This is the risk of “trusted computing” architectures. Who is governing the “trusted” part of that.
These cryptographic signatures are not as much of a death knell for Android as some would have you believe. The trick is to get a common code signing cert into your device, that is then used to sign any third party APK you want to run. You can avoid the Google tax this way. I assume that’s how most sideloading sites and apps are going to handle this.
The question is, how do you add that certificate? Is it easy and straight forward (with plenty of scary warnings), as a user? Or is it going to be a developer options deal? Or will I need root to add the cert?
I’m not sure what that answer is right now.
I just want to finish this post with a few words about trusted computing models. Plainly: Apple has been doing this for years … That’s why you download basically everything from an app store with Apple. Whether on your Mac OS device, your iPhone, iPad or whatever iDevice… Whether the devs need to sign it, or the app gets signed when it lands on the store, there’s a signature to ensure that the app hasn’t been tampered with and that Apple has given the app it’s security blessings, that it is safe to run. Microsoft and Google have both been climbing towards the same forever. Apple embedded their root of trust in their own proprietary TPM which has been included with every Mac, and iDevice for a long ass time. Google also has a TPM, the Titan security module, I believe that was introduced around pixel 3? Or 4?.. Microsoft made huge waves requiring it for Windows 11, and we all know what that discussion looks like. Apple requires a TPM (which they supply, so nobody noticed), Google has been adding a TPM and TPM functionality to their phones for years, and now Windows is the same. None of this is a bad thing. Trusted computing can eliminate much of the need for antivirus software, among other things. I digress. We’ve been going this way for a long time. Google is just more or less, doing what Apple has already done, and what Microsoft will very likely do very soon, making it a requirement. Battlefield 6 I think, was one of the first to require trusted computing on Windows and it will, for damned sure, not be the last that does. The only real hurdle here is managing what is trusted. So far, each vendor has kept the keys to their own kingdoms, but this is contrary to computing concepts. Like the Internet, it should be able to be done without needing trust from a specific provider. That’s how SSL works, that’s how the Internet works, that’s how trusted computing should work. The only thing that should be secret is the private signing keys. What Google, Apple, and Microsoft should be doing, is issuing intermediary keys that can sign code signing certs. So trusted institutions that create apps, like… Idk, valve as an example, can create a signature key for steam and sign Steam with it, so the trust goes from MS root to intermediary key for valve, to steam code signing key, and suddenly you have an app that’s trusted. Valve can then use their key to sign software on their store that may not have a coffee signing key of it’s own. This is just one example based on Windows. And above all of this, the user should be able to import a trusted code signing cert, or an intermediary cert signing cert, to their service as trusted.
Anyways, thanks for coming to my Ted talk.
Thanks for sharing all of that. I got to think a little bit about stuff that normally I would take for granted.
I know it’s not really ready for it yet, but I guess I’m gonna be looking into a Linux phone before I thought I would.
Same, though this will be the push the community needs to really launch a Linux phone. It’ll suck for awhile, but I’m looking forward to debating phone distros with all of you.
Sorry it took so long to reply, I was waiting for Gentoo to finish compiling on my phone.
I’m using arch mobile btw
I use Debian as my daily driver and am disappointed to see that the best-supported devices under Mobian within my budget are the Pinephone (which has shockingly low specs) or the Pinephone Pro (recently discontinued, no longer sold. Also had poor specs).
I was toying with was getting an SBC with an LTE/5G hat & 7in touch screen, plugging it into a portable battery, and 3d printing a case for it.
Fairphone with PostMarketOS seems more practical.
What are your thoughts on the Furi Phone?
I’d get disappointed if its distro wouldn’t be called FuriOS
The FLX1 runs FuriOS, which is an operating system based on Debian, designed and oriented for mobile use without any artificial limitations.
phew
If Google is going to lock down my device to the point where I can’t install apps without their permission, I might as well dump Android and go straight to Apple. I sacrificed my phone being good for the openness of the platform, but if Google loses that openness, why shouldn’t I go with Apple?
