Installing any app I want outside the Play Store was the primary reason I decided to go with Android, despite most of the people I know using iPhones. If I can't do this anymore, I may as well switch and be able to use iMessage and FaceTime with them.
Android is losing a unique selling point. This will have an impact on what a techie may recommend to a non-techie in the future, because everything is beige now.
I have the feeling Google has given up on using nerds as beachheads. The market is saturated enough and they don't need us anymore to do grass roots spreading of their products. It's the same with Youtube. As long as there were enough people who were unencumbered by ads because of their ad block and kept spreading links, the importance of Youtube was growing. After market saturation that vehicle isn't necessary anymore and they can squeeze them out.
The lack of antitrust enforcement is a clown show.
We have no choice in the most important computing category in the world. It's a duopoly and they have everyone in straightjackets - consumers, companies, competitors, governments, ...
A huge percentage of the world's thoughts and economy flow through mobile. And two companies own it.
It is not just that. In my case , everyone around me are using iphone . I made the sacrifice to not easily connect with them and use android so that i have freedom ( to install, customise what ever).
Once that freedom aspect is taken away. There is no reason for me to make that sacrifice.
Until EU's cross compatibility between messaging apps is passed, we are forced to be in vendor lockin.
It’s utterly bizarre how BBM could have been the iMessage and WhatsApp and who knows what else. But rich out-of-touch people thinking exclusivity is a perk in a commodities market just shows how business savvy and wealth are in reality disconnected from eachother.
I glanced at Ubuntu Touch, but its device compatibility looked severely lacking (https://devices.ubuntu-touch.io/).... I have old Pixel phones I could potentially try it out on, but the last Pixel phone that is officially supported is the 3a. So that is a bummer.
> I just switched to the iPhone with the new cycle, explicitly because of this news.
And guess what, sideloading has never been allowed on iPhones.
So you just went from bad to worse. The only rational option for tech-minded people nowadays is to buy a device that supports Lineage or Graphene (ironically Pixels are good for this) and to replace the stock OS.
Then you'd be rewarding the company that pioneered and normalized taking away these rights. The next rights you'll lose will probably originate on Apple again years before Google takes them away too.
You can still install apps outside the play store, but the developer does need to verify their signing information. Effectively this means that any app you install must have a paper trail to the originating developer, even if its not on the app store. On one hand, I can see the need for this to track down virus creators, but on the other, it provides Google transparency and control over side loaded app. It IS a concerning move, but currently this is far from 'killing' non-appstore apps for most of the market.
So let's pick a random example app that might be popular on F-Droid today. Oh, I dunno...newpipe.
Given that Google both owns Android/Google Play Store and YouTube: what do you think they would do with the developer information of someone who makes an app that skirts their ad-model for YouTube?
Google is following the same game plan we saw when they decided that the full version of uBlock Origin (the version that is still effective on YouTube) should no longer be allowed within their browser monopoly.
The fact that there was a temporary workaround didn't change the endgame.
It's just there to boil the frog more slowly and keep you from hopping out of the pot.
It's the same game plan Microsoft used to force users to use an online Microsoft account to log onto their local computer.
Temporary workarounds are not the same thing as publicly abandoning the policy.
From a quick glance at /r/GooglePlayDeveloper/ it looks like Google is just as interested in killing playstore apps! It seems that they only want to support the existing larger apps now. I think they are giving a clear message to developers that its not really worth developing for that platform anymore. I think we will all agree that the playstore needed a purge but they seem to be making it impossible for any new solo devs at this point.
It also makes it easy for google to blacklist a developer, if for example the trump administration don’t like them (the same way apple removing apps documenting ICE).
Pretty sure virus creators could just pick a real ID leaked by the "adult only logins" shenanigans, whereas legit app developers probably wouldn't want to commit identity fraud.
Yeah... no. This is normal with desktop computers. Let's stop handholding people. If I trust the source, I trust the domain... I want to be able to install app from its source.
Googles/Apples argument would have been much stronger if their stores managed to not allow scams/malware/bad apps to their store but this is not the case. They want to have the full control without having the full responsibility. It's just powergrab.
I think they’re just going to track down a random person in a random country who put their name down in exchange for a modest sum of money. That’s if there’s even a real person at the other end. Do you really think that malware creators will stumble on this?
This has to be about controlling apps that are inconvenient to Google. Those that are used to bypass Google’s control and hits their ad revenue or data collection efforts.
Switching to iPhone will make it even more obvious there is an unhealthy monopoly, so that's nice. If there's no good reason to choose Android, why not?
What we really need is a fair alternative to both these abuse platforms. Choosing an unfamiliar abuse over a familiar abuse isn't exactly the smartest move. The switch over to a free(dom) platform like plain Linux must happen even if we have to make some temporary sacrifices like the loss of mobile banking facilities. It can't be worse than using a feature phone, can it? The app ecosystem will eventually attain parity if the platform achieves popularity.
