It's a very small concession. The high initial friction still means when someone comes to me with a problem and I tell them the solution is in F-Droid, they have to wait a day. Most give up and pick a different, less trustworthy solution from Google Play.
Incredibly small concession that doesn’t warrant this article’s absolutely insane framing: “Even less of a problem than we thought,” “very, very good news,” “already sounded perfectly manageable.”
The author is so giddy to defend this monopolistic restriction on Google’s part. Hackers can use F-Droid without annoyance, but this really does kill any chance at normies using it. They absolutely will use the worst spyware on Google Play instead, and the author seemingly loves it.
Given the Epic settlement means Google is allowing alternate app stores, and also the delay only applies for unregistered developers, I'm not certain it won't actually get easier to get folk set up on F-Droid.
It still remains to be seen what the actual requirements are, and even if F-Droid could become "approved" that doesn't mean they want to. Time will tell.
Why the hell should we "mother may I" with Google for running apps on our own phones if it isn't sourced from the Play Store?
The "security" rationale is horseshit given just how much malware is readily download able on the Play Store. Google never cleans its own house before going after others.
The scams are likely to some from outside Play. In the US, these scams don't run because iPhone is the dominant platform and side loading in iOS is not possible. In the rest of world they are widespread.
"Likely"? Do you mean that based on actual data, or are you using it as a weasel word so you can present whatever convenient "facts" that benefit Google as truth?
I’m betting on the latter. No Kitboga video mentions custom Android apps. What actually appears on almost all videos are online ads/spam or fake celebrity accounts messaging random people on Facebook.
It's funny how you aggressively push solutions that ignore the most common scam vectors investigators encounter. Could it be a coincidence that your proposal conveniently places every aspect of people’s lives at the mercy of big businesses? Or that the scam vector you downplay, ads and social media, just happens to be cash cows for some of the richest companies in history?
We already have plenty of paid lobbyists cheering the transfer of wealth from the poorest to the richest. There's no need to do that dirty work for free. Weaponizing the elderly being scammed of their life savings while protecting those that benefit from it is beyond messed up.
The scams that are happening in the rest of world are calls posing as bank support about urgent security issues and telling people to install apps to protect their accounts.
We shouldn't let naive or mentally disabled people to dictate how computing should work. That's the same logic behind the age verification shit that's happening worldwide.
If you (not you specifically) are unsure of your abilities to use computers, let a friend or a family member buy a dumbed down device for you or install parental controls or something. Or maybe have clicking the build number 7 times reveal "toddler mode" where you can lock your device down irreversibly as much as you want.
It might be pro consumer if the power were lying in some kind of democratically justified organization, which then decides which apps are allowed and which are not.
This way, consumers are helpless victims of the same megacorporation, which will use its near-absolute power over the mobile ecosystem (shared with one other megacorporation) to profit on the back of consumers.
The rationale behind this move makes no sense either - most of the scams happen via some instruction to install Anydesk or some such remote-support software, not some shady apkg downloaded from some third party website.
Seems like a move to get around the Epic Games ruling (and assorted rumbles from countries like India).
I'm biased, but I don't think less trustworthy is a fair assessment. I think you can suggest that open source software provides a different trust model than closed source and distributed by Play, but to conclude it's less trustworthy is a real stretch.
The vast majority of software on Google Play is absolute spyware-laden slop. There are turstworthy apps, sure, but they are drops in an ocean. F-Droid’s trustworthy-to-ad-ridden-slop ratio is pretty much definitionally lower than Google’s, by virtue of it being actually curated. That everything on it is libre and they are working hard on reproducible builds just makes it all the better.
> ADB would be unaffected, and any power users who needed to install an app straight away could always connect their Android device to a computer and use ADB commands to manually install - no delay at all.
So in practice this won't be an issue for anyone tech-savvy who uses their Android device with apps outside of the Play Store, as they can simply install through the ADB mechanism via a separate device. It can even be done using WebUSB.
However, the many, many people worldwide who lack such technical knowledge, and are more susceptible to being scammed via malicious app installs because of it, are still protected by this new process Google are introducing.
We hereby grant you a conditional right to install software on the device you "own", subject to conditions, and terms, but only under certain circumstances and only so long as it pleases us.
Yeah, to me android is another Linux machine. I can change the date and for the device it's tomorrow. At least should be. What then? Will it accept the apk I just installed because it's tomorrow? Or reject because of no lease token from the one-almighty-Google? Or maybe it won't work at all when offline even with offline apk?
None of the comments here seem to discuss or even mention how this situation looks from googles perspective? I feel like HN readers are not aware of the scale of the problem they face or their motivation behind these changes.
If you look at the rate of growth of the call/text scam industry I think it's entirely possible that android owners are getting scammed out of more money than google themselves makes on the android platform as a whole. It's at least not that far off. Which doesn't even account for the humanitarian issues which they probably feel partially responsible for.
Why does nobody ever think of the poor megacorporation?
I mean maybe you're even right and they care a little bit about people being scammed. But if you believe that the scamming thing is any more than a pretense for further establishing Google's absolute control over the Android ecosystem, that is just very naive.
Their goal is to make money. Apps installed outside of Google mean less money for them. Ergo, consumer's right to install what they want on their devices must go.
What's the phone OS landscape now? What can someone who values their agency and wants FOSS choose?
* iOS - walled garden, so no
* Android:
* * with a Google account and Play Services - a bit less of a walled garden, but still no
* * Android without Google:
* * * GrapheneOS - root or adb not supported, so no
* * * LineageOS - (edit: root or adb not supported, so no - just learned) seems like a viable option although it seems like it depends on Google's development of Android and keeping it FOSS. How's the situation with security updates? Which phones would you recommend? I don't count Samsung or whatever crap as they're generally quite user-hostile.
