You must log in or # to comment.
We really really need an open OS for mobile phones that is actually competitive with commercial offerings.
I don’t think the OS is the problem - it’s that some of the critical service/apps people rely on (government ID, banking) only exist for the closed systems. Third party OS’s try to “solve” it through various container approaches running the official apps, but since they see that as a security problem it’s not something you can fully trust to be working at all times.
All those “apps” are websites. You could say NFC is special, but so is gps.
To be fair, a lot of those depend on some client side trust. Which is conceptually stupid, but it is the way it is.
I think they’re both pretty big problems. An open OS and hardware that supports it seems to be a huge hurdle, but at least there is a clear vision of how to solve it. The problem you bring up though… It seems like we’ve almost gone too far at this point and it’s gonna be really hard to put the cat back in the bag. It seems like something we need to solve with legislation potentially?
This. Alternative OS exist: Ubuntu Touch, postmarketOS, SailfishOS, just to name a few.
What is missing are the apps people want. And those include mostly commercial apps, where the developers need to weigh dev hours vs profits, and decide to only target the big two for obvious reasons. That is the key problem.
Doesn’t android allow this?
You know, it’s true - I have never heard a Linux user refer to something as sideloading, even though Linux is the platform that originated official software repositories.
The key thing to understand is that there’s a big fucking difference between a “repository” and an “app store.” One is designed for the convenience of users; the other is designed to exploit them.
Exactly right. The message of the post is that “side-loading” is only used in reference to exploitation services. We could just as easily refer to side loading in Linux and it would be accurate in every way, except that there is no exploitation.
It’s literally the exception that proves the rule.
deleted by creator
This does feel like a bit of a double-standard to me. I’ve hated how Microsoft and Apple have introduced app stores on Windows and macOS and try to push people to only install from there instead of directly from the developer. And yet on Linux the advice seems to be never ever download directly from the developer; you should only download from the package repository provided by your OS (which sure feels like an App Store). And that package probably wasn’t even provided by the developer or the OS but some random volunteer that you just assume has good intentions.
The key difference is that one is advised, the other is enforced.
If you used Linux before the repos were fully developed then you understand why they were created.
Who else remembers “dependency hell?”
Corpos just took the same idea and twisted it into something else.
Dependency hell was what drove me back to Windows. Fortunately, I didn’t stay there and I learned how to apt-get.
My package manager installs all of the dependencies the program needs and takes care of updates, too. If I install directly from the developer, I have to do all that myself. Fuck that.
Nothing ever comes “directly from the developer”, and any developer that attempts to do so ends up in a level of hell not yet documented. There are way too many distros, way too many architectures, way too many moving targets, that also includes iOS, macOS and Windows. No single developer can hit them all. There’s no standard packaging either. So, usually they only package for one or a handful of popular distros, or one container format. But that’s the magic of FOSS. Anyone can take the source code and repackage it, redistribute it and make it available for others. This is assumed to be a strength and not a weakness of FOSS and Linux. Thus, the distros create their own official repositories where they make themselves responsible that everything will mostly work nicely with one another.
The difference is that package repositories are safe havens of compatibility. While appStores are enforced cages that cannot be escaped. If a package repository tries to fuck up with users, hurt the FOSS space (looking at you Ubuntu Snaps), or gets compromised by a bad actor; you just move to another repository, another distro, a different format, another safe space. If Android or Apple decides to enshittify and fuck over customers, users, get compromised or do something to hurt developers, you are fuck out of luck. This difference matters.
Because the Linux repositories are apathetic third parties (ie they have no reason to care whether or not you download any given app) while Microsoft and apple are financially incentivised for you to buy buy buy.
This means that when you download a .exe from a vendor instead of going through the windows store you’re cutting Microsoft out of their cut of what you paid and you’re denying Microsoft information about what it is that you bought. But the flipside is Microsoft didn’t impartially verify that it’s not malicious.
When you download a .deb instead of going through apt, you’re also denying them their cut (of nothing) and you’re denying the repository managers the ability to see what you’re doing, but Linux people generally trust repository managers to not be selling their habits to advertisers and governments.
I will say there is a reason to side load on Linux though, paid software is sometimes unavailable through repos.
Installing from a repo via a terminal does not feel like an App Store at all. It’s only the GUI apps that do and those are all entirely optional. Exactly how it should be. God’s in his heaven. All’s right with the world.
I measured the heights of myself and my niece and found them to be different, clearly a double standard must be involved.