How will Google force Android users to "update" so sideloadinng can be prevented
Non-updated versions of Android running non-updated versions of sideloaded apps will not have the restriction
Another example of how not every "update" is for "security" and "updates" should be optional
The computer owner chooses one version of an operating system, e.g., "I chose Android because I can sideload any app", but by allowing automatic updates, without reviewing them first, the computer owner agrees to let the operating system vendor change the software remotely to anything the vendor chooses. The computer owner goes along with whatever the vendor decides, letting the vendor take them for a ride
If the operating system gets _worse_ in the opinion of the computer owner, if it fails to meet their needs, e.g., "sideloading", then that's too bad. The computer owner chose one version of Android, but by subscribing to "automatic updates" they effectively chose all future versions as well
This is why I prefer BSD UNIX-like operating system projects where I can choose to update or not to update. Unlike the hypothetical Android user, the project does not decide for me
HN replies may try to draw attention to "security" and away from "sideloading restriction". However there is no option to accept "security updates" while rejecting "sideloading restriction updates". According to the so-called "tech" companies that conduct data collection and surveillance as a "business model" through free, auto-updated software, every update, no matter what it contains, is deemed essential and critical for "security"
Online commentators seem to agree that the computer owner should have the choice to install or not install _any_ software outside the "app store", so-called "sideloading". Perhaps this freedom to choose whether to install or not install software should also apply to operating system "updates"
> How will Google force Android users to "update" so sideloadinng can be prevented
Google has the Google Play Services, which can be remotely updated via the Play Store, as has been done for the COVID exposure notification system [0]. Google's Play Protect already hooks into the installation process and could be updated to enforce the signatures.
What happens if the computer owner disables Google Play Services along with the Play Store and keeps the phone offline
(Own experients conducted over the years make this a "rhetorical question" meaning I already know the answer)
Not every app requires Play Services and internet access
(Online commentators sometimes try to argue that all apps, even offlines ones, "require" Play Services otherwise they cannot be updated automatically, highlighting the significance of "automatic updates" in steering debates about Android. Own experiments show that many if not most apps work fine without Play Services and can be updated manually if desired)
Not every phone is used for banking or other "government services"
(For example, some owners have mulltiple phones. Some owners may have phones with older versions of mobile OS that may be used for experiments)
Not every computer owner is the same
(For example, most phone owners do not install any apps at all. Of those that do, most use "app stores", not so-called "sideloading")
HN replies are likely to invoke "security" as a retort to any suggestion of decision-making and control being placed with the computer owner
Automatic updates are pretty unrelated. Google can just release an updated version of google play services or a device verification API and everyone's banking/government ID apps will stop working until you manually update anyway. They have a pretty big stick to whack you over the head with if you don't update to the new version "for security"
Maybe it’s because I’m European but I’ve never understood what iMessage even is or what it offers above either sms or WhatsApp/signal. And I’ve used an iPhone for the past 15 years.
There are no good reasons left to use either platform - you're basically paying an arm and a leg to rent a device whose primary purpose is to usurp your attention and plunder your wallet at every possible opportunity.
Use and encourage your circle to use Signal, so you're not limited to any given platform, or the political or ideological whims of the gardenmeisters.
Google has gone full enshittified with this move, might as well move as far and as fast away from all the shit if you're technically capable, introduce whatever pressure you can to signal that there's a desperate need in the smartphone market for something clean and honest.
“There are no good reasons” really? One of my favorite things about iOS/ipados is the incredible selection of music creation apps. My iPad is loaded with synths, sequencers, and effects. AUM in particular is an amazing program for live performances mixing both software and hardware using a touch interface.
Many, but not all, of the programs I use on iPad are also available on Mac and Windows at much higher prices. That alone is reason enough to use a iPad. Most of these apps can be run on the least expensive iPad and/or older ones.
Like it or not, computing appliances have led to really good software markets. The “clean and honest” software markets are either much more expensive or don’t exist at all. The optimist in me is hoping that Android losing some freedom might lead to higher quality software and some actual competition to Apple.
Firefox with UBO is still a huge win. But Orion browser is making progress. At this point I just don’t see a reason to go android anymore. If I have to be part of a walled garden I may as well choose the nicer one.
You can still side-load signed apps. It's a similar limitation to macOS which won't let you run apps that Apple hasn't signed without command line or control panel shenanigans. Compared to iOS, Android still has the advantage of installing your own full browser (like Firefox) with full-fat ad blocking (uBlock Origin, not Lite). iOS is Safari-only right now though, in theory, some alternative engines may be available in Europe later.
With macOS you run "sudo spctl --master disable", and then you can run whatever you want without sending PII to Apple. Is that the case with the new Android stuff?
