This change has served me well! I have been a Mac OS X users for years who used an android phone. As soon as google announced their impending walled garden status, I went out and bought into the ios eco system. I have really been enjoying my iphone, ipad, and apple watch.
You see, the only value that Android really offered me was the ability to run my own code on my own device. Since they are taking that way that just makes it a crappier shadow of the vastly superior apple experience. And, as it turns out, ios is less restrictive than it was 18 years ago when I left them for Android!
Even after Google puts this crap in place, you can still uplodad your own apps to your own Android devices, using ADB. Doing the same for iOS, using Xcode, costs you USD 100 or more (depending on country) per year.
I'm in no way defending Google here, just pointing out you're going from bad to worse and think it's a good thing.
Do you run into issues with apps not supporting it? Things like banking or auth? That is the main complaint I see for alternative phone OSes, and I don't know if that has gotten any better.
I've been dailying GrapheneOS for more than 2 years. I haven't had any issues with any of my bank apps. Although there are apparently some that do block usage on non-google-certified OSs. The only limitation in my use cases pre-GrapheneOS that I've found is not being able to make NFC payments through Google Wallet, but I found a bank in my country whose app implemented NFC payments, and made an account with them to be able to convenintly pay with my phone.
edit: and I'd like to add, GrapheneOS brought me back the joy of using my phone. Since 2018 or so I started to dread my phone (and the internet) more and more. Installing GrapheneOS brought back the joy on using these marvelous computers (and self-hosting brought back the joy of using the internet)
The first is the anti-trust angle. Some subset of bank apps don't work because of attestation and that's a significant barrier to adoption for switching to competitors, so it ought to be an anti-trust violation for the platform to do that.
The second is, you try it and discover that your bank doesn't work. If you want it bad enough you can switch banks, and the fact that it doesn't work is a signal that your bank has a weak security team who is just cargo culting deleterious vendor nonsense without evaluating whether it has any real security value.
(The use case for attestation is completely orthogonal to bank apps because it can't prevent credential stealing from compromised phones running a fake app since the fake app won't require attestation, and it can't prevent attackers from using stolen credentials to transfer funds because once they have the credentials they can just use a normal phone, and that's the case even if the attestation was completely airtight, which it isn't. Meanwhile the devices that can pass attestation are generally more vulnerable because it implies they're running the more-likely-to-be-outdated OS that came with the device rather than a third party upgrade with more recent patches, so they're essentially encouraging their customers to not upgrade their OS. Banks that do this are wearing clown makeup and you have to ask if you trust them with your money.)
Whatever issues I've run into I've been able to work around. I don't use tap-to-pay with the phone at all so that's not an issue. The things I get in return for using GrapheneOS all outweigh any downsides.
My bank detected someone logging in with my password from a GrapheneOS phone and made me change my password and scan my face. That was dumb.
With that out of the way, and the device now seemingly authorized, it still doesn't work, because when I log in, the app restarts. That could be a real compatibility problem.
Yeah, I tried that out last year when this whole debacle was announced for the first time.
I'm not going back to paying without my phone. So yeah, I'm not going to a free platform either.
the choice really is mostly down to Google's Android or iOS - unless you're ready to make sacrifices. If you're... More power to you. I'm not at this point in my life right now.
Unfortunately, there is no way to use Google Pay on it. I'm all for trading some convenience for privacy, but not having to carry all my cards is too much of a convenience for me :(
Graphene sounds great in theory. Until you read the device compatibility page and see you're still at the mercy of Google. In order to support graphene you must first pay Google for one of the most expensive android devices on the market. Oh and Google never sold this device in my country so I guess I'm out of luck even if I wanted to do that.
> Until you read the device compatibility page and see you're still at the mercy of Google.
Alternate take: good. I'd rather the GrapheneOS team pick standardized (if limited) hardware configurations to support and then spend their (many multiples less than Google) resources on the platform rather than device compatibility.
The Android OEM diversity mean the time/economics of supporting every phone with a non-Google OS were never going to work, and I'd rather have it working well on a limited number of platforms than poorly on more.
Firmware engineering and patching sucks and delivers little value to the user, because best case (you solved the issue or patched the hardware errata) something basic that a user expects is now working.
Nobody is going to switch to a platform because a phone can now make calls. Even if there are 1000+ human hours in patching some cheap clone LTE chip it uses.
For an Android user, iOS offers better privacy (which can change at any time), but it also comes baked in with better support for some open protocols. (SMB on Files, and CalDAV/CardDAV for Calendars/Contacts/Notes integration). This has been the case for years, while aspects of the 'walled garden' have eroded over time.
It's natural that this huge Android regression might be enough for someone to dip their toes into the other side.
The iOS app store is like the craigslist personals of online markets. I feel incredibly dirty just going on there. I have to scroll down 3-5 options just to find the exact match for what I searched for, many of the prioritized options being look-alikes that could easily fool people into installing some malware-esque garbage.
I love my 13 mini as a phone, but I don't understand how anyone could compare the two app stores and think iOS comes out on top. At least android has f-droid.
I haven't found the need for deeper integration with my laptop beyond what KDE connect is capable of, and my Pixel has a high enough resolution that I can't notice pixels :)
It's probably worth mentioning that as far as i know this change does not affect AOSP phones[1]. I'm currently living with a Kyocera flip-phone[3] for the past few years. I even got F-droid installed, though it turned out to not work all that great on a flip. I wish more people wrote apps for flips. I keep intending to look into writing my own APK if i ever get the chance. As i understand it, it's a bit like The Wild West, though there are places where you can get flip-phone apps[2] like maps, media players, messengers, etc.. i just never seem to have time to look more into this(and i'm a little concerned about getting scammed). I did manage recently to successfully tether my old touch-phone to my flip for a car trip i took, so i could get data to the touch and run maps(i feel somewhat clever to have sidestepped Big Tech on that issue). Hopefully i'll get some time one day to look more into flip-apps.
As if most android maker phones don't already fully own your device - preventing you from unlocking of bootloader and installing an OS that actually doesnt enforce the restriction google is introducing in their flavour of android.
To pretend that with this change android becomes exactly like iOS is... ridiculous? I can pick any 10yo old android phone from my drawer and develop for it, no problem and without asking for permissions. And if I'm already this motivated I'm certainly motivated enough to wait 24hs on future (more locked down) devices.
Do you think people who download NewPipe and alike - to circumvent ads and enable premium features - would think twice because they need to wait 24hs? Will NewPipe devs stop developing (anonymously) because of a small fraction of users who refuse to (or won't) go through unlocking steps?
Show me all these "rebel" apps on iOS ecosystem that can be easily distributed on any channel: fdroid, github, telegram groups, etc.
But sure, if you thinking moving to iOS is the same, sounds like you never really made use of any of the freedoms android used to and will continue to provide
I'm on this path too. Waiting a few more months to see what happens. If they indeed block my 4 apps on my phone (which aren't published anywhere), I will simply move to Apple.
I used a New+Unlocked+Pixel+X on eBay to find a rough price of the phone.
Most people get scammed by their carrier and pay $25-45 per month just for their wireless subscription, and many more get caught up in the device bundles which gets you the "latest and greatest", at a huge price. So people are paying, per month, what you can pay, per year for a Pixel.
You can use Silent Link to pay by the gigabyte with no expiration date. Most people don't need unlimited—I use a maximum of 5 GB per month, and my average is around 3. At $1.60 per month, that is $60 per YEAR for me.
Swap in https://jmp.chat for another 60 dollars per year for calls/texts and you get a $120/year phone bill which is just $10/month.
I will be moving from US Mobile to Jmp.chat once my plan expires.
You could also use US Mobile for $17/month which is unlimited and is user friendly. They also often have Pixels for a significant discount with no lock-in.
Will your 4 unpublished apps be in your android-alternative apple device?
Android will still have the ability to install non-google-distributed programs. The problem is the ominous momentum, but it is still more open than the apple alternative
I'm not the commenter you replied to, but I'm doing the same math they are and coming up with the same answer.
From my perspective iOS is better than Android in a number of ways but Android always won out overall for me, in large part because of the freedom regarding software. Remove that freedom from the equation, I think the balance tips towards iOS.
For me, Google services are not an option, so my Android experience is sans-Google.
Until September 2025, I'd say iOS had actually gotten better than Android.
CalDAV, CardDAV, and SMB are baked into iOS, whereas these are onerous to set up on Android. These are very very nice protocols, and I use them all daily. (Contacts, Calendars, Notes, Reminders, and Files.)
Apple's developer ecosystem lacks the FOSS devs that make F-Droid so good, but they do have a number of devs who release paid apps with zero tracking, which is very nice. It's often the case an app exists on iOS as a $5 one-time fee with a two-paragraph privacy policy for which one does not exist on Fdroid.
Shortcuts work well enough, homescreen customization is good enough, etc. that a number of the original Android draws are gone. There are a number of points where iOS and Android are equals now.
iCloud's E2EE photo backup is something I reluctantly started using and found to be very nice, after having had de-Googled in 2018. I miss having my photos auto-upload and be available on other devices, and Apple has had iCloud Web for awhile. This is nicer than the options I have on Android.
And while Android's notification-panel tiles have gotten worse over the years (down from six to two controls on the first swipe, this was what alienated me and got me to try iOS), iOS now has a much denser "control center".
The big caveat is the gigantic regression that is iOS 26. The phone is slower, it kills battery, the native apps are constantly crashing, the lockscreen and homescreen often have broken navigation flows, etc. It's a travesty that never should have been released and iOS is easily worse than Android right now. If someone needed a phone today, I couldn't recommend an iPhone, but that might change with iOS 27.
>CalDAV, CardDAV, and SMB are baked into iOS, whereas these are onerous to set up on Android
I can only speak to SMB but it is not hard on Android. I use a longtime third party app so not sure what the state of native support is but it works just fine for me, including over VPN
After switching away from GrapheneOS to iOS after RCS stopped working for me, I can safely say my experience has been the opposite. The camera is the only thing better for me on iOS - everything else is buggier and worse. A few of my favorites:
1. Safari is buggy as hell, and requires installing apps to run things like ad blockers.
2. The settings are ALL over the place and very hard to navigate
3. The gestures are clunky - often have to try a couple times to get one of the settings quick menus to drop down
4. Why is the date not displayed at the top of the screen with the time outside of the lock screen?
5. The pin unlock is horribly broken - I have to slow way down to use it compared to Android.
6. Apple maps is hot garbage. I had to install Google Maps anyway to get decent performance.
7. The handling of audio devices seems intentionally malicious - like if I call someone from my car through car play, it shouldn't send the audio out through the phone earpiece. If a call begins with phone earpiece audio and is underway, it shouldn't switch several seconds in to bluetooth headset half a house.
If you don't want to invest in getting your contacts on Signal, you can try OpenBubbles. It gets iMessage on Android devices and works fine.
I highly recommend switching to GOS, it is wayyy better than iOS UX-wise and obviously better privsec and freedom.
One thing that I had to do when I first got GOS, to get a better experience, was find all the Open Source apps that I needed. Otherwise, it looks rather bland and the apps are mid. Once you find the right apps and launcher, everything works much better.
RCS can be hit or miss on GrapheneOS, but they have made significant progress recently. It requires using Google Messages rather than any other messaging app, and may require enabling an ICC authentication option that is disabled by default. And it may depend on your carrier. RCS is kind of a pain in the butt but the messaging improvements over SMS are substantial which is why I wanted it.
When I first tried last fall I had it working for a few weeks then it stopped entirely delivering messages and I fell back to SMS only. After the recent system updates and enabling the ICC option it has been working well for me.
