It's a very small concession. The high initial friction still means when someone comes to me with a problem and I tell them the solution is in F-Droid, they have to wait a day. Most give up and pick a different, less trustworthy solution from Google Play.
Given the Epic settlement means Google is allowing alternate app stores, and also the delay only applies for unregistered developers, I'm not certain it won't actually get easier to get folk set up on F-Droid.
It still remains to be seen what the actual requirements are, and even if F-Droid could become "approved" that doesn't mean they want to. Time will tell.
Why the hell should we "mother may I" with Google for running apps on our own phones if it isn't sourced from the Play Store?
The "security" rationale is horseshit given just how much malware is readily download able on the Play Store. Google never cleans its own house before going after others.
The scams are likely to some from outside Play. In the US, these scams don't run because iPhone is the dominant platform and side loading in iOS is not possible. In the rest of world they are widespread.
We shouldn't let naive or mentally disabled people to dictate how computing should work. That's the same logic behind the age verification shit that's happening worldwide.
If you (not you specifically) are unsure of your abilities to use computers, let a friend or a family member buy a dumbed down device for you or install parental controls or something. Or maybe have clicking the build number 7 times reveal "toddler mode" where you can lock your device down irreversibly as much as you want.
What's the phone OS landscape now? What can someone who values their agency and wants FOSS choose?
* iOS - walled garden, so no
* Android:
* * with a Google account and Play Services - a bit less of a walled garden, but still no
* * Android without Google:
* * * GrapheneOS - root or adb not supported, so no
* * * LineageOS - (edit: root or adb not supported, so no - just learned) seems like a viable option although it seems like it depends on Google's development of Android and keeping it FOSS. How's the situation with security updates? Which phones would you recommend? I don't count Samsung or whatever crap as they're generally quite user-hostile.
* Linux - IIRC only PMOS supported FDE. Is that still the case? Are there are good Linux phones? I tried PinePhone a few years ago, but it was crappy. The OS also lacked basic features like new windows showing up inside the screen.
I think a problem is that phones, as a concept, are communication first, rather than general computing first.
If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I'm sure FOSS can make a feature equivalent Instagram (or Whatsapp, or whatever) but the people aren't in there.
> I think a problem is that phones, as a concept, are communication first, rather than general computing first.
I use all kinds of computers for communication. I'm communicating with you on my desktop. I had a call earlier on my laptop. And a phone IS a computer, so why pretend it's not?
> If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I wouldn't use proprietary work tools on a personal device. It's not good hygiene.
I don't care if Instagram requires an app on a non-rooted phone with verified Google attestations because I don't use it and it's not essential.
Banking apps ARE a problem because a lot of banks don't let you use their site without their app at all. That should be solved with regulations - give people a FOSS banking app or, better yet, an API, so they can bank however they want to. Let us create FOSS interfaces for the different banks. Right now we need to revert the regulations who more or less force us to rely on Google or Apple's attestation. Internet banking is important both because there's a trend, even in countries where cash is still widely used, to have places that don't take cash, and because it's a highly regulated system paid for my taxes - I should be able to participate in a modern way with bullshit restrictions allegedly made to prevent someone's grandpa from getting hacked or phished.
But if I can't access my bank online, I'm not going to bow my head and buy a bank-approved phone with a bank-approved OS and a bank-approved $tech_company account. Who banks that often that they really need to do that, outside of places like Sweden where cash is almost dead?
>I use all kinds of computers for communication. I'm communicating with you on my desktop.
Sure, now get a date, connect with old friends, get invited to a party or join your children's school parent groups exclusively on free software.
>And a phone IS a computer, so why pretend it's not?
I agree we shouldn't, I'm just saying that it's unlikely for that need to meet a large enough demand.
You might consider Instagram, whatsapp or similar apps personally not essential, but for many (I would say most) people they are - if not truly essential for living, at least essential in the sense that they don't have much use for their phone outside of those apps.
Which was my point, as long as the main use of a phone requires passing through meta's (or whoever else's) hoops, it's going to be a hard battle.
The only minimally mainstream uses of a phone that currently lie outside the walled garden are piracy and emulators, and that's already a stretch.
GrapheneOS - does allow you to root/ADB. It's just not official, just like LineageOS. You can even sign your own images and relock the bootloader and have root i f you put in the effort.
So I misunderstood about LineageOS - I haven't read anything about it for a while. Everyone on GrapheneOS's forum is really anti-root, they even mention it's not GrapheneOS anymore. From what I saw you can't get any support whatsoever if you have an issue with root or adb, which seems like a core component to any OS to me. Would've been nice if there was a community that gave each other support for rooted LOS or GOS. There could be one, though - I haven't researched it.
Like the other poster said, you can get root on GOS. However it's highly ill advised and severely breaks the security model of devices. 99% of the time nobody, especially the average person, needs root on their phone (imo). Allowing that easily just opens up the average person to getting duped into getting their phone rocked with exploits and possibly persistent malware.
There is no reason that a lack of root access should be viewed as a negative within the context of GrapheneOS. In that case why even mention or choose GOS? Just choose an Android fork with poor security or a Linux phone with zero security instead.
> 99% of the time nobody [...] needs root on their phone
Do you also not have root on your laptops or desktops? I don't get why it's so different. I don't just want to open TikTok and Instagram, I want to use my phone computer as a computer. I assumed HN folks would get it.
I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to.
Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?
And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?
I probably don't get it, but it's like people see 2 extremes - run nothing ever in root or run everything in root all the time.
I want to run like 5-6 apps I trust.
Maybe if I wanted to secure a billion dollars worth of Bitcoin, I would be OK with a separate phone without root, but then again I would likely use a hardware wallet. What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?
Because my new phone would be my new phone. And a phone is a computer. That should be enough of a reason.
I'm quite surprised people who post here don't get that. I've been lurking for years even though my account is new and even though general hackerishness here has gotten a bit reduced over the years, but it's still HackerNews, not ConsumerNews. No offense implied - I just hoped I'd see more people willing to claim their right to own and modify their OS like a true hacker.
It was a long time ago, so I don't remember. Phosh or Plasma. I tried to like Sxmo, but it was really unintuitive, unlike tiling WMs on Linux.
Fairphones seems OK, although for €549 I'll probably stick to a dumb phone and invest in a better laptop for now. I'm not saying it's too expensive for what it is, though - it's still a tiny computer with all kinds of periphery.
I just wish there was a version with a shitty camera for €50 less or with no Bluetooth for €10 less - you get the idea.
> If you choose to root, then I believe its not considered to be "GrapheneOS" any longer and assistance will not be provided for issues you face
Getting no support would suck. Obviously it's a FOSS OS, so it would be community support for the most part, but it's still invaluable when you run into issues.
How will the transfer occur? I'm assuming via Google account?
So this is vendor lock-in to an online account being sold as a way to "win" against a problem _created_ by said vendor? I would prefer a per-device wait time and I sincerely hope a Google account will not be a hard requirement. I didn't consider this initially.
Google is in the process of stealing the shirts from our backs and selling them back to us. Whoever wrote this article is drinking the kool-aid. This should NOT be presented as a positive thing. Some of us use Android without a Google account and would still like to sideload.
I thought that even after the 24h wait, you will have to go through some annoying dialog to install (or maybe even update) anything not from the play store. So installing from F-droid will become an obnoxious process. Even worse if updates also become obnoxious. F-droid often wants to update several apps at once, so I click "update all". If that becomes multiple dialogs, that sucks.
If you don't have the framework, you don't have to worry about any of this (you also don't get the benefits, bank apps that require validated OS, tap to pay etc, without the framework).
You still seem to need a Google account to be able to use the hardware you just paid for. I don't have one, don't want one either. I've been using Android without Google for about 15 years now but will hold off on getting a new device until I'm sure I can continue using it without getting a Google account.
I'm using stock Android with a bunch of F-droid apps and no Google account. I've never installed anything from Play and don't feel like I'm missing anything.
