For the past 15 years, F-Droid has provided a safe and secure haven for Android users around the world to find and install free and open source apps. When co...
There’s nothing set in stone yet. Google just committed to doing it is all that’s happened so far. But the response against it has been pretty heavy and we’ll see how it goes. We have to speak up right now and organize our communities like this post is doing.
And the bootloader is now locked down across Samsung’s ecosystem, as of this year. Sucks.
If you move to using an unsecured “chinaphone” as an alternative to the big three handset vendors, then it’s unlikely they are target devices for the myriad of uncertified ROM’s.
I think we are going to need software solutions that can run on major Androdis distributions across the variety of hardware.
I think we’re going to need something like UTM or Docker (virtualization or containerization) for running our unsigned Android apps and services, and I don’t know how feasible it will be.
I’m still holding some hope that maybe Samsung’s flavor of the OS won’t have the restriction of requiring Google keys. Specially considering that Samsung has its own “Galaxy Store” with app submissions controlled by them, not Google.
Though it’s possible they might simply extend the signatures accepted to include also the ones signed by them ^^U …still it would give them a competitive edge to remove the restriction so they might be incentivized to do it.
Would be nice, but I imagine that Samsung would both need to actually be impacted in an meaningful way with their store, and find some way to prevent Play Services (which they have to meet requirements to be able to load on their devices) from just nope-ing non-registered apps. Both of which I seriously doubt would happen.
They have already been working pretty close with Google on things that removed their actual Tizen OS from stuff like their watches in favor of merging their code into Android Wear OS. Would also guess that they might just work something out to either force apps on their store to be signed by Samsung and cleared by Google. Or that they just require apps on their store to only be listed after registering with Google. Not like Samsung really cares about supporting side-loading if the apps aren’t in their (or Google’s) store.
Sadly I think only a OEM like Samsung would have the massive levels of hardware sales and money for making a real fight against Google. F-Droid and other alt-stores or projects lack both and are easy to ignore. If Samsung were to be actually concerned about this, then I think we would have already seen them filing lawsuits and pushing posts/news articles condemning Google’s plans like F-Droid keeps doing (aside from lawsuits due to money).
If they want a lot of play store banking apps + other things that opt into play protect to work they’ll need to add the signature verification requirement.
Will the banks in Korea, EU and many other areas where Samsung phones are very common keep that restriction if it meant alienating that many users? I doubt it. That’s why I think the support of a big player on this would be a killing move.
Also I’m not 100% convinced that it’s impossible to have some verification without it depending on this one change.
I’m even willing to use the web apps or webpages for banking, if the browsers can make the handshakes. I’ll forfeit using the bank first party apps, if their websites are full featured.
Even on GrapheneOS, sure it uses a sandboxed Google Play Store, which is obviously great for users, but the developers of Android apps still have to hand over their personal data to Google specifically as this new decree from the Lords of the Google fiefdom entails.
Because FOSS developers rightly value their personal privacy, this decree effectively kills incentive for FOSS developers to continue making and maintaining apps for Android. Running GrapheneOS doesn’t circumvent this.
It’s like I’m saying “I’m hungry” and you say “Go for a run, it’s healthy for you.” I mean… it’s true that running is healthy… but the act of running doesn’t solve the problem of me being hungry…
Too, you can shove Google into its own separate User from everything else and keep it locked down in an always on VPN or the like. You don’t owe it the primary user on your phone. You can even keep that user shutdown such that none of it runs until you explicitly switch over and run it.
I think you’re missing the point. You say you use FOSS apps for everything. Do you download them from F-Droid?
From the article:
The future of this elegant and proven system was put in jeopardy last month, when Google unilaterally decreed that Android developers everywhere in the world are going to be required to register centrally with Google. In addition to demanding payment of a registration fee and agreement to their (non-negotiable and ever-changing) terms and conditions, Google will also require the uploading of personally identifying documents, including government ID, by the authors of the software, as well as enumerating all the unique “application identifiers” for every app that is to be distributed by the registered developer.
The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.