You yourself mentioned a lot of differences between corporate app stores and distros’ software repositories. Why are you surprised people rate them differently?
Perhaps because your standards are different from more Linux users’ standards.
I for example would rather take my chances with a random volunteer rather than trust a corporation that had a history of breaking laws and I know it to want to make money off me.
And yet on Linux the advice seems to be never ever download directly from the developer
Are people really giving this advice that often and that strongly? I find myself building more and more things from source these days. Especially with modern languages that OS maintainers are actually having a difficult time packaging in the way they’re used to.
It may feel like a double standard but it’s not
Most Linux stores are created and maintained by volunteers
Those stores aren’t limiting software they host based on what makes them the most money. Money isn’t involved.at all
Linux won’t stop you from adding more stores
Linix won’t stop you from manually adding any other software, either as a package or even manually building it from scratch
My feed is curated by the Illuminati
That’s what they want you to think.
Only in the US, I guess. In my country and in Europe this will not fly…
Nope
These requirements go into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified Android device in these regions must be registered by a verified developer.
2027 and beyond: We will continue to roll out these requirements globally.
https://android-developers.googleblog.com/2025/08/elevating-android-security.html?m=1
We can hope…
edit
To clarify, I hope it will not fly outside the US, but looking at the world around I feel this is not very realistic hope
Aren’t they claiming this move is specifically to comply with the EU’s Digital Services act?
Apple just enabled sideloading in the EU to comply with the DMA. I highly doubt that android will be allowed to remove sideloading
they are everywhere one just has to learn how to read the signs 🔝🔜⚛️
(/s)
Source:
https://mastodon.social/@StaticR@guild.pmdcollab.org/115098597705331466This isn’t a fight over security, or even the control to form a walled garden. This is to eliminate privacy, the ability to run anonymously written code. This forces every bit of code to be tied to a name and face. It shortens the legal legwork needed to pin down who made what, this will be used to eliminate anonymous groups compiling their own E2EE communication network. Time is important when your trying to use a compromised member of a group to make a honeypot trap.
ETA: Whoops, hit the wrong reply button
nudging the EU with a stick Come on, do something
Plot twist: EU enacts Chat Control.
It was said you were to destroy the Sith, not join them!
The number of people I encounter, even on Lemmy, that genuinely believe and rigorously argue that being able to install or distribute software on devices you own is actually bad because “security” is beyond horrifying to me. They have been brainwashed into thinking that corporate monopolies are not only acceptable but desirable because you can completely and blindly trust Mom’s Old Fashioned Robot Oil to make all your decisions for you, for a modest fee and no opting out, of course.
This is why society is collapsing.
Dude, I’ve been fighting this fight for over 10 years starting on reddit.
The amount of people, even supposedly?!? tech savy people that bootlick and excuse corporate behaviour is maddening. To the point makes you want to be conspiratorial and think they are saboteurs.
What I will never EVER understand is being loyal and “loving” a company. No matter if it’s Apple, Samsung, Google they ARE NOT your friends. In fact they are the exact opposite and will make your life worse if it means they can squeeze an extra cent out of you.
Lately I’ve been thinking that what it is, is people trying to eliminate that overwhelming sense of existential dread which springs from all of this, by buying into it, just like fascists do- “if I join them they won’t come for me”. They start telling themselves that “maybe it’s for the best”, that “maybe good things will come of it”, and once someone makes that jump it’s easy for them to become zealous or fanatic, not only because it gives them an even greater sense of empowerment because they’re now part of an ingroup or a club, but can also get off even more on perceived moral or intellectual supremacy over others.
These are extremely uncertain times, and uncertainty makes human scared and anxious, and scared anxious humans latch on to anything that gets them out of those feelings, in this case like surrendering before this gargantuan machine that they can neither understand nor control.
It’s like with cultists. They crave the comfort of someone telling them what the truth is, to give them certainty. I don’t know, something I thought about.
deleted by creator
I strongly disagree. There is absolutely a use case for my mom not needing me to wipe her phone every time she tries to get Duolingo or whatever.
There is no scenario where an entire segment of devices should be locked to two companies having full control of what software can run worldwide, though. That part demands regulatory intervention.
You’re right that there’s value in having a software repository with “vetted” apps in it. And at the same time, there’s a difference between “here’s stuff we’ve done some kind of due diligence on” and “you aren’t allowed to install anything we haven’t okayed.” That’s what Apple and now Google are doing.
