running the programs they want on devices they own, when you already have to be fairly expert to enable developer mode, install via adb, etc.
It appears that you are an American who has conveniently forgotten about FISA, EARN IT, CLOUD act, PATRIOT act, LAED, etc, etc, and wants to take a dig at the EU for what, exactly? NOT passing Chat Control? Seriously..
It's interesting how so many online discussions of internet privacy devolve into nationalist chest-beating. I'm beginning to suspect that people don't inherently value privacy all that much -- they just want to brag about how their country is the most private.
Recall that the premise of this thread is that the EU should sponsor an alternative to Android. The EU vs US question isn't really topical, since no one suggested that the US government should sponsor an alternative to Android instead.
I do not think it is righteous or enlightened when the American government flexes control over the tech sector. I can see how Europeans might have thought this about the EU when it was just GDPR, but subsequent developments have recast all of this as being about government control and keeping the tech industry “in its place” rather than a commitment to privacy and freedom in and of themselves. I think that ought to temper the righteousness.
The EU is a big place, run by a lot of different people, with true separation of powers. They don't have a president-king who can just ignore court decisions.
The EU is a parliamentary democracy. Von Der Leyen was proposed by the democratically elected heads of the member states. She was approved by the democratically elected parliament.
The chancellor in Germany is also not directly elected by majority vote but by parliament.
Its a reasonable criticism that the EU structures make democratic legitimisation very indirect, but that is at least partly a result of the EU being a club of sovereign democracies. The central tension was extremely evident during the Greek debt crisis, you have a change in government in Greece, but due to EU level constraints they can't enact a change in policy. More independent power ininstitutions less dependent on the member state, means the sovereign democratic national governments can't act on their local democratic mandates.
Except the are a couple degrees of separation between the democracy part and in the running the EU institutions.
The EU parliament is also a very superficial imitation of a real parliament in a democratic state. It has very limited say in forming the “government” or decision making.
> result of the EU being a club of sovereign democracies
So either revert to it just being a trade union or implement fully democratic federal institutions. The in between isn’t really working that well.
In parliamentary democracies the parliament is elected directly and is generally sovereign (optionally constrained by a constitution or some set of basic laws and powers delegated to regional governments and such).
In no way does that describe the EU. It has no equivalent body. Its imitation “parliament” is extremely weak and barely has a say in who forms the closest EU has to a “government”.
So this is typical of criticism of the EU democratic structure: It's just factually wrong. The EU Parliament can dismiss the commission. From Wikipedia:
"The Parliament also has the power to censure the Commission by a two-thirds majority which will force the resignation of the entire Commission from office. As with approval, this power has never been explicitly used, but when faced with such a vote, the Santer Commission then resigned of their own accord."
The fact that the whole democratic setup is highly complex is in itself a problem. But the concrete deficits people mention are never true or don't apply to other democracies either...
In practice the EU Parliament has been a lot more trouble for the executive than is typical in national bodies. The one valid point is that the parliament does not have the right to initiate legislation itself. That is unusual, but in practice many people who are actually close to political processes seem to say this is mostly symbolic, as national bodies can't really draft effective legislation without cooperation from the executive either... Stil definitely something I would love to see addressed.
FWIW EU members are sovereign. If they disobey EU laws they can have benefits withheld but they won't be militarily invaded for ignoring EU law the way a US state would (unless they do something military themselves like invading another country).
For all the disdain I have for her, Von Der Layen is the candidate put forward by the PPE, the majoritarian party in the EU parliament. So, yes, people were indeed allowed to vote.
The parliament would have picked Weber, but nobody cared since its just there to rubber stamp predetermined decisions.
He was the leader of the party which won the plurality in the elections and had its support. EU had a real chance to move towards becoming a real parliamentary democracy if it went that way.
That was the election before the current one. She was the one out forward by the PPE this time and even then she was the second candidate put forward by the PPE after Weber was vetoed by France the previous time.
That’s the new Spitzenkandidate system. The council is supposed to pick the candidate put forward by the main political force in the parliament.
The EU is a real democracy anyway. All the members of the council are themselves democratically elected. It has a weird three parts political system but everyone in it is elected or appointed by people elected.
Active installs of LineageOS[1] as reported on official tracker is 4.3m instances right now. An MAU of 5m is like, less than Bluesky, Switch 2 shipped so far, most F2P phones games you've heard of, etc. The leverages it has is that of a game.
That looks like someone made a list of mostly features specific to GrapheneOS so they could make a chart where all of the other alternatives (including stock Android) are full of red boxes.
Several of those are the opposite of security features, like SafetyNet support, which might be a convenience in some cases but it mostly makes it so you can't upgrade certain parts of the system to newer versions even when the old versions have security vulnerabilities.
As far as I know, there is no significant features other distros have that increase their privacy or security over what GOS has. I'm not entirely sure about the SafetyNet thing, but GOS is by far the most up-to-date to the AOSP out of these distros.
The point isn't that GrapheneOS is bad but rather that it doesn't imply there is anything wrong with LineageOS when it's still better than Android itself.
Moreover, some of the stuff with green boxes is still kind of a privacy fail. For example, with GNSS (i.e. GPS) your device calculates its location from the timing of radio broadcasts emitted by a network of satellites. It has extremely good privacy properties because your device is a passive radio receiver and neither the satellites nor anyone else know you're there when you use it. "Network-based location" can sometimes work when you're somewhere you can't hear the satellites, but now you have Google or someone else building a database of nearby wireless APs etc. in order to make it work, and in the process you're effectively uploading your location to them.
GOS developers have said on multiple occasions that they think LineageOS is worse for security than the stock OS on multiple devices, as it doesn't keep up with current privacy/security patches or provide all of the standard protections. The comparison also does bring up these faults. See also https://www.kuketz-blog.de/lineageos-weder-sicher-noch-daten...
>That looks like someone made a list of mostly features specific to GrapheneOS so they could make a chart where all of the other alternatives (including stock Android) are full of red boxes.
No one else even bothered to make a list.
>Several of those are the opposite of security features, like SafetyNet support, which might be a convenience in some cases but it mostly makes it so you can't upgrade certain parts of the system to newer versions even when the old versions have security vulnerabilities.
Are you not aware of what SafetyNet is? It's the thing where Google certifies that the phone is running the software produced for it by the OEM. The problem, of course, being that the OEM stops issuing updates and then the certified version has known vulnerabilities. Which is a lot of the point of wanting to install a newer ROM on such a device, except that then it won't pass SafetyNet because you replaced the vulnerable but certified code with third party code that has the patch but not the certification.
Technical things can affect people. Adversarial interoperability. They're using a technical thing to cause a social thing anyway, and fighting back with the same tactics is at least not surrendering.
A secure OS is a prerequisite for secure digital services. We can agree on that, right?
The task, therefore, is to convince enough politicians to establish an independent unit that can address this issue without direct political influence.
