- cross-posted to:
- android@lemdro.id
- cross-posted to:
- android@lemdro.id
You must log in or register to comment.
The USA with its corporations setting a new, unbeatable WR in any% glitchless turning into a dictatorship with zero human rights or freedoms.
I imagine I’m gonna get downvoted for this, but I have no idea what F-Droid is.
i don’t know why people would but it appears as if they already have. f-droid is a catalogue of FOSS apps for android. sort of like an alternative app “store” (but there is no purchasing).
Google fdroid or use chatgpt
The only apps I have installed from the play store are ones that came pre-installed with the phone. The rest are all from f-droid…
LONG LIVE F-DROID ! !
Disclaimer: I have been a maintainer for LineageOS and a long time user.
Whoever advocates for LineageOS don’t get it. Using LineageOS will not fix any issue like this.
Already today using LineageOS means give up on banking apps, ID apps, and even McDonald’s and some games like Pokemon.
Yeah because Google with play intergrity now demands valid keys that gets invalidated as soon Google detect they are used for such usage. The cat and mouse game suddenly got much harder to beat.
So no, using LineageOS will soon be possible only with secondary devices and not your primary that you will need for your actual stuff to work.
Already today using LineageOS means give up on banking apps, ID apps, and even McDonald’s and some games like Pokemon.
Yeah because Google with play intergrity now demands valid keys that gets invalidated as soon Google detect they are used for such usage. The cat and mouse game suddenly got much harder to beat.
But if I’m already using LineageOS without GApps, this wouldn’t make any difference, right?
Edit: Also - thanks for all your work!
And soon you will need a second device with locked down bootloader and play integrity to use mainstream apps.
What when meta will require attestation to run WhatsApp? Not if, when…
Exactly, trying to find software alternative for what ultimately going to be locked down hardware is never going to be a sustainable solution.
Alternative OS means nothing if there’s no widely supported open hardware with unlocked bootloader to run such OS long term, and Google is got all mainstream phone manufactures cornered legally and commercially with this and their requirement for manufecturer authorization for shipping GMS suite with their products.
The only way out is this ridiculous decision of Google getting push backs from legislation, because there’s nothing manufecturers can do and without them there’s nothing FOSS developers can do to push back long term, and Google isn’t stopping themselves from doing Evil™.
Fully agree
Counterpoint: I use the McDonald’s app where it belongs - on a giant greasy ordering kiosk.
But seriously, banks have websites. Everyone and everything has a website.
I don’t need Android apps at the cost of my privacy or at the cost of control of my devices.
I use GrapheneOS as my only phone, and I have done so for years.
Whatever the topic, I don’t need an app for that.
I don’t know about the US but on this side of the pond banks have their own 2nd factor apps. So to log in to a bank’s website you need an app - quite probably with play integrity.
In America, we’re lucky if our bank supports 2fa, let alone require an app for it
That’s insane, I have never heard of such a thing, but I’m in the US where most banks don’t even have non-sms second factor.
I’ve been using a dedicated TAN generator for banking since I first made my account but I don’t doubt that’s going away at some point, since debit cards from the same bank already require an app for 3-D secure.
No, hardware TAN generator work fine. If the bank wants to force me to use proprietary snake oil it’s time for a new bank. Or using a dedicated old smartphone just for the app.
Counter-counterpoint:
Banks use their app to generate the otp and they reinvented the wheel so if you want to login you need to install it, can’t use a generic authenticator. I am not aware of any single bank in the EU that allows the use of generic authenticators.
For McDonald’s, using the app gives at least 50% off. A menu in the app costs 5 euro while on the store kiosk costs 12 euro. I do not personally care because I find their food to be just barely edible, but I understand why there’s a need to install the app
Some people have no smartphone at all. How can they be customers at your bank?
Pay a fee of 0.30€ to receive the otp via SMS every time they want to login without the proprietary otp app and 0.30€ for each payment to authorize
Fucking hell, y’all make me realize how lucky I am with my bank that runs without gapps.
They physically go there in person.
That’s still a thing.
Damn… The two extremes of the cyberpunk dystopia: no tech at all vs tech slavery.
I’ve never had an issue with the three banking apps I tried on LineageOS, and I didn’t even know there was a McDonald’s app or pokemon games.
