You must log in or # to comment.
Some of these comments are wild.
The OS should not at all stop me from doing what I want to do. Ever. Not even if that means I can fuck it up.
They can warn me when I attempt to do things that could fuck shit up. They can make it a bit harder to navigate to certain things so I’m less likely to fuck shit up. But it’s my god damn hardware. I should be able to run and configure the software on it as I see fit.
But we subsidised the cost of your phone so we could make sweet sweet recurring revenue off your usage habits and targeted advertising!
You wouldn’t want to take that away from us would you? Won’t SOMEBODY think of the shareholders?!
I’m getting really sick of products being only available subsidized by a level of invasiveness that should be illegal.
The government should need an individualized warrant to purchase my data. And honestly Google should need one to collect it
I’m getting really sick of products being only available subsidized by a level of invasiveness that should be illegal.
You mean like smart TVs?
An early metastase of the cancer.
I realise you’re being facetious, but if anything Google made my phone more expensive with the certification process.
meh both on mac and windows you’re not the true admin of the machine. mac requires disabling SIP and some others to even be able to delete default applications for example and don’t get me started on windows. linux ftw (as I type this from my old ass ios device)
To be clear, Kolanaki is saying that that is not how an OS should behave.
oh yea I agree I was just venting further; prefer less hand holding
I think that just falls under “make it a bit harder to navigate to certain things so I’m less likely to fuck shit up.”
you can get all the right you need with a little trickery. I mean, psexec is made and distributed by Microsoft, freely. a simple download. and I don’t think it’s bad that the average user can’t run everything immediately as TrustedInstaller or SYSTEM.
that’s a nice option to have, at least. i’ve s few more complaints left for each OS, but in the end i’d prefer a linux style and level of control over a machine and overall less abstraction. we’re getting software locked out most hardware nowadays: cars, household appliances, public transit, airports, privacy and so on
I mean nobody is shocked that they both suck. If it’s not open source you are not in control.
And on any Intel hardware the true root account belongs to NSA anyway.
Have you people never worked in IT support? Like its all fair and good that you, a power user, dont want the OS to restrict you at all. But for your averrage person to be treated the same is just asking for disaster.
Can’t IT lock things down if they so desire? That is the owner of the device using it as they see fit: Locking it down so the non technical users of the device can’t break it. That you keep suggesting that devices should come out of the box restricted would make your IT job obsolete and in fact impossible to perform.
Edit: And before you ask yes I have worked in IT support, although I currently do not.
Not corporate IT, but IT for home users, back in the days when things were much less locked down basically every computer i got access too was completely crawling with malware. Had tons of people lose all of their data including family photos and the like because they dowloaded something dodgy off limewire and their system just let them run it.
Why cant you guys understand that the vast vast majority of computer users are not technical? And as such need those safety rails in place to save them from their own ignorance?
We’ll always need safety rails, I think the thing you’re missing in most of the arguments you’re seeing here is that people want ways over or around those safety rails, and that those safety rails do not need to be as strict as they’re becoming. That is not the case currently and that is definitely not the direction AOSP or iOS are interested in going.
Also, just for the record, comparing the modern era of computing to the limewire era is bananas.
Exactly.
I have no problem with safety rails for those who need it, my problem is that with each passing update these rails become obligatory and non-removable.Is that not what sideloading is? A way over the safety rails?
Not at all. Root access would be a way over safety rails.
Also the context of this post is that Google is attempting to make “side loading” harder.
they are crawling with malware today, from the factory, except it is harder to remove, especially on smartphones.
safety rails are not steal walls. instead of walls education is needed. education can happen not only in schools.
Most Android phone owners don’t even know they are Android phone owners.
I have worked in IT. People still manage to screw up shit that’s locked down. Babysitting everyone because some people are just technologically incompetent is stupid and does not solve any actual problems.
A hidden option to unlock power user mode solves this
Yeah exactly. Though i would personally say a bit more obfuscation is needed then a simple hidden switch.
Don’t hide it. That’s pointless. Make it so someone has to type “I understand what I’m doing and my username is blah” into a box to activate “advanced” mode, after reading a warning, sure.
I don’t disagree, but it’s very funny that LinusTechTips went through that exact process a moment before publically destroying his desktop on PopOS
Right, but pretty much everyone but Linus and his sycophants agree that was a bone headed mistake. If you type “I understand what I am doing…” and you do not understand- you are asking for trouble.
Granted, that bug shouldn’t have existed in the first place but I feel like the warning should have raised a big red flag for a ‘tech expert’. It almost feels like he did it on purpose to prove some sort of point about how Linux ‘isn’t there yet’ but ofc there is no way to prove that.
From a personal freedom POV, I agree. But, if it was easy it would be a support nightmare.
Google and Apple scan every app that gets loaded into their app stores for malware. There’s also a lengthy review process, even just for updates. Some malware does still slip through, but it’s a trickle compared to what gets blocked. If sideloading apps were easy, my younger sister would be in so much trouble. She’d have various accounts phished within a day. She’d install something that drains the battery within an hour and not understand what was going wrong. And, she’s relatively tech savvy. I have no idea how the older generation would survive.
Of course, since Apple and Google make 30% of every sale on the app store, they’re not purely motivated to just keep their users safe. The real problem is that there is a duopoly in smartphones. Apple and Google have essentially the same policies, and if you don’t like them you have no other options. If there were a dozen OSes, there could be smart phones for Granny that had everything locked down, and smart phones for h4x04z that didn’t. Companies that struck a good balance between protecting their users and allowing their users freedom would do well in the market. Companies that didn’t would shrink and fail.
Sure, but there’s a good argument that that should be an end-user issue, and not something that the OS/Phone manufacturer should be trying to mitigate. It’s a risk you take when owning a device, that you can also break it, or get it infected.
Otherwise, why bother selling the phone in the first place, rather than contracting it out under a rental agreement?
So? Don’t run fishy files off the internet unless you’re open to the risks. Have secure walls that require either a setting change or individual permission grants before they can access secure apps.
Operating systems are prone to natural monopoly or duopoly. Furthermore there’s anti consumer incentives here in that governments want surveillance data and os companies sell it.
Where competition fails to protect consumers governments must. And that includes protection from governments. I know it’s ironic today as we’re in a fascist regime, but that’s one of the basic principles of my country. So anyways please Europe protect us worldwide consumers from American companies.
my younger sister would be in so much trouble.
your younger syster should have parental controls on, and it’s worrying that you suggest it is not the case. I don’t know their age but most probably they shouldn’t be able to install any apps from anywhere without parent approval.
She’d have various accounts phished within a day.
guessing fron what we already know, she probably shouldn’t have half of those accounts.
My younger sister is in her 40s. She’s a pretty typical cell phone user.
in that case parental controls would still solve a lot of problems, including this one
I think your parents should turn on their parental controls because you’re going a bit wild, buddy.
I mean you’re basically arguing for parental control, it is just done by google.
K
oh don’t worry daddy google will turn it on for all of us thanks to the deranged irresponsibility of your kind.
if someone is so tech illiterate that they are breaking the phone’s software and leaking their information all over the internet, they cannot be responsibly allowed to use that device without restrictions.
I bet you are one of those that want forced government ID based age verification everywhere because you agree with people who can’t be bothered to set limits on their kids phone.
K
“Why isn’t x working! I set x on my [insert device here] and now it won’t turn on!”
We really really need an open OS for mobile phones that is actually competitive with commercial offerings.
I don’t think the OS is the problem - it’s that some of the critical service/apps people rely on (government ID, banking) only exist for the closed systems. Third party OS’s try to “solve” it through various container approaches running the official apps, but since they see that as a security problem it’s not something you can fully trust to be working at all times.
That’s the only reason I’m still on android. If I install a different OS I won’t be able to login to do anything government related. I won’t even be able to pay with my credit card online. I could get a physical code device from the government, but I’m not gonna lie, I really like the ease of access of having an app for that stuff, instead of a seperate device I have to have on me at all times.
I will probably have to go the route of two phones soon. One for my stuff and communicating with friends and family, and one (maybe one of the cheaper iphones?) for all the “required” apps.
Funny enough, you tend to see quite some people in China do this. I wonder why.
All those “apps” are websites. You could say NFC is special, but so is gps.
Exactly. Locking basic services behind apps should be illegal. Services must be accessible to everyone.
same goes for the weather app …
(context: some years ago they locked the publicly-funded german weather service’s API, so common people can’t access it anymore. you need to use a spam-ridden app to access it now.)
At the very least you can still pay a small one-time fee for the DWD WarnWetter app (or enter a code for firefighters).
Best 3€ I’ve ever spent purely out of spite, even if the reason behind it is complete BS.
They sometimes hand out codes “to be used only by firefighters and paramedics, wink wink”.
Yea… Like some of those parking applications. Ugh.
To be fair, a lot of those depend on some client side trust. Which is conceptually stupid, but it is the way it is.
I think they’re both pretty big problems. An open OS and hardware that supports it seems to be a huge hurdle, but at least there is a clear vision of how to solve it. The problem you bring up though… It seems like we’ve almost gone too far at this point and it’s gonna be really hard to put the cat back in the bag. It seems like something we need to solve with legislation potentially?