Fund the unit with enough money so that it can take care of the cybersecurity and sovereignty of all citizens.
A side effect of this would hopefully be that these politicians would then be digitally literate enough to recognize nonsense such as chat control as such and reject it outright. I hope that most politicians would not really want such omnipotent surveillance tools if they could truly grasp their scope.
I must sadly inform everyone here that the EU is pozzed beyond recovery in regards to Google.
The reference implementation for the euid project is only available for android and ios and uses the play integrity api which makes usage of it on non google-certified devices impossible.
https://github.com/eu-digital-identity-wallet/eudi-app-andro...
> A secure OS is a prerequisite for secure digital services. We can agree on that, right?
Secure for who, and from whom?
Remote Attestation and Developer Verification both make Android OS and platform more secure against malicious actors that would want to defeat the guarantees the platform gives, guarantees that enable secure digital services.
Yes, this includes protecting the banking services and DRM media services and advertising platforms from malicious actors like you and me, who pose a real threat to the revenues of the aforementioned players, by:
- Expecting banking to do security right on their own side, instead of outsourcing it to mobile platform and society at large (like with "identity theft" trick);
- Enjoying entertainment and education in ways the vendor or IP owner does not like or can't be arsed to support, and thus not spending extra on the inferior ways that are supported;
- Not looking at the ads.
Same is with Chat Control. Chat Control improves security of the society against threats such as sexual predators who want to hurt children, or citizens who disapprove of how the current ruling class is governing the people. To effectively provide that security, Chat Control in turn relies on a secure OS and platform providing secure digital services - in particular, secure against those malicious actors that would want to circumvent Chat Control protections.
Is the larger picture clear now? Security technologies are not inherently good, they're morally ambivalent. They're "dual-use". It's important to consider their deployment on a case-by-case basis, always asking who is being secured, and what are the actual threats they're being secured from.
It does, to some extent. These projects wouldn't have the support they had if they didn't have a plausible way to deliver some improvement along the metrics they market. It's the outsized harmful impact that's usually just left unspoken.
Also, I'm not saying Chat Control is dual-use, I'm saying crypto is. Chat Control actually needs working crypto to be properly implemented.
The ID presented at time of purchase does not have to be the ID of the actual user of the card. Your local drunkard will be happy to get $10 to buy a SIM card for you. Or you could visit eBay (or local equivalent) and get a valid SIM card without leaving your house.
"For the Selfie-Ident you identify yourself with your identity card, passport or residence permit. (Selfie-Ident is currently possible worldwide with the German ID card, residence permit and passport. Alternatively, you can use Video-Ident and identify yourself in a video call with an employee.)
Important: Temporary identification documents are not supported due to internal check. You need a tablet or smartphone with a camera and an internet connection."
In my country, giving a SIM card to another person who does something illegal, is a crime. No doubt EU might soon have the same law - they are pretty good at copying.
As a result, sites where I could rent a number for verification, now don't offer local numbers anymore.
Even with fair usage policy violations (like long term roaming) the prices are still quite reasonable: 1.30 EUR/GiB (+VAT); from next year 1.10 EUR/GiB (+VAT).
There's eu(maybe even EEA?) wide free roaming legally mandated since I think 2017 or so? But it's not a permanent solution, your second paragraph still holds true.
That's because we are no longer in the EU. Before Brexit they were legally mandated to allow free roaming in the EU. Now they are back to charging whatever outrageous prices they wish.
As far as I know it is only EU. Both UK and Switzerland have some operators that roam and some that do not. fwiw, fastweb in Italy provides roaming in both and has a very generous fair usage policy.
The only thing that happens is your data becomes a lot more expensive, the card still continues to work as normal. I've not lived in Poland for over 15 years now, and I still have a polish SIM card that I use almost daily - the only thing that I've lost due to roaming long term is cheap data packs, I can still call and text as normal from my monthly allowance.
The two are not equivalent issues; the first one is ill-formed as stated.
Cryptography is a tool of control. It's "dual-use", in the same sense like a knife or nuclear fission is - its moral valence depends on who is wielding it, and to what end.
In the context we're discussing, encryption is being used against the people. Working encryption is in fact needed to make chat control work - it's fundamental to it, the same way it is to Developer Verification and Safetynet/Remote Attestation. It would be great if EU decided to break that set of encryption applications. Alas, chat control only wants to break E2EE on messages, and uses encryption elsewhere to guarantee E2EE stays broken.
A more general comment about this thread, and related ones in the past: people really need to stop thinking about "encryption" and "security" as inherently good. They're not. Most of the social problems with computing, the attempts at user disempowerment and disenfranchisement, persist because they apply cybersecurity solutions.
The core question of security is always: who exactly is being secured, and from who.
I think this means we need to rely on web technologies more. PWAs are looking pretty good on mobile devices these days and you can publish any web app you want with no reviewing authority. The web has a bunch of crazy APIs now that let you build crazy things and for everything else you're a hosted server away somewhere that can run more complex jobs.
I believe devices I own should let me do whatever I want with them and I agree that the verification is BS, but I'll work around it in the ways I can which means building more for the web.
If that ever drops the open pretense (since both traffic and trust authority are largely centralized and thus easily controllable) then I'll only write for self hosted linux boxes.
We as individuals can only do so much. We'd need actual organization and some measure of political power to do anything more since normal people do not care about this.
This is harmful speculation. Many PWA features are broken in small ways which add up. The caniuse database does not test that a PWA feature meets the spec and there is no better database. Nobody can say that PWAs are "looking good" without such testing.
I obviously understand this and mentioned as much indirectly in the post. You can only do so much and the web is still more open than Android is about to be so again, you do what you can.
PWAs are at the mercy of Gapple have always been handicapped in just the right places to not be viable vs installed apps. Most people don't even know how to install one.
The tl;dr is that a PWA implies an app which is based in the cloud. So suddenly you need a server, and you need to store user data, which means costs and dealing with privacy and security.
If something could be built as a native app without depending on a central server, it could also be built as a PWA without a central server. You don't need to store user data centrally at all, just because it's a webapp. You can just have the clients use localStorage or IndexedDB or whatever.
You still have to host the static files for the webapp itself, but that can be made very cheap.
Of course, API feature parity between native and web apps is a separate issue. But the argument about server costs doesn't seem like a good one.
Sure, but localStorage isn't really ideal for storing large objects anyway, because it forces everything to be stored in one big string-to-string map. It's great for small amounts of data such as user preferences.
There are other APIs that allow you to store binary data directly (which you'll probably want if you're storing large files) and also to use/request larger quotas.
It seems to me that, ironically, PWAs are uniquely ill-suited for the type of non-corporate software where distribution outside mainstream channels makes the most sense.
I read the article, and I'm pretty certain he's talking about a traditional web application. When we speak of PWAs we're thinking of a set of APIs that let a web app behave like a native application. i.e 'installation' + service workers, background sync, IndexDB/FileSystem etc. You could probably make a self-sufficient RSS reader with what's available.
