I wish Google CEO came to my garage with his car. I will do him well.
Everything will get fixed, however one small additional device will be installed. The Driver And Passenger Protector device. One day when riding a lone route somewhere in texas, his fuel going low, he'll pull out to a station, where he'll buy some gas and a boy named Bobby Wiggins will let him see his vintage CD collection. When Mister S the Google CEO gets in a car it won't start. The message will display, that the fuel he bough might be containing too much water or other substances harmless to either engine or the passengers, and we need to wait 2 days for the car to start again. Sorry. Bobby this night will fail to defend himself from the zombies and will eat mr S's brain.
Someone needs to create a Linux based mobile OS foundation - Google's domination is contrary to many large companies interests, and if Meta and many other such companies were approached, they may well donate large sums of money in their own strategic interests.
I know Graphene has innovative security measures, do you happen to know whether that includes anything wrt. phishing or social engineering?
(For those who haven't been following along: this whole affair started with phishing. People were social-engineered into installing an app and a little later their bank accounts were empty. A big issue in various poor countries.)
Graphene OS user here. Almost all of the apps I tried work fine. All the banking apps I use work. Have you tried reaching out to the app developer or the service and explaining what Graphene OS is and asking them to support it? I was able to persuade one app to do it.
I wonder if it makes sense to create an independent hard-fork of AOSP in the future. But probably the only option to keep this somehow maintainable is to replace many android-specific components with other userspace linux components that are already well maintained (systemd, networkmanager, wayland)
I use Android because it lets me install whatever I want on my phone, which it does not seem to me, controversial. The phone is either mine or it is not. I don't want Google's protection. Particularly, if I can't refuse it.
I think the most fun part with Google is that if some wayward algorithm decides it doesn’t like you, along with nuking your app and developer account it will probably nuke your 20 year old gmail, your kids Google Drive accounts, your wife’s YouTube premium, the Adsense account of some company you worked for in 2008, and disable your Nest cameras.
This would be the line for me. If at some point I'm unable to build an .apk and install it on my phone without Google letting me, I'm moving to Huawei.
What Google is doing is shameful. One of the promises of Android was being more open than the restrictive Apple ecosystem.
Now that they reached penetration they do the switch - under the guise of security.
Just let me do with my hardware what I want to do it. Let it be my responsibility to install whatever I want (and stop calling it "side-loading", as if I am doing something shady from the "side").
We need to resist this! Alas, from the broader response it seems that most people just do not care.
I understand the frustration (I'm an avid fdroid user across many many devices). But this article comes off as childish with the virus/trojan/"malware vendor".
With such an article, many (including perhaps google) get the ammo to disregard what fdroid says, by branding them as childish/not to be taken seriously. for eg: no reputable news org is going to post this.
I thought the same thing but he apparently has a point. The stated purpose covers only a tiny sliver of the capabilities. The agreement points to the TOS where it (last time I looked) says service may be terminated at any time without stating a reason. Nothing guarantees it won't be used for things other than security. And finally he has a point where it also doesn't really do much for security.
If we ask their fine search engine, the AI helpfully explains malware to be software designed to gain unauthorized access to disrupt, extort payments and/or hijack devices.
If you still think the shoe doesn't fit, imagine what would happen if one managed to create an app with the same capabilities. Google would remove it immediately for being malware. Obvious malware.
Apple's policies were established when you purchased the phone. Apps come through registered developers and their vetting.
Google has changed the game on something you already own. I'm sure their lawyers have done their homework, but in some jurisdictions this is certainly actionable.
I think the point they are trying to make is that in the terms of service Google says they get to define what is malware (halfway through article) so the author is trying to point out that exact danger: what happens when Google gets to randomly call things malware.
I'm still a little bit confused why the EU does not take action in this. This is definitely a monopolist overreach which has to be shutdown from the beginning
But they did. EU formally allows all these measures by Google in the name of "security" as described in Digital Markets Act Art. 6 (4) fourth paragraph.
I already contacted the DMA authorities and complained how this has an effect on German diabetes communities and they replied that I am not the first one who approaches them on this and they are already investigating it.
Checked my Pixel 7 XL Pro and the app is installed and running (Version 1.0.866414232
com.google.android.verifier). I was able to force stop it, and disable it. Will check later to see if reenables itself.