If this list for /e/os roughly applies to LineageOS (with microG), I wouldn’t call it “only for secondary devices”, more “won’t work for some people”
Did I miss something? AFAIK google is requiring devs to ID, not to use SafetyNet or whatever the “only-runs-on-certified-phones” thing is called
I (for the moment) use stock android without a google account without any issues.
Then again i don’t use banking apps on a smartphone.
My gov provides ID apps and they work fine - then again, GPS is installed of course.
Fuck McDonnalds.I’ll have to check app support on Linage or PostMarketOS in the near future.
Would you recommend a B-2 Spirit solution or not yet?
I assume this is the same with GrapheneOS?
My bank app works without issue inside a private space with sandboxed Play services on my main user profile.
I also have an investment app which runs without any issue whatsoever.
Maybe I’m lucky and these Canadian companies just aren’t dicks about mandating google.
As far as I’m aware, as of now, graphene does not meet googles attestation (Uncertified Device), because google says so, but is easily more secure.
Google’s lockdown has zero to do with security.
I remember when internet banking meant installing some shitty “security” software on Windows before it would let you access the proper page on your browser.
Seriously? Open computing is dead to you because you can’t order fast food or play games? I don’t even have Google Play on this GOS device. And, by the way, my banking app works fine on LineageOS. Not that I need it, since I use a hardware TAN generator.
Fdroid is just the best. Around half of the apps on my phone are from Fdroid and Izzy.
DOWN WITH GOOGLE
DOWN WITH GOOGLE
DOWN WITH GOOGLE
…
Google can do this for own their own store first. I doubt it will make any difference in the number of malicious and shit apps on that store. Requiring this be mandatory for everyone is clearly malicious.
I feel like you don’t really know anything about the scam community, but a side loaded app is like 500 times more likely to be malware than a Play store app. The amount of millions that have been stolen from users in India, Mexico, Africa, and Brazil because of sideloaded apps is pretty staggering.
I’m fairly certain fdroid should just be able to alter the way that they’re doing things a bit and still exist under the need to obtain a signing cert from Google.
I mean personally I’m not on the same side with this. I would rather Google not do this without some way to disable it via the UI given enough warnings and what not.
really hope someone finds a way to break google’s block on apks that aren’t registered. with more and more manufacturers locking down bootloaders, changing roms is no longer an option.
Except that it is still an option to only buy phones that allow bootloader unlocking and root? That’s been a requirement for me since my first smartphone.
Where can I find a list of such phones?
Why the Google identity check is completely useless:
Step 1: scammer acquires stolen id card
What’s the difference between malware developed anonymously and malware developed anonymously but registered under a fake id? It can be installed today and it can be installed tomorrow. Do they really believe that malware developers will doxx themselves when publishing their malware?
This. Every day there is a new legitimate dataset of ids for sale on the internet. I have seen enough never to trust ids anymore
When Android stops working properly, I’ll move back to a dumb/feature phone. My wife will hate it, but so be it.
I hear you. My wife has also requested that I not deprecate certain proprietary apps until I can provide a good alternative that works on both Android and Apple. Last time was when we were traveling and wanted to share locations with each other in real time. I had to give WhatsApp location perms 🤮
Oh, I hear you there. I’ve had to give persistent location data to GMaps of all things, because she uses Apple and actually wanted me to get one of those devices just for location.
Some friends and I were talking about the feasibility of that earlier today.
It’s possible, assuming that you never need to use your phone as an MFA method, never need to scan a QR code, or never need to use an app for something because they lack a web version.
My company recently required us to have mandatory fun at a baseball stadium. Apparently, Ballpark MLB is the only way to receive tickets and get into the park… I had to sign up for some stupid account and download some stupid app because my company required it.
The future is stupid.
If my employer wants me to use MFA, they can provide me the device.
This is exactly what a Yubikey is for. They’re phishing-resistant too, as opposed to TOTP codes.
I have tried to make the case for Yubikeys a hundred times. It’s officially not in the budget.
What a shame, they will lose much more to hacks
How about for any personal accounts?
My personal accounts do not use MFA of any kind and very few are tied to external accounts for any form of verification.
never need to scan a QR code
QR wishes it can someday become as relevant as you’re giving it credit for. Haha.
There is Aegis for MFA. It’s much nicer than the closed proprietary ones.
Of course, if a job requires something incompatible, then I’ll let them buy me a dedicated device.
