TL;DR
- Efforts like Graphene OS face increasing pressure from apps that refuse to run on non-standard Android.
- The custom ROM project characterizes Google’s approach to device attestation as incomplete and flawed.
- Graphene OS is prepared to take legal action if Google won’t let it pass Play Integrity checks.
Even just being rooted on the stock Pixel rom is a fight. It’s a constant cat and mouse game to pass basic and device integrity, but as of recently a lot of us have been able to pass strong integrity as well which has been nice.
Even just being rooted on the stock Pixel rom is a fight.
That, I can see being more of an issue than an unmodified, trusted 3rd party OS. If I remember right, rooting makes the device fail Verified Boot:
It establishes a full chain of trust, starting from a hardware-protected root of trust to the bootloader, to the boot partition and other verified partitions including system, vendor, and optionally oem partitions.
https://source.android.com/docs/security/features/verifiedboot
Fair point. At least with stock rooted as I said there’s ways around it and I can pass all play integrity checks and such.
I wish you could slap a custom rom on whatever phone you want and it Just Works™ like you can slap linux on any PC, but instead we get apps that potentially don’t work, locked bootloaders, push notifications tied to Google Play Services, and whatever else. You can put Lineage on the EU version of my phone but not the US version because fuck you. I hate how corpo centric phones have become. Like Google shouldn’t be allowed to hijack my entire screen for an ad or an app update. The entire modern definition of “sideloading” is BS, apps have access by default to things that they really don’t need, and why do I need to use ADB to purge your pre-installed bloatware ffs
Not cool.
We can get same experience quite soon on laptops too when arm laptops&desktop will arrive toensd users.It gonna be lock down same as phones nowdays.
I do not like this prediction, because it seems like a plausible reality. Which would be awful.
risc-V laptops might compete with arm in a few years - maybe not for power users, but for most simpl use , or for those who will just ssh into real computer.
Yeah it would’ve been like that for pcs too if they weren’t around for quite longer.
ngl a unlocked bootloader would be a security nightmare but you can put any rom on any android 8+ device they are called gsi roms
How does one flash a ROM without unlocking the bootloader these days?
Shouldn’t that break Android Verified Boot?
A pure GSI image could use a Google key, I suppose, but others shouldn’t, right?
You have to unlock it fire and flash the gsi rom
I’m not an expert, but I had an expert explain that an unlocked boot loader is only risky if you think someone nefarious is physically able to get their hand on your phone. Is that true?
ngl a unlocked bootloader would be a security nightmare
So, like a desktop or laptop? Sounds fine to me.
Here’s a harsh truth and a reality some tech users need to wake up to.
Google has never cared about open-source. They have never cared about user-choice/user freedom. They could easily tomorrow make Android closed-source and that would be the end of Android. It has always been about control. Apple got that authoritarian idea correct long ago by locking down the entire OS.
Google is allowing open-source modding only because there’s a large community out there that cares and wants it to thrive. And since it runs on Linux, it would make Google look VERY bad if they removed bootloader unlocking, open source, removed features that causes issues for custom roms.
Google doesn’t care you YOU. If they really cared, they wouldn’t be slowly removing features or adding anti-user features that in the long run, don’t benefit anyone but them.
I’m glad the government declared them a convicted monopoly. I’m still ashamed it took them this long to finally go through with it.
What an insane world we live in.
Afaik GPL 2 would be stopping google from making android closed source anyway, unless I got something wrong about the license terms. But if anything that supports your argument. The main reason google is generally supportive of open source is that they recognize that they benefit from it. The moment that changes, google will try their best to close off anything it can (granted I don’t think it’s that likely to change, but they’re already abusing their position plenty).
There is another side to this coin though,
Android roms took googles work. The community could have assisted with other mobile os systems like Firefox OS or Ubuntu mobile but didn’t.
Instead ROM developers wanted a cookie cutter solution.
In practice, Android is actually fairly open. Republicans have a weird obsession with Google (remember that weird hearing where they clearly didn’t understand technology). You can even disable the inbuilt apps
This could lead to a situation like windows where 50 popups are added. It’s could backfire and it benefits Apple a lot. That’s what I’m concerned about. I’m worried that I’ll end up paying for Gmail or more for Android. And Google will get blamed for it
Can you handily disable notifications being monitored or the keyboard informing google on your typing? Disabling apps is surface level, the software is free to te end user for a reason, google harvests us.