(I also think there’s value in having a word like “sideload” to describe the action of installing software not in a repository. It’s just that it’s tied up now in this paternal attitude from the big companies)
Yep. No disagreement from me on any of that.
At most I’d argue that I don’t mind that Apple does that as long as someone else does not. If Apple wants to have a closed system that’s all good, but from the perspective of regulation and anti-trust you can’t have EVERY platform be closed. You need at least one viable open competitor to prevent the owners of the hardware from owning all the software by definition. It’s just like I don’t have a problem with Nintendo needing to certify all the games on the Switch as long as there is a Steam Deck, or Sony certifying PS5 games as long as you can run games on a PC.
But if all the software on the planet had to be on either the PS5 store or the Nintendo eShop I would absolutely have a problem with those being locked down. That’s what this shift means for the mobile market.
That just sounds like the system needs a separate “Admin” mode to do things like that. Your mom can take the risk of messing with that herself (which can be very educational!), or leave that for you or someone else to handle. But that would let her make a more informed choice, even without technical ability.
Sure. I don’t disagree with that. In fact, that’s how it currently works on Android, more or less. It’s actually looser now than it has been in the past.
But “informed choice without technical ability” is not a thing. You can’t be informed if you don’t understand what you’re doing. People online that more or less understand computers but don’t necessarily understand how other people interact with computers tend to miss how this works. My mom doesn’t choose to take risks or not, she won’t read what’s on the screen and if she reads it she won’t understand it, and if she understands it she won’t trust it, because she doesn’t have the knowledge to distinguish a genuine message from the OS trying to ask for confirmation from a janky physhing request.
My mom thinks Whatsapp messages can hack her bank account and freaks out every time her phone asks her to reboot for an update. She doesn’t have the time or interest to get to a place where she can change that, and more to the point she shouldn’t have to. It’s prefectly fine to buy a device that will only let you do the things you want to do and won’t let you do the rest.
As you say, that device just needs some process by which someone who cares and knows how to do more stuff can reclaim full access.
Yeah this is where I’m at too, there is no reason these device makers should be locking us out of doing what we want with our phones. Their app store can exist along side other install options and compete on usability instead of monopoly.
Yep. I don’t need Google to let me install apks freely and I don’t need them to host everything on the Play store with zero supervision.
But I do need F-Droid to keep working and to be able to install software that Google has zero visibility on, or a way to unlock my device to be able to sideload stuff. There is zero reasonable argument to say that Google is the only valid arbiter of signed software on the planet.
I argue that would be even more of a use case for the device owner to have such control.
Then you’d have rights to control which software your mom can install on the phone.
Why, in the love of all free tech support would I ever want to do that?
I swear, people just don’t grasp how normies use computers. I don’t want my normie relatives to have me micromanage their devices, I want their devices to be foolproof and do the five things they need to do.
That’s not what I want for every device, though, so there needs to be an alternative for people who post on federated social media and performatively use open source software. If there are only two providers in a segment and both lock down all sideloading that’s not acceptable, but the concept of locked down devices by itself is not.
This is not such a challenging concept. I am convinced most people in this thread would get it just fine outside of the context of having a knee-jerk reaction to the last thing they read online.
It’s an option you have. Personally having to do the same thing for my family, I configure an idiot-proof setup and I don’t get random calls from my parents / grandparents.
Blocking sideloading won’t help you here either though. You can just leave your mom using Google play store which vets the applications on the store.
You can lock down a device security-wise without locking down a device freedom-wise.
That said, I don’t think there ever will be a foolproof device, that’s not realistic.
If you want to guarantee someone won’t fuck up their device that’s what Administration is for. That’s what child controls and safety features are for.
Its not that I “don’t get it” its that I’ve been there and done that. And I use the tools given to me to make my life better. Those tools are for managing what my normie grandparents can and can’t do, because in reality, they just want to face-time their grandchildren, check emails, and print photos. But they’re also targets for scammers.
No, trust me, it’s that you don’t get it.
What you’re describing is an inordinate amount of effort and you clearly don’t realize just how much. There are billions of people with billions of devices. People who can “configure an idiot-proof setup” at all are outnumbered many thousands to one.
There isn’t a you to configure anything for most people with a mobile phone. That’s not how that works. It either works out of the box and forever or it’s broken and unusuable.
And sure, locking it down is no guarantee. People can still mess up their Apple phones, and those do like a thing and a half. Less than that without Apple’s strict supervision. But this is a matter of degrees. The difference between a few of those thousands of unsupervised normies making a mistake each year and 10% of them making a mistake each year is the difference between Android being a viable platform and it being a broken mess nobody uses.