* Linux - IIRC only PMOS supported FDE. Is that still the case? Are there are good Linux phones? I tried PinePhone a few years ago, but it was crappy. The OS also lacked basic features like new windows showing up inside the screen.
Like the other poster said, you can get root on GOS. However it's highly ill advised and severely breaks the security model of devices. 99% of the time nobody, especially the average person, needs root on their phone (imo). Allowing that easily just opens up the average person to getting duped into getting their phone rocked with exploits and possibly persistent malware.
There is no reason that a lack of root access should be viewed as a negative within the context of GrapheneOS. In that case why even mention or choose GOS? Just choose an Android fork with poor security or a Linux phone with zero security instead.
> 99% of the time nobody [...] needs root on their phone
Do you also not have root on your laptops or desktops? I don't get why it's so different. I don't just want to open TikTok and Instagram, I want to use my phone computer as a computer. I assumed HN folks would get it.
I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to.
Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?
And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?
I probably don't get it, but it's like people see 2 extremes - run nothing ever in root or run everything in root all the time.
I want to run like 5-6 apps I trust.
Maybe if I wanted to secure a billion dollars worth of Bitcoin, I would be OK with a separate phone without root, but then again I would likely use a hardware wallet. What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?
> Do you also not have root on your laptops or desktops? I don't get why it's so different. I don't just want to open TikTok and Instagram, I want to use my phone computer as a computer. I assumed HN folks would get it.
The security models of desktop operating systems are far, far behind those of mobile operating systems (Android/iOS). ChromeOS, followed by macOS are the closest to mobile security but are still severely lacking. Windows is farther behind and desktop Linux might as well be minimum security. It’s not even an equivalent comparison as you’re comparing mobile OSes to ones on a platform with a fundamentally worse security architecture.
I mean, even to an extent some of the Linux distributions understand the security problems with the traditional model. Look at what Universal Blue is doing with their images and leaning more into Flatpaks and containers for any developer like etc tooling while actively discouraging installing things via rpm-ostree.
> I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to. Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?
The first sentence is inherently incompatible with the security structure of GrapheneOS (for example). The point is to not give applications root, giving them root circumvents basically all of the protections GrapheneOS and Android give the user. Yes, mobile operating systems were designed sandbox first to treat all applications as untrusted. However it doesn’t matter if you’re only giving “trusted” apps root, all it takes is one supply chain exploit, one malicious developer, one anything to make that app with root do something its not supposed to do.
Not having root is the best way to harden security. Mobile OSes are designed to be heavily compartmentalized, each application runs in its own sandbox. Giving an application root circumvents the entire thing, allowing that application in theory to see into other sandboxed apps etc. If you want a real world example look at all the malware exploits that come into iOS via iMessage, one of the only apps on iOS that’s not fully sandboxed like normal apps.
> And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?
The problem is that we don’t know how they could leverage it, so the solution is to eliminate that pathway entirely.
This is also my issue with the push for Linux phones onto the average person (instead of the community coming together and forking AOSP if they want to escape Google). The platform has zero real sandboxing, and the average person still wants to use Meta apps as shit as they are. These big tech companies’ and governments’ apps would go absolutely crazy on Linux phones.
> What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?
To not get unknowingly pwned. Realistically even if you have a trusted app, you or the community can only verify that it’s trusted at a specific point in time. Realistically a community cannot verify that an app or package etc is consistently not malicious and will more often than not lag behind in the implementation of the exploit vs its discovery, it doesn’t matter if its closed or open source.
To be clear though my view is that we shouldn’t be pushing root-capable mobile operating systems onto the average person and that no root is infinitely more secure than having it. Maybe companies could provide alternatives, i.e. offering devices with rooted versions available but offering no customer support if something goes wrong with the software. But it certainly shouldn’t be a default available feature for the majority of the population.
—
An edit: Also preventing root allows devices to pass attestation checks. I know it has a dirty connotation in light of how companies are behaving recently, but it really is a security benefit for a device to be able to prove that it’s base operating system is unmodified (i.e. no persistent malware is present).
Edit: I looked at your other comments to see if you had discussed Linux or Android security before (and to avoid repetitive threads). I'll reply to this post of yours here as you'll likely not see that I've replied there:
> Also linux only really has block level encryption, not file based encryption like iOS/Android. It would be trivial for LEO to access your device unless it was totally powered off and then the only protection is LUKS. Or really even if you lose your phone and someone was so inclined to they could just extract all the data if it was powered on but on the “lock screen,” as most if not all desktop (and I’d imagine linux phone) environments do not actually do any encryption or anything when the system is locked, it’s just a cosmetic lock for all intents and purposes.
With LUKS or plain dm-crypt unencrypted data never touches the storage. Small parts of the storage are decrypted in RAM, but what gets written is encrypted. FDE at the block level gives less info to the adversary than file based encryption. With detached /boot (and maybesome other stuff) (like on a USB stick), and plain dm-crypt, you can even have plausible deniability that the storage medium was just overwritten with random data. LEO can't do anything for LUKS or dm-crypt if they can't bypass the lock screen, short of a cold boot attack. That's true for file-based encryption, too. The lock screen (on Linux, at least) isn't related to disk encryption and doesn't have to be.
I don't agree with you, but I appreciate the time you took to reply. Apologies if I may appear terse.
> The security models of desktop operating systems are far, far behind those of mobile operating systems
What about Qubes? That's my standard. Everything else has worse security almost by definition (since you can virtualize it and increase its security that way).
> The first sentence is inherently incompatible with the security structure of GrapheneOS (for example).
My mistake - sorry. I wanted to say something like:
> I would choose something as locked down as GrapheneOS (no root) for its security if I were to use it to install random apps or to run JS from random sites - examples of exposing myself to unnecessary danger like someone who doesn't know what he's doing. I would choose something with root but wouldn't run random apps with root permissions or JS on a browser started with root permissions.