>My vision of the hack is to distribute a verified loader apk, which in turn dynamically loads any apk the user wants. A user obtains the loader apk once and loads apps without installing as much as they want.
Google's not going to let you keep your signing key if you do this with it.
Sounds like the UEFI shim loader that's signed by Microsoft but can load an arbitrary EFI executable (with some signing checks). The difference is that the UEFI shim loader is endorsed/condoned by Microsoft. What about Google? This seems easily patchable, ostensibly for "security purposes" (eg. disabling loading dynamic code).
Microsoft also forces manufacturers to provide an option to reset Platform Key aka SecureBoot "root of trust" key - which is supposed to be not possible in spec-compliant UEFI system.
They don't do it out of goodness of their hearts, which is why it's more solid than relying on goodwill - Microsoft simply has an offering that depends on that for certain high profile clients.
Then Apple should get sued for bundling Safari, and also for forcing all browser engines on iOS to use Safari - which is way worse than anything Microsoft ever did with IE.
Microsoft was convicted of monopolizing the market for IBM-compatible PCs, i.e. not Macs.
Which makes a lot of sense, because you couldn't run Windows on a Mac nor MacOS on PCs from the likes of Dell or IBM, and you couldn't run third party software for Macs on Windows or vice versa. By contrast, you could run various types of Unix on a Dell, and run Windows software on OS/2 or DOS software on DOS competitors other than MS-DOS.
That distinction seems like it might be relevant to the current situation.
This is utterly irrelevant. I don't know what point you're trying to make.
It remains objectively inarguable that Apple does not have a platform monopoly on (ARM-compatible) smartphones the way Microsoft did on ("Intel-compatible") PCs.
Are Apple's phones compatible with other ARM smartphones? Can you install Android or LineageOS on one, or install Android apps on iOS, or get iOS apps through Google Play or the Epic Games store?
It seems extremely relevant to the market definition that the alleged alternatives aren't actually substitutes for one another.
If you have a car that runs on diesel fuel and there is only one company that sells diesel fuel, it seems like you want to claim that it's irrelevant and isn't a monopoly because there is another company of the same size that sells gasoline. Is it not relevant that you can't actually use that in your car?
This will not work because the goal of android developer verification is to prevent running Google-sanctioned code. If you actually tried to publish this, Google will revoke the signature on the loader APK.
While neat, it glosses over the actual problem, while maybe not even solving it (depending on what you deem the problem to be in the first place). It solved the immediate problem today, but not in a way that's going to remain solved.
I'd imagine Google would plug any major holes in their soon to be closed garden, assuming that is their intention. So this and any other fix to the problem of 'install app through not-Google Play' that goes via technical means that Google can just cover up after a month or two doesn't actually move the needle any meaningful amount.
In the same vein, using adb isn't a real solution to that same problem for most people, since having to use adb is a massive jump in required effort that's going to leave all the normies behind, with only the super-dedicated willing to go through the hassle, and an equivalent amount of developer effort is going to be left behind as well, since their audience just got decimated, and they themselves might not even bother to develop something that even their dad or sister is going to bother/be able to install. Anything that's much more complicated than 'go to website, download thing, run thing, click your way through' doesn't solve for this.
The actual problem is to have Google not be knobheads about it, and the only way that's realistically going to happen is through the law, but that's not looking all that likely in my view.
What about this idea? Make a movement among the devs who are willing to distribute "legitimately" (via Google Play or "authorized" sideload), to sign their apps with intentionally insecure private key. Then some community will just mine up these certificates in already published apps and publish them somewhere on GitHub.
> verified loader apk, which in turn dynamically loads any apk the user wants
Wasn't this kind of solution considered and sort of dismissed (because of too much centralization iirc) by F-Droid (can't find the reference now)? It seems like something that's worth trying, but in the end it's just a band-aid. If it gets any traction Google will shut it down. The real disease is dependence on a duopoly of (quasi)-proprietary OS for the dominant computing platform of our time.
2. The application ID and permissions are that of the loader. To have different applications with separate data and permissions you would need multiple copies of the loader.
3. You miss out on other android security features such as application signing validation for updates.
LlamaLab's Automate has a non-root privileged service via network adb service. Would it be possible to simplify app installation via adb the same way? An app that reads apk, sends it over pre-paired ADB. Sounds like a much simpler solution.
I am not a app developer however from what I read on the android developer site you just need to provide some form of id, the singing key and the app id.
You don't have to distribute via the app store, you dont have to get Googles permission to publish the app or have them sign it.
This looks like purely app validation, we only run apps we can prove originate from the author.
So if Google doesn't like the app in question (such as ReVanced, NewPipe, etc), they can simply target that signing key to completely disable the app on all devices, even if it's not distributed by them.
Having the file signed by a relatively centralized authority makes it much easier for Google to gain control outside of their realm.
Under that logic, even if the app is "malicious" it would still be possible to install it. And thats not true, if somthing is deemed malicious, its blocked. Is app that hurts Google's dominance "malicious"? Who is it that decides what is malicious?
Or you could just tell everyone out there that there are already tons of older Android devices which will never get any of these hostile updates, and if you're a developer, make sure your app runs on those older versions. Spread the word about how hostile the newer devices are, and let the lazy masses do what they're best at doing. Of course there will always be rabid bootlickers who will gladly pay to put Google's noose around their necks, but if they become the minority, and the majority just stops upgrading, it could very effectively pull control of Android away from Google. Giving everyone yet another reason to not upgrade, especially given the huge Android marketshare in poorer countries, could become a powerful force.
> My vision of the hack is to distribute a verified loader apk, which in turn dynamically loads any apk the user wants. A user obtains the loader apk once and loads apps without installing as much as they want.
And a day after you release, Google will say "Oh no you don't" and unverify your app, preventing it from being installed or run. Which is you know, kind of the point of this maneuver.
Well, I'd rather verify myself with the government identity than accept a stock OS that literally woke me up with a fake message promoting Gemini despite me spending almost 2 hours turning every possible privacy-invasive setting off.
To me, the attention to these verification changes seems misplaced. We need to defend the ability to unlock the bootloader, pressure Google to revive AOSP and then encourage people to switch to a more user-friendly OS.
You're already unable to install what you want on a stock OS due to Android permission model treating you as a third-class citizen, after Google and OEMs.
The issue with government IDs is that they are, for all we know, not trustworthy, but everyone treats them like they are. And you know, I am not going to "verify" myself with Google with this kind of toilet paperwork.
If Google decides to pull this off, then I guess reflashing to a custom ROM with this crap patched out will be a very first step I'll be recommending to anyone who cares.
This "attack" is not even theoretical. Android apps can just download arbitrary binary code, mprotect(PROT_MAYEXEC) some area in RAM, link the code there, and run it.