I feel like I’m weirdly relitigating every other conversation I have with people about Linux over here. It’s kind of exhausting.
And to reiterate, that doesn’t make Google insisting on having the ID of the author of every piece of software allowed to run on Android acceptable. It’s just the difference between a reasonable objection and… not that.
You’re right, it is an inordinate amount of effort.
So much effort, that I don’t believe doing it on the scale Android / Google would need to do is possible.
We see Google, Apple failing at this insurmountable effort all the time. Even Linux has failed at it sometimes with supply chain attacks.
And frankly I don’t feel that Google can do better than what they’ve done already in terms of sideloading. Right now of you don’t want to go through the app store, you have to ignore two separate warnings when you side load a malicious app. At that point it’s negligence.
Because of that I don’t feel that adding this restriction to sideloading will help the situation. I believe it’s a cop out, if anything they should direct the effort to the Play Store more. There is plenty of actually harmful malware on the Play Store that we can see in the news is a much larger impact than sideloading applications.
That’s probably why no one is empathizing with what you’re asking for, there is too much showing this change is in bad faith.
We did have that impossible to screw up device in feature phones. But we traded that for pocket computers that enable us to install, and build apps.
As for Linux, I completely agree with you. It still needs to improve user friendliness. It’s improved exponentially lately, and could be argued to be better than Windows, but it’s still not as good as smartphone computers which are the epiphany of user friendliness (and ignoring the dark patterns being added).
For the record, people are misunderstanding what Google is doing. They aren’t enforcing full verification of every app, and presumably they’re not preventing third party stores, since regulators have already forced their hand on that front.
They are demanding to keep verifiable ID on the authors of every app for the app to be able to launch from any source. Their pitch is not to centralize, which they would like to do but aren’t allowed to do, their pitch seems to be to give you a paper trail where you know who made the malware because Google literally has a copy of their ID on file. Microsoft already has this for Windows as a certification system, but crucially on Windows you get a (deliberately very scary) “this app is unsigned and is probably malware” pop up that you can still bypass. It take a lot of unintuitive clicking, but you can still run the software. Google is saying they won’t have that workaround at all now on the subset of devices they flag as “Android certified”.
In practice this is fairly neutral in terms of security, but it focuses on enforcement and visibility. Besides the very real question of how to even implement this for distributed development or open source applications of the kind that doesn’t bother submitting to Google Play, it may also have a heck of a chilling effect on a whole bunch of things you really don’t want chilled in terms of privacy and anonimity for developers. It means if you want to control what software can be on ANY phone you need to get to basically three companies across the planet and that’s enough. Likewise if you want to go after someone who made a piece of software for whatever reason.
But that’s not what the conversation we’re having is about, partly because nobody seems to be looking past the headlines, partly because nobody wants to engage with the nuance of the situation and is looking at it from the myopic perspective of principled access at the cost of added complexity when that’s not at all what this is about.
I understand the paper trail that this is creating.
But it does come across as Google gatekeeping.
For example, what if I want to build an app, and distribute it outside of app stores with zero involvement from Google? It appears that cannot be done because I’d need to identify with Google through the developer program.
What happens if Google doesn’t like that I made a chat app that bypasses censorship in specific country, it gets removed from play store, so i publish it on my website. What if Google gets mad at this and flags my identification?
Suddenly no one can install my app that has nothing to do with Google.
To me, even if it seems like a benign change, I can see how it can be exploited by Google to push whatever agenda they want.
If Google disappeared the day after this is rolled out, would I still be able to add a valid identifier to my apk without Google’s involvement?
maybe technology is not for everyone. but if grandpa wants to video chat with his kids, maybe it’s the responsibility of the kids to help him. set up child limits or deal with the occasional problems. if grandpa cannot determine if an app is safe, they will install plenty of unsafe apps from the play store too, as google play’s vetting is not nearly as good as some like to argue, so it’s better for them if they just can’t do so by themselves.
Nnnno.
Grandpa is not a child. Grandpa is an adult. With, you know, income and independence and a full brain. Grandpa is well within his rights to own appliances that do things grandpa doesn’t fully understands but that are useful to Grandpa.
There is value for Grandpa (and for your jock brother that doesn’t understand computers, this isn’t an age problem) to have access to applications where he pays some company to do a thing for them. Those companies can take some of the complexity out of their hands, and Grandpa should be protected from abusive practices. It’s not on Grandpa to do research on technology just to make a phone call now any more than it was for 1960s grandpas.