You can install full uBlock Origin in the Orion browser, on iOS. It also has decent built-in ad blocking (though uBlock Origin is still better).
I had been thinking for a long time to switch to Android (GrapheneOS, probably) when my current iPhone 13 dies, but this whole thing with "sideloading" on Android is making me reconsider. If I can't have the freedom I want either way, might as well get longer support, polished animation and better default privacy (though I still need to opt-out of a bunch of stuff).
Antitrust action is badly needed in this area. It is ridiculous that I need permission from my device manufacturer to install software on hardware I own. There is no viable alternative than to live in Apple and Google’s ecosystems. This duopoly cannot be allowed to keep this much control of the mobile platforms.
There needs to be a mandatory override for any lock down put in place by a manufacturer. I understand the need for security, but it should be illegal to prevent me from bypassing security if I decide to on my own device. Make it take multiple clicks and show me scary warnings, that's fine.
Technically Android still allows installation of anything if you use the debugging tool. Maybe that is where we have to draw the line, I'm not sure.
Aside from everyone pointing out that you can't do that on most phones, there's also the fact that installing your own OS will block you from using many apps that check your secure status.
The funny thing here: They have active spyware and malware on their app store. They go by vague offical sounding names like "Gallery" and "Messages" "Text Messages"
I've reported it and that goes to an google form where the app stays up. I've even gone farenough where I've escalated through internal Google contacts. Nothing is done. It's not sideloading that's the issue.
It's google. This is a hostile behavior to all users of the devices and developers of their platform.
_--
My thoughts on where this might go:
We're getting into an era where there are organizations that are violently hostile to your device and they demand that. These people believe that the device you paid for and the service you paid for is theirs.
I.e. mobile ids from governments, which may introduce client side scanning. More so, theres a hostile push for "age verification" which would lean on the Play integrity chain. Want to find out who does this? Look into Magisck on reddit and the apps people have difficultly using. This is not a case of "someone wants to hack something".. it's all about control.
If you're watching the Root/third party space.. right now there are issues running apps. Some apps scan for "SuperSU" app and will refuse to run. (As in they're not sandboxed)
They believe it because it’s true. RMS et al. have been predicting this for eons, but now that these companies feel comfortable to move overtly it’s pretty much too late to stop them.
We need to stop calling it "sideloading", we should call it freely installing software. The term "sideloading" makes it sound shady and hacky when in reality it is what we have been able to do on our computers since forever. These are not phones, they are computers shaped like phones, computer which we fully bought with our money, and I we shall install what we want on our own computers.
How badly screwed are we that the term "installing" doesn't work because it doesn't exclude the now default assumption that someone else controls everything you are allowed to install.
> when in reality it is what we have been able to do on our computers since forever
You do realise that's been changing right? Slowly of course, there's no single villain that James Bond could take down, or that a charistmatic leader could get elected could change. The oil tanker has been moving in that direction for decades. There are legions defending the right to run your own software, but it's a continual war of attrition.
The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.
"Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that."
Unfortunately it also means giving the key to the Kingdom to a company like Microsoft or Google which are definitely adversaries in my book. Keeping them in check was still possible with full system access.
Even Apple I don't trust. They're always shouting about privacy but they define it purely as privacy from third parties, not themselves.
And they were the first to come up with a plan where your phone would spy on you 24/7.
> The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.
I've been in tech and startup culture for over a thousand programmer-years (25-30 normal years). It wasn't dot-com or the crash. It was mobile. The mobile ecosystem has always been user-hostile and built around the exploitation of the customer rather than serving the customer. When the huge mobile wave hit (remember "mobile is the future" being repeated the way political pundits repeat talking points?) the entire industry was bent in that direction.
I'm not sure why this is. It could have been designed and planned, or it could have evolved out of the fact that mobile devices were initially forced to be locked down by cell carriers. I remember how hard it was for Blackberry and Apple to get cell carriers to allow any kind of custom software on a user device. They were desperately terrified of being commoditized the way the Internet has commoditized telcos and cable companies. Maybe the ecosystem, by being forced to start out in a locked-down way, evolved to embrace it. This is known as path-dependence in evolution.
Edit: another factor, I think, is that the Internet had no built in payment system. As a result there was a real scramble to find a way to make it work as a business. I've come to believe that if a business doesn't bake in a viable and honest business model from day zero, it will eventually be forced to adopt a sketchy one. All the companies that have most aggressively followed the "build a giant user base, then monetize" formula have turned to total shit.
If you want a real blackpill (I think this is the right word), consider the famous Cathedral and the Bazaar.
I recently had a realization: I can name Cathedrals, that are 800 years old, and still standing. I can't name a single Bazaar stall more than 50 years old around any Cathedral that's still standing. The Cathedral's builders no doubt bought countless stone and food from the Bazaar, making the Bazaar very useful for building Cathedrals with, but the Bazaar was historically ephemeral.