Android ROMs community took Google’s work? Are you forgetting which community developed Kernel does Android use? Let’s not think about the custom ROMs community as free loaders, please. They provide a free and amazing service.
Why does this call the problem by it’s name, monopoly.
Android is another area Google are abusing their monopoly. Sure the phone market is a duopoly, but that doesn’t help. Apple is even more locked down and user abusing.
Lots of app companies, like bank apps, think locking their apps to only work on official Android is best for security, but that compounds the monopoly. It’s also arguably less secure!
I don’t even understand. Am I getting this wrong?? Does the payment processing happen inside the banking app?! Because if so, that’s the bigger problem isn’t it? All the checks for correctness should happen on the servers that the banking app connects to, not the banking app itself. If that’s already the case, then what are they worried about? I’m probably missing something here, but honestly I just don’t understand why they would do that.
The app will almost certainly mostly be just wrapping a web interface. But this dedicated browser can provide the site with all the access of an app. The idea will be only this browser can be trusted to access this site and can check the run environment before connects. I’m they’d do the same on the desktop, if they thought it would be swallowed.
What get’s me is the “this phone cant be trusted” message on boot. Implying oem roms are trustworthy, but nothing i choose.
We’ve started the process of talking to regulators and they’re interested.
Oh that’s great, they aren’t actually suing since that would be a pretty big money pit, they are going straight to regulators, something can happen.
FTC act is the most useful against this sort of behavior and only the FTC can file suit for that, not individual companies. I don’t think this could be filed as a violation of the Sherman act. See here for an overview: https://www.ftc.gov/advice-guidance/competition-guidance/guide-antitrust-laws/antitrust-laws
wonder what calyxos is doing.
They don’t want apps that collect personal data.
I’m running Graphene OS and its been solid. A few issues here and there with app compatibility but it is fantastic.
Even without the custom ROMs, the whole Android ecosystem is a colossal fucking mess.
I’ve got old apps that won’t work any more. It’s not even compatible with itself.
People give Windows a load of shit, and deservedly so for some of it, but it’s a million times more usable than Android when you want shit to “just work”.
Software that is 10 years old and unmaintained is likely unsafe to use and therefore shouldn’t work. Windows has a lot of issues specifically because it’s backward compatible with ancient software, actually. Security and a path forward should matter more than clinging to old software that must stop working someday regardless of how hard you try to delay it. Emulation/VMs are and should be a way to work around that on desktop and it would actually be nice if mobile OSes had that too. That way at least the ancient software can be sandboxed and not a security weakpoint. The right approach though is not to do this horrible patchwork of APIs like windows which creates a security nightmare
Same with iOS, I don’t know why you are singling out Android here. My favorite game back when I used an iPad stopped working after certain update. It was a puzzle with rails and colored trains, can’t remember the name now.
Windows and Linux are quite a lot better in this regard.
I suppose you’re talking about a 32-bit app that wasn’t updated for the newer 64-bit architecture. If yes, then there’s actually a technical reason behind it, not just Apple being dicks. Because other than 32-bit apps, every app that received a 64-bit update should still work on the latest iOS.
I’m not singling them out, it just happens to be a thread about Android.
There’s no reason for mobile OS’s to be flaky like this. There’s nothing magic about either that means old stuff can’t be supported. It’s just that trillion dollar corporations apparently can’t afford the resources.
There kind of is, software changes and things need to be updated by comparison, your windows example is a double edged sword, there’s a lot of bloat and Microsoft can’t make changes that might be beneficial on windows because of all the backwards compatability layers and services they generally leave in. It’s good and bad in it’s own way.
I’ve got old apps that won’t work any more.
That’s true for every operating system. Old apps aren’t updated to use new system APIs and such and they eventually stop working.
Yet I can compile applications that work on Windows XP, and they still work under Windows 11.
It’s not as if Android is some svelte slimline OS where every byte matters. There’s plenty of room there for keeping compatibility with older apps.
Dude there’s millions of lines of code and thousands of hours per year that keep old windows shit running. It’s a nightmare to support that. Microsoft has made that a priority and you can easily argue it shouldn’t be, but you seem convinced that’s the only valid path. It’s not.