I've found that RCS works ok-ish on the Owner user, but doesn't work at all on any other (it appears as an empty message). Moving to the Owner account you can tap to redownload the message and then it appears correctly in all accounts. It's a mess that makes daily driving a secondary account not worth it
Agree and many more. I had an iPhone 15 Pro for about six months last year and one of the most infuriating things was that you can't get to Camera settings from Camera, you have to go out to Settings.
>Android's openness was never just a feature. It was the promise that distinguished it from iPhone. Millions chose Android for exactly that reason. Google is now revoking that promise unilaterally, on devices already in people's pockets, because they've decided they have enough market dominance and regulatory capture to get away with it.
This is why I've stuck with Android for the past 15 years.
This is a very HN view of Android. The "openness" of Android was for mobile device manufacturers, not app developers and end-users. Android's prominence was driven by the myriad of low-cost Android devices by multiple device manufacturers, whereas iOS is only available via iPhones.
The vast majority of users don't care about "openness" of the OS. They care about the utility of their phone in everyday life.
Can I access digital payment systems, social media apps, and entertainment apps? How's the camera on the phone? How big is the screen? Is it waterproof? How expensive is it?
These are the questions the majority of phone buyers care about. Not, can I download an app off of a random website and install it?
I developed my first Android app when I was around 16 years old and I remember distinctly wanting to publish it on Google Play, but couldn't because they required developers to be 18+, and this was even before they introduced strict identity verification requirements. And iOS was a lost cause as XCode famously requires an operating system that only runs on very specific hardware for which I had no money. No matter, I published an apk on a website and ended up reaching a few tens of thousands of users that way. My app ended up transforming a (niche) industry and making a real impact on the world.
If Android isn't open, we lose the last open mobile operating system, which will have immeasurable negative effects on computing as a whole. People will need permission from either Apple or Google to create any mobile program. If you don't fit into their neat little system, you don't get permission. If I hadn't been able to publish my app for another 2 years I probably would've shelved it, decided it was stupid, forgot about it, got busy with other things, and never published it.
This is why I really wanted Capyloon to take off [1]. The idea was to build a whole mobile OS around PWAs. App Stores are just CDNs. There are no weird rules about payment processors. The ecosystem did not need to start from scratch.
Unfortunately, it just never gained the necessary momentum.
>For you, is the openness of Android appealing as a matter of principle or does it enable you to do things you couldn't otherwise do?
Both. I don't like the idea of locked down computers and that includes phones, especially now that they're so prominent in our lives.
I dabbled in Android development for fun a decade ago and I loved how there was no barrier to entry. I've loaded apps that aren't available on the Play Store and have loaded apps that my friends have made just as fun side projects.
There was a handheld gaming system in the early 2000s called Cybiko. That and Dreamcast homebrew opened my mind up to the power of computers and having control of your hardware. These things should not be locked down. I liked messing around with making little programs on the Cybiko and downloading homebrew games for that and the Dreamcast. The openness of Android really excited me when it was new because I thought of it the same way as a Cybiko or Dreamcast or PC and not a locked down device where I can only run software approved by the hardware manufacturer.
I actually use the ability to install custom software on Android. I actually use the ability for Android apps to bundle JITs, and language interpreters, and other things that allow you to extend the app at runtime. The Apple walled garden would be unusable for me. And moves like this one to turn the Android ecosystem into the Apple ecosystem will generally be regressions.
If anything, I'd like more openness in Android. For instance, apps should not have any control over what data I can back up; I should be able to back up every aspect of every app, restore it to a new phone, and apps should not be allowed to care.
The openness of Android also acts as a check of sorts on how restrictive the walled garden can get. If google were to clamp down on useful functionality in the play store, then you could always install apks yourself. But if the latter is no longer an option, then there's much more temptation to google for the former.
I get the feeling that clamping down on useful functionality is often an unfortunate side-effect of closing down paths that are being exploited by criminals to harm users.
What should Google do when a change they are making to protect regular less-technical users breaks functionality needed by more advanced users?
> What should Google do when a change they are making to protect regular less-technical users breaks functionality needed by more advanced users?
Have people read and type in a message saying "I'm not on the phone with a potential scammer who is trying to get me to install a package that may be dangerous", trust people to actually read what they're typing, and if they can't read and comprehend that, stop getting in the way of them shooting themselves in the foot.
The problem with the toxic max-security[0] arguments is that it is always possible to invent a more gullible fool. There is no security measure that will perfectly protect a user from getting scammed out of everything, save for scamming them first and then treating their property as your own. That's the Apple argument. The only way you can keep people secure without falling into the same rhetorical trap Apple employs is with bright red lines that you swear not to cross, no matter how many people wind up getting scammed, because at the end of the day, people are adults, and their property is theirs.
Furthermore, we have to acknowledge that scam-fighting is not Google's job. They can assist with law enforcement (assuming they do not violate the rights of their customers while doing so) but they should not be making themselves judge, jury, and executioner in the process.
If you want a more concrete technical recommendation, locking down device management profiles would be a far more effective and less onerous countermeasure than putting a 24-hour waiting period on unknown app installs. Device management exists almost exclusively for the sake of businesses locking down property they're loaning out to employees, but a large subset of scams abuse this functionality. Part of the problem is that installing a device profile is designed to sound non-distressing, because it's "routine", even though you're literally installing spyware. Ideally, for a certain subset of strong management profile capabilities, the phone should wipe itself (and warn you that it's going to wipe itself) if you attempt to install that profile.
You can download torrents on an android and plug usb media devices into it. When I was bicycle touring Europe with my wife a couple years ago we constantly downloaded books for direct input into our kobos and shows and movies to fall asleep to at night you could play from random, often old and crappy, hotel and airbnb televisions. You can’t do any of that on an iPhone.
That said; iPhone is my main phone, has been for a decade or more. But I deeply appreciate what you can do with an android.
I used to build custom apps for my Android all the time, install APKs, transfer files over USB, use USB tethering on my Linux computer, torrent, use a mouse and keyboard (I think iOS can do this now though), use the integrated terminal, etc.
A few years ago, iOS lacked basic features like widgets, NFC, calculator on their tablets, etc. And iOS still has a completely inferior keyboard (I used to write code and essays on my Android while walking) and a completely inferior notification system. Androids are also the only phones still offering a fingerprint scanner, which is way better for me. These nice things all combine well with the oppenness.
What's worse is that we're clearly in a progression of restriction. Bootloader restrictions, app installation restrictions, "age verification" requirements, etc. Openness is being locked down from every angle with serious momentum, it's not anticipated to stop here.
I'll chime in with a really basic example. On my Android phone, I can have syncthing run as a background task. I can point other applications to use a data folder, in my syncthing share, and store their persistent state there. The Camera app, for example. Or Obsidian, my current favorite note taking app. Syncthing, by virtue of being always on and manipulating a decades old, very well understood filesystem concept, "magically" syncs all of these changes to every other device I own. Entirely offline, even if the internet is out, because the devices can just talk to each other.
So far, I have been utterly incapable of getting my iPad to do anything remotely similar. It can run syncthing, technically, but not in the background. Apps don't have a shared filesystem structure, so it's difficult to get anything else set up to "save within my shared folder" in a way that would work, and that disregards that the syncing cannot occur when anything else is open. There's all sorts of cloud backup options, but those require the internet and even when they're working, there's this awkward import/export flow that adds friction to the whole dance.
In isolation this would just be a small papercut, I guess, but these sorts of limitations are all over iOS. It's just terribly hostile to anyone not fully committed to the Cloud-first, Apple-hardware ecosystem. Android doesn't care, and doesn't have to care, because it lets me run the software I want. It's a really small set of programs too, at the end of the day. (Firefox with real extensions is the other one.)
This is the exact reason we switched my wife from iPhone to Android – because her iPhone couldn't sync reliably for our shared password vault or for Immich.
You have been able to sideload on iOS for years; I first did it in 2021 but I think it was earlier than that. You just needed to create a server on a Mac and you could easily load apps on, all without any kind of special jailbreak. When Delta got released on the App Store, that was cool and all, but I wasn't as impressed as others because I had already been playing emulators on my iPhone for years.
Was it convenient? No, of course not, but it's been an option for quite awhile; to me the biggest advantage for Android was the fact that it was relatively easy to sideload apps.
To be clear, I don't like that Google is doing this, and I think arguing that it's for security is a half-truth at best. I could make my phone 100% "secure" by pounding a nail through the NAND chip; no one is getting into my phone after that.
With the advent of vibe coding, a part of me wonders how hard it would be to hack together my own phone OS with a Raspberry Pi or something and a USB SIM card reader. Realistically probably too much work for me, but a man can dream.
From what I can tell, Graphene OS will be unaffected. Some of the app stores like Aurora and F-Droid may run into problems during the verification process. Best I can tell (and read from other sources) is an inconvenient 24 hour wait period and many have said the Graphene team will overcome that in short order.
I would say keep the faith as I'm in the same boat and have made my choice for privacy and control. Giving up everything when it could very well be a minor setback is worth holding the line.
Downvoted for posting facts?
Wow, big shocker. Seems HN dislikes facts even more so than Reddit, imagine that?
Just an FYI:
GrapheneOS is an independent operating system based on AOSP (Android Open Source Project) and does not come with Google Mobile Services (GMS) or Google’s proprietary "certified" software, meaning Google's rules for Play Protect-certified devices do not apply.
- Operating System Level: GrapheneOS is not a "certified" OS in Google’s ecosystem. It has full control over its own package management and installation processes.
- Sandboxed Google Play: Even for GrapheneOS users who choose to install Sandboxed Google Play Services, these are treated as regular, sandboxed apps and cannot restrict or block the installation of other third-party apps.
- Sideloading Freedom: GrapheneOS will continue to allow users to install apps from any source (like F-Droid or Aurora Store) without requiring developer identity verification
Just to play devils advocate, the petition is a bit of FUD too, no? I ask as an F-droid user and downloader of unofficial apks. Speaking purely from my own experience, all the side-loaded apps I care about are fungible; I could get them or similar quality equivalents from GPS. With the exception of a 4chan reader, that hasn't been hosted there and likely won't be. I don't mind the 1 day wait too much.
I understand political dissidents and those living under authoritarians may have much more concrete Fs and Ds but for me (us?) it's mostly U.
The problem is the slipper slope. If we let Google get away with this, it will only get worse.
Just see the Play Integrity API making the user experience more difficult on more secure devices like GOS with mo security benefit.
>Play Integrity permits a device with years of missing security patches. It isn't a legitimate security feature. It checks for a device in compliance with Google's Android business model, not security.
I do. It's my device. And I've been in the position of having to buy a replacement phone in a pinch; having to wait an extra day before having a usable replacement is not acceptable.
In terms of apps I might not be able to get from the Play store:
- Signal, depending on what country I'm in in the future and whether they've tried to restrict things they can't backdoor.
- Vanilla Music, which remains the best music player I've used. (I wish there were an Android version of Quod Libet.)
- A fully capable version of Termux. (the Play store currently has a less capable version that's maintained separately, which could go away if someone decides to stop putting up with it).
- Syncthing-Fork, which has at times been undermaintained in the Play store.
I'm gonna try out Vanilla Music now. FWIW I use Musicolet from GPS and it's quite nice. I hope to learn whether and how our criteria intersect by exploring Vanilla....
Update: out of the box it seems to be reading tags strangely. Maybe I could fix this studying the settings more, but I'd say you have an upgrade opportunity switching off Vanilla. Signal is hard to replace though.
Let me play out a scenario, imagine to use a Desktop Hardware like a complete built rig, you would need a specific OS like Windows 11 and you could not run Linux on it, just because it's a vendor lock-in.
Why is this acceptable for phones but would not for the case above?
I know a lot of people don't care, and that's ok, but we should root for an open choice for the users.