> Disguising itself as the innocuously-titled “Android Developer Verifier” (ADV) process, this trojan horse runs surreptitiously in the background as a system service with full root privileges, quietly awaiting an activation signal. The service cannot be blocked, disabled, or removed. Unlike a commonplace bit of malware, this extraordinary strain won’t be detected and neutralized by Play Protect (the malware scanning and remediation service that is installed on all Android Certified devices). In fact, Play Protect is itself the vector through which this virus is transmitted and installed.
> That is because it is Google themselves who is propagating ADV. And once activated, this malevolent process has exactly one goal: to block you from running software by developers who haven’t been approved centrally by Google.
The rest of the article is a claim that Google's new terms of service amount to "malware is any software we [Google] don't like."
It seems like Google is aiming for its own walled garden.
> How long before they designate all ad-blocking software as malware, block installation on all Android certified devices worldwide, and permanently designate all developers of this class of software as malware creators?
History shows that when a "slope" appears... regulation steps in, technology evolves to solve the problem, or the culture shifts to reinterpret the thing.
In almost every case, the feared "bottom" of the slope was never reached because humans constantly built ramps or bridges along the way.
I alternate my thoughts frequently (which I believe is healthy), and sometimes I think we should let things take their course a bit more before reacting. It's certainly tiresome and can be pointless (some people claim 'hysterical') to fight lots of changes, not necessarily this one but some like it.
But I've come to realize there are serious downsides to letting things run their course too. Some changes are very hard to roll back (famous 'cat's out of the bag') just taking a lot of time to reverse if ever. For example, once there is a long term contractual agreement, if one parties decides to roll back they may just not be able to until the contract expires (like renting land; or worse, selling). A change in software systems for example that need backward compatibility can be quite difficult in technical and nontechnical ways.
I think people need to also keep some sympathy for the protests and let people protest more. I'm leaning more toward: if in doubt, provide visibility to a cause (even if not full support). It's okay to save yourself some energy (in particular for the most important causes). Some things might have to run their course for people to understand they were valuable, and we will probably have to eat some frogs as a consequence. Don't lose you sanity ;) (As the saying goes, "Don't you dare go hollow.")
This is a useless argument since there is no way to measure what case is this and what is not.
You can say "Classic slippery slope fallacy." to whatever seems like that to you.
This is an antipattern to scientific thinking as you can frame something x and then say all x are like this, look I created this framework to think about x. But in reality there is no empirical basis for this thought. And it serves no purpose other than doing more argument or winning arguments.
In the end what you wrote equates to "I don't think all of this will happen".
Chaning many possibilities makes the outcome less and less likely obviously.
Also the same principle applies to most religions I know of, for example:
- Assume there is God
- Assume it did create universe.
- Assume x
...
Then this also fits the same pattern and be called the "x fallacy" but it is useless to create an argument like this. This is useless mainly because this thinking pattern is ubiquitous in any world view.
More productive discussion might be to pick some steps in the theory they chained together and argue on that imo.
I wish Google CEO came to my garage with his car. I will do him well.
Everything will get fixed, however one small additional device will be installed. The Driver And Passenger Protector device. One day when riding a lone route somewhere in texas, his fuel going low, he'll pull out to a station, where he'll buy some gas and a boy named Bobby Wiggins will let him see his vintage CD collection. When Mister S the Google CEO gets in a car it won't start. The message will display, that the fuel he bough might be containing too much water or other substances harmless to either engine or the passengers, and we need to wait 2 days for the car to start again. Sorry. Bobby this night will fail to defend himself from the zombies and will eat mr S's brain.
Android users need to switch to Graphene.
Someone needs to create a Linux based mobile OS foundation - Google's domination is contrary to many large companies interests, and if Meta and many other such companies were approached, they may well donate large sums of money in their own strategic interests.
I know Graphene has innovative security measures, do you happen to know whether that includes anything wrt. phishing or social engineering?
(For those who haven't been following along: this whole affair started with phishing. People were social-engineered into installing an app and a little later their bank accounts were empty. A big issue in various poor countries.)
I tried. But then I didnt get access to essential services like banking and national resources.