The very title of the essay predicts failure. The very metaphor for the philosophy was broken from the start. Or, in a twisted accidentally correct way, it was the perfect metaphor for how open-source ends up as Cathedral supplies.
>The term "sideloading" makes it sound shady and hacky
"side" refers to the fact that it's not going through the first party app store, and doesn't have any negative connotations beyond that. Maybe if it was called "backloading" you'd have a point, but this whole language thing feels like a kerfuffle over nothing.
I get where you are coming from. However, language like this matters when it comes to legislation. People outside there space will be guided by the sideload language to think it's just "something extra on the side so why should I care?"
Language strongly influences how people perceive things. For example, people shown videos of a car crash estimated higher speeds and falsely remembered seeing broken glass if the crash was described as "smashed" or "collided" rather than "hit" or "contacted"[0].
"Direct installation" sounds neutral to me, but "sideloading" sounds advanced or maybe even sneaky.
Why "first party app store"? You mean the play store with that? Why is that necessarily the "first party app store". I mean, for "Google Android" it might be, but not for AOS.
I always found this term utterly bizarre. It first showed up in the early days of the mobile "revolution" and felt astroturfed, since no developer would think we need a fundamentally new term for downloading software. It felt like something some dark patterns team came up with to discourage free installation of software on your own device.
Of course maybe I'm overthinking it. It's common for people deep in the bowels of an industry to invent pointless jargon, like "deplane" for getting off an airplane. Anyone know where the term "sideload" was coined or by whom?
If Google provides a permanent mechanism to disable this in developer settings, then this devolves to an inconvenience.
The setting to allow unsigned apps could be per appstore tracked by an on-device sqlite database, so a badly-behaving app will be known by its installer.
indeed, but they're not talking about your phone, they're talking about android, which is something you don't buy nor own, you buy a license to use it on the provider's terms.
linux phones can't come soon enough ...
your point about the termn "sideloading" is spot on, though. perverting the language is the first step of manipulation: installing software is "sideloading", sharing files is "piracy", legitimate resistance is "terrorism", genocide is "right to defend oneself" ...
> which is something you don't buy nor own, you buy a license to use it on the provider's terms
The distinction between "own" and "license" is purely a legal one. If I buy a kitchen table I own it, I can chop it up and use the pieces to make my own furniture and sell it. When I buy a copy of a Super Mario game I cannot rip the sprites and make my own Super Mario game because I don't own the copyright nor trademark of Super Mario. But I do own the copy, and Nintendo does not get to march into my home and smash my games because they want me to buy the new one instead of playing my old ones.
> linux phones can't come soon enough
GNU/Linux. I used to think Stallman was being petty for insisting on the "GNU" part, but nowadays I understand why he insists on calling it GNU/Linux. There is nothing less "Linux" about Android than Debian, Arch or any other GNU/Linux distro, but GNU/Linux is fundamentally different in terms of user freedom from Android.
That would require a lot tighter and broader (but not corp-controlled) organization than what open source is accustomed to - making cheap and capable phones that aren't tied to a big corp is big challenge.
If you focus on the fact that Google fraudulently marketed an operating system that allows users to run any software they like (until they successfully drove other open options out of the marketplace) you have all the legal justification you need to force Google to back down.
In the US, there's no requirement for a company to honor the claims of prior advertisements for things that they might do in the future for a different product. And even if a company does lie about the features of their product, advertising law does not require a company to change the features of their product to meet those claims. What could be required is a change in the advertising, or a refund for people who bought the devices under the false terms.
But if you advertise a certain side of feature features in a phone three years ago, and sell something completely different next year, that's entirely legal.
It's certainly possible for the same company to create an open platform in addition to a separate platform that is a walled garden.
Microsoft Windows is an open platform that is open to running whatever software you want, while Xbox is a walled garden.
That doesn't mean that Google can fraudulently market an open platform and then close it after driving competing platforms out of the market without running afoul of antitrust law.
However, if Google wants to create a new platform that is a walled garden, as long as they are honest with users about what they are selling, that would be perfectly legal everywhere except the EU.
I think the reason you keep reiterating this is because once you realize that there is no legal justification to go after Google for this move under current US law, the only real solution becomes obvious: new legislation, and you really don't want that, because you know it will apply to Apple devices as well, which would be The End of the World.
(This is before Apple/Google lobbying efforts result in either the death of the bill or a bunch of exceptions allowing companies to do "notarization" or "developer verification".)
The Android Developer Blog called it "an ID check at the airport which confirms a traveler's identity but is separate from the security screening of their bags."
From the mouths of rubes, I guess. The ID check at the airport has zero to do with safety or security and everything to do with the airlines' business model (no secondary market for tickets), enforced by government.