It’s the same situation as game consoles. Custom built hardware that is only meant to run the one specific vendor OS. There have been many other computing devices like that in the past as well. The general purpose desktop computer that allows a choice of operating systems is actually less common than the other way. Historically, people didn’t expect to run alternate operating systems on a mainframe, 80s and 90s computers like a Commodore 64, Power PC Macs, Amigas and DOS/Windows machines until Linux came along.
That’s odd, because I remember being a user of MUSIC on the university System/360. I imagine it also sounds odd to all those people who ran AT&T Unix on their PDP/11 systems instead of a Digital OS like RTS/11. Or the people who ran Xenix on their PCs. Or the folks like me who installed OS/2 on what was sold as an MS-DOS machine. Then there were the folks who ran A+ on their Atari.
Oh yeah, odd. Anyway, I’m aware of alternate mainframe OSs but I’m not sure how common using one was. Other than OS2, alternate OSs for other systems were rather rare, though it is worth noting that they were not forbidden or blocked.
The author as well as commenters in this thread are claiming that people choose Android over iOS or vice versa
One could argue this is false dichotomy
These people are actually choosing a particular form factor with particular specifications that, more or less, only runs corporate mobile OS^1 instead of form factors that run non-corporate OS
1. Or some derivative of one that relies on the corporate distributor and replicates the tethering to a third party, e.g., "phoning home" to the OS distributor, "automatic updates" (remote code execution), etc.
There are other form factors of computers that can run non-corporate OS, where "phone home" and RCE code does not exist or, if necessary, any undesired code can be easily removed by concerned users
In sum, one could argue that with respect to control, privacy, etc. (a) choosing to use one corporate mobile OS over another is not a meaningful "choice" when compared with (b) choosing to use a non-corporate, open source, "compilable by the user" OS instead of a "locked down" corporate mobile OS
This choice can be made on a case-by-case basis depending on what computing problem the user is trying solve. With respect to anyone who seeks to use their "phone" as a general purpose computer to solve every computing problem, one could argue the "choice" of one corporate mobile OS over another is not meaningful with respect to user control, privacy, etc.
Instead "tech journalists", "tech blogs" and online commenters prefer to argue over which is the "better" corporate mobile OS. The truth is, with respect to control, privacy, etc., they all suck
Right on the nose. And to make that problem worse we've integrated a fair share of our lives into these devices, for which there is only 2 terrible choices. I can't tell you how many friends have expressed to me that they'd love to try GrapheneOS or get out of the mobile ecosystem entirely, but all of them use mobile apps for banking which effectively locks them in. It's basically the devil's bargain because we've added so much ease of use functionality to our day to day lives through these devices. In exchange Google is now showing us it was never ours to begin with.
Do not sign up. Don't join the program by signing up for the Android Developer Console and agreeing to their irrevocable Terms and Conditions. Don't verify your identity. Don't play ball.
Google's plan only works if developers comply. Don't.
Talk other developers and organizations out of signing up.
Add the FreeDroidWarn library to your apps to warn users.
Run a website? Add the countdown banner.
To be sincere, they were never truly ours. A proof of that is they were able to come up with this, and you don't have a way to reject it.
What we actually need are (open) alternatives, not to double down on Google's ecosystem and Google-controlled OS. We need to control the device we bought and be able to run whatever we wish on it. Just like we do on PCs.
But unfortunately there really isn't a great alternative. I painfully attempted to use Ubuntu Touch and its always the same thing. The lack of available apps, the lack of app development in general for the platform was pretty eye opening. Add in having it only run on really old devices isn't much help either. Its promising, but a long ways off even from some of the non-standard roms I've used like Evolution X which is a Lineage fork.
If this really does cripple a lot of the known custom roms out there without any solid alternatives other than Graphene? It could really be a huge turning point.
Security is essential for an appliance like a smart phone. I fight the general purpose computing battle on my desktop with Linux, but on my phone I just need something that won’t be hacked.
My position regarding devices is that only 2 out of 3 should be satisfied:
1. Used as a proof of identity (for banks, govt services, etc.)
2. Is distributed to laypeople who have more pressing concerns in their lives than security.
3. Is an open platform where you can download apps arbitrarily from the Internet that can read your data and exfiltrate them to a malicious actor.
The mainstream today chooses 1&2. Novelty, underpowered devices choose 2&3. Hobbyists have option 3 (and those who like to live dangerously 1&3) with some inconvenience. You can still run GrapheneOS... and the mainstream apps that expect your device to be a proof of your identity won't work... and I find that quite reasonable.
It's a number of false choices. Google has complete control over Android and they could easily implement 1, 2, and 3 if they wanted. It's not as if they couldn't provide the means for certified secure enclave apps in addition to normal ones.
I take issue with the idea that openness and freedom to install arbitrary software cannot occur without strong safety mechanisms. Android/GrapheneOS/iOS have sandboxing and permissions systems that put most desktop OSes to shame. The base platform can control apps' access to every resource, and an app store can put its own caveats and reminders to users for what kind of access is needed for the functions of a given app.
Sandboxing and permissions provide a different type of security than application signatures. Sandboxing can limit app capabilities, but it doesn't change the fact that you can accidentally grant a malicious application permissions.
Application signatures and developer identification bring a different kind of application security. It provides the security of societal legal systems and legal ramifications for malicious actors.
In the end, you still have the choice to trust the "system" or your own judgment.
I don't care, I run Graphene, and my phone is definitely mine. Most Android apps just work, and the ones that don't are the kind of malware I am happy to do without.
I use GrapheneOS too. Most of the time it works great, with some weird bugs around group messages and needing to restart every now and then to get to a fully functional state between the browser and keyboard properly working with each other and the network connectivity going away. I do enjoy full control on network connectivity and notifications.
But beyond whether the OS is good or not, "fuck you, I've got mine" is not only sad as a position in general, it is also a bad tactical choice, because over long enough timeframes you can't assure that you can keep yours if others are deprived.
I agree about "I got around the system so I don't care how bad it is.", but it is at least still a form of saying "an alternative to this problem is Graphene", and that can't be repeated enough until a whole lot more people are using it, or anything else like Lineage.
Graphene (or anything else) will only stay a useful option if a whole lot more people use it so that government agencies and banks can't ignore that many people. A whole lot more people need to feel they aren't completely alone if they thought about using it, that it's actually a real option and not a kooky crap option.
Right now agencies & companies can totally ignore them all, and everything that still works today is just luck.
I haven't used Graphene myself. At the moment I have a stock rom that's merely rooted using the official manufacturer supplied bootloader unlock, and my small local credit union bank apps work, and the LG app that controls my air conditioners and microwave does not. Even if the bank apps didn't work it wouldn't matter because they have working web sites, and I never wanted an an app for my appliances in the first place.
But any day that could change.
It's just luck the banks have web sites that work in firefox on linux, and just luck there are no functions I need on those appliances that require the app.
I've been using it for a bit over a year. Installed in a few minutes thanks to WebUSB. A bit of research needed to set the right permissions on Google Play Services.
After that? I only had one application fail due to Graphene's memory allocator. No weird bugs, no need to restart like some siblings are commenting. As close to the "Graphene just works" as it could be.
However, I'm not heavy into Google's ecosystem. Google Pay will not work but I'm not a user, some Google features won't tell you why they don't work but I'm not using them either (Quick Share for instance), none of my apps require the highest Play Integrity level. Maybe the person who say this are a specific type of person where use-cases don't overlap with what breaks on Graphene.
The interaction of secondary users with RCS is borked to all hell. It just plain doesn't work.
Firefox + stock keyboard stopped properly working three days ago, it's back to normal now. No idea what that was about. Restarting was the only way I found to get things working again during that period.
While on the stock Android keyboard, it is clear that the Google one is much better at correcting my taps than the stock one. My typo count has gone up significantly.
Every several weeks the mobile connectivity stops working and nothing short of a restart will get it working again. This might be a bad interaction of the very weird way Google Fi works with a secondary user account.
I've encountered one case of the phone shutting itself off to install an update overnight and not turning on, making me miss my morning alarm.
In the US, there's no way to side step the lack of tap to pay.
Getting apps to work with Android Auto requires some finessing.
These are the things I've encountered in the last 2 months of using Graphene.
Aside from all of that, I really like everything else about the OS. As it stands, it does lacks polish when straying outside of the common path. Not using a secondary account, nor Google Fi on an eSIM, and using the stock browser would likely improve my experience significantly.
I haven't encountered an app that wouldn't work yet (but have installed play services as I do want to use Android Auto).
I would still recommend Grapheme for normal-ish users, as long as you don't go "paranoid mode" with secondary accounts and skipping play services or don't want to use the phone for tons of things beyond phone calls and web browsing. The base experience is that much calmer than stock Android on Pixel.
I'm running GrapheneOS too and while I've experienced the same, I'm dreading the day any of my banking apps update and suddenly start demanding full Play Integrity API support (GrapheneOS only has Basic) causing them to fail to open. Hasn't happened yet but it could.
It always feels like my phone experience is just a pleasant intermezzo. My banking app (ABN Amro) works, government apps (DigiD) work, everything just works, and I get security and a certain degree of distance between me and Google. I can use F-Droid to install useful apps, and incidentally use Google's app store for apps I need because the rest of the world uses them. GrapheneOS rocks.
Borrowed time. I hope not, but that's the prevailing feeling.
Assuming that this Graphene partnership ends up working out, this is probably what I will end up doing once my current iPhone dies. I like my iPhone 13 Pro Max, it's a good phone and I don't really have a desire to get rid of it, but eventually it will break, or get stolen, or in some other way become unusable, and as such it will need to be replaced.
I really hated my Pixel 7 Pro, but I think that was bad hardware and not Android's fault, and since buying my iPhone 13 I have bought my Thinkpad and have been unbelievably impressed with Lenovo hardware (especially since the last Android phone that I bought that I actually liked was my Moto X3).
It would be great if Graphene ends up getting support from at least one first party, because at that point I think there's at least a chance it won't screw with banking apps and the like.
Devs have been warning F-Droid about this for years:
It's quite problematic that someone can currently upload a package name belonging to another organization to the Play Store and that should have been stopped years ago since it was used in many cases for scamming and squatting on package names clearly belonging to others. Package names are meant to start with a reverse domain belonging to the owner such as app.grapheneos for our grapheneos.app domain. They could enforce this based on domains authorizing usage without enforcing ID verification and that's what we would have proposed.
This is one of the ways F-Droid has ignored standard best practices including security practices in a way that's already causing problems but is now a massive issue for them. If they had started doing things properly many years ago when it was first brought up, then they'd be in a much better situation today. They're going to need to deal with this by renaming all their package names to org.fdroid. to avoid issues with the proposed changes. This is problematic because existing users will stop getting updates. It's better to use a prefix than a suffix where a developer could end up changing their mind about whether it makes sense resulting in conflict over the name, which is fair since they still own it if it's their reverse domain.
Being a Graphene user is fine and all, but if this continues it will have a chilling effect on OSS Android development. And that will still effect you.
That's a great attitude until slowly but surely 90% of apps used in day to day life won't function for you: banking, dating, social media, e-commerce, communication/messaging etc slowly freeze you out.
In many countries it's already impossible to use just the web for banking. They either make you install rootkits on your computer or move you to their mobile apps
Wow, that sounds awful. You say country, which makes me wonder—is this the result of a popular type of law or something? I can’t imagine every bank in a country deciding to make that same move. But I live in a large country with lots of banks so I’m sure I have a very biased point of view.
A hidden benefit is having to decide now whether you actually need these things.
Messaging apps will continue working.
Banking apps made by reasonable companies will also. In days of banking being competitive and rather open with many providers offering good value, it's so easy to switch providers. Granted I am relatively poor and keep my banking simple, but I doubt card providers want to increase friction either.
