- cross-posted to:
- android@lemmy.world
- cross-posted to:
- android@lemmy.world
You must log in or register to comment.
The reason I felt forced to iOS. No more choice. No more GrapheneOS or CalyxOS for me. Or at least that would make my life very difficult. National ID authentication, banking apps had stopped working.
GG Google. Destroy what made Android.
This trend of being actively hostile toward your user base is so confusing to me.
It would be confusing if everyone didn’t simply tolerate it.
They project that they’ll make more money by forcing people to accept surveillance so they can run their apps, even if they lose a few users and app developers by doing so.
I’ve always been of the opinion that apps are almost always useless because there is usually a way to do it through a web browser and if there isn’t I don’t need it. And its usually better because then I have more control (in firefox anyway).
For example the youtube app is entirely unuseable but if I open firefox and use ublock and no script then suddenly I can actually use the website.
i use firefox forks for mobile, op12r-
deleted by creator
Is users stop using custom ROMs, Google loses nothing.
Their user base is not who you think they are. The people you think are users are just assets, it’s okay to be hostile to your assets
That´s standard enshittification. They know they´ve got users locked in without any alternative.
One of the reasons to always cheer on (new) competitors and why we should give new companies a fair chance to establish something
The problem is that systems like this have strong network effects working in favor of the established options, nobody develops for platforms without users, nobody wants to use a platform without apps, development has more resources (existing libraries, tutorials, reference documentation,…) on existing platforms,…
So, help break the circle. You can target any of the nodes you mentioned.
- develop for the platform even if it has no issues (file it as “future-proofing”, “engineering concept”, whatever).
- use the platform while waiting for apps to come up, provide feedback on what apps are needed (and provide feedback on what can be done app-less, which is even more important).
- provide resources for develpopment (this one is somewhat more restricted).
None of the technologies that are abusing the network effect today started with a full charter of users.
It’s so confusing it only makes sense to business majors. /s
Their goal is to ensure OEMs only bundle Google-approved Android for which Google charges licensing fees and which funnels users into Google services. If a phone won’t run your banking app, you probably won’t buy it.
deleted by creator
Mobile check deposit is a moderately important use case in the USA. It would be possible to do that via the web, but banks usually don’t.
Regardless, any apps refusing to run will annoy users, and they would likely blame the one brand of phone where that happens instead of the app developer or Google who actually deserve the blame.
What do people even do in there ?
In France some banks illegally force users to use the banking application to approve online transactions as a security feature.
They could implement OTP as an alternative but they don’t because they are lazy.
Which ones? I’ve been on Boursorama, CA and SG, and they all provide SMS 2FA if you don’t want to use the app.
It depends which local branch. CA and the Caisse d’Epargne lied to me about it. BoursoBank is good though.
deleted by creator
This seems like it’ll break things like revanced, which honestly makes me sad mostly for Duolingo :(
Really hope folks find a way of spoofing this too. I’m hoping to switch to a custom ROM in the future and this doesn’t bode super well
At this point I’m leaving a paper trail in my comments. Sigh, I’ll keep it short and sweet.
If you’re using ReVanced to hack and get through Duolingo, then I think you should just drop the service. There are countless free resources out there that do a better job, and aren’t predatory or make you hate learning. Duolingo is good for beginners and about a month or two of learning. Please let that app go, especially since the CEO thinks AI is a suitable replacement for the education system…
At some point I will but I’m not currently ready to make that transition. My friend and I are using Duolingo together and the social aspect plus the familiarity of the structure have been really helpful
They walked back the ai thing (at least that’s my understanding about it, I think there was a statement about it, not that that means much) but it’s very clear it wont be something that’s likely to work for me long term
But for the time being the structure that it provides and its format has helped me build a routine and actually stay pretty consistent, and I don’t think I’m at a place yet where I can transition away from it
But I have checked out the Foss options and there were some neat supplemental tools on f-droid, and at some point I’ll go through the play store and try out direct alternatives
Seriously, what is wrong with Google?
Google is doing this because they have incentives to do so. They want to block malicious actors like attack their platforms.
Other companies want to lock down their own apps because they don’t think users should be permitted to do anything other than use their apps exactly as they want.
I don’t like it as a user, but I also see the reason why companies want this by being on the security side of software.
Too big and entrenched
deleted by creator
Wasn’t this on Pixels already?
Google’s updated Play Integrity API
How can these people talk about “integrity” when they break real existing phones?
I call this the opposite of integrity.
Bit hyperbolic, don’t you think? Rooted/Custom ROM users are so tiny, and they typically use security vulnerabilities to obtain root access. It’s not exactly surprising that Google closes those vulnerabilities when it can.
Google can’t exactly make root access and custom ROMs easier to use in 2025. It isn’t 2010 anymore - as soon as rooting becomes easy again, and people are bypassing security measures you know the big orgs, copyright holders and children’s apps will complain to the media and suddenly Google has a shitstorm to deal with.
Just wait until they find another vulnerability, lol.
Many devices, including Google’s own Pixel devices have user-unlockable bootloaders. No security vulnerabilities are involved in the process of gaining root access or installing a third-party Android distribution on those devices.
What’s going on here isn’t patching a vulnerability, but tightening remote attestation, a means by which a device can prove to a third party app that it is not modified. They’re selling it as “integrity” or proof that a device is “genuine”, but I see it as an invasion of user privacy.
Google can’t exactly make root access and custom ROMs easier to use in 2025.
Sure they can. They’re in a much stronger position to dictate terms to app developers than they were in 2010 when it was not yet clear there would be an Android/iOS duopoly.