On desktops we can use virtual environments, translation layers, plenty of solutions to make old programs and games work on a modern OS. Phones are somehow incapable of this.
How we all wish there was a third option, I would genuinely take less functionality in favour of privacy and performance. I don’t need AI and fancy image processing. I want to use my phone to pay the old way, like when samsung copied the magnetic strip info, not like now where google gets a copy of my receipts.
Sucks iOS is the alternative, nearly gave in last week but the price was just too much for what I was getting.
I’ve got old apps that won’t work any more.
People give Windows a load of shit… but it’s a million times more usable than Android
Where do you run your old Windows Phone apps nowadays? What about new Windows Phone apps?
On my Windows Phone silly
Ah, memories.
Memories? Pssshhhh, he took that pic an hour ago…
How?!
with a device equipped with a camera of sorts, if I had to guess
It still works. Most of the apps are borked. Windows Explorer hasn’t been updated in 5+ years so doesn’t work with most sites. Baconit escaped reddit’s 3rd party app purge and still works. Imgur still works well but with all the genX on it reminds me of icanhazcheezeburger.
Ah shit, here we go again
Can’t tell if that’s a horrible wallpaper or a totally fucked up screen
It’s a photo from a disused quarry that my granddad used to work in
I see it! That’s pretty cool.
Dude, that’s sick, thank you! I wish I had a better pic to offer but this is the best I can do since Jerboa app is not currently letting me upload pictures in a comment…
🤘🏼
I’ve got old apps that won’t work any more.
I’m actually for this. The bar to entry for the Play Store is too low with too many low quality and unmaintained apps. I’m all for booting insecure and super old apps. They cheapen the ecosystem.
Well that’s all very well, but I’ve got a bathroom speaker I can no longer access.
So how about instead of Daddy Google deciding what’s best for everyone, they let things run and give you a warning?
Hell, I’ve even got games I’ve paid for that are now gone. Honestly, fuck them for even thinking that’s acceptable.
The problem is allowing the APIs it uses to exist at all in the OS is a huge security hole.
So it’s my choice to run them?
If I can download an APK, I should be able to run it in a “compatibility mode” and have the OS do it’s best to run it.
It can’t.
A compatibility mode would involve meaningful cost, massively compromise security, and not have a chance in hell of working.
They could just spin up a container of some sort. It’s still fundamentally Linux, so it should be possible to run Android inside an lxc container the same way you can run a desktop Linux distro in docker (which is based on the lxc functionality in the Linux kernel)
The point is that you have to emulate a fuckton of low level access to even have a chance of anything working. Either you replace the actual hardware access with junk data, making none of the apps work, or you break the whole permissions structure, and your security is completely gone.
All of those APIs were deprecated because it’s impossible to provide them in any way that resembles security.
So how about instead of Daddy Google deciding what’s best for everyone, they let things run and give you a warning?
That is not what’s happening. It takes tons of work to maintain backward compatibility but you’re framing it as though it doesn’t and they’re just being a holes on purpose.
Why can’t you connect to the speaker with Bluetooth?
It doesn’t allow direct connection. You have to dick about with a stupid app to put it in “speaker mode” first.
Gives me Sonos vibes.
I won a Sonos speaker years ago, thing needed (from memory) an app to switch to AUX mode. The speaker sounded great but I didn’t want to install an app just to use the thing.
In a grand spectacle my ex’s cat kicked a potplant off a windowsill into our fish tank. That shorted a power board, we didn’t have breakers (ceramic / wire fuses) which ended up killing the speaker.
Honestly as nice of a speaker it was, good riddance.
Damn that sucks!!! I wish there was a way to sandbox older apps. I’ve ran into the same issue with old apps before.
You’re really arguing for a covenant around tech that companies want to orphan. The rule needs to be the code is opened and a slacker code owner is appointed for handover.
This is gonna embarrass Google a Lot but it’s gonna embarrass azn and m$ a whole lot more.
The forced alternative is a refund if you can bring something recognizable with a serial number to your post office or something as ubiquitous, present and staffed - have them validate in the loosest fashion and require like 10 bizdays for the cash refund.