Some services threaten me with “there’s no web version”, but they never end up being someome I want to do any business with, anyway. ¯(°_o)/¯
But I do want a dumb flip phone again. They were cool.
My wife will hate it, but so be it.
Pretty sure you can build and self-host an SMS-whatever-she-is-using (e.g. Signal, DeltaChat, etc) bridge if somehow SMS isn’t enough.
Note to self if that were to happen : OSHW SIM modem (or even eSIM) that forwards to whatever (API, email, etc) that then bridges to other networks.
I have a couple of PinePhone I could keep plugged in but otherwise any Android phone where one can load an
.apke.g. Termux could have a hook on SMS then forward accordingly.Edit: quick search, a 4G dongle costs ~20EUR today and for compatibility on e.g. a RPi https://forums.raspberrypi.com/viewtopic.php?t=210724 bother otherwise Ubuntu https://wiki.ubuntu.com/NetworkManager/Hardware/3G and example on Debian https://wiki.friendlyelec.com/wiki/index.php/How_to_use_4G_Module_on_Debian
Edit2: didn’t try it but https://alwaysconnected.eu/ proposes 1Gb for 1 year (probably already too much data… since one needs 0 if connected on RPi) for 14EUR and they sell a Huawei (not great but I imagine works well with the card) E3372 (no idea if it works well with Linux) for 60EUR.
Looks like I’m searching for a device that can run LineageOS, then.
🤗
If this comes to pass, f-droid might get closed as the userbase dwindles. Many apps will also cease to be developed and be left without updates. You will not get out with just updating to LineageOS. We should be looking at Linux phones at that point.
Linux Phones have a few software hurdles to pass through to get usable.
The biggest problem right now is adoption and contribution to the ecosystem, but there’s a few things in the way of outright using Linux apps on a phone. One is that most Linux apps aren’t made to be verical. Some newer ones can adapt to it, but many of the apps you likely would depend on using a Linux laptop are almost unusable on a Linux phone, like… vlc, for instance.
The network stack isn’t as beaten to death for 4G and 5G as Android’s is. I work in a slightly iffy area, and on Android I’d have times where I’d lose signal, but it would always come back within 5-10 minutes or so. There’d be times on Linux when it wouldn’t until I’d missed two calls and three texts and an hour and a half had gone by because the system was choking on a comma or a misplaced semicolon it found somewhere in the background and wouldn’t reset until I forced airplane mode off and on. If I was at home, or in the city, I’d never notice this problem, but the second I hit a road trip or went to work, boy.
Also, and this is just my phone, my OP6T had iffy microphone and earpiece settings. Pulse Audio was at the forefront of this audio stack almost entirely unchanged from its appearance on gnome or kde and on a phone it’s just confusing and obtuse as to what app is using what and what even is what. If you got it right, it was fine, then the next call it wouldn’t be, or would change back, again, probably more the 6T being a 6T than anything else.
I think right now, in this interim period, I’m going to buy a hotspot that I can just slip a sim card into and tether a Linux phone to it. I can use Conversations on Waydroid and use JMP.chat to send phone calls and texts over XMPP. I did fine on my OP6T for my actual use of a phone. I was browsin’, I was textin’, I was sendin’ messages, I was doin’ terminal stuff, administratin’ my servers, readin’, listening to musicn’. It was fine. Will do some experimenting.
Very insightful and interesting. Thanks. I am using GrapheneOS at the moment and only have read about the Linux phones. Of course an open android system that is decoupled from Google and their shenanigans would be great as well. But I am not very hopeful as Google has started a battle on several fronts…
f-droid might get closed as the userbase dwindles.
Nah. F-Droid is already federation-ready. https://f-droid.org/docs/Installing_the_Server_and_Repo_Tools/
I’ll run my own copy of the F-Droid servers, before I bend my knee to Google. So will others.
Edit: But yes, you are correct that Linux phone is the long term solution. Android is a pile of corporate Java. Linux is a lean sleek set of mature highly optimized tools. Once the big show-stoppers are cleared, my Linux phone will be the envy of all who see me use it.
The big problem is, I think many apps will cease to get updates as the devs stop developing on Android. Just running F-Droid is not going to solve this.
Where will devs move? Apple is even worse
I don’t know, Linux? But if they don’t want to get the dev certificate I doubt they continue to develop on Android.