Nnnno.
Yyyyes.
Grandpa is not a child. Grandpa is an adult.
of course. that’s out of question. However the tools provided by parental controls is what can solve this problem effectively. It’s specifically for the case when the user cannot use the device responsibly for one reason or another. you set parental controls up, and now they can’t break their phone.
what is the reason you think the parental controls function is not appropriate for grandpa? does it block him from doing something he should be able to do freely?
Grandpa is well within his rights to own appliances that do things grandpa doesn’t fully understands but that are useful to Grandpa.
I totally agree! And with that, he is well within his rights to break his phone accidentally. the question is not that. the question is whether you want to help him avoid that. with parental controls you can allow him to do everything he needs to do.
There is value for Grandpa (and for your jock brother that doesn’t understand computers, this isn’t an age problem) to have access to applications where he pays some company to do a thing for them. Those companies can take some of the complexity out of their hands, and Grandpa should be protected from abusive practices.
Yes. That works if grandpa is willing to ask professionals before (or after) doing something stupid. If that applies, you don’t set up parental controls for him, but allow him to do whatever.
If he is not willing to do that, he needs to be barred from breaking his phone. That’s why you support google’s plan, because they implement that, right?
But the problem is that they implement it ineffectively because they can still install plenty of hot garbage from the play store, and it’ll make every other user’s lives harder who know at least somewhat what they are doing, plus of those who are willing to give help to relatives any day. Because they either won’t be able to install apps that they trust, outside of the play store, or it will come with huge consequences like making google play integrity checks fail, or these apps being restricted in what can they do.that is why you don’t implement such insanity on all phones worldwide, but only individually for those people that need this kindof stronger guidance.
It’s not on Grandpa to do research on technology just to make a phone call now any more than it was for 1960s grandpas.
who needs to do research on that? you gave him the phone, it’s your job to show him how to place a call. but this point is not even relevant because google’s planned limitations wouldn’t do anything so that your grandpa can place a call if he doesn’t know how to do that.
If I ever go insane and write a manifesto this will be on it.
Sounds fairly sane to me.
This is fine, but the other 582 pages contain some real doozies.
I finally want to switch to android and boom: Custom ROMs and “sideloading” gets swept off the platter. Well ok I guess I‘ll just wait for a good linux mobile OS
SailfishOS. Fun fact, it’s also finnish.
Just an FYI I think they still did not deliver on the promise of open sourcing.
And I believe you’re still supposed to buy a license unless that’s changed recently.
Removed by mod
deleted by creator
Right? Linus Torvalds keeps that source code under lock and key.
This isn’t a fight over security, or even the control to form a walled garden. This is to eliminate privacy, the ability to run anonymously written code. This forces every bit of code to be tied to a name and face. It shortens the legal legwork needed to pin down who made what, this will be used to eliminate anonymous groups compiling their own E2EE communication network. Time is important when your trying to use a compromised member of a group to make a honeypot trap.
These guys forget that they are an incredibly stark minority of users. Most users cannot be trusted to have free reign over their own system. We all know this to be true. You’ve troubleshot your grandma’s Jitterbug phone that somehow had Internet Explorer toolbars installed onto it, you know this to be true.
Maybe there is no reasonable case for a developer to have any say over what you - specifically you, the guy who knows what “*nix” means - do with your hardware. But there are plenty of reasonable cases for the other 99.99% of users.
Posts like this are like a mechanic saying “There is no reason for a manufacturer to force drivers into having a catalytic converter in their own engine”. Like… okay, maybe your car is special because you’re a literal expert, but the rest of the world need that thing because they can’t be trusted to manage their emissions on their own.
But these users can fuck their phone up perfectly fine with the offerings provided by the horribly curated play store and thats even intentional. I dont doubt there are also techilliterate users who seek out dodgy sites to sideload some shitty apk. But i dont believe google one bit this move is made to make the experience more secure for this subset of users. Its about as much control as possible over their platform because the line must go up.
But i dont believe google one bit this move is made to make the experience more secure for this subset of users.
It’s in their financial interests if their platforms aren’t synonymous with data breaches. So yes, the security of users is a prerequisite to their profit-driven goals.
You already can’t “sideload” without navigating the options and going through a big scary pop-up saying you better know what you’re doing. In other words, it’s already locked down enough.
This is not about making grandma safe. It is about control.
deleted by creator
That’s fine. They should be LEGALLY required to allow ME to make that call and offer an avenue to allow me to remove it all.