I somehow mixed both sentences when editing.
> it doesn’t matter if you’re only giving “trusted” apps root, all it takes is one supply chain exploit, one malicious developer, one anything to make that app with root do something its not supposed to do.
That's where we differ on our views of security, agency and responsibility. I own the computer so I should be able to give root to whatever I trust. I already trust the the hardware, the myriad of developers writing the OS, the libraries they've used and so on. Yes, trusting less things is better, but there's a tradeoff and we can easier restrict the OS further and further until we're left with nothing. The OS shouldn't restrict what I can trust and what I can't trust. Why is the OS trying to force me to not trust any app but only the millions on lines of code of the OS itself and the hardware?
> The point is to not give applications root, giving them root circumvents basically all of the protections GrapheneOS and Android give the user.
Giving all applications root might circumvent all protections in GrapheneOS and Android. How does giving 1 application I trust circumvent all protections? Let's say I wrote the app (and I trust myself) and then formally verified it - just for the sake of argument. Although I'd give root to apps I didn't write or verify because I am an adult who can choose what code to trust. We already have important information and already give important permissions to apps that, if compromised, can ruin our lives easily (browsers, communication apps and so on).
> The problem is that we don’t know how they could leverage it, so the solution is to eliminate that pathway entirely.
So apps are both sandboxed and there are robust permissions which make Android much more secure than most desktop OSes, but we can't even give an app root because it might somehow wreck the whole system? I don't get this. By that logic we don't know if any app could compromise any of the system processes that have root (or functionally equivalent access). The solution would be to not run untrusted apps in the same OS at all, to have different computers or some hardened virtualization like Qubes? I get that it's not black and white, but my hypothetical terminal app with root permissions won't be the only process with root permissions running on the OS, so why is it THAT bad to give it root? Especially when I'd run it with root only for certain tasks, just like I don't "sudo ls ~" but just "ls ~".
> This is also my issue with the push for Linux phones onto the average person (instead of the community coming together and forking AOSP if they want to escape Google). The platform has zero real sandboxing, and the average person still wants to use Meta apps as shit as they are. These big tech companies’ and governments’ apps would go absolutely crazy on Linux phones.
Why not try to use existing security mechanisms in various Linux distros (or Qubes) to prevent Meta's apps from going crazy? Additionally, why can I load facebook.com in Firefox on Linux and be relatively certain I won't get pwnd by Facebook even though I have root on Linux? That would mean we trust browser sandboxing more than Android sandboxing. Yet we have root on Linux and can do anything with the browser. What I mean is, you state that Android is so secure, yet we trust it less than untrusted JS on a browser on desktop. If we don't, should we disallow people to run JS (or even CSS, as there have been attacks via CSS) at all?
> my view is that we shouldn’t be pushing root-capable mobile operating systems onto the average person
My view is that we should default on root-capable devices for anyone. If a user doesn't feel sure in their abilities, they may select "I am not sure of my abilities to operate a computer, lock it down for me permanently" option. Otherwise it's on them. We shouldn't be nannies for people. People will eventually learn when enough people get burned. We should be nannies for obvious cases of mental retardation where the person requires round the clock care, but not for everybody. We're not sheep and shouldn't all be treated as sheep even if a lot of us are.
> Also preventing root allows devices to pass attestation checks. I know it has a dirty connotation in light of how companies are behaving recently, but it really is a security benefit for a device to be able to prove that it’s base operating system is unmodified (i.e. no persistent malware is present).
I might see a benefit for workers in a company for work-provided computers because they're company owned, but any attestation for user-owned computers that is imposed on a user will almost inevitably lead to a dystopian future where computers get more and more controlled, locked down and even backdoored without a way to even see if they are. For example, in many jurisdictions you're required to have phone, to use Android or iOS, to have an account with Google or Apple, to not have root and to not run a custom ROM in order to use basic public services or banking (even if my bank account has like 5 bucks in it and I wouldn't care less if it got hacked). That is absolutely wrong and if we don't do something it's going to get much worse in the future. We should fight these restrictions whenever we encounter them. We the people own our lives - we should own our computers and we should own (as in responsibility) our choices.
GrapheneOS - does allow you to root/ADB. It's just not official, just like LineageOS. You can even sign your own images and relock the bootloader and have root i f you put in the effort.
So I misunderstood about LineageOS - I haven't read anything about it for a while. Everyone on GrapheneOS's forum is really anti-root, they even mention it's not GrapheneOS anymore. From what I saw you can't get any support whatsoever if you have an issue with root or adb, which seems like a core component to any OS to me. Would've been nice if there was a community that gave each other support for rooted LOS or GOS. There could be one, though - I haven't researched it.
I think a problem is that phones, as a concept, are communication first, rather than general computing first.
If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I'm sure FOSS can make a feature equivalent Instagram (or Whatsapp, or whatever) but the people aren't in there.
> I think a problem is that phones, as a concept, are communication first, rather than general computing first.
I use all kinds of computers for communication. I'm communicating with you on my desktop. I had a call earlier on my laptop. And a phone IS a computer, so why pretend it's not?
> If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I wouldn't use proprietary work tools on a personal device. It's not good hygiene.
I don't care if Instagram requires an app on a non-rooted phone with verified Google attestations because I don't use it and it's not essential.
Banking apps ARE a problem because a lot of banks don't let you use their site without their app at all. That should be solved with regulations - give people a FOSS banking app or, better yet, an API, so they can bank however they want to. Let us create FOSS interfaces for the different banks. Right now we need to revert the regulations who more or less force us to rely on Google or Apple's attestation. Internet banking is important both because there's a trend, even in countries where cash is still widely used, to have places that don't take cash, and because it's a highly regulated system paid for my taxes - I should be able to participate in a modern way with bullshit restrictions allegedly made to prevent someone's grandpa from getting hacked or phished.