Google will simply revoke the keys for the "loader" APK. But that's fine for malware, its authors will just use the next stolen credit card to register a new account.
That's also why this has nothing to do with security.
>Google assures that it would be possible to install applications locally using ADB, but there are no details on this
It's going to be the same as Play Protect using the PackageVerifier API. Even if won't trust that Play Protect will continue to allow adb installs, if you go to the developer options you can disable package verifiers for adb installs.
>the concept
This would not really work considering you can't do a lot of things at runtime. You can't create activities, you can't create services, you can't declare permissions, you can't use permissions, etc. Pretty much everything in your manifest can't be done properly. You can't really do a job faking it. You would have to declare a ton of dummy activities with all different permutations of things like launch mode, document launch mode, intent filters, etc.
What you can do are things like game engines like how the android godot editor works where you aren't loading full android apps, but projects into the editor.
I'm already banned from publishing Android apps through Google, but apart from that, what would stop me making a server you can upload any app to and sign it with my certificate?
That could actually be done solely on the device. You can develop an app to sign arbitrary APKs with users' own hobbyist certificate. Lucky Patcher have done that for a decade.
I could even just give out my certificate and private key (if I'm allowed to have one). It's not like I need it to be private. Google would probably blacklist the certificate and then we get to sue Google based on the fact they said doing this would allow the app to work, but they didn't follow through with what they said.
While it is technically feasible, it is not a good idea to try and find a technical solution to a people/organisation problem.
Do not accept the premise of assholes.
I hope we can get the EU to fund a truly open Android Fork. Maybe under some organisation similar to NL Labs.
--- edit ---
Furthermore, the need for a trustworthy binary to be auditable to a certain hash or something would make banning this a simple task if Google would want to go that route.
> Furthermore, the need for a trustworthy binary to be auditable to a certain hash or something would make banning this a simple task if Google would want to go that route.
This is actually the advantage of doing it. You make the thing (call it a "personal app loader" or something rather than a "circumvention tool"), they ban it, now you campaign against them or make antitrust arguments presenting the ban as an anti-competitive practice or use the ban to refute claims that they're not inhibiting third party app distribution.
Even if you know they're going to be the villains, you still want to make them actually do it so that everyone can see them doing it.
It would be hard to find manufacturers to use it. None of the existing Android phone manufacturers would be able to release phones with this fork without also abandoning the official Android platform on all markets. Google are very strict with this in their tos. You cannot release devices using non official Android builds without losing your right to use GMS and Android Brandice on your other Android devices.
The same EU that's doing Chat Control?
The same EU of which parts are trying to make chat control work and are once again abandoning it. Politician get this particular fancy idea every other year in all kinds of countries, not just EU. Overreach out of desperation for a problem that cannot simply be solved is wrong but understandable.
Desperation for what exactly? More control?
They are trying to stop crime, including sex/drug trafficking and child exploitation. If you want to have an intellectually honest debate, you need to be clear that private communication apps do make it more difficult for police to conduct legitimate investigations. You do yourself no favours painting all politicians as power-hungry caricatures.
So do private in person conversations. Going the route of North Korea putting two way speakers in each house would help make those conversations available to the government. Think of all of the child exploitation you could stop by removing any sense of privacy. Of course they would figure a way around this and everyday citizens would have to deal with the lack of privacy but at least they thought of the children so we should keep voting them in.
If chat control is a good-faith effort to stop crime, why can't Android developer verification be a good-faith effort to stop cybercrime?
If politicians are not all power-hungry caricatures, is it possible that the same is true for businesses?
Android has millions of users worldwide, many of whom are far less computer-literate than HN users. I think it's very reasonable for Google to put speed bumps in front of malware developers trying to distribute through the Play Store. If you're a half-decent dev, $25 is nothing compared to the opportunity cost of your time in developing your app.
This whole thing seems to be a fairly recent announcement on Google's part, so it's unsurprising they're still hammering out details for hobbyist devs? How about making constructive suggestions for ways that Google can protect ordinary people without stopping power users?
I think the issue is not about distribution in the Play Store (I don't actually have any problem with that: their playground, their rules) but the fact that they are going to break sideloading and alternative app sources like F-Droid.
I struggle to see any good-faith need to erect additional barriers to protect users from running the programs they want on devices they own, when you already have to be fairly expert to enable developer mode, install via adb, etc.
It appears that you are an American who has conveniently forgotten about FISA, EARN IT, CLOUD act, PATRIOT act, LAED, etc, etc, and wants to take a dig at the EU for what, exactly? NOT passing Chat Control? Seriously..
It's interesting how so many online discussions of internet privacy devolve into nationalist chest-beating. I'm beginning to suspect that people don't inherently value privacy all that much -- they just want to brag about how their country is the most private.
Recall that the premise of this thread is that the EU should sponsor an alternative to Android. The EU vs US question isn't really topical, since no one suggested that the US government should sponsor an alternative to Android instead.
I do not think it is righteous or enlightened when the American government flexes control over the tech sector. I can see how Europeans might have thought this about the EU when it was just GDPR, but subsequent developments have recast all of this as being about government control and keeping the tech industry “in its place” rather than a commitment to privacy and freedom in and of themselves. I think that ought to temper the righteousness.
The same EU that's doing NL Labs, the org mentioned in the comment you're replying to.
The EU is a big place, run by a lot of different people, with true separation of powers. They don't have a president-king who can just ignore court decisions.
So we're gonna get access to Von Der Layen Pfizer sms right?
Were you offered to vote for Von Der Layen by the way?
The EU is a parliamentary democracy. Von Der Leyen was proposed by the democratically elected heads of the member states. She was approved by the democratically elected parliament.
The chancellor in Germany is also not directly elected by majority vote but by parliament.
Its a reasonable criticism that the EU structures make democratic legitimisation very indirect, but that is at least partly a result of the EU being a club of sovereign democracies. The central tension was extremely evident during the Greek debt crisis, you have a change in government in Greece, but due to EU level constraints they can't enact a change in policy. More independent power ininstitutions less dependent on the member state, means the sovereign democratic national governments can't act on their local democratic mandates.
> The EU is a parliamentary democracy
Except the are a couple degrees of separation between the democracy part and in the running the EU institutions.
The EU parliament is also a very superficial imitation of a real parliament in a democratic state. It has very limited say in forming the “government” or decision making.
> result of the EU being a club of sovereign democracies
So either revert to it just being a trade union or implement fully democratic federal institutions. The in between isn’t really working that well.
It isn't working well by what standard?
> Except the are a couple degrees of separation between the democracy part and in the running the EU institutions.
That's what parliamentary democracy means, yes.
No, of course not...
In parliamentary democracies the parliament is elected directly and is generally sovereign (optionally constrained by a constitution or some set of basic laws and powers delegated to regional governments and such).