If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all. F-Droid’s myriad users will be left adrift, with no means to install — or even update their existing installed — applications. (How many F-Droid users are there, exactly? We don’t know, because we don’t track users or have any registration: “No user accounts, by design”)
I get my apps through Obtainium. I usually find the developers pages where they publish source code and the apk and then add them to Obtainium and install from there and let it manage the updates.
Most of the apps I use are also available on f-droid and some probably have play store versions as well.
Not really a fan of Ebay. Getting a used slightly worn phone doesn’t seem like a good idea. The usb C on every phone I have had (if it gets clean or not) starts to not work as well if at all, and the battery is certainly not going to work to 100 percent any more.
One con, too, is that Graphene drops support when Google does, limiting the options around buying quite older models and running them for a long time to keep price low.
I still appreciate GrapheneOS and understand why they drop support, but it is definitely a con compared to other ROMs which trend towards extending support longer.
Alternative ROM market is fringe de la fringe, so there’s sufficient used hardware available. I bought my 7a for 320 eur new and my tablet for 400 eur new though, so the Google tax (or, GOS tax, rather) was moderate.
When will F-Droid stop working on stock android?
There’s nothing set in stone yet. Google just committed to doing it is all that’s happened so far. But the response against it has been pretty heavy and we’ll see how it goes. We have to speak up right now and organize our communities like this post is doing.
LOL. There’s dozens of us here.
Try Graphene today. IT WORKS
Samsung s22 and s25, checking in. Graphene won’t be viable for the vast, overwhelming majority of Android users today or in the coming seasons.
I hope people figure out some kind of virtualization/docker-containerization solution to the coming Goo-lag.
There are many other “uncertified” ROMs.
And the bootloader is now locked down across Samsung’s ecosystem, as of this year. Sucks.
If you move to using an unsecured “chinaphone” as an alternative to the big three handset vendors, then it’s unlikely they are target devices for the myriad of uncertified ROM’s.
I think we are going to need software solutions that can run on major Androdis distributions across the variety of hardware.
I think we’re going to need something like UTM or Docker (virtualization or containerization) for running our unsigned Android apps and services, and I don’t know how feasible it will be.
I’m still holding some hope that maybe Samsung’s flavor of the OS won’t have the restriction of requiring Google keys. Specially considering that Samsung has its own “Galaxy Store” with app submissions controlled by them, not Google.
Though it’s possible they might simply extend the signatures accepted to include also the ones signed by them ^^U …still it would give them a competitive edge to remove the restriction so they might be incentivized to do it.
Would be nice, but I imagine that Samsung would both need to actually be impacted in an meaningful way with their store, and find some way to prevent Play Services (which they have to meet requirements to be able to load on their devices) from just nope-ing non-registered apps. Both of which I seriously doubt would happen.
They have already been working pretty close with Google on things that removed their actual Tizen OS from stuff like their watches in favor of merging their code into Android Wear OS. Would also guess that they might just work something out to either force apps on their store to be signed by Samsung and cleared by Google. Or that they just require apps on their store to only be listed after registering with Google. Not like Samsung really cares about supporting side-loading if the apps aren’t in their (or Google’s) store.
Sadly I think only a OEM like Samsung would have the massive levels of hardware sales and money for making a real fight against Google. F-Droid and other alt-stores or projects lack both and are easy to ignore. If Samsung were to be actually concerned about this, then I think we would have already seen them filing lawsuits and pushing posts/news articles condemning Google’s plans like F-Droid keeps doing (aside from lawsuits due to money).
You are probably right… it’s just one hope I had, I’m not expecting it to happen, but I’ll be hopeful until the end.
Hope for the best, prepare for the worst.
If they want a lot of play store banking apps + other things that opt into play protect to work they’ll need to add the signature verification requirement.
Will the banks in Korea, EU and many other areas where Samsung phones are very common keep that restriction if it meant alienating that many users? I doubt it. That’s why I think the support of a big player on this would be a killing move.
Also I’m not 100% convinced that it’s impossible to have some verification without it depending on this one change.
