This is the new capitalist MO. To say the right words while doing the exact opposite.
Everything is just optics now.
I can't run ssh on optics.
yes, this deserves to be a shitshow.
If it comes from those shit breathers just pretend worst case scenarios they've had really good streaks.
So, all Android users are more vulnerable to commercial exploit companies and governments (especially those on custom ROMs like GrapheneOS)?
If these exploit companies continue to stay in business and thrive, it really says a lot about Google's security. In contrast to my perspective, there isn't a thread where people aren't talking up how good Google's security is, no matter how relevant it is to the discussion.
I don't really care how much Google spends on security, how many people they employ - if people are making a business out of exploiting their operating system... their security must really fucking suck.
wait, i have grapheneos. is my phone now at risk of corporate/government snooping in a way it wasn't before? i had understood it to mean that new phones would have a harder time being sideloaded. is that correct?
https://i.imgur.com/mb8911t.png
From the OP post image. It seems like things are vulnerable due to their update/patch frequency, and putting AOSP on the back-burner by skipping multiple scheduled updates (the latter of which directly affects custom ROMs).
I did pose my question in good faith for people to answer, so I'm not an expert or anything, but 4 month delays for patches sounds awful - especially if partner previews are a thing. It almost seems like this is Google providing exploit windows...
It's all very concerning.
I feel like every time I look at something on Twitter now, some idiot asks grok a stupid question to try dunking on whoever they're replying to and gets shat on instead.
https://nitter.privacyredirect.com/ascetic_tweeter/status/1964790038006464681
Delightful, it's like the Twitter equivalent of googling something right in front of your buddy and being proven wrong.... Except there's absolutely no reason they couldn't have googled it privately first, making their overconfidence even more obvious.
Their attempted follow up to not look like an owned pissbaby is amusing.
@cock is dis truuu
After META and Yandex had their long established and trivial-to-implement cookie tracking abilities (Localhost->HTTP(S)/WebRTC) exposed a few months ago, I have been waiting for some changes to come along to try and lock out potential snoopers who might figure out how they are now de-anonymizing phone users and tracking their web habits.
Preventing sideloading, combined with moving some of the dev internal, both seem like moves toward this end to me. But what do I know, I have never even owned a smartphone.
Could the community just fork AOSP?
They could, but it would be a herculean effort. Google has multiple thousands of developers working on Android (exact number undisclosed).
Every Android custom ROM is already a fork of AOSP that backports any new updates to AOSP into their project when source code is provided to AOSP. That is work enough already for a small team - if they were also writing those security patches for published CVEs and as well as patching bugs submitted by users and Android partners (app devs) as well as developing their own feature updates to keep similar parity to Google's Android, that would be several orders of magnitude more complex and require a large team working full time.
They'd also need to develop relationships with any Android hardware manufacturers that they wanted to support the devices of, to get current and new drivers and work with them over any problems - with no real reason for those businesses to work with them, especially if Google could turn around to them at any time and say something like, "if you want to continue partnering with us you'll have to sign this new exclusivity contract that stipulates you'll stop providing pre-release drivers and direct support to any AOSP fork project." So it could realistically be sabotaged at any time by Google (in this way or others) making it a fairly unattractive proposition for open source devs to pour their time into.
Multiple thousands? Most software projects are truly ran by a handful of developers. Even considering the scope off several interrelated projects on Android, I'd be surprised if the number tops 200.
I think the only feasible way a fork could work is if a consortium of phone manufacturers is backing it.
Or be under a not for profit that gets extremely solid donations
There are various ongoing forks, GrapheneOS, /e/-OS, LineageOS and all the ones the OEMs maintain to support proprietary drivers for their hardware in their versions, so in that sense, yes of course you can fork it.
But if upstream development stops, or is no longer released, then a fork project would have to start running their own security screening and patching, which is prohibitively expensive.
I think Linux would be better. As long as a phone has basic phone functionality and a browser and runs well I'd be happy with it. Interesting how gradually my expectations of phones has moved towards being more minimalistic.
Projects based on one where Google is the biggest influence seems like overtime there would be more and more road blocks to overcome now that they are moving towards restrictions.
I think it will have to go that direction. The mobile os space was killed off to get us here so it could be controlled.
Sadly, as others have mentioned, you would need a hardware manufacturer that doesn't have current stakes with any of the major players nor the mobile carriers. The carriers could blacklist homebrew or small shop hardware by imei if google or apple wanted it.
Maybe the future is a mobile hotspot in one pocket and a Linux phone in the other. Not super appealing and converging the hardware into something reasonable but still segregated would be pretty ugly.