In no way does that describe the EU. It has no equivalent body. Its imitation “parliament” is extremely weak and barely has a say in who forms the closest EU has to a “government”.
The parliament approves and dismisses the commission.
In the last cycles the candidate who led the party who won the parliamentary elections became head of commission.
So this is just wrong. The EU parliament has more power than US Congress or the UK parliament in this respect.
But the parliament isn't the government in a parliamentary democracy.
Yes, and? It forms the government and can dismiss it.
So this is typical of criticism of the EU democratic structure: It's just factually wrong. The EU Parliament can dismiss the commission. From Wikipedia:
"The Parliament also has the power to censure the Commission by a two-thirds majority which will force the resignation of the entire Commission from office. As with approval, this power has never been explicitly used, but when faced with such a vote, the Santer Commission then resigned of their own accord."
The fact that the whole democratic setup is highly complex is in itself a problem. But the concrete deficits people mention are never true or don't apply to other democracies either...
In practice the EU Parliament has been a lot more trouble for the executive than is typical in national bodies. The one valid point is that the parliament does not have the right to initiate legislation itself. That is unusual, but in practice many people who are actually close to political processes seem to say this is mostly symbolic, as national bodies can't really draft effective legislation without cooperation from the executive either... Stil definitely something I would love to see addressed.
They can also vote on bills, while we're bringing up irrelevant gotchas.
FWIW EU members are sovereign. If they disobey EU laws they can have benefits withheld but they won't be militarily invaded for ignoring EU law the way a US state would (unless they do something military themselves like invading another country).
I'm not in the EU! I can explain when somebody is wrong without having a horse in the race myself.
For all the disdain I have for her, Von Der Layen is the candidate put forward by the PPE, the majoritarian party in the EU parliament. So, yes, people were indeed allowed to vote.
She was primarily nominated by the EU council.
The parliament would have picked Weber, but nobody cared since its just there to rubber stamp predetermined decisions.
He was the leader of the party which won the plurality in the elections and had its support. EU had a real chance to move towards becoming a real parliamentary democracy if it went that way.
That was the election before the current one. She was the one out forward by the PPE this time and even then she was the second candidate put forward by the PPE after Weber was vetoed by France the previous time.
That’s the new Spitzenkandidate system. The council is supposed to pick the candidate put forward by the main political force in the parliament.
The EU is a real democracy anyway. All the members of the council are themselves democratically elected. It has a weird three parts political system but everyone in it is elected or appointed by people elected.
technically people didn’t vote for Trump they voted for electors which voted for him.
The same EU that shut down another attempt at Chat Control.
Bad legislation gets written everywhere, the difference is, in the EU it doesn't pass.
I hope the EU actually enforces the DMA and forces Google and Apple to stop their non sense.
What's wrong with lineage?
You have to get some of the big names to unlock the bootloader first. The trend towards locking it off permanently is alarming.
Edit: Google could ultimately use that as a lever in licensing deals with manufacturers. It'd marginalize everything.
Active installs of LineageOS[1] as reported on official tracker is 4.3m instances right now. An MAU of 5m is like, less than Bluesky, Switch 2 shipped so far, most F2P phones games you've heard of, etc. The leverages it has is that of a game.
1: https://stats.lineageos.org/
It's not a good, secure project by a longshot. There's a good comparison floating around:
https://images.squarespace-cdn.com/content/v1/60f1421e1afcf4...
That looks like someone made a list of mostly features specific to GrapheneOS so they could make a chart where all of the other alternatives (including stock Android) are full of red boxes.
Several of those are the opposite of security features, like SafetyNet support, which might be a convenience in some cases but it mostly makes it so you can't upgrade certain parts of the system to newer versions even when the old versions have security vulnerabilities.
Or, far more playsibly, they added to the table features GrapheneOS has, but others don't.
Here's the up-to-date comparison: https://eylenburg.github.io/android_comparison.htm
As far as I know, there is no significant features other distros have that increase their privacy or security over what GOS has. I'm not entirely sure about the SafetyNet thing, but GOS is by far the most up-to-date to the AOSP out of these distros.
The point isn't that GrapheneOS is bad but rather that it doesn't imply there is anything wrong with LineageOS when it's still better than Android itself.
Moreover, some of the stuff with green boxes is still kind of a privacy fail. For example, with GNSS (i.e. GPS) your device calculates its location from the timing of radio broadcasts emitted by a network of satellites. It has extremely good privacy properties because your device is a passive radio receiver and neither the satellites nor anyone else know you're there when you use it. "Network-based location" can sometimes work when you're somewhere you can't hear the satellites, but now you have Google or someone else building a database of nearby wireless APs etc. in order to make it work, and in the process you're effectively uploading your location to them.
GOS developers have said on multiple occasions that they think LineageOS is worse for security than the stock OS on multiple devices, as it doesn't keep up with current privacy/security patches or provide all of the standard protections. The comparison also does bring up these faults. See also https://www.kuketz-blog.de/lineageos-weder-sicher-noch-daten...
>That looks like someone made a list of mostly features specific to GrapheneOS so they could make a chart where all of the other alternatives (including stock Android) are full of red boxes.
No one else even bothered to make a list.
>Several of those are the opposite of security features, like SafetyNet support, which might be a convenience in some cases but it mostly makes it so you can't upgrade certain parts of the system to newer versions even when the old versions have security vulnerabilities.
Citation needed
> No one else even bothered to make a list.
That doesn't make the biased list good.
> Citation needed
Are you not aware of what SafetyNet is? It's the thing where Google certifies that the phone is running the software produced for it by the OEM. The problem, of course, being that the OEM stops issuing updates and then the certified version has known vulnerabilities. Which is a lot of the point of wanting to install a newer ROM on such a device, except that then it won't pass SafetyNet because you replaced the vulnerable but certified code with third party code that has the patch but not the certification.
Technical things can affect people. Adversarial interoperability. They're using a technical thing to cause a social thing anyway, and fighting back with the same tactics is at least not surrendering.
> I hope we can get the EU to fund a truly open Android Fork.
How are things in the EU on whether it's legal to buy a SIM card without showing ID?
A secure OS is a prerequisite for secure digital services. We can agree on that, right?
The task, therefore, is to convince enough politicians to establish an independent unit that can address this issue without direct political influence.
Fund the unit with enough money so that it can take care of the cybersecurity and sovereignty of all citizens.
A side effect of this would hopefully be that these politicians would then be digitally literate enough to recognize nonsense such as chat control as such and reject it outright. I hope that most politicians would not really want such omnipotent surveillance tools if they could truly grasp their scope.
I must sadly inform everyone here that the EU is pozzed beyond recovery in regards to Google. The reference implementation for the euid project is only available for android and ios and uses the play integrity api which makes usage of it on non google-certified devices impossible. https://github.com/eu-digital-identity-wallet/eudi-app-andro...
> A secure OS is a prerequisite for secure digital services. We can agree on that, right?