Because the cheapest new iPhone is $600 and you can get a cheap new android phone for around $100-$200 and get 6 years of security updates (Galaxy A16 for example)
If a smartphone is no longer a computer where you can install whatever you want, why bother investing so much money on a very locked-down phone? You can use the hundred of dollars you saved to spend on a small portable PC or something to run any software you want.
$600 is pocket change for a phone these days. And for that $600 you’re getting a flagship phone. You couldn’t pay me enough money to put up with a non-flagship. Been there, done that. They’re too slow and frustrating, and apps keep closing due to lack of RAM. Never again. I much rather spend $600-800 on a high-end device that’s a couple of generations old.
A $200 phone in 2015 is not the same as a $200 phone in 2025. I know from experience.
Those phones in 2015 were awful, but in 2025, they feel more like mid-range phones.
Edit: And $600 is pocket change? Sound like someone lived a privilaged life.
This 100%
I have used tracfone since 2012 and only bought phones from their store, sub $150. The budget phones today are so much better than the last 10 years.
I just can’t wrap my head around sinking that much into a phone when you replace it every year and it cost as much as a decent budget computer, but worse.
I make $19/hr and live paycheck to paycheck. I’m just being realistic about the current cell phone market.
Yeah but my banks don’t support my small portable PC, nor does my mobile phone provider. If I wanted a small portable PC I’d get a small portable PC. What I want is a smartphone.
Openness isn’t just a nice to have. It is essential.
The difference between general purpose computing and gatekept walled garden computing is night and day.
Identifying the devs is not in the “need to know” for Google. Google sells or helps to sell a general purpose open device where it is on us to exploit that device however we will.
Now Google wants to switch to a walled garden, moderated development model.
If Google promises it won’t use those dev IDs to moderate development, their promise is only worth the wind it moves and the sound it makes.
You might say their words are like farts in the wind
We don’t even need to assume: https://torrentfreak.com/apple-revokes-eu-distribution-rights-for-torrent-client-developer-left-in-the-dark/
Apple hardware has always been a generation ahead. Even when android/qualcom catches up, next generation is out already. The reason to avoid apple was it being a closed system money grab.
Apple hardware ahead of Android? I’ll have what you’re having!
Please show me a single benchmark with a flagship android beating a flagship iPhone.
Credit where credit is due, iOS runs lighter than Android and thus needs less powerful hardware, simply: JVM vs LLVM ObjC
a18pro beats M3 max in single core. Compared to 7840hs, it has 40% high single score geekbench 6, though 50% less multicore. Even beats ai395max at single score. Android competition catches up to even in gaming/gpu, but single core/responsiveness is still light years ahead. a19 next month, likely. M3 ultra has competitive aspects to xeon and epyc. Apple definitely has a lead on arm implementations.
The only answer is money at that point. I don’t know how much phones are these days, but aren’t iPhones like $1400, but Android is like $900?
I may be wrong though. Last time I bought a phone was 2018, and it was $600. Still using it.
I already tend to buy the expensive flagship models of phones. I buy unlocked and it lasts me ~5+ years, so I get the best phone I can get at the time and make it last, so money isn’t as much of an issue if I were to move to an iPhone.
This change requires you to attach your real name when publishing software. That’s all. You can still publish to and install packages from anywhere. This doesn’t come close to Apple’s complete control.
Google already scans packages you’re installing for malware and alerts you and allows you to install them anyway. This gives that scanner one more tool to identify bad actors.
Apple now allows sideloading of apps and Google is trying to get rid of sideloading.
What… the Fuck?
Apple now allows sideloading of apps
Apple allows as much sideloading as google wants to next near.
Yes, you can install from .iPa files, but you still need to pay 100€ a year to be able to sign the IPA files, otherwise you cant run them. as much as with googles new policy you now need to pay 25€ + your full name to get a signature, to sign the Apks with
This ⬆️ Apple has set the lowest bar, and google is simply following the trend of “how to keep your App Store the monopoly while conforming to the dma“
Now we have to get EU on the case 😀
To be fair, they are now both on the same level. Both now allow sideloading from “trusted” sources, aka developers verified by Apple/Google.
