'Keep Android Open' Campaign Pushes Back On Google's Sideloading Restrictions (pcmag.com) 49
PC Mag's Michael Kan writes: A "Keep Android Open" campaign is pushing back on new rules from Google that will reportedly block users from sideloading apps on Android phones. It's unclear who's running the campaign, but a blog post on the free Android app store F-Droid is directing users to visit the campaign's website, which urges the public to lobby government regulators to intervene and stop the upcoming restrictions. "Developers should have the right to create and distribute software without submitting to unnecessary corporate surveillance," reads an open letter posted to the site. [...]
Google has described the upcoming change as akin to requiring app developers to go through "an ID check at the airport." However, F-Droid condemned the new requirement as anti-consumer choice. "If you own a computer, you should have the right to run whatever programs you want on it," it says. Additionally, the rules threaten third-party app distribution on F-Droid, which operates as a "free/open-source app distribution" model.
In its blog post, F-Droid warns about the impact on users and Android app developers. "You, the creator, can no longer develop an app and share it directly with your friends, family, and community without first seeking Google's approval," the app store says. "Over half of all humankind uses an Android smartphone," the blog post adds. "Google does not own your phone. You own your phone. You have the right to decide who to trust, and where you can get your software from."
Google has described the upcoming change as akin to requiring app developers to go through "an ID check at the airport." However, F-Droid condemned the new requirement as anti-consumer choice. "If you own a computer, you should have the right to run whatever programs you want on it," it says. Additionally, the rules threaten third-party app distribution on F-Droid, which operates as a "free/open-source app distribution" model.
In its blog post, F-Droid warns about the impact on users and Android app developers. "You, the creator, can no longer develop an app and share it directly with your friends, family, and community without first seeking Google's approval," the app store says. "Over half of all humankind uses an Android smartphone," the blog post adds. "Google does not own your phone. You own your phone. You have the right to decide who to trust, and where you can get your software from."
Good! Android needs to be OPEN (Score:4, Insightful)
Re: (Score:1)
A lot of people chose Apple because of what it allows or doesn't allow.
That sure doesn't seem to be a persuasive argument against the haters though.
Re: (Score:1)
Most people choose apple devices as a status symbol.
I realize that us a deeply-held view amongst Android people.
However, I've never heard an adult who uses Apple equipment claim it as such.
Ironically, I have observed Android users proudly cite their status as an Android user.
Personally, I don't give two shits what people use, outside of any benefit to me.
Re: (Score:2)
Wow! You mean experiences vary???? Who the hell would have ever guessed THAT?!?
Re: Good! Android needs to be OPEN (Score:2)
You wouldn't have ever guessed that. As you mentioned before:
"However, I've never heard an adult who uses Apple equipment claim it as such."
Here you claimed that no one makes such a claim, aka everyone had the same experience in this matter. And yet this was in response to someone who literally pointed out most but not all do, aka experiences vary.
Re: (Score:2)
A lot of people chose Apple because of what it allows or doesn't allow.
Bullshit. Very few people choose Apple because it doesn't allow sideloading.
There are a few people commenting on tech blogs who think Apple's walled garden keeps them safe. Those people are morons.
Re: (Score:2)
> When Android came along, I thought good! I can set up my smartphone how I WANT, not how "Apple" wants. I can add, remove apps, set up things how I WANT. If I want to side load an app, that's on me, not Google.
When Android came out, a bunch of my friends were exactly like that. Along with "but it's open source, you should be happy."
I told them it's only a matter of time. They said I was crazy. Yet here we are...
The problem here (Score:5, Interesting)
Re: The problem here (Score:2)
Re: (Score:2)
A lot of people these days don't "switch" because they don't see the juice as being worth the squeeze.
They also don't particularly care what the label says, they just want something that works for them, and that's whatever they've been using for the last bazillion years. People are inherently lazy, and many of them are not motivated by the relatively few dollars they can save or overspend by switching.