I don't use F-Droid, but I've been an Android user for several years on two different devices and I've never associated a Google account with a device. I've installed all my software from APK downloads from the open source project site releases they came from.
It was really nice last year when I moved to a new device. I restored my last SMS, call log, and contact backup with the open source app I use for that, then loaded the rest of the apps I use from their APKs. It was a lot like getting a new PC. Very enjoyable.
On some devices I run custom distributions (mostly LineageOS), others I just root and de-fang by removing all objectionable content including the Google bits. In all cases I put on F-Droid with a few configured repos to get the applications I want. On a few devices I also add some proprietary apps which are more or less mandatory - electronic ID (BankID) being the main one - either by manually installing it or through Aurora Store, an alternative play store front-end which does not require a Google account. No Google, no problem and no real hassle. My current main phone - a Xiaomi Redmi Note 5 Pro - is 8 years old, I already have a replacement in a drawer but have not configured it yet because I first want to make a cover for it. Even though it is 8 years old it works fine, the battery holds for 2 days and all applications I need still run on it. The oldest device in use is 15 years old and also works fine but it can no longer be used as a phone since 3G was switched off where I live.
How long before there is a "we've detected your account has been used multiple times to re-setup a phone.. we've re-enabled the Google Nanny Safety mode.. also we've locked your google account just in case.. "
I mean other than hackers, who has needed to factory reset their phone more than once in a year you must be doing something shady... right right?
"Google is doing this thing that is total bullshit, but now they're given you slightly less shit. What a win! Our glorious corporate overlords are so generous!"
What a joke. It's not a journalist job to shill for corporations
WTF win? Sounds like I will need a tracking google account because it can "carry over" when I "upgrade my phone"
"Google giving a concession" is no win.
WTF Concession? Why are we asking google for permission to use the devices we bought as they see fit?
Ok, google is doing what is best for them, abusing users. But the manufacturers are really to blame here because the devices are by default locked to what google and them decide. There is no Market Choice here.
Yeah, but then banks need to be pushed to support it. And while we're at it it would be good if people responsible for European eID also stopped recommending Google device attestation.
There's not really a way to bypass Google if they don't want there to be, and that's what they're moving towards. The only long-term solution is to cut Google out entirely.
Motorola with GrapheneOS is an interesting prospect. The space is ready for disruption and the tools to do it are more available than ever. Maybe it will come from the EU. Who knows, but Google overplayed their hand, IMO.
Also, let's be clear about the mobile landscape right now. Many apps aren't written in Java or Swift, but instead are being transpiled from other languages like TypeScript and using UI libraries that aren't locked to the mobile platform itself.
When a new mobile platform enters the space it will require some react-native and capacitor glue code and we are in business.
It's a very small concession. The high initial friction still means when someone comes to me with a problem and I tell them the solution is in F-Droid, they have to wait a day. Most give up and pick a different, less trustworthy solution from Google Play.
Given the Epic settlement means Google is allowing alternate app stores, and also the delay only applies for unregistered developers, I'm not certain it won't actually get easier to get folk set up on F-Droid.
It still remains to be seen what the actual requirements are, and even if F-Droid could become "approved" that doesn't mean they want to. Time will tell.
Why the hell should we "mother may I" with Google for running apps on our own phones if it isn't sourced from the Play Store?
The "security" rationale is horseshit given just how much malware is readily download able on the Play Store. Google never cleans its own house before going after others.
Don't you know? If one elderly person gets scammed we all deserve to be infantilized.
Wouldn't it be something if, given all the surveillance already in place, law enforcement punished the scammers instead of the innocent?
(nevermind that the scams are extraordinarily likely to come through Meta, Google, Apple, Amazon)
The scams are likely to some from outside Play. In the US, these scams don't run because iPhone is the dominant platform and side loading in iOS is not possible. In the rest of world they are widespread.
Outside Play, on YouTube or via Google Ads for many of them. Likewise for Meta ads.