The people writing the legislation are the same people who don’t see a problem with a government-furnished app using Play Integrity
Yes there is a general ignorance to this problem among law makers, in my country at least, as well as a bit of regulatory capture with respect to tech in general. The boogie man of “security” is also a very persuasive concept for a lot of people. This is not a problem that will be solved easily.
This. Alternative OS exist: Ubuntu Touch, postmarketOS, SailfishOS, just to name a few.
What is missing are the apps people want. And those include mostly commercial apps, where the developers need to weigh dev hours vs profits, and decide to only target the big two for obvious reasons. That is the key problem.
Doesn’t android allow this?
That’s what the OP is referring to: Google just announced they will do their best to kill off sideloading.
I had no idea. Damn…
didn’t apple just get forced to enable side loading in the EU due to the DMA?
Yeah, but I think they implemented the same restrictions Google is planning, so I’m not very helpful that EU is gonna stop Google…
My feed is curated by the Illuminati
That’s what they want you to think.
Only in the US, I guess. In my country and in Europe this will not fly…
Nope
These requirements go into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified Android device in these regions must be registered by a verified developer.
2027 and beyond: We will continue to roll out these requirements globally.
https://android-developers.googleblog.com/2025/08/elevating-android-security.html?m=1
We can hope…
edit
To clarify, I hope it will not fly outside the US, but looking at the world around I feel this is not very realistic hope
Aren’t they claiming this move is specifically to comply with the EU’s Digital Services act?
Apple just enabled sideloading in the EU to comply with the DMA. I highly doubt that android will be allowed to remove sideloading
they are everywhere one just has to learn how to read the signs 🔝🔜⚛️
(/s)
You know, it’s true - I have never heard a Linux user refer to something as sideloading, even though Linux is the platform that originated official software repositories.
The key thing to understand is that there’s a big fucking difference between a “repository” and an “app store.” One is designed for the convenience of users; the other is designed to exploit them.
Exactly right. The message of the post is that “side-loading” is only used in reference to exploitation services. We could just as easily refer to side loading in Linux and it would be accurate in every way, except that there is no exploitation.
It’s literally the exception that proves the rule.
There is no functional difference.
This does feel like a bit of a double-standard to me. I’ve hated how Microsoft and Apple have introduced app stores on Windows and macOS and try to push people to only install from there instead of directly from the developer. And yet on Linux the advice seems to be never ever download directly from the developer; you should only download from the package repository provided by your OS (which sure feels like an App Store). And that package probably wasn’t even provided by the developer or the OS but some random volunteer that you just assume has good intentions.
The key difference is that one is advised, the other is enforced.
If you used Linux before the repos were fully developed then you understand why they were created.
Who else remembers “dependency hell?”
Corpos just took the same idea and twisted it into something else.
Dependency hell was what drove me back to Windows. Fortunately, I didn’t stay there and I learned how to apt-get.
It may feel like a double standard but it’s not
Most Linux stores are created and maintained by volunteers
Those stores aren’t limiting software they host based on what makes them the most money. Money isn’t involved.at all
Linux won’t stop you from adding more stores
Linix won’t stop you from manually adding any other software, either as a package or even manually building it from scratch
My package manager installs all of the dependencies the program needs and takes care of updates, too. If I install directly from the developer, I have to do all that myself. Fuck that.
Nothing ever comes “directly from the developer”, and any developer that attempts to do so ends up in a level of hell not yet documented. There are way too many distros, way too many architectures, way too many moving targets, that also includes iOS, macOS and Windows. No single developer can hit them all. There’s no standard packaging either. So, usually they only package for one or a handful of popular distros, or one container format. But that’s the magic of FOSS. Anyone can take the source code and repackage it, redistribute it and make it available for others. This is assumed to be a strength and not a weakness of FOSS and Linux. Thus, the distros create their own official repositories where they make themselves responsible that everything will mostly work nicely with one another.
The difference is that package repositories are safe havens of compatibility. While appStores are enforced cages that cannot be escaped. If a package repository tries to fuck up with users, hurt the FOSS space (looking at you Ubuntu Snaps), or gets compromised by a bad actor; you just move to another repository, another distro, a different format, another safe space. If Android or Apple decides to enshittify and fuck over customers, users, get compromised or do something to hurt developers, you are fuck out of luck. This difference matters.
Because the Linux repositories are apathetic third parties (ie they have no reason to care whether or not you download any given app) while Microsoft and apple are financially incentivised for you to buy buy buy.