Nobody is saying everyone’s machine MUST be completely open and insecure.
But that’s a far cry from giving me no recourse to make MY hardware do what I want it to.
And before anybody screams “liability”, they’re going to hold you to an EULA anyway - throw a couple lines in there.
Nobody is saying everyone’s machine MUST be completely open and insecure.
Neither am I. I don’t disagree that Google is overstepping with the restrictions they’re imposing lately. It’s a point I’ll damn well argue, myself.
The problem I take is with the argument the OP presents, because it incorrectly suggests that the average user has (or should have) an expert-level knowledge of their devices. Safety rails exist for a reason. Yes, they’re going too far; but no, removing them outright would not be the better solution.
Posts like this are like a mechanic saying “There is no reason for a manufacturer to force drivers into having a catalytic converter in their own engine”
It’s more along the lines of “There’s no reason for manufacturers to forbid my mechanic from installing a perfectly fine catalytic converter just because said manufacturer doesn’t like it”
Giving manufacturers full control over the software users run will not end well. Why should google tolerate a browser that runs an adblock extension? Currently they do so because the alternative would be losing users to alternatives but if they have all android devices under control and make deals with most of the browser devs (it’s all chromium already and firefox is almost entirely financed by google) then you’ll find yourself forced to watch ads. This is what they’re slowly creeping towards.
That would be true, if the Play store was curated any better.
You can still upload malware to the Play store. It happened numerous times, both on the Apple side, and on the Google Side.
Restricting your choice from 2 places of dodgy places to 1 dodgy place does nothing.
Why do you hate property rights?
Because that’s what your argument actually boils down to: utter and complete contempt for users’ property rights. You’re advocating for subjugating them to corporations as technofeudal serfs.
You know this to be true.
You’ve made up some things there. My concern is that the OP is a poor argument for the point it’s trying to make. Not sure where you invented the rest of that bullshit from.
I didn’t make up a damn thing. You clearly and obviously hate property rights. That’s the only reason you could possibly justify trying to take them away from people. Just admit it.
Claiming that corporations – not governments, corporations, which is why your catalytic converter analogy was bullshit BTW – need to self-servingly restrict people in the name of “protecting” them is fucking dishonest and you know it.
Cool, I never claimed anything even close to what you just vomited out. Here’s what I did say, though:
The problem I take is with the argument the OP presents, because it incorrectly suggests that the average user has (or should have) an expert-level knowledge of their devices. Safety rails exist for a reason. Yes, they’re going too far; but no, removing them outright would not be the better solution.
That’s all I was claiming, my guy. Go find your “gotcha” moment somewhere else, because it ain’t here.
What’s being discussed here isn’t “safety rails,” though. Why are you lying?
Android already had “safety rails,” which is why installing from sources other than the Play Store was called “sideloading” and not just “loading.” What’s happening now is that Google is turning those barriers against the users and building a cage to imprison them instead.
People need to understand how fucking despicable and beyond the pale this shit actually is, yet you’re making excuses for it instead. What the fuck.
Yes, you’ve identified that there are multiple rails. Arguably, too many. It’s almost like I pointed that out already.
Yes, they’re going too far
Are you illiterate or just trolling?
I don’t know where you think you wrote that, but it wasn’t in this comment chain. Are you expecting me to go hunting through your user page or something? You are not fucking entitled to call me “illiterate” for responding to what you actually wrote here and not being clairvoyant!
If anything, you’re the one who’s [concern] trolling here, playing devil’s advocate for Google.
People cannot be trusted to govern themselves, this is why I am supporting the redcoats. HAIL KING GEORGE III! /s
By your logic, 30 years ago you shouldn’t have been trusted to have free reign over your system because you didn’t know what you were doing yet.
But you did have free reign, you learned, and now you want to pull the ladder up behind you.
By your logic, 30 years ago you shouldn’t have been trusted to have free reign over your system because you didn’t know what you were doing yet.
30 years ago I would’ve been a child. So… yeah. Not exactly somebody who should have the ability to give root access to any scuzzy app prompting for it.
But you did have free reign, you learned, and now you want to pull the ladder up behind you.
You assume a lot here.
Bad analogy with cars there. A catalytic converter doesn’t change what you can or can’t do with your car. It would be equivalent to, say, government mandate a minimum energy efficiency for phones. Most people including me will have no problem with that.
I think that, with the current state of OSes like Windows and Android, there should be some minimal amount of friction to enabling installation of non-vetted apps. Maybe some switch that can’t be enabled accidentally, or without understanding that there’s risk involved (or at least a switch that can be disabled and password protected) for the sake of children or the elderly.
