The future of this elegant and proven system was put in jeopardy last month, when Google unilaterally decreed that Android developers everywhere in the world are going to be required to register centrally with Google. In addition to demanding payment of a registration fee and agreement to their (non-negotiable and ever-changing) terms and conditions, Google will also require the uploading of personally identifying documents[^regid], including government ID, by the authors of the software, as well as enumerating all the unique “application identifiers” for every app that is to be distributed by the registered developer.
If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all. F-Droid’s myriad users5 will be left adrift, with no means to install — or even update their existing installed — applications.
But what can we do beyond letting out elected officials who don’t care know about it? How can we really push back against Google for doing this?
Donate to PostmarketOS so that we have a polished Linux alternative to Android.
https://postmarketos.org/
I will, I think Google has proven that android can’t be the “open source” alternative, especially since it’s not even open source anymore
Only purchase devices you can unlock bootloader and root, then bypass this with an Xposed module that hooks into Package Installer like how you would bypass Google’s stupid minimal SDK version requirement for side-loading that’s already enforced for years.
Google has made it absolutely clear that for years there’s absolutely no reason you should ever use an Android device without root anymore than you should use a personal Linux device without sudo lol
Unfortunately for work I’m not allowed to have a rooted phone, that’s their only requirement. On top of that working in finance I know that tokenized payments like Google wallet and apple pay are the most secure, and I like leaving my wallet at home and paying with my phone. I hear though no other OSes or roms support wallet, is that still true?
If work pays for your work phone, then this isn’t relevant to that. The company I work for provides me with an iPhone - they pay for the device, service, and insurance. It’s not my phone, so I’m not gonna bitch and moan about not being able to jailbreak it. I have my own phone for that.
The iPhone lives in my work backpack with my work laptop. Both are actively ignored unless I’m on the clock.
Tell them its a security risk and refuse to use a phone that’s not rooted. You can’t even get an iptables firewall without a rooted phone ffs
Then get another cheaper phone for work, you don’t need an expensive high end phone just for work, it’s not like you’re gonna run engineering simulations on your phone anyway, and there are a lot of good reasons to keep your personal phone and work phone separate too.
In Asian countries there are many digital payment platforms other than Google Wallet and Apple Pay that don’t care about root, or are very easy to spoof for root status. And besides relying on digital payment platforms that are specifically owned by Google and Apple, and willingly stay locked inside their walled garden, is increasingly seem like vert very scary things these days don’t you think?
Very good points except for my work phone I need to then pay for a separate sim on that one which is why I haven’t. For wallet and finance the problem isn’t that the community can’t build our own, it’s that banks would never trust it because it’s not backed by a company. So we’re locked into those few for now, but they are more secure
Why not just use credit/debit cards like we used to do before Google Wallet got its current market dominance in certain regions?
And for most of the service apps like Uber you can just add your credit card information so payment never need to go through Google Wallet anyway, and you can also deal without your bank directly if there’s a purchase dispute instead of having to have Google in the middle, no?
By the way you’re in EU right? I’m curious which region is having so much issues with all of these
I’m in the US unfortunately here.
So working in FinTech for decades taught me a lot about how these systems work. To be clear, I’m talking about adding a credit card to your google wallet, not keeping money in your google wallet, so disputes and everything still go through the credit card company. Call me paranoid, but carrying around cards now is a risk, especially when traveling. I carry around one spare in case the phone gets stolen, but it’s the card I know I can lock down immediately.
Tokenized payments are the most secure because no data about you or your payment info is transferred at the PoS/terminal/till when you check out. It requests a one time token from google wallet/apple pay/whatever and some metadata about the transaction into the terminal, which passes the token to the banks. The actual passing of private details then happens solely between those two parties, the money is (scheduled) to move, and the bank informs the register that the sale went through.
Credit and debit cards contain your personal info. While the stripe exists on it it can be skimmed and duplicated, and even with the chip someone can still steal it off of you and make bogus purchases. Tokenized payments you are required to be present for it to work. If someone steals your phone they can’t access the wallet app without you there, it’s low likelihood they could even access the account without you there. Even then, you can erase it remotely now.
So, I don’t care that it’s Google wallet, some other name would be fine, if there was a more open one I’d use that in a heartbeat, but I am a stickler for tokenized payments. It’s just undeniable that they’re more secure.
I think you can set up apple pay on an apple watch and use it offline. So if you are fine with getting a cheap iphone to set up the watch could be a convenient way to only have to go around with a phone and use the watch to pay for stuff. Multi devices seem the best route for those who need functionality moving to custom roms might not offer.
Not using it but I heard curve does it too over graphene OS. (And no, it’s not a bank nor FOSS) But if a tokenised wallet app is all that keeps you from Moving forward …)
It quite literally is the primary thing! This works on Graphene? I’m very interested then! Sure it’s not FOSS, but I’d be honestly surprised if anything in the banking industry went OSS, let alone FOSS. I don’t care about their money back schemes or anything, but I’m all for more competition in that space!
Yeah… The benefit to increased security there is marginal at best. Google wallet doesn’t play nice on rooted devices, and having a rooted device that allows me to tell Google to fuck right off is far more worth it than slightly more convenience.
Yes I agree that in terms of a financial service, tokenized transaction system indeed architecturally guarentees greater safety, but a bigger concern is the provider of this service.
Did you not hear about what happened recently when a certain major payment processor realized they can arbitrarily enforce what they think other people should and should not be able to buy, by withholding the availability of such service? Well functionally the exact same thing is happening to you, Google doesn’t want you to be able to control your own devices because Google is an advertising company who also profits from selling your data, annnnd Google also happens to be the commerical supplier of Android with their commerical GMS certification program which includes Play Integrity check and all that, so they can arbitrarily decide that if you attempt to have more control over your own device, you don’t get to use Google Wallet anymore.
Are you happy to submit to this mafia practice from Google? I wouldn’t lol. Not saying I have a solution but then again I don’t think any single individual could possibly have a solution to the disaster that is the US capitalism.
Just don’t install gapps :yawn:
Stop buying their phones and using their services?
And use what?
Go chinese
That would involve missing out on apps people may need in their country due to no play store.
And even if a phone like oneplus does, there are still issues. One example being them moving to being less friendly to custom rom devs which ended up killing the custom rom scene. Groups like lineageos don’t appear to support their newer phones so you end up having to use random custom roms from unknown people uploading stuff to telegram which isn’t a great idea for privacy or security.
So its not as simple as just get a Chinese phone or get an unlockable bootloader phone. Have to see if the few more trustworthy custom rom groups support the device.
Degoogled phones, there are plenty.
In any case, you can probably prolong the usage of your current phone for a few extra years without issue. So don’t panic yet.
It’s not the Gapps, it’s Android itself. Have you hit your head?
What the hell are you talking about? Android is OPEN SOURCE. Degoogled phones will simply modify the codebase to avoid Google limits and bloat, like they are doing literally today? LineageOS, GrapheneOS, /e/OS…
I said degoogled phones, not degoogled apps.
“modify the codebase” Alright good luck with that buddy. Let us know when you’re in the mainframe.
Okay, see you when inevitably all the Android forks keep working fine with sideloading allowed. 😘
Making my next phone a classic flip phone would probably do me a lot of good.
I think I’m almost at that time where I dump the internet. I’m 50 and I was an early adopter. I’m a very frequent user, however this is not the internet we all fought for. It’s been slowly eroded to a corporate money grab and I’m not really down for that anymore. I’m tired and I think the internet needs to go away for me.
I’m pretty much on the Internet to look up information for video games, Fediverse, and write the occasional email. My smart phone is mainly to receive emergency calls from family, coworkers, and the occasional navigation task but they still make GPS units.
Sounds like we’re both old enough to remember that there is life without the Internet. I could do it. Tech companies are out there acting like there’s no alternative.