This means that when you download a .exe from a vendor instead of going through the windows store you’re cutting Microsoft out of their cut of what you paid and you’re denying Microsoft information about what it is that you bought. But the flipside is Microsoft didn’t impartially verify that it’s not malicious.
When you download a .deb instead of going through apt, you’re also denying them their cut (of nothing) and you’re denying the repository managers the ability to see what you’re doing, but Linux people generally trust repository managers to not be selling their habits to advertisers and governments.
I will say there is a reason to side load on Linux though, paid software is sometimes unavailable through repos.
And yet on Linux the advice seems to be never ever download directly from the developer
That’s just advice for making life easy for new people, because distro-packaged software is more likely to work well with the operating system. I run packages from devs, even nightly automated builds of stuff, all the time.
Installing from a repo via a terminal does not feel like an App Store at all. It’s only the GUI apps that do and those are all entirely optional. Exactly how it should be. God’s in his heaven. All’s right with the world.
And yet on Linux the advice seems to be never ever download directly from the developer
Are people really giving this advice that often and that strongly? I find myself building more and more things from source these days. Especially with modern languages that OS maintainers are actually having a difficult time packaging in the way they’re used to.
I measured the heights of myself and my niece and found them to be different, clearly a double standard must be involved.
You yourself mentioned a lot of differences between corporate app stores and distros’ software repositories. Why are you surprised people rate them differently?
Perhaps because your standards are different from more Linux users’ standards.
I for example would rather take my chances with a random volunteer rather than trust a corporation that had a history of breaking laws and I know it to want to make money off me.
They claim this is about security but when your system is compromised there is fuck all they will do to help you.
Fucking hypocritical, control-hungry pricks.
It’s about the security of their brand. No sane company wants people walking around, talking about shit their phone is because it keeps getting infected.
Well, the only instances I know of modern phones getting infected are Apple devices where a text message somehow gets into the kernel with zero clicks. Apparently apple insists they’re too incompetent to fix this.
nudging the EU with a stick Come on, do something
Plot twist: EU enacts Chat Control.
It was said you were to destroy the Sith, not join them!
Plot twist: EU is literally wanting to require Google Play services and a Google approved OS to use social media
They are, they are banning bootloader unlocking, a requirement to get out of corporate hell.
Fucking what
Edit:
Might not be the case afterall: https://discuss.grapheneos.org/d/24601-eu-is-banning-bootloaders-unlock
Verification by radio equipment of the compliance of its combination with software should not be abused in order to prevent its use with software provided by independent parties.
we do not expect any issues for GrapheneOS
Source:
https://mastodon.social/@[email protected]/115098597705331466This isn’t a fight over security, or even the control to form a walled garden. This is to eliminate privacy, the ability to run anonymously written code. This forces every bit of code to be tied to a name and face. It shortens the legal legwork needed to pin down who made what, this will be used to eliminate anonymous groups compiling their own E2EE communication network. Time is important when your trying to use a compromised member of a group to make a honeypot trap.
ETA: Whoops, hit the wrong reply button
The number of people I encounter, even on Lemmy, that genuinely believe and rigorously argue that being able to install or distribute software on devices you own is actually bad because “security” is beyond horrifying to me. They have been brainwashed into thinking that corporate monopolies are not only acceptable but desirable because you can completely and blindly trust Mom’s Old Fashioned Robot Oil to make all your decisions for you, for a modest fee and no opting out, of course.
This is why society is collapsing.
Dude, I’ve been fighting this fight for over 10 years starting on reddit.
The amount of people, even supposedly?!? tech savy people that bootlick and excuse corporate behaviour is maddening. To the point makes you want to be conspiratorial and think they are saboteurs.
What I will never EVER understand is being loyal and “loving” a company. No matter if it’s Apple, Samsung, Google they ARE NOT your friends. In fact they are the exact opposite and will make your life worse if it means they can squeeze an extra cent out of you.
Lately I’ve been thinking that what it is, is people trying to eliminate that overwhelming sense of existential dread which springs from all of this, by buying into it, just like fascists do- “if I join them they won’t come for me”. They start telling themselves that “maybe it’s for the best”, that “maybe good things will come of it”, and once someone makes that jump it’s easy for them to become zealous or fanatic, not only because it gives them an even greater sense of empowerment because they’re now part of an ingroup or a club, but can also get off even more on perceived moral or intellectual supremacy over others.
These are extremely uncertain times, and uncertainty makes human scared and anxious, and scared anxious humans latch on to anything that gets them out of those feelings, in this case like surrendering before this gargantuan machine that they can neither understand nor control.
It’s like with cultists. They crave the comfort of someone telling them what the truth is, to give them certainty. I don’t know, something I thought about.
deleted by creator
Megacorps gonna megacorp.