>The ID check at the airport has zero to do with safety or security and everything to do with the airlines' business model (no secondary market for tickets), enforced by government.
If it's really about protecting "airlines' business model", why did TSA recently start requiring REAL ID to board flights? Were airlines really losing substantial amounts of money through forged drivers licenses that they felt they needed to crack down?
I think you still have the right to travel without ID. The TSA may demand it, and may tell you it's legally required, but that doesn't make that true. If you show up at the airport without an ID, you'll still be allowed to fly domestically. Of course, how easy that is probably depends on whether you frame it as a "woops!" or as a "fuck you guys!". They'll put you through extra "security" screening and try to confirm your ID other ways.
"In fact, the TSA does not require, and the law does not authorize the TSA to require, that would-be travelers show any identity documents. According to longstanding practice, people who do not show any identity documents travel by air every day – typically after being required to complete and sign the current version of TSA Form 415 and answer questions about what information is contained in the file about them obtained by the TSA from data broker Accurint…."
This is nonsensical. The minute the government doesn’t check ID to get on a plane that coincides with your ticket, the airline will start doing ID checks before getting on domestic flights just like they do for international flights.
And some airports are now allowing non fliers inside the terminal.
Even hotels force you to verify your ID to check in even though the reservation I’d transferable - just add a guest to your room when you make the reservation.
I know this is side topic but if buying the Android or iPhone hardware gives us hardware we don't control, then what alternatives we realistically have? I do own pinephone (and I was recently reading that they kinda staled with development of new phones hardware), I know about librem.. is there anything else on the market?
LineageOS? /e/OS? ArrowOS? Android has so much momentum that seems like it would be difficult to avoid a fork. I know Waydroid exists, but I'm not sure that's good enough. Ubuntu Touch sounds really cool too, but I've put effort into it with a used Google Pixel 3A and it's not an easy, cheap thing to try out right now. And it's still dependent on binary blobs for drivers, as far as I know. Not a great situation.
Regarding banking apps and things like that, I don't run into to any issues except for not being able to scan checks for deposit on the mobile website. And also I have to have physical credit cards. If you can't do what you need, consider changing to a local credit union which has your interests in mind far more than a for-profit bank.
I've never run into a need for apps for a government purpose, but perhaps I will someday.
I'm sure my situation where I live may be different than your situation where you live.
I don't use an open source fork of Android daily and from what I can tell the best option that exists today.
The only hardware that I know will continue to be open enough for this to be viable in the future is Fairphone. I hope there are others. I would definitely would NOT trust Google Pixel to remain open for the foreseeable future.
Personally, I'm trying to get out of the habit of using my phone anyway, so I might as well have laptop or desktop hardware that can fulfill my needs.
Bought a used iPhone 7 for a specific project requiring a supported OS (iOS15) and having a hardware security module and the phone worked fine for that but Microsoft Authenticator refused to install below iOS 16 for no obvious reason.
Readit News
I have the feeling Google has given up on using nerds as beachheads. The market is saturated enough and they don't need us anymore to do grass roots spreading of their products. It's the same with Youtube. As long as there were enough people who were unencumbered by ads because of their ad block and kept spreading links, the importance of Youtube was growing. After market saturation that vehicle isn't necessary anymore and they can squeeze them out.
Google needs to be broken up. Apple too.
The lack of antitrust enforcement is a clown show.
We have no choice in the most important computing category in the world. It's a duopoly and they have everyone in straightjackets - consumers, companies, competitors, governments, ...
A huge percentage of the world's thoughts and economy flow through mobile. And two companies own it.
Ma Bell was nothing compared to this.
Dead Comment
It's become my go-to for "I need a utility for X task".
I, too, love vendor lockin.
Until EU's cross compatibility between messaging apps is passed, we are forced to be in vendor lockin.
It’s utterly bizarre how BBM could have been the iMessage and WhatsApp and who knows what else. But rich out-of-touch people thinking exclusivity is a perk in a commodities market just shows how business savvy and wealth are in reality disconnected from eachother.
We do not have to choose the lesser of two evils this time.
Sideloading was the killer feature for me as well.
And guess what, sideloading has never been allowed on iPhones.
So you just went from bad to worse. The only rational option for tech-minded people nowadays is to buy a device that supports Lineage or Graphene (ironically Pixels are good for this) and to replace the stock OS.
Then I might as well treat myself with better hardware & ecosystem.
Remember when GPS navigation was a $5/month app that was a cellular plan addon?
Deleted Comment
Given that Google both owns Android/Google Play Store and YouTube: what do you think they would do with the developer information of someone who makes an app that skirts their ad-model for YouTube?
The fact that there was a temporary workaround didn't change the endgame.
It's just there to boil the frog more slowly and keep you from hopping out of the pot.