After Revolut started requiring >basic integrity it took me appx 1 day to switch to n26 and nothing of value was lost.
Not being able to use socialmedia, e-commerce, and dating apps sounds great.
I don't know if that is sarcasm, but a chair I buy is mine to do whatever I want with it. Same goes for clothes, a mattress, paint, or any other non-software enabled physical item. Why does having software/hardware make a difference?
Because capitalists extend control wherever they can to maximize profitability.
If you want decisions that corporations make to be aligned with the desires of their users, you should be advocating for software/hardware built by consumer cooperatives.
> Starting September 2026, a silent update, nonconsensually pushed by Google, will block every Android app whose developer hasn't registered with Google, signed their contract, paid up, and handed over government ID.
This is false. Google will provide two other flows for app distribution that are different than this.
> Every app and every device, worldwide, with no opt-out.
Again, false. There is an opt-out called the "advanced flow".
I've resigned to the fact that I'll need to use two phones, one with locked down Android/iOS for banking applications and government services (those require strong bank ID around these parts), another with some kind of a Linux or unlocked Android for literally everything else. Oh well, such is life, most people don't care enough about this to pressure Google/Apple/banks/governments into yielding.
A big reason why a non-locked-down OS is absolutely vital to me is that sometimes I (reluctantly) have to travel to places where I need to install obscure VPN/proxy services to be able to access international internet. Most services present in app stores have been banned for years now, and the government sometimes even succeeds in making Apple/Google remove the more effective ones from the stores.
What we need to push back on is making a phone a requirement to do routine banking and conducting other necessary business. There is no reason I should be required to have a phone in order to query my balance or transfer money to someone, when I have a perfectly good computer sitting here.
The physical keys, like Yubico, help with that. However, I have not been convinced that a password manager with unique, strong passwords on all my accounts shouldn't suffice. I don't know why I have to be penalized because other users don't use best practices.
See, the thing is, here you can't use banking on your computer without having a bespoke authentication app on your phone. There used to be a system of one-time codes sent via paper mail, but even that has been scrapped by now, so using bank ID apps is literally the only option across all of the local banks. In my bank the ID app and the bank app are even different apps, and it's the ID app that's the truly important one to have (and that, of course, hates rooted/modified phones with a passion).
The government services also go through these ID apps, although there is a poorly supported alternative that uses USB smart card readers. I have not seen a single person actually use it, probably for a reason, though I'm planning to get one just to have a backup...
You know, I'm fine with this (just as long as the opt-in is one-time, not for every install). A device maker needs to balance the interests of many different groups, including nontechnical users subject to scams, and it's pretty self-centered to get self-righteously outraged when things get a little harder for power users, when those changes may save the butt of a lot of other people.
The only thing that gives me pause is this:
> Worse: this flow runs entirely through Google Play Services, not the Android OS. Google can change it, tighten it, or kill it at any time, with no OS update required and no consent needed. And as of today, it hasn't shipped in any beta, preview, or canary build. It exists only as a blog post and some mockups.
So wait, does this mean that Google will forcefully uninstall the apps I currently have installed?! or disable? will the apps work again once I went through the 24h process?
This is certainly bad news, but at least an escape hatch exists (the "advanced flow") and it appears to be a one-time pain in the ass. If that changes, I hope GrapheneOS and friends[1] can get Google Pay or some alternative working so I can comfortably jump ship, as I rely pretty heavily on the ability to pay with my phone.
The fact that many Android bootloaders are not allowed to be unlocked by users means, by definition, these devices were never yours to begin with. It is not Google taking away your ability to use your sideloaded apps on your device because true, unlimited device freedom was never yours to begin with.
The level of panic here feels totally out of proportion. While these restrictions are a sad reminder of where personal computing is headed, the shift toward appliances over computers isn’t a new trend at all.
What’s more frustrating is the "your android phone will stop being yours" narrative. Where is that supposed to lead the reader? Moving to iOS to escape restrictions is a total contradiction, as the situation there isn't even comparable. The people who actually care - the F-Droid users and independent developers - are already used to jumping through hurdles and bypassing "install anyway" warnings. They won't be deterred, and new users will learn.
Honestly, you have to wonder if the goal of these dramatic campaigns is just to scare ignorant users into the Apple ecosystem or maybe to prop up emerging Linux phones.
But has anyone actually tried a mainstream Linux phone that isn't a nightmare to use? Compare that experience to the dozens of Android models that work perfectly with LineageOS or other variants. Those are 100% daily drivers with the power, cameras, and battery life fully working. Instead of helpful criticism, these headlines feel like they’re just herding people away from the only practical "open" hardware we actually have.
They are shiny. Many aspects feel more 'human', IMO.
If you use ad-blockers, I recommend exploring that use-case with Apple / Safari. It's doable though for me is a bit frustrating.
In fact, I urge creating a list of use-cases before heading out to the store, and cranking through those while at the store. Computers/phones are such a deeply entwined component of modern life it could be a long list.
Passwords, backups, bluetooth compatibility, connecting mass-storage devices to iPad / iPhone, etc.
This is a wild misrepresentation of the situation. Saying there is no opt-out is just false, they even provide the information on how users can opt-out. The "mandatory 24 hour cooling-off period" is also misleading, it's easy to bypass the cooling-off period with ADB.
I can't see where one can opt-out of this new behavior and into the existing behavior, only a description of the new behavior's bypass (which is not the same thing at all)
> easy to bypass the cooling-off period with ADB
I don't think this is a reasonable use of the term "easy". I should be able to give my non-technical friend an apk and they can use it right then, with the one "are you very sure" screen.
ADB is not the only option. Do the 24hs wait then the experience will not be much different than what already happens today: https://imgur.com/a/Z9hoYIh
>Unfortunately that is the same vector that scammers use to drain people's bank accounts
Is the solution really that no one can use a computer without special permission and inspection of government issued identification? If we wouldn't tolerate this with our desktop/laptop OS, why is it suddenly okay for our mobile computing platforms?
If Microsoft required this to run software in Windows, there would be riots.
I will say, an underrated use case for even small, local LLMs is making command line tools drastically more accessible to laypeople
I now know zero people I don't think should use linux, and people I know seems to run quite a gamut of technical know-how compared to most other technical folks I know
Having an LLM directly and autonomously drive command line tools outside of a strict sandbox sounds like a ticking time bomb.
Thinking tokens: "The files I'm trying to read are missing, I need to figure out why. I see the problem, I accidentally ran rm -rf /home/user. Let me run git restore. No that didn't work. Let me try git reset --hard origin/HEAD. That still didn't work. I should inform the user."
Output: "I was unable to complete the task you requested. Restore /home/user and I will try again"
I tend to set people up with a chat interface, which is pretty good for asking for commands or scripts that the user will then copy into their terminal. Most people I've gotten to try linux do pretty well with just a wiki, but once they run into something they want to do that's kind of idiosyncratic they tend to ask me for help. While I think running models that have access to a shell is dangerous and should be handled carefully, the fact that they've been trained for this use case generally means they're pretty good at shell commands and can give you one a decent chunk of the time. I'm never willing to inject an external dependency controlled by a company into people's computing needs unless they specifically ask for it, so this is usually a lightweight local model specialized in tool use, but not given shell access. This isn't much different from how they'd use search engine for this purpose these days, but if running locally, it can be more fault-tolerant to issues that affect their internet access as well as offering better privacy guarantees, albeit obviously a little less capable
I should not have to enter into a business relationship with google just to hand my non-technical friend an APK any more than I have to enter into a business relationship with the Linux Foundation to hand my friend an AppImage.
> I can't see where one can opt-out of this new behavior and into the existing behavior, only a description of the new behavior's bypass (which is not the same thing at all)
I don't understand this, the ability to bypass new behavior in settings menus is basically the defenition of a new feature having an opt-out. Can you elaborate?
And I kind of buy the intent behind the cooling-off period anyway. IIRC it's to prevent people from being pressured into installing apps by scammers that could then take their phones hostage
Yes. That attack is a very real attack. The attacker gets access to the victim's phone and sideloads additional apps that appear to be the victim's legitimate banking application. The victim logs into it and sees a fake balance (as the app is fake). Pressure and other social engineering tactics are invoked and the scammer walks away with all of the victim's money.
They mentioned that people like you would show up. "Push back on astroturfers. The "well, actually..." crowd is out in force. Don't let them set the narrative."
Do you have anything of substance to push back with, or was calling me an astroturfer with no explanation the extent of it? Your supplied quote seems to sum up as "anyone who disagrees must be a paid shill".
It's the garbage that the people behind this ""movement"" do. The website itself is loaded with lies and AI-generated text. They've been botting comments on HN for ages now.
The person who accused you of astroturfing is likely not a person at all. More likely, it was Kimi.
Yeah, saw that; rubbed me wrong. "If you disagree you are manufactured, a shill." This kind of condescension has never been very convincing. And I mostly agree with the petition.
On my Android phone's home screen I have 23 apps, 11 of them are my own. If Android prevents me from installing my own apps I will switch to something else.
Unless you move to a linux phone (good luck finding one or daily driving it) your phone options are iPhone.
iOS restricts you to install only up to 3 personally signed apps which need to be resigned every 7 days only if you're in the same network of the computer that signs them. Or you live in europe and you can jump through much worse hoops to install AltStores which also break as soon as you travel outside of europe.
this change makes Android more restricted than it was but still not as restricted as Apple. If anything I'd guess the EU vs Apple situation made Google more confident that they could get away with this change.
The regulation has blatant loopholes, as usual. While it did force Apple to allow third party app stores, all apps still have to go through a review process by Apple themselves before they can be installed from any source, and they retain the ability to block any apps they don't approve of. Google is just following in their footsteps.
Dont get me wrong: I'd love the linux phone "rebel" community to be as large as the android one. But... i doubt it will be anytime soon? The problem is getting the hw investment done first.
Android ecosystem is equivalent to windows one: its open enough to sustain a large number of vendors and tinkerers.
I doubt this scare-campaign (OP link) will drive people constructively towards (effectively) innexistent linux alternatives. It's more likely to do nothing or push people towards iOS
I'm doubtful, I for a bit bought a lot of the Pine64 devices thinking about this eg. not just Android/iOS... but the lack of feature parity eg. missing drivers, lack of apps, old hardware.
That's the depressing part. I keep looking for something I could potential run the likes of kde mobile and maybe waydroid on, but there's really just nobody doing this. You are basically locked into a vendor kernel if it's even available.
Our phones stopped being ours ever since we accepted phones with locked bootloaders. I hope Android and iOS both disappear. Trading freedom for security has resulted in what we knew would happen.
It is absolutely maddening that I cannot see files on my own phone.
And very very very few devices still allow getting around this. Often at a cost of significantly degraded experience, as Magisk plays the cat and mouse game of trying to hide your illegal access privileges to your own devices from your bank or some random app that decide to throw a Play Integrity check in.
Tip of the anti-personal computing spear, a complete denial of the user agency. Absolutely wretchedly forsaken.
The communication on this front page is excellent given the intended audience, with the right mixing of emphasis and punctuation for effect.
I'd like to see, if it can be found, some anecdotes about the nuts and bolts of writing any kind of material intended to persuade in this way. How do they a/b test the formatting and so on.
This feels like something where the EU Commission should step in. This is directly counter to the Digital Markets Act, it's Google abusing its gatekeeper position.
It's not because you can still install apps outside the Play Store. The EU commission buys these "safety" arguments (also worked for Apple, they don't care that you still can't install IPAs) and the DMA is made for businesses, not for end-users. I once wrote them about the Chrome Web Store monopoly but they insist that everything is fine because businesses aren't impacted. They are of course also interested in centralized censorship because they can order Google to block apps they don't like.