They don’t want to though, because their remote attestation scheme means they can force OEMs to only bundle Google-approved Android builds that steer people to use Google services that make money for Google, and charge those OEMs licensing fees. A phone that doesn’t pass attestation isn’t commercially viable because enough important apps (often banking apps) use it.
Unlocked bootloader ≠ Root access.
Correct, but it is necessary to unlock the bootloader to gain root access without exploits.
Many people use LineageOS and GraphineOS for security, privacy, and features that base Android simply doesn’t ship.
Rooted/Custom ROM users are so tiny,
That’s what I told her to tell you.
The fuck did you just call me? Ill have you know im actually HUGE
Or is it rather your definition of security or vulnerability that is questionable.
If they break custom roms my next phone will have iOS, not stock Android on it.
So instead of completely using FOSS softwareonly, you just give in to the corps?
This has nothing to do with FOSS, of which plenty exists on iOS
I have yet to see a FOSS ROM for IOS devices. Or like any FOSS app I use, like Etar, a free version of Sncthing, a Retroarch with at least the same functionality as on android, a browser that dosent use WebKit, and a terminal emulator or at least a free fully featured vim app that can access my full storage.
Also, they can’t break Costum ROMs, since AOSP is Open Source.
Also, since none of my devices can run AltStore in order to validate side loaded stuff every 14 days, I have to get everything from the App Store, since AltStore is kinda dead
And also I want to develope my own apps, but I neither have an Apple Desktop, noir do I have 99€ a year to pay for Apples Private key.
TL;DR: Even with Gservices, Android is still just better then iOS since you can just Root it and disable tracking stuff (or not root it and just disable the tracking apps but not Gservices)
If I don’t have Play Integrity spoofed, my iPhone friends get an error when they try to RCS message me. This pretty much breaks communication for me.
This is the future of the Big Tech Internet if we’re not careful. Attestation to be able to use communications and other websites.
I have zero problems with this on Lineage. ?? No spoofing either, just Lineage.
I ain’t clicking on an android authority article. Does anyone know if/how this would effect Graphene?
Already does. Some apps just don’t work. It’ll notif. And say Google api failed to validate login to your Google account. Example app EBay.
Interesting. If I just don’t use any apps from the play store and only use stuff from fdroid with no play services I should see no issues though yeah?
Long as you beware that F droid apps could be malware or some other kind of bad actors. It’s a free range marketplace just be smart. Just because something is FOSS or open source doesn’t mean it’s free of bad stuff.
There’s always a chance any app, even from fdroid, will require play services, but that’s still highly unlikely. You should be fine with fdroid alone, yes.
can confirm, I’m running GrapheneOS right now with F-Droid and some extra repos as my only app store, it works fine for me. but I don’t use banking apps (web browsers do fine for that), and I’m using a de-Firebase-d version of Signal (Molly F-Droid) so no issues so far with no GMS and no SafetyNet.
edit: I should add that a new GrapheneOS update just released, this is in the release notes:
- disable anti-competitive code being injected by the Play Store into apps choosing to enable “App integrity > Automatic protection” when there’s a valid Play Store source stamp signature (proving that it’s an unmodified app from the Play Store, so we aren’t disabling an integrity check) since it prevents using the apps on GrapheneOS when apps also choose to enable “App integrity > Store listing visibility” with either the “Device integrity checks” or “Strong integrity checks” values enforcing having a device licensing Google Mobile Services and running the stock OS (circumventing this is protected by the DMCA exemption for jailbreaking)
so it looks like the devs are actively working around this issue and making changes to allow those checks to pass even without the ROM licensing GMS.
The guys over at GrapheneOS removedslap Google regularly, and I love it.
deleted by creator
No idea but that is one I know about. Apparently the list keeps growing of these API calls being denied or flagged.
Okay? Like, ive been rawdogging this no Google GrapheneOS thing for 2 Years now, and Ive Bad not a single Problem until now
Same. The vast majority of my apps are from F-Droid or directly from the dev, and only a handful are from Google Play, and those are all on a separate profile. There’s only 2 or 3 I actually need, and I can probably work around those.
Screw you Google, my next phone will probably be a Linux phone so I don’t need to deal with this crap anymore.
RIP banking apps and Mc Donalds on GrapheneOS
Fuck Google Play
on devices running Android 13 or later.
Sounds easy then: stay on the latest Lineage that does not incorporate A13.
While I wouldn’t say Google is actively hostile towards these power users,
Author is obviously sold out. Are they even trustable?
on devices running Android 13 or later.
Sounds easy then: stay on the latest Lineage that does not incorporate A13.
This isn’t viable. You can’t run an older android version than a device ships with and eventually older hardware will become obsolete enough that it won’t be able to connect to current gen mobile networks.
For now, sure, you can run android 12 on an older device and bypass integrity easily, but sooner or later that won’t be viable.
That’s true of anything in technology (that is not designed to last; see: typewritrs and radio still work), so not really a variable. By that poiont you’ll either have a dedicated “updated” phone for current-gen slop, or have shifted over to a more private stack, or even have gone fully off-grid.
It doesn’t make it “tricky”, it makes it impossible.
Troja has been impossible to conquer. Until.
Stares at rooted A13+ phone passing 2/3 new integrity checks
It’s possible, but it’s annoying.
Those are the wrong integrity checks
No, they’re absolutely not. Check out tricky store and play integrity fork to see how we’re faking a trusted environment on custom and rooted roms. You can pass new basic+device integrity (equivalent to old strong) with a valid unrevoked keybox on A13+ and strong on <=A12.
It’s a new stage in the arms race for sure but it’s still possible to bypass until all of the keys used to sign keyboxes are revoked.
Edit: the device fingerprint is just as important as the keybox too, either can cause you to fail integrity checks. It’s way more annoying to manage than the legacy “just flash PIF” bypass ever was.