Personally, I'm old and far enough along that I'm not gonna "switch" even if offered free equipment. I jus
Re: (Score:2)
When I float open source software to peeps now, the thing that surprises me is a passive but noticeable sense of distrust of open source because it isn't from GIANT CORP. The idea of people as property or hostages comes to mind. or addicts when you tell them they can't have what they want.
Chump: No NO NOOOOO!!! I couldn't ! I can't !!
Re: (Score:2)
One needs to see what led up to this point. Remember the nice days around the dot-com boom when Windows was basically taking down the internet? Between all the malware DDoSing big sites (remember Slammer?), and the Windows spambots flooding inboxes? You know, because BillG wrote an email about how they need to refocus on security as Windows was the joke of the Internet.
Then it became unpatched Windows machines being the cause - all those XP machines which would be secure if people installed the Windows Upda
If you want open Android (Score:4, Insightful)
If you can't get over a lifetime of propaganda telling you government is the problem and not the solution then you don't get to have open Android or anything else. If you are very lucky you will get to die before they take your house. That is the best you can hope for when you try to go it alone against literal multi-billionaires bordering on trillionaires.
I never understand what makes a man think that he can compete with a trillionaire or that he can keep that trillionaire from getting his trillion dollars with anything else but the full support of his neighbors.
Then again I never much liked right wing propaganda so and I didn't really feel the need to look down on anyone to deal with my situation...
I get people don't like being watched, but ... (Score:2)
The complaints from open source about this policy are a little puzzling. The problem is right in the name: open source development is generally done in the open, and with attribution. Debian for example has a fairly strong copyright policy. They insist on knowing who has the copyright to every line of code, and what that copyright is. Anyone who contributes code to a project on github leaves an audit trail that's hard to deny. The Linux kernel is even stronger - effectively requires cropographically si
Re: (Score:2)
Exactly this, knowing where the code came from to avoid copyright violations or malicious code. The vast majority of people should only ever be running code from verified reputable sources.
Re:I get people don't like being watched, but ... (Score:5, Insightful)
Yeah, you might give up your personal info to an OSS project. But unless it's something with a large legal risk, (Wine for example), you can typically get away with contributing under a pseudonym. No-one's really going to care that buttface24069 made fart app #1342304433. Where the care comes into play is if that fart app suddenly starts stealing passwords and mining crypto.
That's what Google is trying to exploit here. People tend to want to punish the app developer instead of the app store that allows this crap to be published with impunity at a rock bottom cost. While also claiming to be a "secure" and "safe" app distributor. Of course, Google could require more strenuous checks on apps published to Google Play, could deprioritize advertising apps that were recently updated, and could stagger the update's rollout to look for suspicious behavior. Google could also raise the price to publish an app on their store. (There's no reason to allow every app in existence.) and yes, Google could mandate a "know your developer" requirement to publish on the store.
Instead of doing any of the above, Google is actively trying to block third party app installations regardless of source. Which is a big difference. It's one thing for a company like Sams Club to require a membership to shop with them. It's another thing entirely for Sams Club to mandate that I have a membership with them to shop at any store or to be able to perform a private transaction with another person in my own home. Google is trying to do the latter, and they are able to do it because they own the device after purchase. Yes, you might hold the "title" to the physical property, but you're not allowed to change the locks on the property you supposedly own and that Google just so happened to "forget" about giving you a key for. Regardless of you pestering them constantly for it.
TL;DR: Yes, that locked bootloader combined with the DMCA means Google owns it. You the "owner" have no power over the device beyond what Google is willing to give you. Hence TFS talking about a group begging Google to not go down this path instead of dictating to Google the terms.
Re: (Score:2)
Well, in any case, 30% of zero is zero.