Graphene OS user here. Almost all of the apps I tried work fine. All the banking apps I use work. Have you tried reaching out to the app developer or the service and explaining what Graphene OS is and asking them to support it? I was able to persuade one app to do it.
[1] https://privsec.dev/posts/android/banking-applications-compa...
Correction: i did get bank access. I just couldnt log into the bank without a google or apple controlled device.
The only reason I have not switched Graphene is because for reasons I do not understand, Graphene OS is very closely tied with Google hardware.
I bought a /e/os Fairphone instead.
Those reasons are explained clearly and openly. Ironically, your /o/OS is way less open than GOS on Google hardware.
I wonder if it makes sense to create an independent hard-fork of AOSP in the future. But probably the only option to keep this somehow maintainable is to replace many android-specific components with other userspace linux components that are already well maintained (systemd, networkmanager, wayland)
I use Android because it lets me install whatever I want on my phone, which it does not seem to me, controversial. The phone is either mine or it is not. I don't want Google's protection. Particularly, if I can't refuse it.
I think the most fun part with Google is that if some wayward algorithm decides it doesn’t like you, along with nuking your app and developer account it will probably nuke your 20 year old gmail, your kids Google Drive accounts, your wife’s YouTube premium, the Adsense account of some company you worked for in 2008, and disable your Nest cameras.
And you’ll never reach a human to sort it out.
it's a nightmare.
This would be the line for me. If at some point I'm unable to build an .apk and install it on my phone without Google letting me, I'm moving to Huawei.
Does Huawei not use android or Google play services?
What Google is doing is shameful. One of the promises of Android was being more open than the restrictive Apple ecosystem.
Now that they reached penetration they do the switch - under the guise of security.
Just let me do with my hardware what I want to do it. Let it be my responsibility to install whatever I want (and stop calling it "side-loading", as if I am doing something shady from the "side").
We need to resist this! Alas, from the broader response it seems that most people just do not care.
I understand the frustration (I'm an avid fdroid user across many many devices). But this article comes off as childish with the virus/trojan/"malware vendor".
With such an article, many (including perhaps google) get the ammo to disregard what fdroid says, by branding them as childish/not to be taken seriously. for eg: no reputable news org is going to post this.
PS: https://keepandroidopen.org/ is better done.
I thought the same thing but he apparently has a point. The stated purpose covers only a tiny sliver of the capabilities. The agreement points to the TOS where it (last time I looked) says service may be terminated at any time without stating a reason. Nothing guarantees it won't be used for things other than security. And finally he has a point where it also doesn't really do much for security.
If we ask their fine search engine, the AI helpfully explains malware to be software designed to gain unauthorized access to disrupt, extort payments and/or hijack devices.
If you still think the shoe doesn't fit, imagine what would happen if one managed to create an app with the same capabilities. Google would remove it immediately for being malware. Obvious malware.
Isn’t Google going to do what Apple has been doing since forever? Or is Google somehow doing something worse?
Apple's policies were established when you purchased the phone. Apps come through registered developers and their vetting.
Google has changed the game on something you already own. I'm sure their lawyers have done their homework, but in some jurisdictions this is certainly actionable.
I think the point they are trying to make is that in the terms of service Google says they get to define what is malware (halfway through article) so the author is trying to point out that exact danger: what happens when Google gets to randomly call things malware.
I'm still a little bit confused why the EU does not take action in this. This is definitely a monopolist overreach which has to be shutdown from the beginning
But they did. EU formally allows all these measures by Google in the name of "security" as described in Digital Markets Act Art. 6 (4) fourth paragraph.
https://www.eu-digital-markets-act.com/Digital_Markets_Act_A...
I understand not being happy about what Google is doing, but it seems like F-droid can’t be trusted not to heavily spin things.
There is no spin here. Google is pulling up the ladder.
There won't be an open web, there won't be user installs, there won't be anonymity.
Everything will be identified, attested, and allowed only when Google permits it.
Nevermind them choking startups and small biz out of the oxygen they need to survive.
What are talking about? Android Device Verification has nothing to do with what websites browsers can access.
I don't understand how this is legal in the EU under the DMA, does anyone know?
I already contacted the DMA authorities and complained how this has an effect on German diabetes communities and they replied that I am not the first one who approaches them on this and they are already investigating it.