On the other hand, though, an OS should be built with enough security and sandboxing that no single application can brick your entire device without at least tapping through and giving it a ton of permissions; which means that the only remaining risk to the end user would be access to disinformation or other harmful content, or the risk of personal information exfiltration (i.e. phishing). At that point, a simple block list (or even just an allow list) maintained by a trusted guardian or third party would be sufficient to keep children or the elderly from harmful content, and whoops we’ve just invented the internet again.
I am once again begging for Boot2Gecko to become a thing.
Boot2Gecko is a thing: it’s called KaiOS. It targets lower tech devices though and is just as locked down as Android, potentially even more actually.
I’m interested: why do you want it? I’m not a big fan of the idea of web development being the standard
Let me answer your question with a question: How many things do you do with your phone that aren’t also able to be accomplished with a website already? I’d be willing to bet that the answer is in the single digits. And for most of those, that limitation is likely to be entirely arbitrary, instituted by a developer as an anti-consumer form of lock-in.
Delivering application-like experiences via the web allows users to make accessibility changes to that experience without the developer needing to support it explicitly. It also allows users to implement plugins that extend and improve their experience, by removing undesirable content or adding functionality that you haven’t provided. And because browsers are built on open standards, there’s no longer any device ecosystem lock-in; I should be able to access all of the websites I want to from any browser on any device. Users could even build their own bespoke applications, without the need to enable a developer mode on their phone or get a certification from a megacorp.
And because downloadable and cacheable progressive web apps are a thing, as well as local storage options for browsers, the experience for an end-user of a browser-only phone wouldn’t need to be any different in low-signal or high-latency situations.
The web is a mature and proven platform for delivering arbitrary code and data, plugins make the web more accessible and easier to use, and web standards make the world more open. It’s not a perfect platform, of course, but it’s the one we’ve got; I think making it the default rather than the fallback for the devices most people use more than any other would be a great boon for the world at large.
Let me answer your question with a question: How many things do you do with your phone that aren’t also able to be accomplished with a website already?
This is kinda begging the question imo. Phones are terrible anti-user devices, so I can’t do the things I’d like to do with it that I can’t also accomplish on a website. Wasn’t that kinda the problem that was initially stated in the OP?
Delivering application-like experiences via the web allows users to make accessibility changes to that experience without the developer needing to support it explicitly. It also allows users to implement plugins that extend and improve their experience, by removing undesirable content or adding functionality that you haven’t provided. And because browsers are built on open standards, there’s no longer any device ecosystem lock-in; I should be able to access all of the websites I want to from any browser on any device. Users could even build their own bespoke applications, without the need to enable a developer mode on their phone or get a certification from a megacorp.
Almost all of this would be equally possible if the phone wasn’t just a platform for a browser. I actually think a browser model limits a lot of what you say here, and browsers definitely have ecosystem lock-in problems: what Google says essentially goes these days. The browser isn’t the great liberator of phones imo.
I don’t hate browsers; a lot of what you said is true and great for users with respect to browsers. I do however think it’s a weird way to try to fix the phone ecosystem by replacing a restrictive sandbox with a restrictive sandbox that also ties you to a really terrible development ecosystem.
Phones are terrible anti-user devices, so I can’t do the things I’d like to do with it that I can’t also accomplish on a website. Wasn’t that kinda the problem that was initially stated in the OP?
Maybe I phrased it poorly. I meant, what things do you do on your phone that wouldn’t be possible on a website if you were on another platform?
Actually, I’ve been actively trying to use Firefox Mobile for everything I reasonably can on my phone, and it’s way more possible than you might think.
I actually think a browser model limits a lot of what you say here,
I think you misunderstand me here. I’m not asking for a browser model to increase the number of things that app developers can do, I want to increase the number of things that end-users can safely do, and running web apps in a browser are currently the easiest way to do that.
and browsers definitely have ecosystem lock-in problems: what Google says essentially goes these days. The browser isn’t the great liberator of phones imo.
That’s absolutely a huge problem, yes; but it’s a different one. And in the faintest praise possible, Google does at least maintain fairly solid web standards.
I do however think it’s a weird way to try to fix the phone ecosystem by replacing a restrictive sandbox with a restrictive sandbox that also ties you to a really terrible development ecosystem.
