Google: 'Your $1000 phone needs our permission to install apps now'". Android users are screwed - Louis Rossmann

luffy879@lemmy.ml

Adb can uninstall Gservices and Magisk has a MicroG module

xnx@slrpnk.net

Look up sidestore and Live Container. I have many apps sideloaded without jailbreaking

xnx@slrpnk.net

No i dont have to connect my phone to a pc. It refreshes from the phone and i sideload from my phone

xnx@slrpnk.net

They don’t require apples approval at all not sure if youre talking about the EU. Im talking about sideloading with sidestore and live container

neo2478@sh.itjust.works

I agree, that’s why I have a Fairphone. It’s a way to minimize that impact.

greyeyedghost@lemmy.ca

I'm pretty curious about the C2, as well, but don't live in their market, and don't want to pay 100% of the phone cost in shipping fees, etc. And after all that, I have no guarantee of support. As for the €60 per year, my latest phone is an S22 Ultra, half of whose features I no longer use due to the updated Samsung TOS. I can absorb that cost for the sake of updates, if they'd let me.

ilandar@lemmy.today

I'm not sure I'd call those methods easy. They are all way more time consuming and annoying than Android is currently.

redacted@infosec.pub

Recommending iPhone because of freedom restrictions feels quite ironic

f_off_reddit@lemmy.world

So yeah we'll do a decentralized Linux phone of sorts, if Google is going full 3rd Reich with Android we'll move to a Linux based OS phone.

Simple as that.

exu@feditown.com

Apple just recently made it impossible to install one torrent client from the Alt-store. They're not any better than what Google is planning.

zeca@lemmy.ml

Linux handheld with a 4g usb modem, doing calls over the internet.
Just an idea, im not doing this, nor do i know how practical it actually is.

zeca@lemmy.ml

Soon aurora store may stop working.
They could add some crap to the apks in the play store that checks whether the phone has google services. So either the devs put their apks somewhere available (like on fdroid, which most wont do), or theyll just put their binaries on the play store, which will just be a useless blob for those that dont have play services. Then we get another shitty cat an mouse game about spoofing play services, them catching up, on repeat.

alcoholicorn@mander.xyz

Lol. Which do I use in Vietnam? Serbia? If I'm in Canada and Trump threatens to invade, should I switch to the pixel for a week?

zeca@lemmy.ml

Im sure the us uses its tech dominance to sway political opinions one way or another in my country (brazil). And spying on people is a requirement for that. It seems like an attitude in line with the history of the relations between the us and brazil (and countless other countries). China probably tries that too, although i dont have a strong historical evidence for that disposition from china.

extremeboredom@lemmy.world

Unfortunately a Fairphone is not a secure device.

misterd@lemmy.ca

Yea but Apple got sued into allowing that

jacksilver@lemmy.world

Yeah, but that doesn't help if you can't make apps that support the hosted services. Google is trying to have complete ownership of what runs on your phone.

interdimensionalmeme@lemmy.ml

The point is so that most people can't or won't figure it out or get discouraged.
So that in time, google's "unwanted" software will be starved of attention and funds to continue being developped and these "weeds" in their garden slowly wither and die

wetbeardhairs@lemmy.dbzer0.com

The upgrade cycle on iphones is longer than that on android. $1200 flagship samsung phone turns to shit after 2 years. $1100 iphone keeps chugging for 4-5. The android rot is real. Apple is far from perfect but the phones last way longer on average and end up having a lower cost overtime. That is if youre not buying bottom of the barrel budget phones to compare against.

mystikincarnate@lemmy.ca

This is the risk of "trusted computing" architectures. Who is governing the "trusted" part of that.

These cryptographic signatures are not as much of a death knell for Android as some would have you believe. The trick is to get a common code signing cert into your device, that is then used to sign any third party APK you want to run. You can avoid the Google tax this way. I assume that's how most sideloading sites and apps are going to handle this.

The question is, how do you add that certificate? Is it easy and straight forward (with plenty of scary warnings), as a user? Or is it going to be a developer options deal? Or will I need root to add the cert?

I'm not sure what that answer is right now.

I just want to finish this post with a few words about trusted computing models. Plainly: Apple has been doing this for years ... That's why you download basically everything from an app store with Apple. Whether on your Mac OS device, your iPhone, iPad or whatever iDevice.... Whether the devs need to sign it, or the app gets signed when it lands on the store, there's a signature to ensure that the app hasn't been tampered with and that Apple has given the app it's security blessings, that it is safe to run. Microsoft and Google have both been climbing towards the same forever. Apple embedded their root of trust in their own proprietary TPM which has been included with every Mac, and iDevice for a long ass time. Google also has a TPM, the Titan security module, I believe that was introduced around pixel 3? Or 4?... Microsoft made huge waves requiring it for Windows 11, and we all know what that discussion looks like. Apple requires a TPM (which they supply, so nobody noticed), Google has been adding a TPM and TPM functionality to their phones for years, and now Windows is the same. None of this is a bad thing. Trusted computing can eliminate much of the need for antivirus software, among other things. I digress. We've been going this way for a long time. Google is just more or less, doing what Apple has already done, and what Microsoft will very likely do very soon, making it a requirement. Battlefield 6 I think, was one of the first to require trusted computing on Windows and it will, for damned sure, not be the last that does. The only real hurdle here is managing what is trusted. So far, each vendor has kept the keys to their own kingdoms, but this is contrary to computing concepts. Like the Internet, it should be able to be done without needing trust from a specific provider. That's how SSL works, that's how the Internet works, that's how trusted computing should work. The only thing that should be secret is the private signing keys. What Google, Apple, and Microsoft should be doing, is issuing intermediary keys that can sign code signing certs. So trusted institutions that create apps, like... Idk, valve as an example, can create a signature key for steam and sign Steam with it, so the trust goes from MS root to intermediary key for valve, to steam code signing key, and suddenly you have an app that's trusted. Valve can then use their key to sign software on their store that may not have a coffee signing key of it's own. This is just one example based on Windows. And above all of this, the user should be able to import a trusted code signing cert, or an intermediary cert signing cert, to their service as trusted.

Anyways, thanks for coming to my Ted talk.