Ok, but the vast majority of people do need their hand held because they're incompetent, naive, or both. IMO this is pro consumer move
We shouldn't let naive or mentally disabled people to dictate how computing should work. That's the same logic behind the age verification shit that's happening worldwide.
If you (not you specifically) are unsure of your abilities to use computers, let a friend or a family member buy a dumbed down device for you or install parental controls or something. Or maybe have clicking the build number 7 times reveal "toddler mode" where you can lock your device down irreversibly as much as you want.
No. Society should not be holding the hands of adults. It's unnecessary and it's insulting.
What's the phone OS landscape now? What can someone who values their agency and wants FOSS choose?
* iOS - walled garden, so no
* Android:
* * with a Google account and Play Services - a bit less of a walled garden, but still no
* * Android without Google:
* * * GrapheneOS - root or adb not supported, so no
* * * LineageOS - (edit: root or adb not supported, so no - just learned) seems like a viable option although it seems like it depends on Google's development of Android and keeping it FOSS. How's the situation with security updates? Which phones would you recommend? I don't count Samsung or whatever crap as they're generally quite user-hostile.
* Linux - IIRC only PMOS supported FDE. Is that still the case? Are there are good Linux phones? I tried PinePhone a few years ago, but it was crappy. The OS also lacked basic features like new windows showing up inside the screen.
* anything else?
I think a problem is that phones, as a concept, are communication first, rather than general computing first.
If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I'm sure FOSS can make a feature equivalent Instagram (or Whatsapp, or whatever) but the people aren't in there.
> I think a problem is that phones, as a concept, are communication first, rather than general computing first.
I use all kinds of computers for communication. I'm communicating with you on my desktop. I had a call earlier on my laptop. And a phone IS a computer, so why pretend it's not?
> If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I wouldn't use proprietary work tools on a personal device. It's not good hygiene.
I don't care if Instagram requires an app on a non-rooted phone with verified Google attestations because I don't use it and it's not essential.
Banking apps ARE a problem because a lot of banks don't let you use their site without their app at all. That should be solved with regulations - give people a FOSS banking app or, better yet, an API, so they can bank however they want to. Let us create FOSS interfaces for the different banks. Right now we need to revert the regulations who more or less force us to rely on Google or Apple's attestation. Internet banking is important both because there's a trend, even in countries where cash is still widely used, to have places that don't take cash, and because it's a highly regulated system paid for my taxes - I should be able to participate in a modern way with bullshit restrictions allegedly made to prevent someone's grandpa from getting hacked or phished.
But if I can't access my bank online, I'm not going to bow my head and buy a bank-approved phone with a bank-approved OS and a bank-approved $tech_company account. Who banks that often that they really need to do that, outside of places like Sweden where cash is almost dead?
>I use all kinds of computers for communication. I'm communicating with you on my desktop.
Sure, now get a date, connect with old friends, get invited to a party or join your children's school parent groups exclusively on free software.
>And a phone IS a computer, so why pretend it's not?
I agree we shouldn't, I'm just saying that it's unlikely for that need to meet a large enough demand.
You might consider Instagram, whatsapp or similar apps personally not essential, but for many (I would say most) people they are - if not truly essential for living, at least essential in the sense that they don't have much use for their phone outside of those apps.
Which was my point, as long as the main use of a phone requires passing through meta's (or whoever else's) hoops, it's going to be a hard battle.
The only minimally mainstream uses of a phone that currently lie outside the walled garden are piracy and emulators, and that's already a stretch.
GrapheneOS - does allow you to root/ADB. It's just not official, just like LineageOS. You can even sign your own images and relock the bootloader and have root i f you put in the effort.
So I misunderstood about LineageOS - I haven't read anything about it for a while. Everyone on GrapheneOS's forum is really anti-root, they even mention it's not GrapheneOS anymore. From what I saw you can't get any support whatsoever if you have an issue with root or adb, which seems like a core component to any OS to me. Would've been nice if there was a community that gave each other support for rooted LOS or GOS. There could be one, though - I haven't researched it.