Don’t call it sideloading. Did you watch the video?
Yea but Apple got sued into allowing that
So yeah we’ll do a decentralized Linux phone of sorts, if Google is going full 3rd Reich with Android we’ll move to a Linux based OS phone.
Simple as that.
Who is we? what group of people has the dev funding and time to produce FOSS hardware and software to compete with the average android phone?
We the people that want a finished product with distribution and a good eco system from day zero. It must be next gen hardware and be priced more than competitively.
It’s good to want, and I say that as someone who would dance for joy if an open source phone became viable. If you think starting a new ecosystem and expecting it to be “good, next gen, priced competitively” is feasible via volunteer work anytime soon, I want whatever you’re smoking :)
It was a sarcasm.
You forgot your /s
Expecting sarcasm to be understood in text is dumb. Too many dipshits exist to assume people arnt serious
I wouldn’t call it dumb but maybe expecting too much from people now that convenience and hand holding is expected at all times.
*Canned laughter that fades into awkward reflective silence.*
Dude. On what hardware? My 1 years old AND 4 years old Samsung phones now lock their bootloader.
Random, fly by night China phones won’t have enough documentation or enough consistency in hardware to be a viable rally point for firmware devs, will they?
Don’t get me wrong. I will buy exactly that Linux Phone for my next device if it gives me three browsers and enough untracked fundamental functionality like calculators and contact lists.
But I’m genuinely worried there won’t be a hardware vendor in the game in my market (the land of Y’allQaeda) to sell me a compatible device that plays nice with the three mobile providers that still exist here.
The openness of Android is the thing that kept me on the platform. Now that the openness is being removed, iOS is now more appealing.
Sadly, I think most of the customers that use Android never sideload a single app at all. I don’t expect this to create a mass exodus, but a smaller one with power users.
You’re pissed about it? Visit here: https://opencollective.com/postmarketOS
IMHO that’s our best shot. Totally Google free, mainstream Linux kernel.
Don’t worry as the current OEMs continue to lock down bootloaders and lock required drivers behind copyright and other restrictive licensing schemes they will ensure nice things like PostmarketOS at best remain fringe and never able to replace modern phones for daily usage.
Most of they will but hopefully we will still have projects like PinePhone or Fairphone that will support it.
That’s not how you spell UBports.
I do support the PostmarketOS project, but it has much further to go before it’s friendly enough for regular people. Short of Valve releasing a Steam phone, I think UBports is better positioned to bring genuine linux to mobile.
No one here is talking about regular people. Regular people will keep using stock Android.
UBports still relies on Android kernel and services. Custom ROMs are such a small part of the Android ecosystem that I didn’t think Google will go after them yet they did. Can we be sure in a couple of years they will not try to destroy Android based distros like UBports?
I also don’t really like the entire idea behind UBports. It’s so heavily modified you can’t even easily run native Linux apps so you’re limited to Ubuntu Touch apps. As a developer I’m not really interested in learning completely new framework that supports only one platform. We have solutions to create cross platform Linux-Android apps so I can move my apps from Android phone to PostmarketOS without any work, they already work there.
So I’m supporting PostmarketOS and I really hope it will be usable when my Pixel phone dies. If not I will switch to something Halium based. What else is there to do?
Yeah I agree. I’ve used PMOS as well as Lineage and Graphene. The latter was the best experience and PMOS was the one that needed the most work, at least to reach any sort of side adoption.
I’m actually looking at something running SailfishOS as my potential happy mid-point, but currently the Jolla phone - which would be my preferred device for this - doesn’t seem to shop outside Europe yet.
Is 20.04 the latest release?
No, it’s currently on 24.
The version number with “OTA-#” at the end is the “over the air” updater.
