After the news cycle recently exploded with the announcement that Google would require every single Android app to be from a registered and verified developer, while killing third-party app stores …
Most F-Droid users are NOT custom ROMs.
This means that as long as F-Droid does not get their own developer key - it will become useless.
F-Droid is privacy focused - both dev and user, and they oppose requiring devs to essentially give up their privacy and sign the APK with their own dev key.
Now, if F-Droid is dead, GrapheneOS becomes useless. Who would want to develop apps for the 0.0001% of the population (i.e custom ROM users)
I am the person you are talking about. I’ve looked into graphene before and I do host some of my own services at home. I also work full time and I don’t want to spend all of my free time managing things. I use F-Droid, but I am on stock android on my pixel.
I appreciate the privacy and FOSS nature of F-Droid, but I use things like Android auto Google maps for work, I use banking apps on my phone as well. I know technically micro G and blah blah blah, but like I said: work full time.
The pause in Calyx updates has nothing to do with Google’s fuckery, and they are not “dying.” They lost a major lead developer and decided they needed to restructure so no one would be so essential going forward.
For mobile phones that works as a daily driver? Gobbling up iOS. Or gobbling up what’s becoming of Android.
I really wish we had open phones that “just work”. I’d even go with slightly quirky but functional. Unfortunately, that requires strong cooperation between hardware maker and software developers; and it will require a lot of work. But that’s not the main issue. The direction we’re headed toward is “everything need an official app”, and those will mostly only work on “official” phones made by big manufacturers.
Even today, making some bank apps work on non vanilla Android is not always straightforward, and it’s still relatively open and easy to do. The move by Google is going to tighten this even more, and I have no doubt, if they pull through, that this will go in the requirements for the “play protect” validation BS. Meaning if you want that bank app, or whatever state digital ID app (meh) to work, you’ll need a “real” Android or an iOS device. And those apps are becoming more and more mandatory (I can’t log-in to my bank’s online website without their app and proprietary 2FA…).
A niche, open-source OS, Linux or modified AOSP or whatever, will have a hard time filling that gap as things keep moving. Which is really sad.
The constraint to require a valid signing isn’t something imposed by the license on the Android code. If you want to distribute a version of Android that doesn’t check for a registered signature, that should work fine.
I mean, the Graphene guys could impose that constraint. But they don’t have to do so.
I think that there’s a larger issue of practicality, though. Stuff like F-Droid works in part because you don’t need to install an alternative firmware on your phone — it’s not hard to install an alternate app store with the stock firmware. If suddenly using a package from a developer that isn’t registered with Google requires installing an alternate firmware, that’s going to severely limit the potential userbase for that package.
Even if you can handle installing the alternate firmware, a lot of developers probably just aren’t going to bother trying to develop software without being registered.
But if Graphene chooses not to do this, they diverge from the Android project. Which will take more time to maintain the project which will ultimately lead to more developers burning out and dropping out of the project.
It doesn’t need to be affected, but most open source projects don’t have the resources to keep going against big companies when most of their users aren’t contributing.
They already diverge by having a network permission and a bunch of other differences, and not being allowed to use Google Pay because of those differences
That might be true, I don’t know much about GrapheneOS.
But I do know that users of open source projects expecting changes to come out of thin air, and filing bugs when they don’t, is hurting the volunteers behind open source projects.
So we should all make sure to volunteer some of our own time or money to keep the projects we love going, instead of just expecting them to fix the things we dislike.
The aosp has been in the process of being gutted, I surmise in preparation of these anti consumer measures, graphene os has its work cut out for it. I imagine that after the dust settles, consumers will have to pick between an immature Linux os or their personal preference of walled garden.
I’m checking out Graphene OS next week and pretty pumped about it. This Google ratfucking has been just the push I need to get off Android.
And obviously I haven’t stopped telling people around me haha
Most F-Droid users are NOT custom ROMs.
This means that as long as F-Droid does not get their own developer key - it will become useless. F-Droid is privacy focused - both dev and user, and they oppose requiring devs to essentially give up their privacy and sign the APK with their own dev key.
Now, if F-Droid is dead, GrapheneOS becomes useless. Who would want to develop apps for the 0.0001% of the population (i.e custom ROM users)
This.