Secure for who, and from whom?
Remote Attestation and Developer Verification both make Android OS and platform more secure against malicious actors that would want to defeat the guarantees the platform gives, guarantees that enable secure digital services.
Yes, this includes protecting the banking services and DRM media services and advertising platforms from malicious actors like you and me, who pose a real threat to the revenues of the aforementioned players, by:
- Expecting banking to do security right on their own side, instead of outsourcing it to mobile platform and society at large (like with "identity theft" trick);
- Enjoying entertainment and education in ways the vendor or IP owner does not like or can't be arsed to support, and thus not spending extra on the inferior ways that are supported;
- Not looking at the ads.
Same is with Chat Control. Chat Control improves security of the society against threats such as sexual predators who want to hurt children, or citizens who disapprove of how the current ruling class is governing the people. To effectively provide that security, Chat Control in turn relies on a secure OS and platform providing secure digital services - in particular, secure against those malicious actors that would want to circumvent Chat Control protections.
Is the larger picture clear now? Security technologies are not inherently good, they're morally ambivalent. They're "dual-use". It's important to consider their deployment on a case-by-case basis, always asking who is being secured, and what are the actual threats they're being secured from.
> Chat Control improves security of the society against threats such as sexual predators who want to hurt children,
no it doesn't. Chat Control is single-use.
It does, to some extent. These projects wouldn't have the support they had if they didn't have a plausible way to deliver some improvement along the metrics they market. It's the outsized harmful impact that's usually just left unspoken.
Also, I'm not saying Chat Control is dual-use, I'm saying crypto is. Chat Control actually needs working crypto to be properly implemented.
did you understand and disagree with the third paragraph? if so, could you say in what way it didn't completely answer the question you just asked?
It is neither illegal nor hard to obtain such a prepaid SIM card.
That very much depends on the country, many require ID.
The ID presented at time of purchase does not have to be the ID of the actual user of the card. Your local drunkard will be happy to get $10 to buy a SIM card for you. Or you could visit eBay (or local equivalent) and get a valid SIM card without leaving your house.
> The ID presented at time of purchase does not have to be the ID of the actual user of the card
In some EU member states this might be fine, but definitely not all.
> Your local drunkard will be happy to get $10 to buy a SIM card for you.
Buying a SIM card was always the easy bit. Getting it activated may not be, it depends on which country you're in.
https://www.telekom.de/prepaid-aktivierung/en/start
"For the Selfie-Ident you identify yourself with your identity card, passport or residence permit. (Selfie-Ident is currently possible worldwide with the German ID card, residence permit and passport. Alternatively, you can use Video-Ident and identify yourself in a video call with an employee.)
Important: Temporary identification documents are not supported due to internal check. You need a tablet or smartphone with a camera and an internet connection."
Surely others may use your phone?
If you're happy to purchase a SIM card, register it in your name, and hand it to someone else for them to use, go right ahead.
Q: Who's paying the bills for that SIM?
The suggestion above wasn’t a statement of practicality but rather of EU motivations. Maybe you can also find a drunkard to fork Android for you.
>While it is technically feasible, it is not a good idea to try and find a technical solution to a people/organisation problem.
In my country, giving a SIM card to another person who does something illegal, is a crime. No doubt EU might soon have the same law - they are pretty good at copying.
As a result, sites where I could rent a number for verification, now don't offer local numbers anymore.
Germany requires ID for all SIMs (for "normal" people). You can buy activated SIMs in every bigger city if you know what to look for though.
You can use any country's SIM card in any other country, regardless of its registration status.
… if you have roaming coverage.
And even in that case, doing this for a long period of time violates most roaming policies
Even with fair usage policy violations (like long term roaming) the prices are still quite reasonable: 1.30 EUR/GiB (+VAT); from next year 1.10 EUR/GiB (+VAT).
https://en.wikipedia.org/wiki/European_Union_roaming_regulat...
There's eu(maybe even EEA?) wide free roaming legally mandated since I think 2017 or so? But it's not a permanent solution, your second paragraph still holds true.
I know of some UK SIMs that do not roam.
That's because we are no longer in the EU. Before Brexit they were legally mandated to allow free roaming in the EU. Now they are back to charging whatever outrageous prices they wish.
As far as I know it is only EU. Both UK and Switzerland have some operators that roam and some that do not. fwiw, fastweb in Italy provides roaming in both and has a very generous fair usage policy.
The only thing that happens is your data becomes a lot more expensive, the card still continues to work as normal. I've not lived in Poland for over 15 years now, and I still have a polish SIM card that I use almost daily - the only thing that I've lost due to roaming long term is cheap data packs, I can still call and text as normal from my monthly allowance.
Maybe in the countries that you are familiar with that is the case.
In some places your plan will be cancelled for roaming beyond a certain number of days or quantity of usage. Telecom laws and polices vary widely.
> How are things in the EU on whether it's legal to buy a SIM card without showing ID?
It varies per country. In some you can just buy one (or more) SIM cards at a supermarket without any ID.
There is no such requirement in the EU - it is entirely up to the individual country.
In many EU countries you can walk into many a supermarket or phone-store and just buy a simcard with cash without questions asked.
I'm confused, how are those two things related?
The commenter you replied to was implying that the EU does not respect the privacy/freedom of mobile device users.
Okay, thanks.
I was confused bexause anonymity against the state is hardly the only, or even a main point of android forks.
Privacy usually is, but against big tech typically.
Nanny state
More like surveillance state
Which states aren't? And for the love of god do not write US now
> hope we can get the EU to fund a truly open Android Fork
The same EU that keeps pushing for breaking encryption and chatcontrol? No thank you
> breaking encryption and chatcontrol
The two are not equivalent issues; the first one is ill-formed as stated.
Cryptography is a tool of control. It's "dual-use", in the same sense like a knife or nuclear fission is - its moral valence depends on who is wielding it, and to what end.
In the context we're discussing, encryption is being used against the people. Working encryption is in fact needed to make chat control work - it's fundamental to it, the same way it is to Developer Verification and Safetynet/Remote Attestation. It would be great if EU decided to break that set of encryption applications. Alas, chat control only wants to break E2EE on messages, and uses encryption elsewhere to guarantee E2EE stays broken.
A more general comment about this thread, and related ones in the past: people really need to stop thinking about "encryption" and "security" as inherently good. They're not. Most of the social problems with computing, the attempts at user disempowerment and disenfranchisement, persist because they apply cybersecurity solutions.
The core question of security is always: who exactly is being secured, and from who.
I think this means we need to rely on web technologies more. PWAs are looking pretty good on mobile devices these days and you can publish any web app you want with no reviewing authority. The web has a bunch of crazy APIs now that let you build crazy things and for everything else you're a hosted server away somewhere that can run more complex jobs.
I believe devices I own should let me do whatever I want with them and I agree that the verification is BS, but I'll work around it in the ways I can which means building more for the web.