> GrapheneOS - root or adb not supported, so no
Like the other poster said, you can get root on GOS. However it's highly ill advised and severely breaks the security model of devices. 99% of the time nobody, especially the average person, needs root on their phone (imo). Allowing that easily just opens up the average person to getting duped into getting their phone rocked with exploits and possibly persistent malware.
There is no reason that a lack of root access should be viewed as a negative within the context of GrapheneOS. In that case why even mention or choose GOS? Just choose an Android fork with poor security or a Linux phone with zero security instead.
> 99% of the time nobody [...] needs root on their phone
Do you also not have root on your laptops or desktops? I don't get why it's so different. I don't just want to open TikTok and Instagram, I want to use my phone computer as a computer. I assumed HN folks would get it.
I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to.
Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?
And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?
I probably don't get it, but it's like people see 2 extremes - run nothing ever in root or run everything in root all the time.
I want to run like 5-6 apps I trust.
Maybe if I wanted to secure a billion dollars worth of Bitcoin, I would be OK with a separate phone without root, but then again I would likely use a hardware wallet. What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?
Why do you want to root? I didn't really feel the need for the past few years.
Because my new phone would be my new phone. And a phone is a computer. That should be enough of a reason.
I'm quite surprised people who post here don't get that. I've been lurking for years even though my account is new and even though general hackerishness here has gotten a bit reduced over the years, but it's still HackerNews, not ConsumerNews. No offense implied - I just hoped I'd see more people willing to claim their right to own and modify their OS like a true hacker.
fairphone support for pmOS is improving. What DE were you using? It was probably just slow on the pinephone.
librem 5 is also an option. It is sorta expensive and weak but is the most capable.
https://wiki.postmarketos.org/wiki/Devices
right now im on calyxos but development has been paused for like a year
It was a long time ago, so I don't remember. Phosh or Plasma. I tried to like Sxmo, but it was really unintuitive, unlike tiling WMs on Linux.
Fairphones seems OK, although for €549 I'll probably stick to a dumb phone and invest in a better laptop for now. I'm not saying it's too expensive for what it is, though - it's still a tiny computer with all kinds of periphery.
I just wish there was a version with a shitty camera for €50 less or with no Bluetooth for €10 less - you get the idea.
Interestingly, when I went to
https://www.fairphone.com/shop-home
the prices for the headphones were lower for a few seconds and got higher afterwards.
€186.75 -> €249
€74.25 -> €99
while the phone price remained the same. Both are increases of 33.(3)%. Probably a script that determined my location and added a VAT.
You can root GrapheneOS, they just don't recommend you doing so.
In their forum they repeatedly say stuff like:
> If you choose to root, then I believe its not considered to be "GrapheneOS" any longer and assistance will not be provided for issues you face
Getting no support would suck. Obviously it's a FOSS OS, so it would be community support for the most part, but it's still invaluable when you run into issues.
How will the transfer occur? I'm assuming via Google account?
So this is vendor lock-in to an online account being sold as a way to "win" against a problem _created_ by said vendor? I would prefer a per-device wait time and I sincerely hope a Google account will not be a hard requirement. I didn't consider this initially.
Google is in the process of stealing the shirts from our backs and selling them back to us. Whoever wrote this article is drinking the kool-aid. This should NOT be presented as a positive thing. Some of us use Android without a Google account and would still like to sideload.
When typos are inadvertently funny:
> Google’s been working hard to relive everyone’s fears...
I thought that even after the 24h wait, you will have to go through some annoying dialog to install (or maybe even update) anything not from the play store. So installing from F-droid will become an obnoxious process. Even worse if updates also become obnoxious. F-droid often wants to update several apps at once, so I click "update all". If that becomes multiple dialogs, that sucks.
Google clarifies that this status can carry over to new devices, so you only ever have to go through it once.
Which makes no sense, if the property is in Android itself.
For example, lots of people use phones without any google play framework installed. Without that framework, how does it "carry over"?
This just raises more questions about how this whole process works.
Is it only the play api doing so? If so, then if you de-google, this entire problem goes away?