Re: (Score:2)
The complaints from open source about this policy are a little puzzling. The problem is right in the name: open source development is generally done in the open, and with attribution.
the puzzling comes from you conflating "the open source" with an initiative that happens to come from a particular individual in the open source community. and apparently not reading the actual complaints. they are plain simple and clearly laid out:
- you bought a device with the assurance that you could install anything you wanted on it, and that freedom is now going to be conditioned / taken away
- you will no longer be able to even develop an app for your own personal use on your own device without signing
Re: I get people don't like being watched, but ... (Score:2)
Not really. You can post whatever source you like on the internet, but if you want to get it into a distro like Debian or Fedora you are going to need proper copyright attribution. If you want to become a member of Debian and contribute by packaging you will need government ID. If you want to see what happens to a large project that doesn't protect themselves in that way, loo
Re: (Score:2)
They are not blocking anything that wasn't blocked before, because every app had to be signed. What they are effectively banning is anonymous signatures.
The sad thing is you don't even realize that this sentence you wrote is a contradiction. You're a fanboy.
Re: (Score:2)
The complaints from open source about this policy are a little puzzling.
From now on, when you are feeling that puzzling feeling, go increase your knowledge. It will help.
F-Droid's claim isn't quite accurate (Score:3)
From the summary:
You can still develop an app and share it directly with whoever you want without registering, you just have to convince them to use ADB to install it, rather than clicking a link on a web site or downloading from an app store (like F-Droid). This adds a lot of friction and requires your potential users to trust you quite a bit more, because it feels like they're taking a bigger risk, even though there isn't any actual difference in risk. I expect that we'll start to see apps packaged with ADB for a "single-click install" from a Windows machine, to reduce the friction as far as possible. Users would still have to do the dance to enable developer options, enable USB, then tap "accept" on the ADB key popup, though an installer could (and probably will) walk them though that.
Also, although I don't think details are available yet, Google says there will be an option for "limited distribution accounts" which don't require any fee or ID verification, but can only distribute their apps to a limited number of devices. For people who just want to share with friends and family, this should cover them.
Re: (Score:2)
FYI: This system would be worthless if it didn't scan ADB installed apps, because the whole point is to mandate Google's approval for app installs. If there was a wide open backdoor, no-one would sign up with Google's mandatory tracking service. Let alone pay them. (Which is what Google really wants. They stare at Apple's 30% cut of
Re: (Score:2)
Stop spreading FUD. This verification requirement affects ADB installs too
From Google's FAQ [android.com]
Obviously, ADB can't distinguish the cases of (a) an app developer who just wrote an app using ADB to install an APK on their device for testing and (b) any random person using ADB to install an AP
Re: (Score:2)
Re: (Score:2)
"The point of the system is to make it hard for malware authors to distribute malware" Gonna stop you right there. Google can't even keep malware out of its own curated Play Store.
So... your argument is that if Google isn't 100% successful at keeping malware out of the Play Store, they aren't doing the job at all? You think identifying malware at scale is easy? I used to work on Android security and know a lot of people on the anti-malware team. It's incredibly difficult, especially since it's a continual cat-and-mouse game with malware developers who do all sorts of things to obfuscate what their code does. Google has hundreds of talented engineers focused on this problem, but th
Re: (Score:2)
How many cases of Malware in F-Droid do you know and how many in the Play Store?
Re: (Score:2)
How many cases of Malware in F-Droid do you know and how many in the Play Store?
How many apps in F-Droid vs how many in the Play store?
Re: (Score:2)
How many cases of Malware in F-Droid do you know and how many in the Play Store?
How many apps in F-Droid vs how many in the Play store?
Actually, though, your comment and my off-the-cuff response both miss the real difference which is why malware authors would choose to use F-Droid to distribute their apps. They'd have to publish source, which would be a disadvantage in the competitive world of malware authoring, and publishing source code would also make it easy for their malicious code to be identified. It makes a lot more sense for them to publish via downloadable sideloads or -- even better, if they can manage it -- in the Play store.
Re: (Score:2)
You are so close to understanding why F-Droid can be more secure than Play!
Hint: How much time in checking the apps can be invested in each store?
Re: (Score:2)
This is not for security. This is about control, 100%.