Yes, but not because of those changes in the GMS stock OS, but because the ability to unlock the bootloader (and install the OS you can actually control) is being increasingly limited.
Stock GMS Android was never yours, you only had access to basic permissions, privileged/signature permissions were only accessible to Google/vendors anyway.
So what you're saying is that I have about 3 months to switch to Graphene? Really though, is this not the very definition of monopolistic behavior? Did they not just lose a lawsuit over this?
Algorithmically removing words from a headline with confidence that what comes out will be better is the precise intersection of stupid and arrogant that defines the modern tech industry.
There is a negative network effect: The opt-out is so complex and time-consuming that it will deter almost all users (even if some on HN say they will do it).
With so few users, many fewer developers will release apps that don't comply with Google's requirements. Then the value of opting out will decline significantly, which will reduce the number of people doing it, which will reduce the number of apps released ...
How do corporate users distribute custom apps on iPhones? Must they distribute them via Apple's store or is there some corporate mode, maybe involving X.509 certs and device management, that enables large-scale professional users to sideload?
Not much, as it only works on very few high end phones not sold in most countries. Hopefully their Motorola partnership will expand its availability but I'm not confident that'll happen anytime soon.
Sadly forget about it - GrapheneOS will only work on Motorola __flagship__ devices, and most of their budget phones are not even made by Motorola, but rather by the odm such as Tinno, where it's not even possible to unlock the bootloader without exploits.
Ideally yes, otherwise any other AOSP-based ROM. There are many, and they support far more devices than Graphene, though implementations of e.g. Google Play services is more hacky.
You can’t use stuff like banking apps on a modified device and losing access to normal android devices would be a big blow to the momentum of the F-Droid community. GrapheneOS might not be a big enough community to sustain work on the projects delivered by F-Droid.
I wonder then if the workaround for THAT (losing access to Banking / "Google trust-deriving apps") is to get a second device, wifi-only no-SIM G-Android.
Cumbersome, but any other deterring reasons why "not a good workaround"?
>You can’t use stuff like banking apps on a modified device
IME such apps are few and far between. The most trouble I ran into is play store refusing to show apps because they claim the app isn't compatible with the device, but that can be worked around with aurora store.
I think parent is talking about Play Integrity being integrated into banking apps. It's a hit or miss depending on the bank, some will be fine without, some with integrate it but not rely on it to directly refuse login, some will require a lower integrity level, and some will actually require the highest integrity level leading to issues on custom ROMs.
My Android is running Lineage without Google Play Services (no microg either).
I had an app that I needed to use, and the only available log-in method was via firebase's SMS. Firebase flat out refused to allow me to login because of Google Play Integrity, and there was no web only option.
They really aren't. The number of apps requiring Play Integrity grows every day, my own bank's app hasn't worked in years and I've long given up on it, I just use it on a second stock device now.
And Google has an answer to the "just install the APK from somewhere else" workaround, too. Many apps now integrate a check that prevents them from running if they're not properly linked to the Play Store.
Depends highly on the bank and what part of the world you're in. Some banks have only a website and no app. Some banks have only an app and no website. Some require an app to access the website. The landscape is widely varied.
> losing access to normal android devices would be a big blow to the momentum of the F-Droid community.
For me it seems the opposite - if these "normal" (GMS spyware) Android devices lose the access to F-Droid and it will only be possible to install malware/adware from Google Play, then maybe that will push more people to value unlocking the bootloader..
On one hand, having a free for all is very good, especially for developers, and for programmability of our devices as such. Screw iPads.
On the other hand, malware which coaxes normies into installing unverified apks, is an undeniable fact of life. It's nice to be pontificating as a power user who has never been phished or whose devices never became botnet zombies in their life.
On yet another hand, higher-end malware (made by those who can afford the store fees) is there on the freaking play store and app store, so, I guess, shrug
In addition to what others have said, it means some developers who were building for Android are going to stop. You can't install an app when someone is obstructed from building it in the first place.
> every Android app developer must register centrally with Google before their software can be installed on any device. Not just Play Store apps: all apps.
> Registration requires:
> Paying a fee to Google
> Agreeing to Google's Terms and Conditions
> Surrendering your government-issued identification
> Providing evidence of your private signing key
> Listing all current and all future application identifiers
Google is not an entity you can can trust with this.
Delve into System Settings, find Developer Options
Tap the build number seven times to enable Developer Mode
Dismiss scare screens about coercion
Enter your PIN
Restart the device
Wait 24 hours
Come back, dismiss more scare screens
Pick "allow temporarily" (7 days) or "allow indefinitely"
Confirm, again, that you understand "the risks"
Nine steps. A mandatory 24-hour cooling-off period. For installing
software on a device you own.
Worse: this flow runs entirely through Google Play Services, not the Android OS. Google can change it, tighten it, or kill it at any time, with no OS update required and no consent needed.
And as of today, it hasn't shipped in any beta, preview, or canary build.
It exists only as a blog post and some mockups.
The scams this directly targets are well known and common. Someone gets a phishing message, they have someone install some sort of malware on the device, then their bank accounts are drained into some offshore account never to be seen again.
That's why there's a requirement for restarting the phone and waiting 24 hours.
The restart ends the connection for any remote-access software or phone call that might be driving the operation -- and the 24 hour wait period breaks the "urgency" part of the scam that prevents other people who know better from stopping the vicim from continuing.
To be fair, that's a one time process. You do not need to do that for every app you want to sideload.
The malware issue that the flow is designed to mitigate is a very real problem. Perhaps there is a better way, but it's not immediately clear what that is.
The 24 hour wait period is so the scammer can't use the element of urgency to keep the victim on the phone where they don't have the opportunity to speak with trusted friends/family who would stop the scam.
You are thinking about it from the point of view of an enthusiast/hacker who wants to put their homebrew stuff on it. But this is also tightening around developers who may want to distribute their applications to lay users.
Unless they do something google doesn't like, or trip one of their many automated systems that ban them without recourse. Or they are compelled to revoke a key by a government.
Revocations are for apps being malware and nothing else, much like macOS Gatekeeper (Apple doesn't even revoke certs used by Warez groups to sign cracked apps).
Automated bans can be an issue, but that's an edge case. Google already had the functionality to 'revoke' an app if ordered to do so by a legal authority.
It is much more important to make a real world attack - something that is draining wallets of ordinary people across Thailand/Brazil/SEA in general - harder to achieve. One thing is a political goal of some people in the west, the other is an ordinary person not having the money to feed themselves because a scammer stole it all.
I can't trust Google will keep to that, sorry. Nor can I accept harms being twisted into a further centralised accumulation of power (especially when Google, with all their resources, could likely do much more to prevent these scams than grabbing that power for themselves)
Well, the very good news is that Google is not seeking your trust. You have no say at all. This is the new system, it benefits actual real people over HN commenters and you will just have to deal with it.
Google doesn't have the ability to change the way banking apps work with regards to transferring money from one account to another in Malaysia/Brazil/Thailand. That would be a matter for the national Governments. This is the best approach available.
Because grandmas all over the world are getting swindled by scam apps.
Look, I can't locally install a web extension I wrote on an open-source Firefox browser, because security. I have to install a Developer Edition, or get the extension reviewed and signed by Mozilla, for the very same reasons of thwarting scammers. Is this stifling, or is it making my browser not mine? Is anybody making a big deal out of that?
The world we inhabit is not always friendly. It has a ton of determined and sophisticated bad actors, and a lot of people with less technical savvy than you and me. We have to deal with that, instead of being cantankerous.
It's not obvious to me that this will help much with scamming. Especially when it affects safer app repositories like F-droid more than the cesspit that is the official Play store.
And most Android banking malware is distributed through unsafe sideload installs (as opposed to much safer Gatekeeper-style installs, which is what is coming) and are fed to victims through complex attacks involving obtaining a victim's personal information and calling them while credibly pretending to be a local authority or a bank representative. You can read about this wherever you get news about cyber crime.
This is a scourge in South East Asia and Google can do some good here. The only cost is whining from non-technical people. Everyone else will go pay $25 or whatever and sign their app.
Play Store being a cesspit is indeed a problem! But it still is making a constant effort to drive away scammers, so scams don't last too long there. Scammers show sleek-looking web pages offering to install an "official app" from their own apk. Or they have an app that clandestinely sideloads another app. This is being curbed.
But it's limited to a one-time action, not encumbered by additional papers or payment. I don't foresee any trouble using F-Droid (which I use a lot) after I have dismissed the scary screens and confirmed that I know what I'm doing.
>It's not obvious to me that this will help much with scamming.
Because as a reader to this forum, you're probably more tech savvy that the average person. Moreover this type of scam seems to be more common in Asia than the West, see:
They convince users to download a "government app", grant it accessibility permissions, then use that to take over their phone and drain their bank accounts.
>Especially when it affects safer app repositories like F-droid more than the cesspit that is the official Play store.
Where do you draw the line? If you whitelist f-droid, do you have to whitelist third party f-droid repos too? What about other app "stores" like obtanium? Moreover f-droid being less of a "cesspool" is likely because its reach is smaller, not because it has better moderation.
I'm aware of the way the scams work. I'm also aware that scammers tend to be much more motivated to jump through hoops that are put in front them (more so than legitimate users!). Scammers can also talk people through many, many warning signs.
Scammers cannot talk people past a 24 hour wait. This attack is built upon pressure and operates at a scale that makes stealing many identies, building different-enough apps to avoid getting flagged by Google and signing them all non-viable.
This isn't referring to the efforts Google has gone to try to thwart sideloading.
It is another requirement of Google's, where all developers must be registered to them and apps must be signed by them and anything that isn't will be blocked.
Less savy and unmotivated users.. maybe? Whats the main use cases for newpipe? Let me guess: get premium features for free (no ads, downloads etc).
Do you think people wont click 9 buttons and wait 24hs for this?
Its like people forgot how pirated windows/sw used to run on millions (billions) on devices in the past until ads (and some convenience from non-so-cheap-anymore subscriptions) became the norm
Ugh such overreaction. ADB is still a thing. Apple doesn't even have an official command like tool where you can just push an IPA to your phone. Goodness.
With that reasoning every action would be justified to stop scammers. Google should capture all your calls and check if there could be scamming going on, right?
The current malware situation at android store situation does not help to carry that point:
I sorta get that reasoning, but is a 24 hour cooldown really going to stop scammers? They're already used to multi-day scams, so wouldn't they just say they'll call back in a day to finish the process?
Yup. The specific scam here is built upon preventing the victim from talking to trusted individuals. A cooldown breaks the spell.
Complex, multi-day pig butchering stuff is not what Google is going after here or would have any hope to defeat. But they can deal with banking malware.
You see, the only value that Android really offered me was the ability to run my own code on my own device. Since they are taking that way that just makes it a crappier shadow of the vastly superior apple experience. And, as it turns out, ios is less restrictive than it was 18 years ago when I left them for Android!
I'm in no way defending Google here, just pointing out you're going from bad to worse and think it's a good thing.
At some point you have the thing working to your satisfaction and just want to continue using it.
edit: and I'd like to add, GrapheneOS brought me back the joy of using my phone. Since 2018 or so I started to dread my phone (and the internet) more and more. Installing GrapheneOS brought back the joy on using these marvelous computers (and self-hosting brought back the joy of using the internet)
The first is the anti-trust angle. Some subset of bank apps don't work because of attestation and that's a significant barrier to adoption for switching to competitors, so it ought to be an anti-trust violation for the platform to do that.
The second is, you try it and discover that your bank doesn't work. If you want it bad enough you can switch banks, and the fact that it doesn't work is a signal that your bank has a weak security team who is just cargo culting deleterious vendor nonsense without evaluating whether it has any real security value.