If not, then how can you 'carry over' to a phone unless you also install the play framework? Seems like that's unhelpful.
If you don't have the framework, you don't have to worry about any of this (you also don't get the benefits, bank apps that require validated OS, tap to pay etc, without the framework).
This change was never relevant for devices without Play Services.
Thanks for stating in one sentence what this slop article danced around for 10 or so paragraphs.
You still seem to need a Google account to be able to use the hardware you just paid for. I don't have one, don't want one either. I've been using Android without Google for about 15 years now but will hold off on getting a new device until I'm sure I can continue using it without getting a Google account.
Do you run a custom ROM? I can't imagine bothering with the hassle of running a vendor OS without signing into Play.
I'm using stock Android with a bunch of F-droid apps and no Google account. I've never installed anything from Play and don't feel like I'm missing anything.
I don't use F-Droid, but I've been an Android user for several years on two different devices and I've never associated a Google account with a device. I've installed all my software from APK downloads from the open source project site releases they came from.
It was really nice last year when I moved to a new device. I restored my last SMS, call log, and contact backup with the open source app I use for that, then loaded the rest of the apps I use from their APKs. It was a lot like getting a new PC. Very enjoyable.
Aurora store make it pretty seamless. Used to run my Samsung without any account, no Google nor Samsung and things worked perfectly.
On some devices I run custom distributions (mostly LineageOS), others I just root and de-fang by removing all objectionable content including the Google bits. In all cases I put on F-Droid with a few configured repos to get the applications I want. On a few devices I also add some proprietary apps which are more or less mandatory - electronic ID (BankID) being the main one - either by manually installing it or through Aurora Store, an alternative play store front-end which does not require a Google account. No Google, no problem and no real hassle. My current main phone - a Xiaomi Redmi Note 5 Pro - is 8 years old, I already have a replacement in a drawer but have not configured it yet because I first want to make a cover for it. Even though it is 8 years old it works fine, the battery holds for 2 days and all applications I need still run on it. The oldest device in use is 15 years old and also works fine but it can no longer be used as a phone since 3G was switched off where I live.
How long before there is a "we've detected your account has been used multiple times to re-setup a phone.. we've re-enabled the Google Nanny Safety mode.. also we've locked your google account just in case.. " I mean other than hackers, who has needed to factory reset their phone more than once in a year you must be doing something shady... right right?
"Google is doing this thing that is total bullshit, but now they're given you slightly less shit. What a win! Our glorious corporate overlords are so generous!"
What a joke. It's not a journalist job to shill for corporations
WTF win? Sounds like I will need a tracking google account because it can "carry over" when I "upgrade my phone" "Google giving a concession" is no win.
WTF Concession? Why are we asking google for permission to use the devices we bought as they see fit?
Ok, google is doing what is best for them, abusing users. But the manufacturers are really to blame here because the devices are by default locked to what google and them decide. There is no Market Choice here.
Hopefully other vendors will adopt GrapheneOS like Motorola is prepared to.
Yeah, but then banks need to be pushed to support it. And while we're at it it would be good if people responsible for European eID also stopped recommending Google device attestation.
There is no win. They are winning 50-0 and they just scored an own-goal; so what?!
Can't agree with you enough.
They're still moving the Overton window on making Android a walled garden. They're playing a longer game.
can't wait until this is just completely bypassed and we can ignore Google again.
There's not really a way to bypass Google if they don't want there to be, and that's what they're moving towards. The only long-term solution is to cut Google out entirely.
Motorola with GrapheneOS is an interesting prospect. The space is ready for disruption and the tools to do it are more available than ever. Maybe it will come from the EU. Who knows, but Google overplayed their hand, IMO.
Also, let's be clear about the mobile landscape right now. Many apps aren't written in Java or Swift, but instead are being transpiled from other languages like TypeScript and using UI libraries that aren't locked to the mobile platform itself.
When a new mobile platform enters the space it will require some react-native and capacitor glue code and we are in business.
Motorola with GrapheneOS has all the same failings of any other custom ROM.