Google is just trying how far they can push this.
Do you have any pointers on how to find the correct authority and reach out? I'd like to inform my EU audience.
Yes. From here: https://digital-markets-act.ec.europa.eu/contact-dma-team_en
Excellent, I emailed them too but no reply yet. Yeah, given that we should be able to choose what app store to install, this seems wildly illegal.
related: https://keepandroidopen.org/ previously on hn
- https://news.ycombinator.com/item?id=47935853 (2 months ago, 889 comments)
- https://news.ycombinator.com/item?id=47139765 (4 months ago, 378 comments)
- https://news.ycombinator.com/item?id=47778274 (3 months ago, 68 comments)
My Android 15 handset doesn't have com.google.android.verifier process. It could be a Ulefone thing. They're especially pro-user (ex:root friendly).
Checked my Pixel 7 XL Pro and the app is installed and running (Version 1.0.866414232 com.google.android.verifier). I was able to force stop it, and disable it. Will check later to see if reenables itself.
This is not malware. It's an official part of Google Play Services.
> Disguising itself as the innocuously-titled “Android Developer Verifier” (ADV) process, this trojan horse runs surreptitiously in the background as a system service with full root privileges, quietly awaiting an activation signal. The service cannot be blocked, disabled, or removed. Unlike a commonplace bit of malware, this extraordinary strain won’t be detected and neutralized by Play Protect (the malware scanning and remediation service that is installed on all Android Certified devices). In fact, Play Protect is itself the vector through which this virus is transmitted and installed.
> That is because it is Google themselves who is propagating ADV. And once activated, this malevolent process has exactly one goal: to block you from running software by developers who haven’t been approved centrally by Google.
The rest of the article is a claim that Google's new terms of service amount to "malware is any software we [Google] don't like."
It seems like Google is aiming for its own walled garden.
> How long before they designate all ad-blocking software as malware, block installation on all Android certified devices worldwide, and permanently designate all developers of this class of software as malware creators?
Classic slippery slope fallacy.
https://en.wikipedia.org/wiki/Slippery_slope
History shows that when a "slope" appears... regulation steps in, technology evolves to solve the problem, or the culture shifts to reinterpret the thing.
In almost every case, the feared "bottom" of the slope was never reached because humans constantly built ramps or bridges along the way.
I alternate my thoughts frequently (which I believe is healthy), and sometimes I think we should let things take their course a bit more before reacting. It's certainly tiresome and can be pointless (some people claim 'hysterical') to fight lots of changes, not necessarily this one but some like it.
But I've come to realize there are serious downsides to letting things run their course too. Some changes are very hard to roll back (famous 'cat's out of the bag') just taking a lot of time to reverse if ever. For example, once there is a long term contractual agreement, if one parties decides to roll back they may just not be able to until the contract expires (like renting land; or worse, selling). A change in software systems for example that need backward compatibility can be quite difficult in technical and nontechnical ways.
I think people need to also keep some sympathy for the protests and let people protest more. I'm leaning more toward: if in doubt, provide visibility to a cause (even if not full support). It's okay to save yourself some energy (in particular for the most important causes). Some things might have to run their course for people to understand they were valuable, and we will probably have to eat some frogs as a consequence. Don't lose you sanity ;) (As the saying goes, "Don't you dare go hollow.")
> In almost every case, the feared "bottom" of the slope was never reached because humans constantly built ramps or bridges along the way.
Perhaps it happens because the slope is called out...
This is a useless argument since there is no way to measure what case is this and what is not.
You can say "Classic slippery slope fallacy." to whatever seems like that to you.
This is an antipattern to scientific thinking as you can frame something x and then say all x are like this, look I created this framework to think about x. But in reality there is no empirical basis for this thought. And it serves no purpose other than doing more argument or winning arguments.
In the end what you wrote equates to "I don't think all of this will happen".
Chaning many possibilities makes the outcome less and less likely obviously.
Also the same principle applies to most religions I know of, for example:
- Assume there is God
- Assume it did create universe.
- Assume x
...
Then this also fits the same pattern and be called the "x fallacy" but it is useless to create an argument like this. This is useless mainly because this thinking pattern is ubiquitous in any world view.
More productive discussion might be to pick some steps in the theory they chained together and argue on that imo.