That’s a really good point, basically throw their weight around a bit eh?
I’m even willing to use the web apps or webpages for banking, if the browsers can make the handshakes. I’ll forfeit using the bank first party apps, if their websites are full featured.
100%, my bank thankfully doesn’t tick that box, but if it did I wouldn’t think twice about dropping the app. Freedom is more important.
I don’t have time today
Ok, I’ll extend your deadline til Monday then. ;)
Even on GrapheneOS, sure it uses a sandboxed Google Play Store, which is obviously great for users, but the developers of Android apps still have to hand over their personal data to Google specifically as this new decree from the Lords of the Google fiefdom entails.
Because FOSS developers rightly value their personal privacy, this decree effectively kills incentive for FOSS developers to continue making and maintaining apps for Android. Running GrapheneOS doesn’t circumvent this.
It’s like I’m saying “I’m hungry” and you say “Go for a run, it’s healthy for you.” I mean… it’s true that running is healthy… but the act of running doesn’t solve the problem of me being hungry…
As I understand it the sandboxed google apps are entirely optional. You can go completely free with GrapheneOS just like with LineageOS.
Too, you can shove Google into its own separate User from everything else and keep it locked down in an always on VPN or the like. You don’t owe it the primary user on your phone. You can even keep that user shutdown such that none of it runs until you explicitly switch over and run it.
GrapheneOS is pretty dang impressive.
I use FOSS apps for everything, I only have one special user profile with google play store for my stupid bank and credit card.
For everything else there are alternatives that don’t need google play.
I think you’re missing the point. You say you use FOSS apps for everything. Do you download them from F-Droid?
From the article:
I get my apps through Obtainium. I usually find the developers pages where they publish source code and the apk and then add them to Obtainium and install from there and let it manage the updates.
Most of the apps I use are also available on f-droid and some probably have play store versions as well.
This is how I do it too
deleted by creator
Depends on your location. There is a timeline table here:
https://developer.android.com/developer-verification/guides
Don’t wait. GOS just works.
On one phone. The rest of are shit out of luck because we didn’t buy the one phone from the company that is causing the problem in the first place.
They’re working with an (unrevealed) major OEM to bring a compatible device to market sometime next year.
https://old.reddit.com/r/GrapheneOS/comments/1o32gpg/blackberry_phones/nivsx0k/
Here’s hoping its a device with an SD card slot and optionally a 3.5 jack. The Pixel’s lack of those is the one reason I haven’t made the switch.
Apparently not. But it will later come to other cheaper offerings of the company which will probably have a headphone connector.
You can always buy used!
Where does one find a used phone? I would have no idea.
More importantly, I don’t want a used phone, OR to have to spend more money.
Ebay
Yuck. Nope. A used phone from a rando? No way in hell. Usb likely worn out, battery half the life of new… No.
https://www.ebay.com/itm/266812035484
Not really a fan of Ebay. Getting a used slightly worn phone doesn’t seem like a good idea. The usb C on every phone I have had (if it gets clean or not) starts to not work as well if at all, and the battery is certainly not going to work to 100 percent any more.
Then accept what they’re doing
I dont really have a choice do I?
Also, this isn’t just phones: I am using Fdroid on several TV devices too.
This really, really sucks.
Yes, you do. But you’re making the wrong one
What do you recommend for non pixel devices then?
Buy used. The other phone vendors haven’t been offering the security hardware GOS needs, so far. It might change soon enough though.
This isn’t a scalable solution. There aren’t enough affordable, used Pixels for everyone in the ecosystem to adopt between now and the Goo-lag.
One con, too, is that Graphene drops support when Google does, limiting the options around buying quite older models and running them for a long time to keep price low.
I still appreciate GrapheneOS and understand why they drop support, but it is definitely a con compared to other ROMs which trend towards extending support longer.
Alternative ROM market is fringe de la fringe, so there’s sufficient used hardware available. I bought my 7a for 320 eur new and my tablet for 400 eur new though, so the Google tax (or, GOS tax, rather) was moderate.