If that ever drops the open pretense (since both traffic and trust authority are largely centralized and thus easily controllable) then I'll only write for self hosted linux boxes.
We as individuals can only do so much. We'd need actual organization and some measure of political power to do anything more since normal people do not care about this.
This is harmful speculation. Many PWA features are broken in small ways which add up. The caniuse database does not test that a PWA feature meets the spec and there is no better database. Nobody can say that PWAs are "looking good" without such testing.
Bad news for you, Google happens to have a tight grip on the entire web ecosystem -- browser, search, ads etc.
I obviously understand this and mentioned as much indirectly in the post. You can only do so much and the web is still more open than Android is about to be so again, you do what you can.
PWAs are at the mercy of Gapple have always been handicapped in just the right places to not be viable vs installed apps. Most people don't even know how to install one.
Yeah but as I understand it Apple has become a lot more progressive on PWAs in the last few years. I’m under the impression theyre viable
You need native apps to access specific hardware, and to run some native code. WASM may help but it's limited, too.
How many apps rely on specific hardware or native code though? I can only think of my banking apps when using nfc.
I thought Brent Simmons did a great job laying out why PWAs don't work: https://inessential.com/2025/10/04/why-netnewswire-is-not-we...
The tl;dr is that a PWA implies an app which is based in the cloud. So suddenly you need a server, and you need to store user data, which means costs and dealing with privacy and security.
That explanation doesn't really make sense to me.
If something could be built as a native app without depending on a central server, it could also be built as a PWA without a central server. You don't need to store user data centrally at all, just because it's a webapp. You can just have the clients use localStorage or IndexedDB or whatever.
You still have to host the static files for the webapp itself, but that can be made very cheap.
Of course, API feature parity between native and web apps is a separate issue. But the argument about server costs doesn't seem like a good one.
Isn't localStorage limited to 5 MB of data?
Sure, but localStorage isn't really ideal for storing large objects anyway, because it forces everything to be stored in one big string-to-string map. It's great for small amounts of data such as user preferences.
There are other APIs that allow you to store binary data directly (which you'll probably want if you're storing large files) and also to use/request larger quotas.
IndexedDB API is a bit more liberal in that regard
Yeah, better is the filesystem API
Basically every native app has a server behind it to harvest user data nowadays. So I don’t think it’s an argument for why PWAs won’t work.
If the app is made by a company, sure.
It seems to me that, ironically, PWAs are uniquely ill-suited for the type of non-corporate software where distribution outside mainstream channels makes the most sense.
I read the article, and I'm pretty certain he's talking about a traditional web application. When we speak of PWAs we're thinking of a set of APIs that let a web app behave like a native application. i.e 'installation' + service workers, background sync, IndexDB/FileSystem etc. You could probably make a self-sufficient RSS reader with what's available.
Practically you are going to have a server distribute a native application anyways.
Not the developer. This is all additional complexity and less privacy for the user.
>My vision of the hack is to distribute a verified loader apk, which in turn dynamically loads any apk the user wants. A user obtains the loader apk once and loads apps without installing as much as they want.
Google's not going to let you keep your signing key if you do this with it.
So like LiveContainer[1] which works around ios's signing requirements
[1] https://github.com/LiveContainer/LiveContainer
Whoa that is neat! How does that not get shut down by Apple?
They don't allow it in the app store, so you have a chicken-and-egg problem...
It works with AltStore or SideStore.
Sounds like the UEFI shim loader that's signed by Microsoft but can load an arbitrary EFI executable (with some signing checks). The difference is that the UEFI shim loader is endorsed/condoned by Microsoft. What about Google? This seems easily patchable, ostensibly for "security purposes" (eg. disabling loading dynamic code).
Microsoft also forces manufacturers to provide an option to reset Platform Key aka SecureBoot "root of trust" key - which is supposed to be not possible in spec-compliant UEFI system.
They don't do it out of goodness of their hearts, which is why it's more solid than relying on goodwill - Microsoft simply has an offering that depends on that for certain high profile clients.
I suspect it's also a defense against antitrust law suits - lock in was how they got sued for things circa Internet Explorer.
Frankly they should still be getting sued for the way Edge and Cortana are bundled.
Then Apple should get sued for bundling Safari, and also for forcing all browser engines on iOS to use Safari - which is way worse than anything Microsoft ever did with IE.
Yes
Apple does not have a platform monopoly on smartphones the way Microsoft did on PCs.
Microsoft was convicted of monopolizing the market for IBM-compatible PCs, i.e. not Macs.
Which makes a lot of sense, because you couldn't run Windows on a Mac nor MacOS on PCs from the likes of Dell or IBM, and you couldn't run third party software for Macs on Windows or vice versa. By contrast, you could run various types of Unix on a Dell, and run Windows software on OS/2 or DOS software on DOS competitors other than MS-DOS.
That distinction seems like it might be relevant to the current situation.
This is utterly irrelevant. I don't know what point you're trying to make.
It remains objectively inarguable that Apple does not have a platform monopoly on (ARM-compatible) smartphones the way Microsoft did on ("Intel-compatible") PCs.
Are Apple's phones compatible with other ARM smartphones? Can you install Android or LineageOS on one, or install Android apps on iOS, or get iOS apps through Google Play or the Epic Games store?
No. Also irrelevant.
It seems extremely relevant to the market definition that the alleged alternatives aren't actually substitutes for one another.
If you have a car that runs on diesel fuel and there is only one company that sells diesel fuel, it seems like you want to claim that it's irrelevant and isn't a monopoly because there is another company of the same size that sells gasoline. Is it not relevant that you can't actually use that in your car?
This will not work because the goal of android developer verification is to prevent running Google-sanctioned code. If you actually tried to publish this, Google will revoke the signature on the loader APK.
Ah yes sanctioned. A word that has two opposite meanings.
Contronyms are awesome, yet people are nonplussed.
While neat, it glosses over the actual problem, while maybe not even solving it (depending on what you deem the problem to be in the first place). It solved the immediate problem today, but not in a way that's going to remain solved.
I'd imagine Google would plug any major holes in their soon to be closed garden, assuming that is their intention. So this and any other fix to the problem of 'install app through not-Google Play' that goes via technical means that Google can just cover up after a month or two doesn't actually move the needle any meaningful amount.
In the same vein, using adb isn't a real solution to that same problem for most people, since having to use adb is a massive jump in required effort that's going to leave all the normies behind, with only the super-dedicated willing to go through the hassle, and an equivalent amount of developer effort is going to be left behind as well, since their audience just got decimated, and they themselves might not even bother to develop something that even their dad or sister is going to bother/be able to install. Anything that's much more complicated than 'go to website, download thing, run thing, click your way through' doesn't solve for this.
The actual problem is to have Google not be knobheads about it, and the only way that's realistically going to happen is through the law, but that's not looking all that likely in my view.