It would be a replacing a sandbox that’s restrictive for the user and developer with one that’s only restrictive for the developer. And I don’t think it’s a particularly terrible development ecosystem; in a lot of ways, the front-end dev ecosystem is the most mature ecosystem. We’re absolutely spoiled for choice in IDEs, in linting tools, in packages…I mean, I used to work in email development years ago. THAT is a terrible development ecosystem, let me tell you.
I meant, what things do you do on your phone that wouldn’t be possible on a website if you were on another platform?
This is still begging the question: your question contains the assertion that the current smart phone model must continue. If you only think about the things you currently do with it, then of course you can do a lot of the same things with a browser model: they’re both restrictive sandboxes in similar ways. Interestingly though, I can name a few things already that are currently easy on an Android phone but not in a browser, the most obvious being running any sort of network server. You can’t take advantage of Linux’s configfs and functionfs APIs on a device that is ironically the best device made to use them. I mean, browsers were never even designed to allow filesystem access so an API would need to be added for that even, something so trivial. There are an almost infinite number of things you can do with direct access to an OS compared to through browsers; browsers are required to treat every single thing they do on behalf of the server they’re talking to as malicious. That’s the whole threat model, and it’s completely correct, but I don’t want that threat model applied to my entire device.
I think we’re just thinking of different things. You seem to be thinking about how to remake the current smart phone experience, and that’s pretty easy to do with a browser model. I think the current smart phone experience is pretty bad and incredibly limiting, so I see a move to the browser model pretty much… no different. I wouldn’t be particularly excited. I never understood the Boot2Gecko excitement anyway.
I’d like to see a smart phone that is just a small computer that happens to also have phone functionality. Where you actually have an entire Linux system available to you, and you’re allowed unconfined root access. You simply can’t get that if you’re being sandboxed by anything. To be honest if Android just stopped all the insanity around full, meaningful root access and unmodifiable hardware roots of trust, I wouldn’t need anything else. I like the availability of the tightly controlled application sandboxes. I love the use of SELinux throughout.
With respect to the development ecosystem… we can agree to disagree I guess. I’d rather leave the industry than deal with modern web development, but that’s just my personal opinion.
Google does at least maintain fairly solid web standards
I have to strongly disagree with this though. Google wants to bring it’s attestation APIs to browsers. What a nightmare. They also try to move browser addon development in user hostile ways, like trying to kill ad blocking. I don’t trust Google to have the user’s best interest in mind for a single second.
Anyway, I asked where you’re coming from so thanks for sharing.
I think I’d rather my phone be a little “dumber” than my laptop or desktop, though. Or I want it to be powerful enough to be the brains of both, but that would make it expensive enough that I would worry about losing it. Making it just a browser gives it enough utility to be broadly useful, but also enough friction that I won’t get sucked into it.
Also, I think a low-cost, low-power, mass-market B2G-type phone (a la the Chromebook) is way more likely than a mass-market Linux phone. Maybe that’s just me being cynical, though.
As for Google, yeah. I agree that they don’t have the users’ best interest in mind. But there’s currently enough of a pull from mobile Safari that they’re willing to play by the rules for now. My understanding is that the Web Attestation API was basically dead in the water—though maybe that’s me being too optimistic, ha.
Anyway, I asked where you’re coming from so thanks for sharing.
Same to you! Good conversation. I appreciate it.
As for KaiOS, I don’t think that’s really a good successor of Boot2Gecko; from what I’ve seen they went the app route, which kind of fundamentally violates the spirit of what B2G was supposed to be.
I’m not sure what the original vision was, but KaiOS is just a fork of Boot2Gecko.
In fairness I’ve not tried it, but their homepage has been all about apps for a while.
I can only hope the EU will set Google straight, the way they did Apple.
The EU will, at some point, cave to the interest of global capital. I am proud that they have fought as well as they have these past few decades, but as long as capitalism rules the planet, capital will always supersede rule of law and democracy in the end.
America is about to, if it has not already, succumb completely to that state of affairs, and once that power is consolidated by the capital, EU will be (one of) the next targets.
They can piss off, there is no way I’m dowloading Google’s ad ridden garbage apps of of their store. I’d rather stop using mobile phones alltogether
The worst part is, the vast majority of people will opt in by default, and when 99% of people do, that impetus will pull everything else in together with it. Us privacy and liberty minded fringe cases won’t matter, because the tech will keep moving in whatever direction is dictated by the giants because they will have ensnared the global population in their schemes, and it will pull us along with the drift.
It’s pretty god damned bleak. We need to seriously organize and coordinate resistance.