It's the same game plan Microsoft used to force users to use an online Microsoft account to log onto their local computer.
Temporary workarounds are not the same thing as publicly abandoning the policy.
It means that Android is no longer suitable for my own private dev projects.
Googles/Apples argument would have been much stronger if their stores managed to not allow scams/malware/bad apps to their store but this is not the case. They want to have the full control without having the full responsibility. It's just powergrab.
I think they’re just going to track down a random person in a random country who put their name down in exchange for a modest sum of money. That’s if there’s even a real person at the other end. Do you really think that malware creators will stumble on this?
This has to be about controlling apps that are inconvenient to Google. Those that are used to bypass Google’s control and hits their ad revenue or data collection efforts.
Developers, and power users often pre-date these kinds of smartphones.
How will Google force Android users to "update" so sideloadinng can be prevented
Non-updated versions of Android running non-updated versions of sideloaded apps will not have the restriction
Another example of how not every "update" is for "security" and "updates" should be optional
The computer owner chooses one version of an operating system, e.g., "I chose Android because I can sideload any app", but by allowing automatic updates, without reviewing them first, the computer owner agrees to let the operating system vendor change the software remotely to anything the vendor chooses. The computer owner goes along with whatever the vendor decides, letting the vendor take them for a ride
If the operating system gets _worse_ in the opinion of the computer owner, if it fails to meet their needs, e.g., "sideloading", then that's too bad. The computer owner chose one version of Android, but by subscribing to "automatic updates" they effectively chose all future versions as well
This is why I prefer BSD UNIX-like operating system projects where I can choose to update or not to update. Unlike the hypothetical Android user, the project does not decide for me
HN replies may try to draw attention to "security" and away from "sideloading restriction". However there is no option to accept "security updates" while rejecting "sideloading restriction updates". According to the so-called "tech" companies that conduct data collection and surveillance as a "business model" through free, auto-updated software, every update, no matter what it contains, is deemed essential and critical for "security"
Online commentators seem to agree that the computer owner should have the choice to install or not install _any_ software outside the "app store", so-called "sideloading". Perhaps this freedom to choose whether to install or not install software should also apply to operating system "updates"
Google has the Google Play Services, which can be remotely updated via the Play Store, as has been done for the COVID exposure notification system [0]. Google's Play Protect already hooks into the installation process and could be updated to enforce the signatures.
[0]: https://en.wikipedia.org/wiki/Exposure_Notification
(Own experients conducted over the years make this a "rhetorical question" meaning I already know the answer)
Not every app requires Play Services and internet access
(Online commentators sometimes try to argue that all apps, even offlines ones, "require" Play Services otherwise they cannot be updated automatically, highlighting the significance of "automatic updates" in steering debates about Android. Own experiments show that many if not most apps work fine without Play Services and can be updated manually if desired)
Not every phone is used for banking or other "government services"
(For example, some owners have mulltiple phones. Some owners may have phones with older versions of mobile OS that may be used for experiments)
Not every computer owner is the same
(For example, most phone owners do not install any apps at all. Of those that do, most use "app stores", not so-called "sideloading")
HN replies are likely to invoke "security" as a retort to any suggestion of decision-making and control being placed with the computer owner
Edit: that said, nowadays, maybe because I'm back in the EU, I use WhatsApp way more often than iMessage.
There are no good reasons left to use either platform - you're basically paying an arm and a leg to rent a device whose primary purpose is to usurp your attention and plunder your wallet at every possible opportunity.
Use and encourage your circle to use Signal, so you're not limited to any given platform, or the political or ideological whims of the gardenmeisters.
Google has gone full enshittified with this move, might as well move as far and as fast away from all the shit if you're technically capable, introduce whatever pressure you can to signal that there's a desperate need in the smartphone market for something clean and honest.
Many, but not all, of the programs I use on iPad are also available on Mac and Windows at much higher prices. That alone is reason enough to use a iPad. Most of these apps can be run on the least expensive iPad and/or older ones.
Like it or not, computing appliances have led to really good software markets. The “clean and honest” software markets are either much more expensive or don’t exist at all. The optimist in me is hoping that Android losing some freedom might lead to higher quality software and some actual competition to Apple.
https://www.youtube.com/watch?v=DnWykPvftfg
Deleted Comment
You still can do that with PWAs in Android. Let's see for how long.
And I wonder when can we stop lying to ourselves pretending "web"-apps are real (native) apps?
I had been thinking for a long time to switch to Android (GrapheneOS, probably) when my current iPhone 13 dies, but this whole thing with "sideloading" on Android is making me reconsider. If I can't have the freedom I want either way, might as well get longer support, polished animation and better default privacy (though I still need to opt-out of a bunch of stuff).
Can you do something similar to load unsigned apps on Android?
Deleted Comment
The perfect should not be the enemy of the good.