I suggested this a couple months ago: https://news.ycombinator.com/item?id=45084296
Android may ultimately win the arms race, but if they want to be evil, we should make their task as tedious as possible.
Google doesn't need to make an argument to ban apps or developers.
Just use adb. You can do adb wifi on device. You don't have to distribute a signed apk just sign it fresh on device.
This is the way. You can also do adb-over-webusb with a second device.
With apps like Shizuku you can do the whole nine yards all locally untethered with one device :)
> So an apk may just load some zip/apk/dex code from external storage and execute it in current context.
Wouldn't this break all kinds of things, like app sandboxing, the permission system, app intents, …?
What about this idea? Make a movement among the devs who are willing to distribute "legitimately" (via Google Play or "authorized" sideload), to sign their apps with intentionally insecure private key. Then some community will just mine up these certificates in already published apps and publish them somewhere on GitHub.
> verified loader apk, which in turn dynamically loads any apk the user wants
Wasn't this kind of solution considered and sort of dismissed (because of too much centralization iirc) by F-Droid (can't find the reference now)? It seems like something that's worth trying, but in the end it's just a band-aid. If it gets any traction Google will shut it down. The real disease is dependence on a duopoly of (quasi)-proprietary OS for the dominant computing platform of our time.
I see a handful of problems.
1. The loader will just get banned.
2. The application ID and permissions are that of the loader. To have different applications with separate data and permissions you would need multiple copies of the loader.
3. You miss out on other android security features such as application signing validation for updates.
LlamaLab's Automate has a non-root privileged service via network adb service. Would it be possible to simplify app installation via adb the same way? An app that reads apk, sends it over pre-paired ADB. Sounds like a much simpler solution.
I am not a app developer however from what I read on the android developer site you just need to provide some form of id, the singing key and the app id.
You don't have to distribute via the app store, you dont have to get Googles permission to publish the app or have them sign it.
This looks like purely app validation, we only run apps we can prove originate from the author.
So if Google doesn't like the app in question (such as ReVanced, NewPipe, etc), they can simply target that signing key to completely disable the app on all devices, even if it's not distributed by them.
Having the file signed by a relatively centralized authority makes it much easier for Google to gain control outside of their realm.
Under that logic, even if the app is "malicious" it would still be possible to install it. And thats not true, if somthing is deemed malicious, its blocked. Is app that hurts Google's dominance "malicious"? Who is it that decides what is malicious?
Doesn't https://github.com/Katana-Official/SPatch-Update already handle this, and also support Xposed on top?
Isn't a better solution here to build an app that signs unsigned apks with the end user's self provided signature ?
Or you could just tell everyone out there that there are already tons of older Android devices which will never get any of these hostile updates, and if you're a developer, make sure your app runs on those older versions. Spread the word about how hostile the newer devices are, and let the lazy masses do what they're best at doing. Of course there will always be rabid bootlickers who will gladly pay to put Google's noose around their necks, but if they become the minority, and the majority just stops upgrading, it could very effectively pull control of Android away from Google. Giving everyone yet another reason to not upgrade, especially given the huge Android marketshare in poorer countries, could become a powerful force.
If this is an acceptable solution, just run a modern uncertified Android instead.
i thought google was going to push this as an update to play services , thus affecting all models
Good luck with unsecure phone This is clearly a bad idea.
This is actually a non-issue with tons of unnecessary fear mongering going around, see my comment here: https://github.com/enaix/apk-loader/issues/1
> My vision of the hack is to distribute a verified loader apk, which in turn dynamically loads any apk the user wants. A user obtains the loader apk once and loads apps without installing as much as they want.
And a day after you release, Google will say "Oh no you don't" and unverify your app, preventing it from being installed or run. Which is you know, kind of the point of this maneuver.
> My vision of the hack is to distribute a verified loader apk, which in turn dynamically loads any apk the user wants.
Right back to Symbian signed AppTRK and rolling back hardware clocks. Great.
Well, I'd rather verify myself with the government identity than accept a stock OS that literally woke me up with a fake message promoting Gemini despite me spending almost 2 hours turning every possible privacy-invasive setting off.
To me, the attention to these verification changes seems misplaced. We need to defend the ability to unlock the bootloader, pressure Google to revive AOSP and then encourage people to switch to a more user-friendly OS.
You're already unable to install what you want on a stock OS due to Android permission model treating you as a third-class citizen, after Google and OEMs.
In my opinion, the only solution while keeping Google and Apple as the developing entities is regulation.
Despite that, there are some things that should not be for profit in my opinion. A good OS platform is one such thing.
I agree but I also think any meaningful regulation is off the table for the next few years in the USA at least.
The issue with government IDs is that they are, for all we know, not trustworthy, but everyone treats them like they are. And you know, I am not going to "verify" myself with Google with this kind of toilet paperwork.
If Google decides to pull this off, then I guess reflashing to a custom ROM with this crap patched out will be a very first step I'll be recommending to anyone who cares.
these holes will be closed and turning into flaming jumping hoops, so this is not viable. fight the people designing the game.
This "attack" is not even theoretical. Android apps can just download arbitrary binary code, mprotect(PROT_MAYEXEC) some area in RAM, link the code there, and run it.
Google will simply revoke the keys for the "loader" APK. But that's fine for malware, its authors will just use the next stolen credit card to register a new account.
That's also why this has nothing to do with security.
what does it really have to do with?
The more I think about all of this nonsense, the more I wonder if Google's entire goal with this is actually to kill ReVanced, of all things.
>Google assures that it would be possible to install applications locally using ADB, but there are no details on this
It's going to be the same as Play Protect using the PackageVerifier API. Even if won't trust that Play Protect will continue to allow adb installs, if you go to the developer options you can disable package verifiers for adb installs.
>the concept
This would not really work considering you can't do a lot of things at runtime. You can't create activities, you can't create services, you can't declare permissions, you can't use permissions, etc. Pretty much everything in your manifest can't be done properly. You can't really do a job faking it. You would have to declare a ton of dummy activities with all different permutations of things like launch mode, document launch mode, intent filters, etc.
What you can do are things like game engines like how the android godot editor works where you aren't loading full android apps, but projects into the editor.
I'm already banned from publishing Android apps through Google, but apart from that, what would stop me making a server you can upload any app to and sign it with my certificate?
That could actually be done solely on the device. You can develop an app to sign arbitrary APKs with users' own hobbyist certificate. Lucky Patcher have done that for a decade.
Making every user to "verify" themselves with a government ID is a no-go, because government IDs are no more trustworthy than a toilet paper.
I could even just give out my certificate and private key (if I'm allowed to have one). It's not like I need it to be private. Google would probably blacklist the certificate and then we get to sue Google based on the fact they said doing this would allow the app to work, but they didn't follow through with what they said.
yeah, googs can get rekt, I’m not even
[dead]
[dead]