(The use case for attestation is completely orthogonal to bank apps because it can't prevent credential stealing from compromised phones running a fake app since the fake app won't require attestation, and it can't prevent attackers from using stolen credentials to transfer funds because once they have the credentials they can just use a normal phone, and that's the case even if the attestation was completely airtight, which it isn't. Meanwhile the devices that can pass attestation are generally more vulnerable because it implies they're running the more-likely-to-be-outdated OS that came with the device rather than a third party upgrade with more recent patches, so they're essentially encouraging their customers to not upgrade their OS. Banks that do this are wearing clown makeup and you have to ask if you trust them with your money.)
With that out of the way, and the device now seemingly authorized, it still doesn't work, because when I log in, the app restarts. That could be a real compatibility problem.
I'm not going back to paying without my phone. So yeah, I'm not going to a free platform either.
the choice really is mostly down to Google's Android or iOS - unless you're ready to make sacrifices. If you're... More power to you. I'm not at this point in my life right now.
Alternate take: good. I'd rather the GrapheneOS team pick standardized (if limited) hardware configurations to support and then spend their (many multiples less than Google) resources on the platform rather than device compatibility.
The Android OEM diversity mean the time/economics of supporting every phone with a non-Google OS were never going to work, and I'd rather have it working well on a limited number of platforms than poorly on more.
Firmware engineering and patching sucks and delivers little value to the user, because best case (you solved the issue or patched the hardware errata) something basic that a user expects is now working.
Nobody is going to switch to a platform because a phone can now make calls. Even if there are 1000+ human hours in patching some cheap clone LTE chip it uses.
https://news.ycombinator.com/item?id=47214645
It's natural that this huge Android regression might be enough for someone to dip their toes into the other side.
I love my 13 mini as a phone, but I don't understand how anyone could compare the two app stores and think iOS comes out on top. At least android has f-droid.
[1] https://source.android.com/
[2] https://www.apkmirror.com/
[3] https://www.kyoceramobile.com/rugged-devices/duraxv-extreme-...
As if most android maker phones don't already fully own your device - preventing you from unlocking of bootloader and installing an OS that actually doesnt enforce the restriction google is introducing in their flavour of android.
To pretend that with this change android becomes exactly like iOS is... ridiculous? I can pick any 10yo old android phone from my drawer and develop for it, no problem and without asking for permissions. And if I'm already this motivated I'm certainly motivated enough to wait 24hs on future (more locked down) devices.
Do you think people who download NewPipe and alike - to circumvent ads and enable premium features - would think twice because they need to wait 24hs? Will NewPipe devs stop developing (anonymously) because of a small fraction of users who refuse to (or won't) go through unlocking steps?
Show me all these "rebel" apps on iOS ecosystem that can be easily distributed on any channel: fdroid, github, telegram groups, etc.
But sure, if you thinking moving to iOS is the same, sounds like you never really made use of any of the freedoms android used to and will continue to provide
How many people can afford one?
Calculator checks yearly cost based on device support: (https://ibb.co/xq82YQCw)
Sources for device lifetime from calculator: (https://grapheneos.org/faq#device-lifetime)
I used a New+Unlocked+Pixel+X on eBay to find a rough price of the phone.
Most people get scammed by their carrier and pay $25-45 per month just for their wireless subscription, and many more get caught up in the device bundles which gets you the "latest and greatest", at a huge price. So people are paying, per month, what you can pay, per year for a Pixel.
You can use Silent Link to pay by the gigabyte with no expiration date. Most people don't need unlimited—I use a maximum of 5 GB per month, and my average is around 3. At $1.60 per month, that is $60 per YEAR for me.
Swap in https://jmp.chat for another 60 dollars per year for calls/texts and you get a $120/year phone bill which is just $10/month.
I will be moving from US Mobile to Jmp.chat once my plan expires.
You could also use US Mobile for $17/month which is unlimited and is user friendly. They also often have Pixels for a significant discount with no lock-in.
Android will still have the ability to install non-google-distributed programs. The problem is the ominous momentum, but it is still more open than the apple alternative
From my perspective iOS is better than Android in a number of ways but Android always won out overall for me, in large part because of the freedom regarding software. Remove that freedom from the equation, I think the balance tips towards iOS.
These posts always have a few comments like that, but they never actually say what they find to be better on iOS.
For me, Google services are not an option, so my Android experience is sans-Google.
Until September 2025, I'd say iOS had actually gotten better than Android.
CalDAV, CardDAV, and SMB are baked into iOS, whereas these are onerous to set up on Android. These are very very nice protocols, and I use them all daily. (Contacts, Calendars, Notes, Reminders, and Files.)
Apple's developer ecosystem lacks the FOSS devs that make F-Droid so good, but they do have a number of devs who release paid apps with zero tracking, which is very nice. It's often the case an app exists on iOS as a $5 one-time fee with a two-paragraph privacy policy for which one does not exist on Fdroid.
Shortcuts work well enough, homescreen customization is good enough, etc. that a number of the original Android draws are gone. There are a number of points where iOS and Android are equals now.
iCloud's E2EE photo backup is something I reluctantly started using and found to be very nice, after having had de-Googled in 2018. I miss having my photos auto-upload and be available on other devices, and Apple has had iCloud Web for awhile. This is nicer than the options I have on Android.
And while Android's notification-panel tiles have gotten worse over the years (down from six to two controls on the first swipe, this was what alienated me and got me to try iOS), iOS now has a much denser "control center".
The big caveat is the gigantic regression that is iOS 26. The phone is slower, it kills battery, the native apps are constantly crashing, the lockscreen and homescreen often have broken navigation flows, etc. It's a travesty that never should have been released and iOS is easily worse than Android right now. If someone needed a phone today, I couldn't recommend an iPhone, but that might change with iOS 27.
I can only speak to SMB but it is not hard on Android. I use a longtime third party app so not sure what the state of native support is but it works just fine for me, including over VPN
After switching away from GrapheneOS to iOS after RCS stopped working for me, I can safely say my experience has been the opposite. The camera is the only thing better for me on iOS - everything else is buggier and worse. A few of my favorites:
1. Safari is buggy as hell, and requires installing apps to run things like ad blockers.
2. The settings are ALL over the place and very hard to navigate
3. The gestures are clunky - often have to try a couple times to get one of the settings quick menus to drop down
4. Why is the date not displayed at the top of the screen with the time outside of the lock screen?
5. The pin unlock is horribly broken - I have to slow way down to use it compared to Android.
6. Apple maps is hot garbage. I had to install Google Maps anyway to get decent performance.
7. The handling of audio devices seems intentionally malicious - like if I call someone from my car through car play, it shouldn't send the audio out through the phone earpiece. If a call begins with phone earpiece audio and is underway, it shouldn't switch several seconds in to bluetooth headset half a house.
I'm going back for my next phone.
I highly recommend switching to GOS, it is wayyy better than iOS UX-wise and obviously better privsec and freedom.
One thing that I had to do when I first got GOS, to get a better experience, was find all the Open Source apps that I needed. Otherwise, it looks rather bland and the apps are mid. Once you find the right apps and launcher, everything works much better.
When I first tried last fall I had it working for a few weeks then it stopped entirely delivering messages and I fell back to SMS only. After the recent system updates and enabling the ICC option it has been working well for me.
The official page explains briefly, https://grapheneos.org/usage#rcs
There is a very long discussion threat going back several years that is now considered resolved, which seems to be the case for me. https://discuss.grapheneos.org/d/1353-using-rcs-with-google-...
This is why I've stuck with Android for the past 15 years.
The vast majority of users don't care about "openness" of the OS. They care about the utility of their phone in everyday life.
Can I access digital payment systems, social media apps, and entertainment apps? How's the camera on the phone? How big is the screen? Is it waterproof? How expensive is it?
These are the questions the majority of phone buyers care about. Not, can I download an app off of a random website and install it?
If Android isn't open, we lose the last open mobile operating system, which will have immeasurable negative effects on computing as a whole. People will need permission from either Apple or Google to create any mobile program. If you don't fit into their neat little system, you don't get permission. If I hadn't been able to publish my app for another 2 years I probably would've shelved it, decided it was stupid, forgot about it, got busy with other things, and never published it.
Unfortunately, it just never gained the necessary momentum.
[1]: https://capyloon.org/
Both. I don't like the idea of locked down computers and that includes phones, especially now that they're so prominent in our lives.
I dabbled in Android development for fun a decade ago and I loved how there was no barrier to entry. I've loaded apps that aren't available on the Play Store and have loaded apps that my friends have made just as fun side projects.
There was a handheld gaming system in the early 2000s called Cybiko. That and Dreamcast homebrew opened my mind up to the power of computers and having control of your hardware. These things should not be locked down. I liked messing around with making little programs on the Cybiko and downloading homebrew games for that and the Dreamcast. The openness of Android really excited me when it was new because I thought of it the same way as a Cybiko or Dreamcast or PC and not a locked down device where I can only run software approved by the hardware manufacturer.
If anything, I'd like more openness in Android. For instance, apps should not have any control over what data I can back up; I should be able to back up every aspect of every app, restore it to a new phone, and apps should not be allowed to care.
What should Google do when a change they are making to protect regular less-technical users breaks functionality needed by more advanced users?
Have people read and type in a message saying "I'm not on the phone with a potential scammer who is trying to get me to install a package that may be dangerous", trust people to actually read what they're typing, and if they can't read and comprehend that, stop getting in the way of them shooting themselves in the foot.
Put it behind an USB ADB only toggle and be more transparent to avoid slippery slope?
Furthermore, we have to acknowledge that scam-fighting is not Google's job. They can assist with law enforcement (assuming they do not violate the rights of their customers while doing so) but they should not be making themselves judge, jury, and executioner in the process.
If you want a more concrete technical recommendation, locking down device management profiles would be a far more effective and less onerous countermeasure than putting a 24-hour waiting period on unknown app installs. Device management exists almost exclusively for the sake of businesses locking down property they're loaning out to employees, but a large subset of scams abuse this functionality. Part of the problem is that installing a device profile is designed to sound non-distressing, because it's "routine", even though you're literally installing spyware. Ideally, for a certain subset of strong management profile capabilities, the phone should wipe itself (and warn you that it's going to wipe itself) if you attempt to install that profile.
[0] https://tom7.org/httpv/httpv.pdf
That said; iPhone is my main phone, has been for a decade or more. But I deeply appreciate what you can do with an android.
A few years ago, iOS lacked basic features like widgets, NFC, calculator on their tablets, etc. And iOS still has a completely inferior keyboard (I used to write code and essays on my Android while walking) and a completely inferior notification system. Androids are also the only phones still offering a fingerprint scanner, which is way better for me. These nice things all combine well with the oppenness.
What's worse is that we're clearly in a progression of restriction. Bootloader restrictions, app installation restrictions, "age verification" requirements, etc. Openness is being locked down from every angle with serious momentum, it's not anticipated to stop here.
So far, I have been utterly incapable of getting my iPad to do anything remotely similar. It can run syncthing, technically, but not in the background. Apps don't have a shared filesystem structure, so it's difficult to get anything else set up to "save within my shared folder" in a way that would work, and that disregards that the syncing cannot occur when anything else is open. There's all sorts of cloud backup options, but those require the internet and even when they're working, there's this awkward import/export flow that adds friction to the whole dance.
In isolation this would just be a small papercut, I guess, but these sorts of limitations are all over iOS. It's just terribly hostile to anyone not fully committed to the Cloud-first, Apple-hardware ecosystem. Android doesn't care, and doesn't have to care, because it lets me run the software I want. It's a really small set of programs too, at the end of the day. (Firefox with real extensions is the other one.)
I use this to occasionally build and install Android apps from github.
These are often out of date and need some tweaks but I can do it on a whim (I certainly wouldn't bother if there was a paywall).