Technically Android still allows installation of anything if you use the debugging tool. Maybe that is where we have to draw the line, I'm not sure.
Are there consumer watchdogs in CA that would champion something like this?
https://github.com/zenfyrdev/bootloader-unlock-wall-of-shame
Didn't Google recently kill AOSP and stop providing board support packages for their phones?
I've reported it and that goes to an google form where the app stays up. I've even gone farenough where I've escalated through internal Google contacts. Nothing is done. It's not sideloading that's the issue.
It's google. This is a hostile behavior to all users of the devices and developers of their platform.
_--
My thoughts on where this might go:
We're getting into an era where there are organizations that are violently hostile to your device and they demand that. These people believe that the device you paid for and the service you paid for is theirs.
I.e. mobile ids from governments, which may introduce client side scanning. More so, theres a hostile push for "age verification" which would lean on the Play integrity chain. Want to find out who does this? Look into Magisck on reddit and the apps people have difficultly using. This is not a case of "someone wants to hack something".. it's all about control.
If you're watching the Root/third party space.. right now there are issues running apps. Some apps scan for "SuperSU" app and will refuse to run. (As in they're not sandboxed)
"Why should I change my name? He's the one who sucks"
https://youtube.com/watch?v=ADgS_vMGgzY&t=3s
Android itself calls it "install" when you open an APK file, there's not mention of "sideload" in Android at all as far as I can tell.
You do realise that's been changing right? Slowly of course, there's no single villain that James Bond could take down, or that a charistmatic leader could get elected could change. The oil tanker has been moving in that direction for decades. There are legions defending the right to run your own software, but it's a continual war of attrition.
The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.
"Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that."
https://www.gnu.org/philosophy/right-to-read.en.html
Unfortunately it also means giving the key to the Kingdom to a company like Microsoft or Google which are definitely adversaries in my book. Keeping them in check was still possible with full system access.
Even Apple I don't trust. They're always shouting about privacy but they define it purely as privacy from third parties, not themselves.
And they were the first to come up with a plan where your phone would spy on you 24/7.
I've been in tech and startup culture for over a thousand programmer-years (25-30 normal years). It wasn't dot-com or the crash. It was mobile. The mobile ecosystem has always been user-hostile and built around the exploitation of the customer rather than serving the customer. When the huge mobile wave hit (remember "mobile is the future" being repeated the way political pundits repeat talking points?) the entire industry was bent in that direction.
I'm not sure why this is. It could have been designed and planned, or it could have evolved out of the fact that mobile devices were initially forced to be locked down by cell carriers. I remember how hard it was for Blackberry and Apple to get cell carriers to allow any kind of custom software on a user device. They were desperately terrified of being commoditized the way the Internet has commoditized telcos and cable companies. Maybe the ecosystem, by being forced to start out in a locked-down way, evolved to embrace it. This is known as path-dependence in evolution.
Edit: another factor, I think, is that the Internet had no built in payment system. As a result there was a real scramble to find a way to make it work as a business. I've come to believe that if a business doesn't bake in a viable and honest business model from day zero, it will eventually be forced to adopt a sketchy one. All the companies that have most aggressively followed the "build a giant user base, then monetize" formula have turned to total shit.
I recently had a realization: I can name Cathedrals, that are 800 years old, and still standing. I can't name a single Bazaar stall more than 50 years old around any Cathedral that's still standing. The Cathedral's builders no doubt bought countless stone and food from the Bazaar, making the Bazaar very useful for building Cathedrals with, but the Bazaar was historically ephemeral.
The very title of the essay predicts failure. The very metaphor for the philosophy was broken from the start. Or, in a twisted accidentally correct way, it was the perfect metaphor for how open-source ends up as Cathedral supplies.
"side" refers to the fact that it's not going through the first party app store, and doesn't have any negative connotations beyond that. Maybe if it was called "backloading" you'd have a point, but this whole language thing feels like a kerfuffle over nothing.
"Direct installation" sounds neutral to me, but "sideloading" sounds advanced or maybe even sneaky.
[0] https://www.simplypsychology.org/loftus-palmer.html
Let's calling, "Lameloading" or something to really nail it home.
Of course maybe I'm overthinking it. It's common for people deep in the bowels of an industry to invent pointless jargon, like "deplane" for getting off an airplane. Anyone know where the term "sideload" was coined or by whom?
But: "side talking" Is a worthwhile distraction to Google and look at Nokia N-gage memes.
I prefer the term "unlocked install". Consumers are already familiar with the terms: locked phones and unlocked phones.
Consumers are already familiar with what a "locked phone" is.
The setting to allow unsigned apps could be per appstore tracked by an on-device sqlite database, so a badly-behaving app will be known by its installer.
linux phones can't come soon enough ...
your point about the termn "sideloading" is spot on, though. perverting the language is the first step of manipulation: installing software is "sideloading", sharing files is "piracy", legitimate resistance is "terrorism", genocide is "right to defend oneself" ...