If it's about control, why is Google leaving ADB installation open? That undermines their control. Unverified limited distribution accounts also undermine their control. Why isn't Google just doing what Apple does, and requiring a verified developer account before you can do anything at all?
I'm curious how you interpret these decisions within your "100% about control" theory.
Re: (Score:2)
Why isn't Google just doing what Apple does, and requiring a verified developer account before you can do anything at all?
That's what Google as a corporation wants to do eventually. Individual developers do not.
Re: (Score:2)
Why isn't Google just doing what Apple does, and requiring a verified developer account before you can do anything at all?
That's what Google as a corporation wants to do eventually.
How did you learn this?
Re: (Score:2)
This is about control, 100%.
Oh, actually, I missed the most obvious flaw in this argument: The verification doesn't give Google any significant control! It does give them the real-world identities of registered developers, yes, but then what? It doesn't do anything to require registered developer to use the Play store or comply with any Play policies other than one: Don't distribute malware.
The real purpose here is malware rate-limiting. Right now, malware authors can pump out huge numbers of apps with small variations to defea
Re: (Score:2)
The verification doesn't give Google any significant control!...r comply with any Play policies other than one: Don't distribute malware.
So it does give them control.
Re: (Score:2)
The verification doesn't give Google any significant control!...r comply with any Play policies other than one: Don't distribute malware.
So it does give them control.
Yep. It allows them to stop malware. How terrible!
Re: (Score:2)
Errr no, their claim is completely accurate. ADB is just not a viable way to do anything for 99.9% of people. It's a complex developer tool that the vast majority of mobile users are simply not capable of using. There's no such thing as single click install, as you even have pointed out with the hoops you have to go through. That is enough to turn many people off, before considering that not every developers wants to go through the hassle of packaging their apps in this way.
That's also before you consider A
Re: (Score:2)
Errr no, their claim is completely accurate. ADB is just not a viable way to do anything for 99.9% of people. It's a complex developer tool that the vast majority of mobile users are simply not capable of using. There's no such thing as single click install, as you even have pointed out with the hoops you have to go through. That is enough to turn many people off, before considering that not every developers wants to go through the hassle of packaging their apps in this way.
That's also before you consider ADB can't actually install an app that updates itself, congrats, you've now just pissed off a whole world of power users too who don't want to deal with it either.
I once had an interesting conversation with an Android OEM. I sat down with them to discuss what security issues they'd like to see the Android security team work on. They asked me "When are you going to fix the USB hole?". I didn't know what they meant and asked for clarification. They explained that in some parts of the world, notably India and China, there were "free" charging stations set up in bus stops, train stations and other public areas. These charging stations allow the public to charge the
If google does I won't buy another (Score:2)
Google practically forced me to use F-Droid (Score:2)
A few months ago all the apps I wanted could be found in their Play Store, and it was good.
Then Google banned an app called Öffi [sugggest.com] from the play store. For the second time.
The first time was a few years back, one of the sub-menus asked for donations if you had downloaded the app from the developer's website rather than Play Store. A few weeks later they accepted that they had messed up and reintroduced the app, something which is yet to happen this time - they have not even said why they removed it. I
Re: (Score:2)
I'm really glad I only have to go to one place to get phone apps.
I'm really hoping that doesn't change.
But, of course, people are actively trying to fuck that up. So it will probably change at some point.
Assholes ruin everything.
Implementing "you will own nothing" (Score:2)
I have already switched back to iOS. (Score:2)
While I applaud the effort to try to keep Android open, I think it is futile. Even if this campaign succeeds, google will just continue to chip away at androidâ(TM)s openness until they achieve the closed off system they want. That, in turn, means that it is dying.
The thing is, googleâ(TM)s Android is an inferior product both in terms of capability and user experience. The only value proposition it held for me was its openness, and since that is a deprecated feature I decided to jump ship while my
As if (Score:2)
Google has described the upcoming change as akin to requiring app developers to go through "an ID check at the airport."
They say that as if it's a good thing.