But if I can't access my bank online, I'm not going to bow my head and buy a bank-approved phone with a bank-approved OS and a bank-approved $tech_company account. Who banks that often that they really need to do that, outside of places like Sweden where cash is almost dead?
>I use all kinds of computers for communication. I'm communicating with you on my desktop.
Sure, now get a date, connect with old friends, get invited to a party or join your children's school parent groups exclusively on free software.
>And a phone IS a computer, so why pretend it's not?
I agree we shouldn't, I'm just saying that it's unlikely for that need to meet a large enough demand.
You might consider Instagram, whatsapp or similar apps personally not essential, but for many (I would say most) people they are - if not truly essential for living, at least essential in the sense that they don't have much use for their phone outside of those apps.
Which was my point, as long as the main use of a phone requires passing through meta's (or whoever else's) hoops, it's going to be a hard battle.
The only minimally mainstream uses of a phone that currently lie outside the walled garden are piracy and emulators, and that's already a stretch.
> Sure, now get a date, connect with old friends, get invited to a party or join your children's school parent groups exclusively on free software.
It's tough, but that's a normal part of trying to change the status quo and fight for something you believe in. The people who I truly care for (and who care for me) have actually installed secure FOSS apps to connect with me and invite me to parties. They were reluctant and in some cases it took months of prodding, but it happened. And slowly there's a network effect - friend X and friend Y both have app Z. They might continue to use Meta to communicate between each other, but if and when they realize they want to move away from Meta, they can use Z.
I haven't had to deal with school parent groups in particular, but I have, in just a few cases over the years, managed to convert small groups from proprietary to FOSS solutions. It's hard, it's not the usual outcome (often they stay in their walled garden and I don't join them), but sometimes, just sometimes it works. That means there is actually hope and we can keep fighting the good fight. If we win, everyone wins.
I also understand if someone agrees with me, but reluctantly uses a closed proprietary solution to connect to the school parent group if it's important to them to be in that community. But losing a battle doesn't mean we have to forfeit the whole fight.
It was a long time ago, so I don't remember. Phosh or Plasma. I tried to like Sxmo, but it was really unintuitive, unlike tiling WMs on Linux.
Fairphones seems OK, although for €549 I'll probably stick to a dumb phone and invest in a better laptop for now. I'm not saying it's too expensive for what it is, though - it's still a tiny computer with all kinds of periphery.
I just wish there was a version with a shitty camera for €50 less or with no Bluetooth for €10 less - you get the idea.
> If you choose to root, then I believe its not considered to be "GrapheneOS" any longer and assistance will not be provided for issues you face
Getting no support would suck. Obviously it's a FOSS OS, so it would be community support for the most part, but it's still invaluable when you run into issues.
Because my new phone would be my new phone. And a phone is a computer. That should be enough of a reason.
I'm quite surprised people who post here don't get that. I've been lurking for years even though my account is new and even though general hackerishness here has gotten a bit reduced over the years, but it's still HackerNews, not ConsumerNews. No offense implied - I just hoped I'd see more people willing to claim their right to own and modify their OS like a true hacker.
I do (re-)root my phone (after each update I have to flash the Magisk-modified boot.img again), but FWIW almost nothing needs root on Android, it lets you do way more by default than iOS. I think some people equate jailbreaking and rooting when there's not really a jail to begin with. You can install a custom ROM without having root and I think that's what most people really want to do. Cleaner base system, maybe some new features. I run LineageOS without gapps and it's great. I can use `sudo` inside termux since I have root. I don't really use it for anything except to verify that Magisk reinstalled okay (I do `sudo ls /` as a quick check). Installing F-Droid doesn't need root. You can even do it on locked down TVs and Amazon tablets usually. adb works as well, not sure why someone was saying it doesn't. Hell, adb should work even without either root or a custom ROM. I use it to reboot my phone into fastboot without the button combo and then flash Magisk right after.
I agree you might not need it, but the issue is one of principle. I want it because I might need it. I don't want to find another OS that supports root if I realize I need it.
Just how I may be OK with staying at home for months with deliveries and internet access and everything else provided for me, but I want the freedom to go outside. There is rarely anything I need that's outside, to be honest. And outside is more dangerous. But I want to be able to sudo outside whenever I want for whatever reason I want.
I think you are answering not quite what's being asked.
I think it's completely reasonable to want to be able to get root on your device. For the exact reasons you mentioned. GrapheneOS allows that.
To actually do so, it's reasonable to have a reason. Otherwise what you're doing is basically running commands with sudo "because you can", which will bite you.
To have a rooted phone just for the sake of the trophy of having a rooted phone is something generally considered worse. Better to have a rootable phone, which you root if or when you have need of it.
I thought that even after the 24h wait, you will have to go through some annoying dialog to install (or maybe even update) anything not from the play store. So installing from F-droid will become an obnoxious process. Even worse if updates also become obnoxious. F-droid often wants to update several apps at once, so I click "update all". If that becomes multiple dialogs, that sucks.
AFAIK, all current versions of Android have Google Play Services. It's an essential part of the "official" Android.
If you run GrapheneOS, LineageOS or whatever, then it's not real Android, and the entire problem of your OS restricting you from installing apps does not exist.
If you don't have the framework, you don't have to worry about any of this (you also don't get the benefits, bank apps that require validated OS, tap to pay etc, without the framework).
How will the transfer occur? I'm assuming via Google account?
So this is vendor lock-in to an online account being sold as a way to "win" against a problem _created_ by said vendor? I would prefer a per-device wait time and I sincerely hope a Google account will not be a hard requirement. I didn't consider this initially.
Google is in the process of stealing the shirts from our backs and selling them back to us. Whoever wrote this article is drinking the kool-aid. This should NOT be presented as a positive thing. Some of us use Android without a Google account and would still like to sideload.