Does this also work with android tablets? Or is there a separate os for those?
Here you can see current state: https://wiki.postmarketos.org/wiki/Devices
In theory it will just be another Linux able to run on everything Linux supports + Android hardware. Honestly I don’t know if it will ever run on common modern phones but it should at least be possible to run it on more “open” phones like Fairphone or PinePhone.
These are the most supported devices, maintained by at least 2 people and have the functions you expect from the device running its normal OS, such as calling on a phone, working audio, and a functional UI.
If the above is where we are at still with PostmarketOS, it will be a decade or more before it is anything more than a curiosity. The table stakes of what people, even us tech nerds, expect from a smartphone fit for daily use is so much more than “it can make phones calls and the UI works” it is not even funny.
As I said, I don’t think we can expect PostmarketOS to work on normal phones but looking at the table they have PinePhone figured out. My hope is that we will soon see something like PinePhone but with proper specs that will actually be usable and that some phone makes like Fairphone will help make PostmaketOS run on their phones. Couple of properly supported models is all we really need and I hope it’s couple of years away, not a decade.
Can you just refuse to upgrade your 2021 or previous (nothing on their device list applies to models released after 2021) to not be affected by this policy change? I have never noticed a useful feature in android version upgrades for quite a while now.
Yes but you will also stop getting security fixes. After some time it gets risky.
> be me
> buy new phone, chose android cause I can install anything on it
> get free iphone from work
> sell iphone on ebay cause I can install anything I want on my android
> google doesnt want me to install anything I wantFuck me. I kept the wrong phone.
So in your world, a completely locked down phone is better than a phone that you can easily open up again by flashing a ROM or replacing Gservices for MicroG with adb + Magisk?
They are both now on the same level. Both iPhone and Android now allow sideloading of apps of “trusted” developers, so developers verified by Google/Apple.
This is an android 16 feature, scheduled for sept 2026 “prerelease” and 2027 rollout. I expect/hope some phones will have a setting to disable “the security”. If not, there is great opportunty for high end hardware linux first phones, with good android emulation software.
I’ll go to iphone if it’s not able to be disabled. And I hate iphone.
Doesn’t iPhone already have pretty much the exact restrictions that are coming to Android?
I don’t have an iPhone to test, but google is showing mixed results so I can’t confirm.
However, Ive been on android for about 20 years, never owned an iPhone, always android. I’d ditch it just for blocking it as a point.
If side loading is actually allowed on iOS it’s exclusively because the past few years of lawsuits forced them to, and they keep trying to block it in new ways. Android can only be equally bad as Apple at worst, because Apple is as bad as they are legally allowed to in a given jurisdiction. So picking iOS over Android over that specific issue seems odd. They get brownie points for having blocked it from the start?
- Android will require apps to be signed with real name signatures. You can install apps from anywhere.
- iPhone doesn’t allow any apps to be installed except when downloaded from Apple through iTunes.
You can side load on iphone. I can’t verify since I don’t have an iPhone, but I’m seeing mixed posts online.
Either way, I’d change on the fact they’re disabling going forward just as a parting middle finger.
deleted by creator
I think I am just done with the whole concept of the convenient prepackaged tech product, and especially staying “connected” with them.
For example, I stopped wearing a smart watch this summer and it’s been a positive. I was the type to wear it 23 hours a day and track my sleep with it and everything. It turns out that not instantly seeing every notification or knowing the exact minute of the day are not a big deal, sans are even good for me.
Part of what I’ve also done is use my phone a lot less and my linux desktop a lot more. I use it as a mobile communication device and not my computer for everything. I guess the next time I need to replace it I’ll either get an iphone since everybody in my family has one, or I’ll see where these wonderful Linux phone projects end up.
This was the main reason I have a spare android phone to install whatever I want on it and just factory reset if there’s an issue. Android / Google is really shooting itself in the foot cause there isn’t a point in owning an android after this imo
Similar story here. I’ve got apps that I need to use from developers that are not around anymore. My old phone only needs wifi and I’ve disabled/uninstalled everything else. The phones battery last like 7 days now.