Whether or not the post office is there for that or charges the OEM for the notary-light service is a matter for the courts, the USPS, and these days probably the fn SCotUS.
Same, it’s why I never buy a game or app nowadays, they will just stop working when the new OS version comes around, devs already got their money so they don’t have any incentive to care, and contrary to PC I can’t do shit about it myself on my phone, there’s no “androidbox” to run old apps inside my phone.
I just want to buy a Linux laptop with VoLTE and be done with the product line “smart phone”. Unfortunately there is no such device (to my knowledge) and the only device that comes close is PinePhone Pro with docking station.
There are community made projects for the framework laptop that add LTE using an expansion card
You can put a SIM card in some older thinkpad laptops with that upgrade option. Some thinkpads have the slot for a SIM card but not the internal components to use it. So make sure to do some research if that sounds promising.
There are VOIP phone line services like JMP that give you a number and let you use your computer as a phone. I haven’t tried JMP but it always seemed cool and I respect that the developed software running JMP is open source.. The line cost 5$ a month.
Skype also has a similar phone line service. Its not open source like JMP and is part of Microsoft. Usually thats cause for concern for FOSS nuts, but in this context its not a bad thing in some ways. Skype is two decade old mature software with enough financial backing from big M to have real tech support and a dev team to patch bugs, in theory. So probably less headaches getting it running right which is important if you want to seriously treat as a phone line. I think Skype price depends on payment plan and where you live, so not sure on exact cost.
Neither is available in my region and Skype’s webpage does not mention making calls, only receiving them.
Agreed. I always loved the idea of the HTC Mini +.
Put the sim in your laptop, that’s the connectivity hub. The mini phone piggybacks the LTE connection so you don’t have to pull out your laptop for simple calls, texts, navigation or music actions.
It’s high time we break apart all those large tech companies!
Spin off the Android team into a nonprofit. I’m pretty sure OEMs would be all over that.
AND force Alphabet to fund it.
Actually this isn’t the pwn you think it is because funding results in favors and control. Remember the OpenAI non-profit and Microsoft? You want it to be funded by more than Alphabet. Ideally you want Alphabet’s funding share to not be the largest at all. You want government funding too.
Thats conditional funding
I really hope the GrapheneOS team succeed. Custom ROMs are reason I’m really into tech today. Coding, FOSS, Linux, etc. all that came from rooting my dad’s HTC phone back in the day. Google shouldn’t cannibalize its children.
Google shouldn’t cannibalize its children.
Hopefully Google will also burn in some oven for a bit lol. Turn up the heat a little.
a little
That’s a weird way to spell ‘to 11’
besides these two lazy kids and the witch who just wants to eat there’s also the hungry stepmom who pushed the idea and the deadbeat dad who went along with it (until both women die and he ends up the hero)
Sounds like the
GoogleAlphabet familyThe pattern feels like a-b-c sometimes, but the rebranding keeps the story feeling fresh
Really the only thing holding me back from switching to GrapheneOS is that some of my apps fail CTS.
If a proper pathway is defined for custom ROMs I’d switch in a heartbeat.
Hoping this initiative leads to a reasonable outcome.
I love running a custom ROM, but I’m concerned RCS is going to become a deal break for me :(
I love that text messaging will finally not be complete shit between iOS and Android, but RCS is such a shitty locked down protocol.
but I’m concerned RCS is going to become a deal break for me
For what it’s worth, I have RCS working with GrapheneOS. I don’t think I did anything special, but it did take awhile. I did see stuff on their forum about others having a bigger issue with it, though.
And of course, I prefer Signal, where possible.
Interesting. Do you have Google services installed? I use MicroG, which afaik has no RCS support.
Do you have Google services installed? I use MicroG…
Yes, I have Google Plays Services, Google Services Framework, and the Google Play Store installed, which are all sandboxed. MicroG isn’t supported by GrapheneOS.
Oh interesting, I didn’t know that’s how GrapheneOS handles Google services. I’d love to have working NFC pay and RCS, so I’m going to have to take a look at it. Thanks for sharing!
I’d love to have working NFC pay
NFC works. NFC payment is dependent on the app as some block those that fail Play Integrity / Google certification. Google Wallet / Pay does not work for payment because Google blocks it.