You still seem to need a Google account to be able to use the hardware you just paid for. I don't have one, don't want one either. I've been using Android without Google for about 15 years now but will hold off on getting a new device until I'm sure I can continue using it without getting a Google account.
I'm using stock Android with a bunch of F-droid apps and no Google account. I've never installed anything from Play and don't feel like I'm missing anything.
I don't use F-Droid, but I've been an Android user for several years on two different devices and I've never associated a Google account with a device. I've installed all my software from APK downloads from the open source project site releases they came from.
It was really nice last year when I moved to a new device. I restored my last SMS, call log, and contact backup with the open source app I use for that, then loaded the rest of the apps I use from their APKs. It was a lot like getting a new PC. Very enjoyable.
On some devices I run custom distributions (mostly LineageOS), others I just root and de-fang by removing all objectionable content including the Google bits. In all cases I put on F-Droid with a few configured repos to get the applications I want. On a few devices I also add some proprietary apps which are more or less mandatory - electronic ID (BankID) being the main one - either by manually installing it or through Aurora Store, an alternative play store front-end which does not require a Google account. No Google, no problem and no real hassle. My current main phone - a Xiaomi Redmi Note 5 Pro - is 8 years old, I already have a replacement in a drawer but have not configured it yet because I first want to make a cover for it. Even though it is 8 years old it works fine, the battery holds for 2 days and all applications I need still run on it. The oldest device in use is 15 years old and also works fine but it can no longer be used as a phone since 3G was switched off where I live.
How long before there is a "we've detected your account has been used multiple times to re-setup a phone.. we've re-enabled the Google Nanny Safety mode.. also we've locked your google account just in case.. "
I mean other than hackers, who has needed to factory reset their phone more than once in a year you must be doing something shady... right right?
"Google is doing this thing that is total bullshit, but now they're given you slightly less shit. What a win! Our glorious corporate overlords are so generous!"
What a joke. It's not a journalist job to shill for corporations
It's called the door-in-the-face technique. You ask for ten times what you want and get told to fuck off (the other person slams the door in your face). Then you ask for what you actually want, and having just told you to fuck off with the larger request, the other person is more likely to say yes to the smaller request.
WTF win? Sounds like I will need a tracking google account because it can "carry over" when I "upgrade my phone"
"Google giving a concession" is no win.
WTF Concession? Why are we asking google for permission to use the devices we bought as they see fit?
Ok, google is doing what is best for them, abusing users. But the manufacturers are really to blame here because the devices are by default locked to what google and them decide. There is no Market Choice here.
Yeah, but then banks need to be pushed to support it. And while we're at it it would be good if people responsible for European eID also stopped recommending Google device attestation.
Graphene's policy is to work on one phone at a time. If other vendors want to support it they'll have to pay for the work to be done to Graphene standards, themselves.
There's not really a way to bypass Google if they don't want there to be, and that's what they're moving towards. The only long-term solution is to cut Google out entirely.
Motorola with GrapheneOS is an interesting prospect. The space is ready for disruption and the tools to do it are more available than ever. Maybe it will come from the EU. Who knows, but Google overplayed their hand, IMO.
Also, let's be clear about the mobile landscape right now. Many apps aren't written in Java or Swift, but instead are being transpiled from other languages like TypeScript and using UI libraries that aren't locked to the mobile platform itself.
When a new mobile platform enters the space it will require some react-native and capacitor glue code and we are in business.
The author is so giddy to defend this monopolistic restriction on Google’s part. Hackers can use F-Droid without annoyance, but this really does kill any chance at normies using it. They absolutely will use the worst spyware on Google Play instead, and the author seemingly loves it.
It still remains to be seen what the actual requirements are, and even if F-Droid could become "approved" that doesn't mean they want to. Time will tell.
The "security" rationale is horseshit given just how much malware is readily download able on the Play Store. Google never cleans its own house before going after others.
Basically, Google needs an answer when men in suits ask them why they have technology that enables users to install sanctioned Iranian banking apps.
I’m betting on the latter. No Kitboga video mentions custom Android apps. What actually appears on almost all videos are online ads/spam or fake celebrity accounts messaging random people on Facebook.
It's funny how you aggressively push solutions that ignore the most common scam vectors investigators encounter. Could it be a coincidence that your proposal conveniently places every aspect of people’s lives at the mercy of big businesses? Or that the scam vector you downplay, ads and social media, just happens to be cash cows for some of the richest companies in history?
We already have plenty of paid lobbyists cheering the transfer of wealth from the poorest to the richest. There's no need to do that dirty work for free. Weaponizing the elderly being scammed of their life savings while protecting those that benefit from it is beyond messed up.
If you (not you specifically) are unsure of your abilities to use computers, let a friend or a family member buy a dumbed down device for you or install parental controls or something. Or maybe have clicking the build number 7 times reveal "toddler mode" where you can lock your device down irreversibly as much as you want.
This way, consumers are helpless victims of the same megacorporation, which will use its near-absolute power over the mobile ecosystem (shared with one other megacorporation) to profit on the back of consumers.
Seems like a move to get around the Epic Games ruling (and assorted rumbles from countries like India).
> ADB would be unaffected, and any power users who needed to install an app straight away could always connect their Android device to a computer and use ADB commands to manually install - no delay at all.
So in practice this won't be an issue for anyone tech-savvy who uses their Android device with apps outside of the Play Store, as they can simply install through the ADB mechanism via a separate device. It can even be done using WebUSB.
However, the many, many people worldwide who lack such technical knowledge, and are more susceptible to being scammed via malicious app installs because of it, are still protected by this new process Google are introducing.
Modern handheld computing is such a shitshow...