I am the person you are talking about. I’ve looked into graphene before and I do host some of my own services at home. I also work full time and I don’t want to spend all of my free time managing things. I use F-Droid, but I am on stock android on my pixel.
I appreciate the privacy and FOSS nature of F-Droid, but I use things like Android auto Google maps for work, I use banking apps on my phone as well. I know technically micro G and blah blah blah, but like I said: work full time.
Graphene is bult on top of android AOSP, which is owned by google… And of course they are fucking it over.
Check calyxos.org s recent blog posts, it is basically dying (and graphene is the same)
What happened to the Open Handset Alliance?
The pause in Calyx updates has nothing to do with Google’s fuckery, and they are not “dying.” They lost a major lead developer and decided they needed to restructure so no one would be so essential going forward.
So… huh, so what’s the alternative then? I guess some other flavour of linux?
For mobile phones that works as a daily driver? Gobbling up iOS. Or gobbling up what’s becoming of Android.
I really wish we had open phones that “just work”. I’d even go with slightly quirky but functional. Unfortunately, that requires strong cooperation between hardware maker and software developers; and it will require a lot of work. But that’s not the main issue. The direction we’re headed toward is “everything need an official app”, and those will mostly only work on “official” phones made by big manufacturers.
Even today, making some bank apps work on non vanilla Android is not always straightforward, and it’s still relatively open and easy to do. The move by Google is going to tighten this even more, and I have no doubt, if they pull through, that this will go in the requirements for the “play protect” validation BS. Meaning if you want that bank app, or whatever state digital ID app (meh) to work, you’ll need a “real” Android or an iOS device. And those apps are becoming more and more mandatory (I can’t log-in to my bank’s online website without their app and proprietary 2FA…).
A niche, open-source OS, Linux or modified AOSP or whatever, will have a hard time filling that gap as things keep moving. Which is really sad.
You are of course aware that Graphene OS is affected just like any other version of Android?
Straight from the horse’s mouth. The rest of the post is a good reminder that GrapheneOS are morons.
But why would you lie about this?
I don’t see why it would need to be affected.
The constraint to require a valid signing isn’t something imposed by the license on the Android code. If you want to distribute a version of Android that doesn’t check for a registered signature, that should work fine.
I mean, the Graphene guys could impose that constraint. But they don’t have to do so.
I think that there’s a larger issue of practicality, though. Stuff like F-Droid works in part because you don’t need to install an alternative firmware on your phone — it’s not hard to install an alternate app store with the stock firmware. If suddenly using a package from a developer that isn’t registered with Google requires installing an alternate firmware, that’s going to severely limit the potential userbase for that package.
Even if you can handle installing the alternate firmware, a lot of developers probably just aren’t going to bother trying to develop software without being registered.
I don’t think most developers who are putting their Open-Source apps on F-Droid have any minimum user threshold.
But if Graphene chooses not to do this, they diverge from the Android project. Which will take more time to maintain the project which will ultimately lead to more developers burning out and dropping out of the project.
It doesn’t need to be affected, but most open source projects don’t have the resources to keep going against big companies when most of their users aren’t contributing.
They already diverge by having a network permission and a bunch of other differences, and not being allowed to use Google Pay because of those differences
That might be true, I don’t know much about GrapheneOS. But I do know that users of open source projects expecting changes to come out of thin air, and filing bugs when they don’t, is hurting the volunteers behind open source projects. So we should all make sure to volunteer some of our own time or money to keep the projects we love going, instead of just expecting them to fix the things we dislike.
The aosp has been in the process of being gutted, I surmise in preparation of these anti consumer measures, graphene os has its work cut out for it. I imagine that after the dust settles, consumers will have to pick between an immature Linux os or their personal preference of walled garden.
Graphene could sandbox the integrity check, just like they do with the Play Store.
I would guess that it’s probably not much by way of change — theoretically, maybe just a single line patch — to cause this check not to take place.
Theoretically it might be, but it’s another patch you’ll have to maintain
What?? I was not. I thought it was compatible, or like a fork idk… Guess I’ve got some reading to do.
Get off Android to … Android 🤪