The distinction between "own" and "license" is purely a legal one. If I buy a kitchen table I own it, I can chop it up and use the pieces to make my own furniture and sell it. When I buy a copy of a Super Mario game I cannot rip the sprites and make my own Super Mario game because I don't own the copyright nor trademark of Super Mario. But I do own the copy, and Nintendo does not get to march into my home and smash my games because they want me to buy the new one instead of playing my old ones.
> linux phones can't come soon enough GNU/Linux. I used to think Stallman was being petty for insisting on the "GNU" part, but nowadays I understand why he insists on calling it GNU/Linux. There is nothing less "Linux" about Android than Debian, Arch or any other GNU/Linux distro, but GNU/Linux is fundamentally different in terms of user freedom from Android.
That would require a lot tighter and broader (but not corp-controlled) organization than what open source is accustomed to - making cheap and capable phones that aren't tied to a big corp is big challenge.
Precisely.
In the US, there's no requirement for a company to honor the claims of prior advertisements for things that they might do in the future for a different product. And even if a company does lie about the features of their product, advertising law does not require a company to change the features of their product to meet those claims. What could be required is a change in the advertising, or a refund for people who bought the devices under the false terms.
But if you advertise a certain side of feature features in a phone three years ago, and sell something completely different next year, that's entirely legal.
Microsoft Windows is an open platform that is open to running whatever software you want, while Xbox is a walled garden.
That doesn't mean that Google can fraudulently market an open platform and then close it after driving competing platforms out of the market without running afoul of antitrust law.
However, if Google wants to create a new platform that is a walled garden, as long as they are honest with users about what they are selling, that would be perfectly legal everywhere except the EU.
And even if it did, it’s not like marketing campaigns make claims that last forever.
Red Lobster doesn’t owe you anything because endless crab legs isn’t a thing anymore.
I already replied here: https://news.ycombinator.com/item?id=45512015
I think the reason you keep reiterating this is because once you realize that there is no legal justification to go after Google for this move under current US law, the only real solution becomes obvious: new legislation, and you really don't want that, because you know it will apply to Apple devices as well, which would be The End of the World.
If you want to see what the solution to this problem looks like, take a look at the bipartisan App Store Freedom Act: https://www.congress.gov/bill/119th-congress/house-bill/3209...
(This is before Apple/Google lobbying efforts result in either the death of the bill or a bunch of exceptions allowing companies to do "notarization" or "developer verification".)
Google has to live with the consequences of it's decisions.
Open platforms mean more growth more quickly, but they also place restrictions on what you are allowed to do in the future.
From the mouths of rubes, I guess. The ID check at the airport has zero to do with safety or security and everything to do with the airlines' business model (no secondary market for tickets), enforced by government.
If it's really about protecting "airlines' business model", why did TSA recently start requiring REAL ID to board flights? Were airlines really losing substantial amounts of money through forged drivers licenses that they felt they needed to crack down?
Immigration politics
"In fact, the TSA does not require, and the law does not authorize the TSA to require, that would-be travelers show any identity documents. According to longstanding practice, people who do not show any identity documents travel by air every day – typically after being required to complete and sign the current version of TSA Form 415 and answer questions about what information is contained in the file about them obtained by the TSA from data broker Accurint…."
https://papersplease.org/wp/2020/05/19/tsa-tries-again-to-im...
https://papersplease.org/wp/2024/03/18/buses-trains-and-us-d...
https://en.wikipedia.org/wiki/Freedom_of_movement_under_Unit...
And some airports are now allowing non fliers inside the terminal.
Even hotels force you to verify your ID to check in even though the reservation I’d transferable - just add a guest to your room when you make the reservation.
Regarding banking apps and things like that, I don't run into to any issues except for not being able to scan checks for deposit on the mobile website. And also I have to have physical credit cards. If you can't do what you need, consider changing to a local credit union which has your interests in mind far more than a for-profit bank.
I've never run into a need for apps for a government purpose, but perhaps I will someday.
I'm sure my situation where I live may be different than your situation where you live.
I don't use an open source fork of Android daily and from what I can tell the best option that exists today.
The only hardware that I know will continue to be open enough for this to be viable in the future is Fairphone. I hope there are others. I would definitely would NOT trust Google Pixel to remain open for the foreseeable future.
Personally, I'm trying to get out of the habit of using my phone anyway, so I might as well have laptop or desktop hardware that can fulfill my needs.
I have no requirement to use apps other than calls, navigation, something to let me view pdf, take photos and maybe browse HN :) (already a big bunch)
Problem will be with banking apps and such, well you can get an used iphone and in lockdown mode it should be fine even if it reaches EoL.