If you look at the rate of growth of the call/text scam industry I think it's entirely possible that android owners are getting scammed out of more money than google themselves makes on the android platform as a whole. It's at least not that far off. Which doesn't even account for the humanitarian issues which they probably feel partially responsible for.
I mean maybe you're even right and they care a little bit about people being scammed. But if you believe that the scamming thing is any more than a pretense for further establishing Google's absolute control over the Android ecosystem, that is just very naive.
Their goal is to make money. Apps installed outside of Google mean less money for them. Ergo, consumer's right to install what they want on their devices must go.
> Google’s been working hard to relive everyone’s fears...
* iOS - walled garden, so no
* Android:
* * with a Google account and Play Services - a bit less of a walled garden, but still no
* * Android without Google:
* * * GrapheneOS - root or adb not supported, so no
* * * LineageOS - (edit: root or adb not supported, so no - just learned) seems like a viable option although it seems like it depends on Google's development of Android and keeping it FOSS. How's the situation with security updates? Which phones would you recommend? I don't count Samsung or whatever crap as they're generally quite user-hostile.
* Linux - IIRC only PMOS supported FDE. Is that still the case? Are there are good Linux phones? I tried PinePhone a few years ago, but it was crappy. The OS also lacked basic features like new windows showing up inside the screen.
* anything else?
Like the other poster said, you can get root on GOS. However it's highly ill advised and severely breaks the security model of devices. 99% of the time nobody, especially the average person, needs root on their phone (imo). Allowing that easily just opens up the average person to getting duped into getting their phone rocked with exploits and possibly persistent malware.
There is no reason that a lack of root access should be viewed as a negative within the context of GrapheneOS. In that case why even mention or choose GOS? Just choose an Android fork with poor security or a Linux phone with zero security instead.
Do you also not have root on your laptops or desktops? I don't get why it's so different. I don't just want to open TikTok and Instagram, I want to use my phone computer as a computer. I assumed HN folks would get it.
I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to.
Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?
And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?
I probably don't get it, but it's like people see 2 extremes - run nothing ever in root or run everything in root all the time.
I want to run like 5-6 apps I trust.
Maybe if I wanted to secure a billion dollars worth of Bitcoin, I would be OK with a separate phone without root, but then again I would likely use a hardware wallet. What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?
The security models of desktop operating systems are far, far behind those of mobile operating systems (Android/iOS). ChromeOS, followed by macOS are the closest to mobile security but are still severely lacking. Windows is farther behind and desktop Linux might as well be minimum security. It’s not even an equivalent comparison as you’re comparing mobile OSes to ones on a platform with a fundamentally worse security architecture.
I mean, even to an extent some of the Linux distributions understand the security problems with the traditional model. Look at what Universal Blue is doing with their images and leaning more into Flatpaks and containers for any developer like etc tooling while actively discouraging installing things via rpm-ostree.
> I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to. Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?
The first sentence is inherently incompatible with the security structure of GrapheneOS (for example). The point is to not give applications root, giving them root circumvents basically all of the protections GrapheneOS and Android give the user. Yes, mobile operating systems were designed sandbox first to treat all applications as untrusted. However it doesn’t matter if you’re only giving “trusted” apps root, all it takes is one supply chain exploit, one malicious developer, one anything to make that app with root do something its not supposed to do.
Not having root is the best way to harden security. Mobile OSes are designed to be heavily compartmentalized, each application runs in its own sandbox. Giving an application root circumvents the entire thing, allowing that application in theory to see into other sandboxed apps etc. If you want a real world example look at all the malware exploits that come into iOS via iMessage, one of the only apps on iOS that’s not fully sandboxed like normal apps.
> And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?
The problem is that we don’t know how they could leverage it, so the solution is to eliminate that pathway entirely.
This is also my issue with the push for Linux phones onto the average person (instead of the community coming together and forking AOSP if they want to escape Google). The platform has zero real sandboxing, and the average person still wants to use Meta apps as shit as they are. These big tech companies’ and governments’ apps would go absolutely crazy on Linux phones.
> What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?
To not get unknowingly pwned. Realistically even if you have a trusted app, you or the community can only verify that it’s trusted at a specific point in time. Realistically a community cannot verify that an app or package etc is consistently not malicious and will more often than not lag behind in the implementation of the exploit vs its discovery, it doesn’t matter if its closed or open source.
To be clear though my view is that we shouldn’t be pushing root-capable mobile operating systems onto the average person and that no root is infinitely more secure than having it. Maybe companies could provide alternatives, i.e. offering devices with rooted versions available but offering no customer support if something goes wrong with the software. But it certainly shouldn’t be a default available feature for the majority of the population.
—
An edit: Also preventing root allows devices to pass attestation checks. I know it has a dirty connotation in light of how companies are behaving recently, but it really is a security benefit for a device to be able to prove that it’s base operating system is unmodified (i.e. no persistent malware is present).
Edit: I looked at your other comments to see if you had discussed Linux or Android security before (and to avoid repetitive threads). I'll reply to this post of yours here as you'll likely not see that I've replied there:
> Also linux only really has block level encryption, not file based encryption like iOS/Android. It would be trivial for LEO to access your device unless it was totally powered off and then the only protection is LUKS. Or really even if you lose your phone and someone was so inclined to they could just extract all the data if it was powered on but on the “lock screen,” as most if not all desktop (and I’d imagine linux phone) environments do not actually do any encryption or anything when the system is locked, it’s just a cosmetic lock for all intents and purposes.
With LUKS or plain dm-crypt unencrypted data never touches the storage. Small parts of the storage are decrypted in RAM, but what gets written is encrypted. FDE at the block level gives less info to the adversary than file based encryption. With detached /boot (and maybesome other stuff) (like on a USB stick), and plain dm-crypt, you can even have plausible deniability that the storage medium was just overwritten with random data. LEO can't do anything for LUKS or dm-crypt if they can't bypass the lock screen, short of a cold boot attack. That's true for file-based encryption, too. The lock screen (on Linux, at least) isn't related to disk encryption and doesn't have to be.