Things aren't looking good kids.
honestly id be completely happy with a phone that just receives calls/text and only has a web browser. Almost every app i have on my phone i can do the same thing on a browser so whats the point. It seems like an invasive way to get access to your phone and its data
Having a camera on you at all times is pretty awesome. Calls/text/browser/camera/plays music is really the main ones.
My favorite apps are the ones that just open the browser and go to their websites
Yeah, after years of Google usage cutting out email then moving onto using foss apps, syncthing, and browser led to what seemed like an ecosystem that would be hard to escape to one I don't find necessary anymore.
Just wish hardware choices itself wasn't such an uphill battle and more like it is on PC with ease of installing whatever OS you want.
Is the opensource community willing to fund a Linux phone? I highly doubt we could coral enough people within the community to care.
The community will care, it's the normies you have to worry about
Given how many people shat on PinePhone for trying, I worry more about the community than normies.
I like my pinephone, wish it was a bit faster given its cost but without a doubt the best phone I have ever used
You have a point there.
The ecosystem has pretty much solidified. Most IOT and wearables require Android apps. All businesses have Android apps. Employers require Android apps for VPN or authenticating. If we switch to Linux phones it will be 10x worse than leaving Windows 10 years ago and you will not have dualbooting. I really hope some major phone manufacturer will step in and fork AOSP (Huaiwei?) but even that would be a short term solution as they would lock it down again as soon as possible. We're fucked.
You can run a lot of Android apps with Waydroid or similar solutions on postmarketOS. If a business does not support running their app in such a way, use a web version of their app if the functionality is sufficient, discontinue doing business with them, or encourage them to change.
These compatibility layers can be improved to such a point that mirrors Wine and Proton, where the only incompatibility is caused by a business decision.
I've been using deGoogle android for years now, I generally avoid connected devices and even I have couple of apps that require Google services and will not work on Waydroid. Those apps are:
I'm definitely not going to get new charger, car and heat pump because I'm changing my phone. Those apps are so common now I'm guessing most people are tied to some devices that are simply too expensive to change now. I have mortgage and investments in my banks. Switching would be costly and very complicated. There's no way around the Authenticator app. Changing jobs because of this would be silly. Public charger app are unavoidable. Android Auto is unavoidable.
Android is entrenched. The simplest way is having a secondary phone for work, IOT, car and banking. Going completely Google services free is not feasible anymore.
Your heat pump has a fucking app? WHY!!! Mine goes by the thermostat and will remain that way.
I'm sorry that you can't feasibly make the switch - thanks for sharing.
You prove a point though, and having two phones seems to be the play. It'd be cool to have a Linux phone and display/control the Android phone indirectly for convenience.
Perhaps there will be a way to emulate or proxy Google Play Services in scenarios like Waydroid. I'm not holding my breath though.
I can't easily make as switch and I'm probably like top 1% when it comes to Google independence. Most people will have Gmail, google photos use gpay daily, use android auto, have even more IOT devices, google assistant speakers, smart doorbells and so on. I'm sure some people are less entrenched but it's a tiny minority.
I did concede and I do largely agree with your responses. There's any number of barriers stopping average people from switching, as much as it pains me to admit.
For the tech-inclined, there are plenty of alternative email providers and setting up email forwarding is a breeze, just as there many cloud photo services, CoMaps is likely going to see improvements in navigation, IoT devices/apps aren't always reliant on external services, there are likely viable assistant alternatives around emerging, and hopefully inexpensive, private smart doorbells sprout up.
I personally never invested heavily into a phone. I just never found them particularly impressive, even with higher-end hardware. I tinker more than most people in a general sense, but my phone only gets used like how an average person would. I do a couple things on it, I don't use anything special, and I'm not too picky. I just tend to avoid using the thing unless I get a phone call, message, or I want to check out the weather or social media.
Your optimism is heartwarming and inspiring.
Well, I'm not trying to make you happy. I'm being realistic. Banks, IOT companies, car manufacturers, public institutions and many many others will not support Linux on mobile anytime soon if ever. They support iOS and Android, that's it. And the easiest way to support Android is to use Google services. Going Android free will require a lot of effort and simply won't be practical for most people.
There's a difference between realistic and pessimistic. You, my friend, are being the latter. I don't need you to make me happy. I'm not your child.
That's just like you're opinion. For me you may sound overly optimistic to the point of being naive. But that's also just my opinion.
That would work if there would be usable phones capable of running Linux.. But who would manufacture such a phone?
Share interesting Technology news and links.
Rules:
To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:
More sites will be added to the blacklist as needed.
Encouraged:
Misc:
Relevant Communities:
