zlacker

[return to "Google will allow only apps from verified developers to be installed on Android"]
1. arielc+542[view] [source] 2025-08-26 11:11:45
>>kotaKa+(OP)
Meaning to use your device you need to have a contractual relationship with a foreign (unless you are in the US) third party that decides what you can or cannot do with it. Plus using GrapheneOS is less of an option every day, since banks and other "regulated" sectors use Google Play Protect and similar DRMs to prevent you from connecting from whatever device you want. Client-side "trust" means the provider owning the device, not the user.

Android shouldn't be considered Open Source anymore, since source code is published in batches and only part of the system is open, with more and more apps going behind the Google ecosystem itself.

Maybe it's time for a third large phone OS, whether it comes from China getting fed up with the US and Google's shenanigans (Huawei has HarmonyOS but it's not open) or some "GNU/Linux" touch version that has a serious ecosystem. Especially when more and more apps and services are "mobile-first" or "mobile-only" like banking.

◧◩
2. pimter+V42[view] [source] 2025-08-26 11:20:21
>>arielc+542
I think Play Integrity is the fundamental issue here, and needs to go. That's the crux of the issue.

Allowing apps to say "we only run on Google's officially certified unmodified Android devices" and tightly restricting which devices are certified is the part that makes changes like this deeply problematic. Without that, non-Google Android versions are on a fair playing field; if you don't like their rules, you can install Graphene or other alternatives with no downside. With Play Integrity & attestation though you're always living with the risk of being cut off from some essential app (like your bank) that suddenly becomes "Google-Android-Only".

If Play Integrity went away, I'd be much more OK with Google adding restrictions like this - opt in if you like, use alternatives if you don't, and let's see what the market actually wants.

◧◩◪
3. brooks+xf2[view] [source] 2025-08-26 12:36:36
>>pimter+V42
If play integrity went away, all mainstream Android users would suddenly experience a huge increase in captchas and other security measures.

It’s funny to see the volume of comments on HN from folks who are outraged at how AI companies ferociously scrape websites, and the comments disliking device attestation, and few comments recognizing those are two sides of the same coin.

Play integrity (and Apple’s PAT) are what allow mobile users to have less headaches than desktops. Not saying it’s a morally good thing (tech is rarely moral one way or the rather) just that it’s a capability with both upsides and downsides for both typical and power users.

◧◩◪◨
4. j4hduf+WC2[view] [source] 2025-08-26 14:35:10
>>brooks+xf2
It is not so simple!

Play Integrity's highest level of attestation features requires devices to be running a security update which is within a sliding window of 1 year.

LOTS of Android devices have not released a security update in many many years. This forces users to unnecessarily upgrade to higher end OEMs.

Google is effectively pushing out Xiaomi, Huawei, and many others that offer excellent budget options. Google is not just offering you the comfort of not having to fill out CAPTCHAs on your phone, most importantly they are playing monopoly.

◧◩◪◨⬒
5. fnimic+SF2[view] [source] 2025-08-26 14:47:06
>>j4hduf+WC2
Why can't "low end OEMs" release security updates?
◧◩◪◨⬒⬓
6. devmor+4O2[view] [source] 2025-08-26 15:18:55
>>fnimic+SF2
They can, it would likely just increase the cost of cheap devices to end users, as the manufacturer now has to provide additional software support and does not want to lose money.
◧◩◪◨⬒⬓⬔
7. donkey+5X4[view] [source] 2025-08-27 06:26:15
>>devmor+4O2
Why does the manufacturer of the phone have to write os upgrades?

I never had to wait on Dell to type apt update and apt upgrade.

◧◩◪◨⬒⬓⬔⧯
8. devmor+nV5[view] [source] 2025-08-27 13:58:42
>>donkey+5X4
Because when you buy most smartphones, you're buying a vendor locked device and choosing to stay within their ecosystem. That's how Google has designed their monopoly. Apple is the same way, but non-fragmented.

You've never had to wait for Dell to type apt update and apt upgrade, but MacOS users have to wait for Apple to update their computer.

◧◩◪◨⬒⬓⬔⧯▣
9. donkey+g56[view] [source] 2025-08-27 14:43:16
>>devmor+nV5
That was my point, this is a self created problem by the manufacturer.
◧◩◪◨⬒⬓⬔⧯▣▦
10. devmor+qj6[view] [source] 2025-08-27 15:49:18
>>donkey+g56
No, it's a prerequisite to doing business.

The OEM phones are cheap because the manufacturer sells them at a loss, recouping money by locking them down and pre-installing certain software.

The alternative is that Google is properly regulated, or cheap smartphones phones don't exist.

◧◩◪◨⬒⬓⬔⧯▣▦▧
11. donkey+eU6[view] [source] 2025-08-27 18:58:34
>>devmor+qj6
Its possible the forced apps are a cost recouping mechanism. But how does a phone bootloader being locked down become Google's fault? Does it mandate that for some kind of Android certification?
◧◩◪◨⬒⬓⬔⧯▣▦▧▨
12. j4hduf+Li7[view] [source] 2025-08-27 20:52:29
>>donkey+eU6
Yes Google mandates a locked bootloader in order to meet Google Play Integrity's remote attestation. More generally it mandates a perfectly clean and valid secure boot chain. Among a variety of other requirements.
[go to top]