> The security models of desktop operating systems are far, far behind those of mobile operating systems
What about Qubes? That's my standard. Everything else has worse security almost by definition (since you can virtualize it and increase its security that way).
> The first sentence is inherently incompatible with the security structure of GrapheneOS (for example).
My mistake - sorry. I wanted to say something like:
> I would choose something as locked down as GrapheneOS (no root) for its security if I were to use it to install random apps or to run JS from random sites - examples of exposing myself to unnecessary danger like someone who doesn't know what he's doing. I would choose something with root but wouldn't run random apps with root permissions or JS on a browser started with root permissions.
I somehow mixed both sentences when editing.
> it doesn’t matter if you’re only giving “trusted” apps root, all it takes is one supply chain exploit, one malicious developer, one anything to make that app with root do something its not supposed to do.
That's where we differ on our views of security, agency and responsibility. I own the computer so I should be able to give root to whatever I trust. I already trust the the hardware, the myriad of developers writing the OS, the libraries they've used and so on. Yes, trusting less things is better, but there's a tradeoff and we can easier restrict the OS further and further until we're left with nothing. The OS shouldn't restrict what I can trust and what I can't trust. Why is the OS trying to force me to not trust any app but only the millions on lines of code of the OS itself and the hardware?
> The point is to not give applications root, giving them root circumvents basically all of the protections GrapheneOS and Android give the user.
Giving all applications root might circumvent all protections in GrapheneOS and Android. How does giving 1 application I trust circumvent all protections? Let's say I wrote the app (and I trust myself) and then formally verified it - just for the sake of argument. Although I'd give root to apps I didn't write or verify because I am an adult who can choose what code to trust. We already have important information and already give important permissions to apps that, if compromised, can ruin our lives easily (browsers, communication apps and so on).
> The problem is that we don’t know how they could leverage it, so the solution is to eliminate that pathway entirely.
So apps are both sandboxed and there are robust permissions which make Android much more secure than most desktop OSes, but we can't even give an app root because it might somehow wreck the whole system? I don't get this. By that logic we don't know if any app could compromise any of the system processes that have root (or functionally equivalent access). The solution would be to not run untrusted apps in the same OS at all, to have different computers or some hardened virtualization like Qubes? I get that it's not black and white, but my hypothetical terminal app with root permissions won't be the only process with root permissions running on the OS, so why is it THAT bad to give it root? Especially when I'd run it with root only for certain tasks, just like I don't "sudo ls ~" but just "ls ~".
> This is also my issue with the push for Linux phones onto the average person (instead of the community coming together and forking AOSP if they want to escape Google). The platform has zero real sandboxing, and the average person still wants to use Meta apps as shit as they are. These big tech companies’ and governments’ apps would go absolutely crazy on Linux phones.
Why not try to use existing security mechanisms in various Linux distros (or Qubes) to prevent Meta's apps from going crazy? Additionally, why can I load facebook.com in Firefox on Linux and be relatively certain I won't get pwnd by Facebook even though I have root on Linux? That would mean we trust browser sandboxing more than Android sandboxing. Yet we have root on Linux and can do anything with the browser. What I mean is, you state that Android is so secure, yet we trust it less than untrusted JS on a browser on desktop. If we don't, should we disallow people to run JS (or even CSS, as there have been attacks via CSS) at all?
> my view is that we shouldn’t be pushing root-capable mobile operating systems onto the average person
My view is that we should default on root-capable devices for anyone. If a user doesn't feel sure in their abilities, they may select "I am not sure of my abilities to operate a computer, lock it down for me permanently" option. Otherwise it's on them. We shouldn't be nannies for people. People will eventually learn when enough people get burned. We should be nannies for obvious cases of mental retardation where the person requires round the clock care, but not for everybody. We're not sheep and shouldn't all be treated as sheep even if a lot of us are.
> Also preventing root allows devices to pass attestation checks. I know it has a dirty connotation in light of how companies are behaving recently, but it really is a security benefit for a device to be able to prove that it’s base operating system is unmodified (i.e. no persistent malware is present).
I might see a benefit for workers in a company for work-provided computers because they're company owned, but any attestation for user-owned computers that is imposed on a user will almost inevitably lead to a dystopian future where computers get more and more controlled, locked down and even backdoored without a way to even see if they are. For example, in many jurisdictions you're required to have phone, to use Android or iOS, to have an account with Google or Apple, to not have root and to not run a custom ROM in order to use basic public services or banking (even if my bank account has like 5 bucks in it and I wouldn't care less if it got hacked). That is absolutely wrong and if we don't do something it's going to get much worse in the future. We should fight these restrictions whenever we encounter them. We the people own our lives - we should own our computers and we should own (as in responsibility) our choices.
If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I'm sure FOSS can make a feature equivalent Instagram (or Whatsapp, or whatever) but the people aren't in there.
I use all kinds of computers for communication. I'm communicating with you on my desktop. I had a call earlier on my laptop. And a phone IS a computer, so why pretend it's not?
> If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.
I wouldn't use proprietary work tools on a personal device. It's not good hygiene.
I don't care if Instagram requires an app on a non-rooted phone with verified Google attestations because I don't use it and it's not essential.
Banking apps ARE a problem because a lot of banks don't let you use their site without their app at all. That should be solved with regulations - give people a FOSS banking app or, better yet, an API, so they can bank however they want to. Let us create FOSS interfaces for the different banks. Right now we need to revert the regulations who more or less force us to rely on Google or Apple's attestation. Internet banking is important both because there's a trend, even in countries where cash is still widely used, to have places that don't take cash, and because it's a highly regulated system paid for my taxes - I should be able to participate in a modern way with bullshit restrictions allegedly made to prevent someone's grandpa from getting hacked or phished.