In principle I could never reward Apple with my business for having originated and normalized this.
And pragmatically, I'd like to hold on for as long as I can to the next set of rights that Apple will take away five years before Google does.
Was it convenient? No, of course not, but it's been an option for quite awhile; to me the biggest advantage for Android was the fact that it was relatively easy to sideload apps.
To be clear, I don't like that Google is doing this, and I think arguing that it's for security is a half-truth at best. I could make my phone 100% "secure" by pounding a nail through the NAND chip; no one is getting into my phone after that.
With the advent of vibe coding, a part of me wonders how hard it would be to hack together my own phone OS with a Raspberry Pi or something and a USB SIM card reader. Realistically probably too much work for me, but a man can dream.
I would say keep the faith as I'm in the same boat and have made my choice for privacy and control. Giving up everything when it could very well be a minor setback is worth holding the line.
Just an FYI:
GrapheneOS is an independent operating system based on AOSP (Android Open Source Project) and does not come with Google Mobile Services (GMS) or Google’s proprietary "certified" software, meaning Google's rules for Play Protect-certified devices do not apply.
- Operating System Level: GrapheneOS is not a "certified" OS in Google’s ecosystem. It has full control over its own package management and installation processes.
- Sandboxed Google Play: Even for GrapheneOS users who choose to install Sandboxed Google Play Services, these are treated as regular, sandboxed apps and cannot restrict or block the installation of other third-party apps.
- Sideloading Freedom: GrapheneOS will continue to allow users to install apps from any source (like F-Droid or Aurora Store) without requiring developer identity verification
Millions? Are you sure?
Even so, Android has billions of users who want secure app management by default.
I understand political dissidents and those living under authoritarians may have much more concrete Fs and Ds but for me (us?) it's mostly U.
Just see the Play Integrity API making the user experience more difficult on more secure devices like GOS with mo security benefit.
>Play Integrity permits a device with years of missing security patches. It isn't a legitimate security feature. It checks for a device in compliance with Google's Android business model, not security.
(https://xcancel.com/GrapheneOS/status/2036610983888588818#m)
I do. It's my device. And I've been in the position of having to buy a replacement phone in a pinch; having to wait an extra day before having a usable replacement is not acceptable.
In terms of apps I might not be able to get from the Play store:
- Signal, depending on what country I'm in in the future and whether they've tried to restrict things they can't backdoor.
- Vanilla Music, which remains the best music player I've used. (I wish there were an Android version of Quod Libet.)
- A fully capable version of Termux. (the Play store currently has a less capable version that's maintained separately, which could go away if someone decides to stop putting up with it).
- Syncthing-Fork, which has at times been undermaintained in the Play store.
Update: out of the box it seems to be reading tags strangely. Maybe I could fix this studying the settings more, but I'd say you have an upgrade opportunity switching off Vanilla. Signal is hard to replace though.
Why is this acceptable for phones but would not for the case above?
I know a lot of people don't care, and that's ok, but we should root for an open choice for the users.
One could argue this is false dichotomy
These people are actually choosing a particular form factor with particular specifications that, more or less, only runs corporate mobile OS^1 instead of form factors that run non-corporate OS
1. Or some derivative of one that relies on the corporate distributor and replicates the tethering to a third party, e.g., "phoning home" to the OS distributor, "automatic updates" (remote code execution), etc.
There are other form factors of computers that can run non-corporate OS, where "phone home" and RCE code does not exist or, if necessary, any undesired code can be easily removed by concerned users
In sum, one could argue that with respect to control, privacy, etc. (a) choosing to use one corporate mobile OS over another is not a meaningful "choice" when compared with (b) choosing to use a non-corporate, open source, "compilable by the user" OS instead of a "locked down" corporate mobile OS
This choice can be made on a case-by-case basis depending on what computing problem the user is trying solve. With respect to anyone who seeks to use their "phone" as a general purpose computer to solve every computing problem, one could argue the "choice" of one corporate mobile OS over another is not meaningful with respect to user control, privacy, etc.
Instead "tech journalists", "tech blogs" and online commenters prefer to argue over which is the "better" corporate mobile OS. The truth is, with respect to control, privacy, etc., they all suck
>> Developers
Do not sign up. Don't join the program by signing up for the Android Developer Console and agreeing to their irrevocable Terms and Conditions. Don't verify your identity. Don't play ball.
Google's plan only works if developers comply. Don't.
Talk other developers and organizations out of signing up. Add the FreeDroidWarn library to your apps to warn users. Run a website? Add the countdown banner.
What we actually need are (open) alternatives, not to double down on Google's ecosystem and Google-controlled OS. We need to control the device we bought and be able to run whatever we wish on it. Just like we do on PCs.
I keed I keed!
But unfortunately there really isn't a great alternative. I painfully attempted to use Ubuntu Touch and its always the same thing. The lack of available apps, the lack of app development in general for the platform was pretty eye opening. Add in having it only run on really old devices isn't much help either. Its promising, but a long ways off even from some of the non-standard roms I've used like Evolution X which is a Lineage fork.
If this really does cripple a lot of the known custom roms out there without any solid alternatives other than Graphene? It could really be a huge turning point.
Throw a pinch of salt over your left (wait, no ... right) shoulder. Spin around clockwise 3 times. Read the Rosary twice.
AHA! So, they are allowing users to keep doing what they want.
1. Used as a proof of identity (for banks, govt services, etc.)
2. Is distributed to laypeople who have more pressing concerns in their lives than security.
3. Is an open platform where you can download apps arbitrarily from the Internet that can read your data and exfiltrate them to a malicious actor.
The mainstream today chooses 1&2. Novelty, underpowered devices choose 2&3. Hobbyists have option 3 (and those who like to live dangerously 1&3) with some inconvenience. You can still run GrapheneOS... and the mainstream apps that expect your device to be a proof of your identity won't work... and I find that quite reasonable.
Application signatures and developer identification bring a different kind of application security. It provides the security of societal legal systems and legal ramifications for malicious actors.
In the end, you still have the choice to trust the "system" or your own judgment.
But beyond whether the OS is good or not, "fuck you, I've got mine" is not only sad as a position in general, it is also a bad tactical choice, because over long enough timeframes you can't assure that you can keep yours if others are deprived.
Graphene (or anything else) will only stay a useful option if a whole lot more people use it so that government agencies and banks can't ignore that many people. A whole lot more people need to feel they aren't completely alone if they thought about using it, that it's actually a real option and not a kooky crap option.
Right now agencies & companies can totally ignore them all, and everything that still works today is just luck.
I haven't used Graphene myself. At the moment I have a stock rom that's merely rooted using the official manufacturer supplied bootloader unlock, and my small local credit union bank apps work, and the LG app that controls my air conditioners and microwave does not. Even if the bank apps didn't work it wouldn't matter because they have working web sites, and I never wanted an an app for my appliances in the first place.
But any day that could change.
It's just luck the banks have web sites that work in firefox on linux, and just luck there are no functions I need on those appliances that require the app.
I'm no slouch either, I've developed for android for almost a decade.
I'm not disagreeing with ya, just adding a comment so folks are aware that the "Graphene just works" crowd is sometimes a bit hyperbolic.
After that? I only had one application fail due to Graphene's memory allocator. No weird bugs, no need to restart like some siblings are commenting. As close to the "Graphene just works" as it could be.
However, I'm not heavy into Google's ecosystem. Google Pay will not work but I'm not a user, some Google features won't tell you why they don't work but I'm not using them either (Quick Share for instance), none of my apps require the highest Play Integrity level. Maybe the person who say this are a specific type of person where use-cases don't overlap with what breaks on Graphene.
Firefox + stock keyboard stopped properly working three days ago, it's back to normal now. No idea what that was about. Restarting was the only way I found to get things working again during that period.
While on the stock Android keyboard, it is clear that the Google one is much better at correcting my taps than the stock one. My typo count has gone up significantly.
Every several weeks the mobile connectivity stops working and nothing short of a restart will get it working again. This might be a bad interaction of the very weird way Google Fi works with a secondary user account.
I've encountered one case of the phone shutting itself off to install an update overnight and not turning on, making me miss my morning alarm.
In the US, there's no way to side step the lack of tap to pay.
Getting apps to work with Android Auto requires some finessing.
These are the things I've encountered in the last 2 months of using Graphene.
Aside from all of that, I really like everything else about the OS. As it stands, it does lacks polish when straying outside of the common path. Not using a secondary account, nor Google Fi on an eSIM, and using the stock browser would likely improve my experience significantly.
I haven't encountered an app that wouldn't work yet (but have installed play services as I do want to use Android Auto).
I would still recommend Grapheme for normal-ish users, as long as you don't go "paranoid mode" with secondary accounts and skipping play services or don't want to use the phone for tons of things beyond phone calls and web browsing. The base experience is that much calmer than stock Android on Pixel.
(idle interest; I use Graphene, but few apps, and everything worked so far)
Borrowed time. I hope not, but that's the prevailing feeling.
I really hated my Pixel 7 Pro, but I think that was bad hardware and not Android's fault, and since buying my iPhone 13 I have bought my Thinkpad and have been unbelievably impressed with Lenovo hardware (especially since the last Android phone that I bought that I actually liked was my Moto X3).
It would be great if Graphene ends up getting support from at least one first party, because at that point I think there's at least a chance it won't screw with banking apps and the like.
It's quite problematic that someone can currently upload a package name belonging to another organization to the Play Store and that should have been stopped years ago since it was used in many cases for scamming and squatting on package names clearly belonging to others. Package names are meant to start with a reverse domain belonging to the owner such as app.grapheneos for our grapheneos.app domain. They could enforce this based on domains authorizing usage without enforcing ID verification and that's what we would have proposed.
This is one of the ways F-Droid has ignored standard best practices including security practices in a way that's already causing problems but is now a massive issue for them. If they had started doing things properly many years ago when it was first brought up, then they'd be in a much better situation today. They're going to need to deal with this by renaming all their package names to org.fdroid. to avoid issues with the proposed changes. This is problematic because existing users will stop getting updates. It's better to use a prefix than a suffix where a developer could end up changing their mind about whether it makes sense resulting in conflict over the name, which is fair since they still own it if it's their reverse domain.
Dating… well, the goal for most people is to exit the dating pool anyway.
Social media is bad.
Messaging apps will continue working.
Banking apps made by reasonable companies will also. In days of banking being competitive and rather open with many providers offering good value, it's so easy to switch providers. Granted I am relatively poor and keep my banking simple, but I doubt card providers want to increase friction either. After Revolut started requiring >basic integrity it took me appx 1 day to switch to n26 and nothing of value was lost.
Not being able to use socialmedia, e-commerce, and dating apps sounds great.
The issue still is boiling down to GrapheneOS having less $$ for marketing vs GOOG / Alphabet / https://en.wikipedia.org/wiki/List_of_Google_products
If you want decisions that corporations make to be aligned with the desires of their users, you should be advocating for software/hardware built by consumer cooperatives.
This is false. Google will provide two other flows for app distribution that are different than this.
> Every app and every device, worldwide, with no opt-out.
Again, false. There is an opt-out called the "advanced flow".
https://android-developers.googleblog.com/2026/03/android-de...
A big reason why a non-locked-down OS is absolutely vital to me is that sometimes I (reluctantly) have to travel to places where I need to install obscure VPN/proxy services to be able to access international internet. Most services present in app stores have been banned for years now, and the government sometimes even succeeds in making Apple/Google remove the more effective ones from the stores.
The government services also go through these ID apps, although there is a poorly supported alternative that uses USB smart card readers. I have not seen a single person actually use it, probably for a reason, though I'm planning to get one just to have a backup...
Is it a privacy or financial risk to have banking on your phone?
How is banking on a phone app more dangerous than banking via mobile or desktop websites?
The only thing that gives me pause is this:
> Worse: this flow runs entirely through Google Play Services, not the Android OS. Google can change it, tighten it, or kill it at any time, with no OS update required and no consent needed. And as of today, it hasn't shipped in any beta, preview, or canary build. It exists only as a blog post and some mockups.
[1] https://eylenburg.github.io/android_comparison.htm
The fixed phones belonged to the phone company and were only rented under contract.
Most prepaid and contract mobile phones were locked to the operator and we even had to pay extra to unblock them.
App stores were gated through operators, and required devkits for some of them.
Ah, and none of them got updates, if they did, usually required additional software to install them.
What’s more frustrating is the "your android phone will stop being yours" narrative. Where is that supposed to lead the reader? Moving to iOS to escape restrictions is a total contradiction, as the situation there isn't even comparable. The people who actually care - the F-Droid users and independent developers - are already used to jumping through hurdles and bypassing "install anyway" warnings. They won't be deterred, and new users will learn.
Honestly, you have to wonder if the goal of these dramatic campaigns is just to scare ignorant users into the Apple ecosystem or maybe to prop up emerging Linux phones.
But has anyone actually tried a mainstream Linux phone that isn't a nightmare to use? Compare that experience to the dozens of Android models that work perfectly with LineageOS or other variants. Those are 100% daily drivers with the power, cameras, and battery life fully working. Instead of helpful criticism, these headlines feel like they’re just herding people away from the only practical "open" hardware we actually have.
If you use ad-blockers, I recommend exploring that use-case with Apple / Safari. It's doable though for me is a bit frustrating.
In fact, I urge creating a list of use-cases before heading out to the store, and cranking through those while at the store. Computers/phones are such a deeply entwined component of modern life it could be a long list.
Passwords, backups, bluetooth compatibility, connecting mass-storage devices to iPad / iPhone, etc.
I can't see where one can opt-out of this new behavior and into the existing behavior, only a description of the new behavior's bypass (which is not the same thing at all)
> easy to bypass the cooling-off period with ADB
I don't think this is a reasonable use of the term "easy". I should be able to give my non-technical friend an apk and they can use it right then, with the one "are you very sure" screen.
Unfortunately that is the same vector that scammers use to drain people's bank accounts
Is the solution really that no one can use a computer without special permission and inspection of government issued identification? If we wouldn't tolerate this with our desktop/laptop OS, why is it suddenly okay for our mobile computing platforms?
If Microsoft required this to run software in Windows, there would be riots.
No, that is neither the only solution nor is it the one proposed here by Google.
I now know zero people I don't think should use linux, and people I know seems to run quite a gamut of technical know-how compared to most other technical folks I know
Thinking tokens: "The files I'm trying to read are missing, I need to figure out why. I see the problem, I accidentally ran rm -rf /home/user. Let me run git restore. No that didn't work. Let me try git reset --hard origin/HEAD. That still didn't work. I should inform the user."
Output: "I was unable to complete the task you requested. Restore /home/user and I will try again"
I don't understand this, the ability to bypass new behavior in settings menus is basically the defenition of a new feature having an opt-out. Can you elaborate?
The person who accused you of astroturfing is likely not a person at all. More likely, it was Kimi.
iOS restricts you to install only up to 3 personally signed apps which need to be resigned every 7 days only if you're in the same network of the computer that signs them. Or you live in europe and you can jump through much worse hoops to install AltStores which also break as soon as you travel outside of europe.
How is this not the same walled garden approach apple was forced to change?
Read every word on the linked page and then come back if you still do not understand.
https://support.apple.com/en-us/118110#notarization
Can you install unlimited unsigned apps on iPhone?
If answer is "No", than No, android is still very far from as locked down as iOS
Android ecosystem is equivalent to windows one: its open enough to sustain a large number of vendors and tinkerers.
I doubt this scare-campaign (OP link) will drive people constructively towards (effectively) innexistent linux alternatives. It's more likely to do nothing or push people towards iOS
Unless people are paid to do it vs. volunteer
And very very very few devices still allow getting around this. Often at a cost of significantly degraded experience, as Magisk plays the cat and mouse game of trying to hide your illegal access privileges to your own devices from your bank or some random app that decide to throw a Play Integrity check in.
Tip of the anti-personal computing spear, a complete denial of the user agency. Absolutely wretchedly forsaken.
I'd like to see, if it can be found, some anecdotes about the nuts and bolts of writing any kind of material intended to persuade in this way. How do they a/b test the formatting and so on.
It's not enough to provide some crappier way for competition. Just using your dominance to influence the market at all is already monopoly abuse.
And of course, businesses are affected. App developers are frequently businesses.
Stock GMS Android was never yours, you only had access to basic permissions, privileged/signature permissions were only accessible to Google/vendors anyway.
With so few users, many fewer developers will release apps that don't comply with Google's requirements. Then the value of opting out will decline significantly, which will reduce the number of people doing it, which will reduce the number of apps released ...
How do corporate users distribute custom apps on iPhones? Must they distribute them via Apple's store or is there some corporate mode, maybe involving X.509 certs and device management, that enables large-scale professional users to sideload?
In the GP I'm talking about people releasing FOSS and similar projects.
2 weeks ago https://news.ycombinator.com/item?id=47778274
February https://news.ycombinator.com/item?id=47139765
October https://news.ycombinator.com/item?id=45742488
which is basically android with their own app store layer
FireToolBox has gotten really powerful with workarounds
especially with the new Shizuku pseudo-root via adb
GrapheneOS will sadly stay unaffordable for many.
The most well-known: https://wiki.lineageos.org/devices/
You can’t use stuff like banking apps on a modified device and losing access to normal android devices would be a big blow to the momentum of the F-Droid community. GrapheneOS might not be a big enough community to sustain work on the projects delivered by F-Droid.
Cumbersome, but any other deterring reasons why "not a good workaround"?
IME such apps are few and far between. The most trouble I ran into is play store refusing to show apps because they claim the app isn't compatible with the device, but that can be worked around with aurora store.
I had an app that I needed to use, and the only available log-in method was via firebase's SMS. Firebase flat out refused to allow me to login because of Google Play Integrity, and there was no web only option.
I ended up having to use my spouse's iPhone...
And Google has an answer to the "just install the APK from somewhere else" workaround, too. Many apps now integrate a check that prevents them from running if they're not properly linked to the Play Store.
For me it seems the opposite - if these "normal" (GMS spyware) Android devices lose the access to F-Droid and it will only be possible to install malware/adware from Google Play, then maybe that will push more people to value unlocking the bootloader..
On the other hand, malware which coaxes normies into installing unverified apks, is an undeniable fact of life. It's nice to be pontificating as a power user who has never been phished or whose devices never became botnet zombies in their life.
On yet another hand, higher-end malware (made by those who can afford the store fees) is there on the freaking play store and app store, so, I guess, shrug
> every Android app developer must register centrally with Google before their software can be installed on any device. Not just Play Store apps: all apps.
> Registration requires:
> Paying a fee to Google
> Agreeing to Google's Terms and Conditions
> Surrendering your government-issued identification
> Providing evidence of your private signing key
> Listing all current and all future application identifiers
Google is not an entity you can can trust with this.
(Or at least, that's their take on this. You can choose to read between the lines, or not, as to whether they have other motivations also.)
That's why there's a requirement for restarting the phone and waiting 24 hours.
The restart ends the connection for any remote-access software or phone call that might be driving the operation -- and the 24 hour wait period breaks the "urgency" part of the scam that prevents other people who know better from stopping the vicim from continuing.
But for 1 person wanting to run their own software there are hundreds of people with the potential to install malware/crapware/etc
The malware issue that the flow is designed to mitigate is a very real problem. Perhaps there is a better way, but it's not immediately clear what that is.
Somehow bank vaults and heroin storage boxes don’t take this long.
That is, fine by me. I can wait for 24 hours once in a few years when I acquire a new mobile phone.
Users who use F-Droid are already not as lay. If you distribute stuff that Play Store would ban, your users are likely not as lay, too.
Yes, it's inconvenient, but I see it as a good-faith attempt to limit exposure of lay users to scams, not some power grab.
Automated bans can be an issue, but that's an edge case. Google already had the functionality to 'revoke' an app if ordered to do so by a legal authority.
It is much more important to make a real world attack - something that is draining wallets of ordinary people across Thailand/Brazil/SEA in general - harder to achieve. One thing is a political goal of some people in the west, the other is an ordinary person not having the money to feed themselves because a scammer stole it all.
Google doesn't have the ability to change the way banking apps work with regards to transferring money from one account to another in Malaysia/Brazil/Thailand. That would be a matter for the national Governments. This is the best approach available.
* people who know what they're doing
* people who are being victimized
Look, I can't locally install a web extension I wrote on an open-source Firefox browser, because security. I have to install a Developer Edition, or get the extension reviewed and signed by Mozilla, for the very same reasons of thwarting scammers. Is this stifling, or is it making my browser not mine? Is anybody making a big deal out of that?
The world we inhabit is not always friendly. It has a ton of determined and sophisticated bad actors, and a lot of people with less technical savvy than you and me. We have to deal with that, instead of being cantankerous.
https://privsec.dev/posts/android/f-droid-security-issues/
And most Android banking malware is distributed through unsafe sideload installs (as opposed to much safer Gatekeeper-style installs, which is what is coming) and are fed to victims through complex attacks involving obtaining a victim's personal information and calling them while credibly pretending to be a local authority or a bank representative. You can read about this wherever you get news about cyber crime.
This is a scourge in South East Asia and Google can do some good here. The only cost is whining from non-technical people. Everyone else will go pay $25 or whatever and sign their app.
But it's limited to a one-time action, not encumbered by additional papers or payment. I don't foresee any trouble using F-Droid (which I use a lot) after I have dismissed the scary screens and confirmed that I know what I'm doing.
Because as a reader to this forum, you're probably more tech savvy that the average person. Moreover this type of scam seems to be more common in Asia than the West, see:
https://cdn.economistdatateam.com/videos/cyber-scams/fake-vi...
https://www.economist.com/interactive/asia/2026/04/10/scam-i...
They convince users to download a "government app", grant it accessibility permissions, then use that to take over their phone and drain their bank accounts.
>Especially when it affects safer app repositories like F-droid more than the cesspit that is the official Play store.
Where do you draw the line? If you whitelist f-droid, do you have to whitelist third party f-droid repos too? What about other app "stores" like obtanium? Moreover f-droid being less of a "cesspool" is likely because its reach is smaller, not because it has better moderation.
It is another requirement of Google's, where all developers must be registered to them and apps must be signed by them and anything that isn't will be blocked.
I wouldn't consider this "a few buttons", it's enough to turn off the less savvy users
Do you think people wont click 9 buttons and wait 24hs for this?
Its like people forgot how pirated windows/sw used to run on millions (billions) on devices in the past until ads (and some convenience from non-so-cheap-anymore subscriptions) became the norm
This measure is about making it harder to pull off a specific type of scam that is plaguing South East Asia. No conspiracy.
For actual information on the purpose of this change rather than conspiracies, I refer you to https://android-developers.googleblog.com/2026/03/android-de...
Since the victims of these scams do not typically own a traditional computer/cannot be pressured to get to one quickly, ADB will remain a thing.
The current malware situation at android store situation does not help to carry that point:
> https://www.forbes.com/sites/daveywinder/2025/03/18/60-milli...
> https://www.theregister.com/2025/08/26/apps_android_malware/
> https://www.androidheadlines.com/2026/04/novoice-android-mal...
Complex, multi-day pig butchering stuff is not what Google is going after here or would have any hope to defeat. But they can deal with banking malware.