Sideloading being so easy on iphones and now becoming very difficult on android. Wow
Yeah but don’t you have to boot up your PC and connect your phone to iTunes once a week to re-enable developer mode to be able to sideload? Is there a more permanent method that I’m unaware of?
Jesus, how the heck is this called “sideloading is so easy on an iPhone”?
That’s a nightmare procedure, and completely unnecessary.
Obviously Apple makes sideloading as hard as possible.
No i dont have to connect my phone to a pc. It refreshes from the phone and i sideload from my phone
They are converging to become the same thing.
Its not any better on iOS, fyi, they too require Apple’s final approval.
They don’t require apples approval at all not sure if youre talking about the EU. Im talking about sideloading with sidestore and live container
deleted by creator
They also stopped support that allowed for easier development of custom ROMs a couple weeks back. So it’s not good news for custom ROMs. Either someone needs to form Android for good, or Linux phones are our next best bet.
Back in 2019 when the leadership changed, they moved to be 100% about advertising, which is why Google started going browser fingerprint tracking. Invasive is the name of the game. Within 6 months of that, they’re also locking down their entire ecosystem like Apples does, specifically to squeeze more data out for advertising. This isn’t an action taken in a vacuum.
Are you sure it won’t apply? As far as I understand, it’ll apply to all devices with Google services installed. Which includes most ROMs, as well as non-Google ROMs after you manually install gapps. Is my understanding off?
The requirements apply to all “Google-certified Android devices” which includes:
Devices with Google Play Store
Devices with Google Mobile Services (GMS)
Devices with Play Protect
All mainstream Android devices from manufacturers including Samsung, Xiaomi, Motorola, OnePlus, and Google Pixel
Custom ROMs without Google services & uncertified devices are not affected by these restrictions.
From the linked wiki.
deleted by creator
Soon aurora store may stop working. They could add some crap to the apks in the play store that checks whether the phone has google services. So either the devs put their apks somewhere available (like on fdroid, which most wont do), or theyll just put their binaries on the play store, which will just be a useless blob for those that dont have play services. Then we get another shitty cat an mouse game about spoofing play services, them catching up, on repeat.
Just get root, and it wouldn’t be too difficult to bypass.
I already bypass many of Google’s stupid and arbitrary restrictions like their minimal SDK version requirement for side-loading apps and such with Magisk and Xposed modules.
When it comes to the current final frontier, Linux phones, what brands/models would be the best option? Or are you all really recommending iPhones?
Linux handheld with a 4g usb modem, doing calls over the internet. Just an idea, im not doing this, nor do i know how practical it actually is.
You can’t sideload in Linux.
“All” you need to do is reflash your phone and reinstall Android/Chromium (soon to be renamed Android). Since you are not a certified supplier, the checking is not activated.
On Chromebooks the setting will be on, since they are used in schools, but since it has a terminal you can remove the block, it won’t be simple, probably terminal commands and changing configuration files, but it won’t be impossible.
Will this kill FDroid ? I imagine yes since you have to install it from a download.
My suspicion is that the main purpose of Googles decision is to stop F-Droid and Aurora Store from working.
They don’t care about those.
They want revanced and other ad circumvention tools out.
They ARE an ad company, you know?
And especially any youtube app that blocks ads. OF COURSE Google will never allow Newpipe, Revanced, FreeTube and so on to be installed on Android phones ever again.
None of those have worked for me on Android since a couple of months.
Firefox with uBlock Origin is the last bastion, and don’t think that’s not on their radar.
Hey don’t mind me, I’m just gonna whip out my steamdeck (that I already have) to watch a youtube video using the desktop firefox. (Yes I know its 720p, but whatever lol, its good enough for gaming, its good enough for youtube)
I have no idea if this shit is coming to android tv, but i turned updates off just in case as I use SmartTube Next on it to watch ad free youtube. Ugh. Fuck google.