But if I can't access my bank online, I'm not going to bow my head and buy a bank-approved phone with a bank-approved OS and a bank-approved $tech_company account. Who banks that often that they really need to do that, outside of places like Sweden where cash is almost dead?
Sure, now get a date, connect with old friends, get invited to a party or join your children's school parent groups exclusively on free software.
>And a phone IS a computer, so why pretend it's not?
I agree we shouldn't, I'm just saying that it's unlikely for that need to meet a large enough demand.
You might consider Instagram, whatsapp or similar apps personally not essential, but for many (I would say most) people they are - if not truly essential for living, at least essential in the sense that they don't have much use for their phone outside of those apps.
Which was my point, as long as the main use of a phone requires passing through meta's (or whoever else's) hoops, it's going to be a hard battle.
The only minimally mainstream uses of a phone that currently lie outside the walled garden are piracy and emulators, and that's already a stretch.
It's tough, but that's a normal part of trying to change the status quo and fight for something you believe in. The people who I truly care for (and who care for me) have actually installed secure FOSS apps to connect with me and invite me to parties. They were reluctant and in some cases it took months of prodding, but it happened. And slowly there's a network effect - friend X and friend Y both have app Z. They might continue to use Meta to communicate between each other, but if and when they realize they want to move away from Meta, they can use Z.
I haven't had to deal with school parent groups in particular, but I have, in just a few cases over the years, managed to convert small groups from proprietary to FOSS solutions. It's hard, it's not the usual outcome (often they stay in their walled garden and I don't join them), but sometimes, just sometimes it works. That means there is actually hope and we can keep fighting the good fight. If we win, everyone wins.
I also understand if someone agrees with me, but reluctantly uses a closed proprietary solution to connect to the school parent group if it's important to them to be in that community. But losing a battle doesn't mean we have to forfeit the whole fight.
librem 5 is also an option. It is sorta expensive and weak but is the most capable.
https://wiki.postmarketos.org/wiki/Devices
right now im on calyxos but development has been paused for like a year
Fairphones seems OK, although for €549 I'll probably stick to a dumb phone and invest in a better laptop for now. I'm not saying it's too expensive for what it is, though - it's still a tiny computer with all kinds of periphery.
I just wish there was a version with a shitty camera for €50 less or with no Bluetooth for €10 less - you get the idea.
Interestingly, when I went to
https://www.fairphone.com/shop-home
the prices for the headphones were lower for a few seconds and got higher afterwards.
€186.75 -> €249
€74.25 -> €99
while the phone price remained the same. Both are increases of 33.(3)%. Probably a script that determined my location and added a VAT.
> If you choose to root, then I believe its not considered to be "GrapheneOS" any longer and assistance will not be provided for issues you face
Getting no support would suck. Obviously it's a FOSS OS, so it would be community support for the most part, but it's still invaluable when you run into issues.
I'm quite surprised people who post here don't get that. I've been lurking for years even though my account is new and even though general hackerishness here has gotten a bit reduced over the years, but it's still HackerNews, not ConsumerNews. No offense implied - I just hoped I'd see more people willing to claim their right to own and modify their OS like a true hacker.
Just how I may be OK with staying at home for months with deliveries and internet access and everything else provided for me, but I want the freedom to go outside. There is rarely anything I need that's outside, to be honest. And outside is more dangerous. But I want to be able to sudo outside whenever I want for whatever reason I want.
I think it's completely reasonable to want to be able to get root on your device. For the exact reasons you mentioned. GrapheneOS allows that.
To actually do so, it's reasonable to have a reason. Otherwise what you're doing is basically running commands with sudo "because you can", which will bite you.
To have a rooted phone just for the sake of the trophy of having a rooted phone is something generally considered worse. Better to have a rootable phone, which you root if or when you have need of it.
It's really not. Try to realise that it's not meant to be Google's phone and they shouldn't be "letting" me do things
For example, lots of people use phones without any google play framework installed. Without that framework, how does it "carry over"?
This just raises more questions about how this whole process works.
Is it only the play api doing so? If so, then if you de-google, this entire problem goes away?
If not, then how can you 'carry over' to a phone unless you also install the play framework? Seems like that's unhelpful.
If you run GrapheneOS, LineageOS or whatever, then it's not real Android, and the entire problem of your OS restricting you from installing apps does not exist.
So this is vendor lock-in to an online account being sold as a way to "win" against a problem _created_ by said vendor? I would prefer a per-device wait time and I sincerely hope a Google account will not be a hard requirement. I didn't consider this initially.
Google is in the process of stealing the shirts from our backs and selling them back to us. Whoever wrote this article is drinking the kool-aid. This should NOT be presented as a positive thing. Some of us use Android without a Google account and would still like to sideload.
It was really nice last year when I moved to a new device. I restored my last SMS, call log, and contact backup with the open source app I use for that, then loaded the rest of the apps I use from their APKs. It was a lot like getting a new PC. Very enjoyable.
They're still moving the Overton window on making Android a walled garden. They're playing a longer game.
What a joke. It's not a journalist job to shill for corporations
WTF Concession? Why are we asking google for permission to use the devices we bought as they see fit?
Ok, google is doing what is best for them, abusing users. But the manufacturers are really to blame here because the devices are by default locked to what google and them decide. There is no Market Choice here.
step 2: make situation tiiiny amount better
step 3: proclaim this as "a win"
...really?
Also, let's be clear about the mobile landscape right now. Many apps aren't written in Java or Swift, but instead are being transpiled from other languages like TypeScript and using UI libraries that aren't locked to the mobile platform itself.
When a new mobile platform enters the space it will require some react-native and capacitor glue code and we are in business.