Doubt it.
Most of those on a Google ROM isn’t moving to GNU/Linux, its either Lineage, Graphene, etc…, or just give up on these non-google apps. “Linux” is so broken and dysfunctional compared to Android ROMs.
Fdroid will not close, it’s decentralized. I have my little personal repository with apps I care about. Thousands of people do. Together we have pretty much everything
I hope so. But the app devs might stop if they don’t want to get certified.
Maybe an altstore type option will pop up so people don’t have to manually install or update each app they use with adb. Might lead to enough people still sideloading on non custom rom phones so there is still interest providing apps for people.
So where’s the Dev push to make that usable?
I do not know, I hope it is there somewhere.
What should happen at this point is EU and European governments (and why not others) doling out money to do it.
The risk of the phone duopoly to Europe (among others) is too great now with the US already having succumbed to outright fascism and it’s tech sector running around rampant with blatant disregard for any kind of basic human rights. They all seem to correct themselves only after lawsuits and only in the EU sector.
If Google goes ahead bans sideloading I think that might spur some developers into action long term.
Intent is declared. Where are they? Please hurry?
There are other software sources, e.g. I use Obtainium mostly.
Still using LOS, haven’t looked back…
I just got my Moto G 5G 2024 unlocked 😁 Its only like $140
This is the same as moto g45 5G i think.Apparently moto g 5G ≠ moto g45 5G.I am considering moto g45 5G at the moment.
I will probably keep my current device for shit apps necessary for banking etc.
I will install LineageOS on moto g45, and it will be for programs that will not have google’s approval / F-Droid stuff.
I think way forward for me once these restrictions come in place will be to go with custom rom for my main phone, and a cheap stock phone for just apps that aren’t custom rom friendly like bank apps. I don’t need bank apps on the go, so not really going to need to carry 2 personal phones around.
Holy crap I got one! So stoked to try it out! I’ve been seeing all the pixel stuff about it and just assumed it was flagships only, but my $150 unlocked phone is supported! Thank for the push I needed to look it up.
I’m confused by this:
The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.
If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all. F-Droid’s myriad users5 will be left adrift, with no means to install — or even update their existing installed — applications.
My understanding is that developers need to sign up with Google and once they have an account they can sign their own apks.
How would this impact F-Droid in any way? Presumably by the time F-Droid enters the picture the developers of the apps they distribute would have already gone through that entire process, right? The apks will be tied to that new Google certificate, but after that they can still be distributed anywhere.
I mean, don’t get me wrong, this has genuine, very serious, dealbreaking issues, in that Google can just cancel the account of a developer making apps they don’t like, the same way Apple has done in the past. That’s not great. But from F-Droid’s perspective all of that has happened upstream, they are not anywhere in that loop, unless I’ve misunderstood the changes.
How would this impact F-Droid in any way?
F-Droid itself builds the APKs to ensure that they’re reproducible and not signed on a development machine that could be compromised.
https://f-droid.org/en/docs/FAQ_-_General/#is-your-building-and-signing-process-secure
With these changes, either:
- They use Google’s developer identity process to sign every APK they build with their own developer identity, which Google is likely not going to allow or is going to quickly find an example of a “malicious” app so they can blacklist all of them; or
- They stop building APKs and just trust the developer provides a non-malicious, pre-verified APK;
- They find a way to mediate the process between the original developer and Google. Knowing Google, they would make it as needlessly painful for everyone involved to discourage and punish alternative app stores.
Oooh, gotcha. That makes sense.
I guess it’d make sense to take that first option as far as it will go, at which point the issue becomes litigating this the first time Google has their own weird censorship issue in the Apple mold. I’d expect if they ban all of F-Droid explicitly that would at least make more ripples than going after a single torrent client app or whatever. It may play out different from a regulatory perspective, too, if the practical effect is they ban third party stores.
Side note, I’m really mad at the very deliberate choice Google made of categorizing all potential apps as either “apps meant for Google Play” or “student or hobbyist apps”. You know they know why that’s wrong, but it still makes you want to explain it to them.
wellp. time to go back to a time where phones were phones and not much more. i don’t need a smart phone, i barely wanted one to begin with. i just want a way to talk to people, send sms with a T9 keyboard, listen to preloaded MP3s and maybe play snake.
Nokias are back, maybe see if you can get one where you are