Monopolies gonna monopoly.We can fight these giants by not using their services & products.
It only gets harder to fight them the more we give in.
I can’t even get people to switch to LibreOffice, not cuz they use some advanced MS Office feature but because the interface “looks dated”. So they’d rather pay a subscription for life to use software that spies on them than download free software that does what they need but has a 2010s style interface.
Humans suck so much.
Humans are creatures of habit, and risk averse most of the time. Risk, being change of any sort when things seem “stable.”
All you can do is lead by example and enjoy life and tell those poor souls they’re stupid for spending money for something they can change the look like MS Office easily.
Ngl, I installed a few OnlyOffices just because of UI.
It has ribbon UI and about the same placement of buttons as MS Office stuff.It’s fine.
(Based in Latvia, but they had a Russian momma, now Singapore.)
because the interface “looks dated”.
The real issue is M$ intentionally not following standards, so that opening an Office doc may or may not properly render in other suites. Hooray for EEE. Fuckers.
Eh, I haven’t had that issue in years. Maybe its a problem for office workers who make extremely complicated documents and spreadsheets, but those aren’t the kinds of people I’m talking about.
EDIT: Not implying you’re wrong about M$ fake open standards bullshit, just that I don’t think its a huge concern for the average home user.
I get what you are saying but is it really too much to ask for an interface that looks like it belongs there?
I prefer the old school style menus and such. I stopped using MS Word around the time that they came out with the ‘ribbon’ style menus or whatever it’s called, so if they ‘update’ it I sure hope it’s as an option or a fork.
I can understand people who grew up with it or who have spent years using it might like it better though.
I’m not willing to pay for it, are you? If no then its to much to ask.
I “pay” LibreOffice.
Why not??
No, it’s too much to demand but simply asking they keep the interface as clean looking as any other free cross platform open source project is not an outlandish request.
They update the ui in most of their patches, theyve made the ui incredibly customisable. They have the classic header or a ribbon header. Its open source software it can’t afford a redesign every few years to keep up with Microsoft design trends. The team is like 8 people.
I might be wrong but i feel like the people complaining about the ui dont really even use it. After a week of using it you get used to it and it looks normal.
I can use libreoffice. I just don’t. My Mac has Apple numbers and pages and they are enough for me and when I finally make the jump to Linux full time I’ll just have to adapt to libre again. But this is a complaint that many others have which is why I bring it up.
For legally free and open software that has to maintain UI consistency across Windows, MacOS, and the plethora of open desktop environments? Yes, yes it is.
No it’s not. There are other free and open software offerings that function cross platform and do it more cleanly.
For a project as big and old and full of legacy code as LibreOffice, I think their interface is pretty great. And its way more customizable than MS Office. Its just not the absolute latest and greatest in styling.
And, if MS didn’t make it so hard to maintain compatibility with their “open” file format, TDF might be able to put more resources into UX. As it is, they have to reverse engineer all the nonconforming BS that Microsoft puts in their OOXML implementation.
If I ever go insane and write a manifesto this will be on it.
Sounds fairly sane to me.
This is fine, but the other 582 pages contain some real doozies.
I finally want to switch to android and boom: Custom ROMs and “sideloading” gets swept off the platter. Well ok I guess I‘ll just wait for a good linux mobile OS
So annoyed that just bought a Pixel 8a for Graphene. I thought I’d get to use it til 2030 when it stops getting security patches and now I might not even get a full year out of it.
GrapheneOS still intends to support all the supported devices until EOL. The sideloading change doesn’t affect them. It won’t apply to GrapheneOS. It only applies to certified OSes and GrapheneOS is not certified because it doesn’t license Google Mobile Services. As per the rip out of the device trees for Pixels, that just makes Pixels like other phones. GrapheneOS has been able to expand it’s automation to build that device support themselves. For new devices, making the support will take longer than it did in the past though, but they will still support those Pixels, as long as they meet the hardware requirements and still allow third-party OS support with all security features intact. Besides that GrapheneOS is actively talking with a major Android OEM right now in order to help them reach the security requirements for a subset of their future devices. They are very optimistic about that.
That’s all great news. I think they deserve another donation from me.
SailfishOS. Fun fact, it’s also finnish.
Removed by mod
Just an FYI I think they still did not deliver on the promise of open sourcing.
And I believe you’re still supposed to buy a license unless that’s changed recently.
Heh, good luck trying to sideload anything on Linux…
Right? Linus Torvalds keeps that source code under lock and key.
SteamOS. Outside of Ubuntu and other corp distros, if steam made a mobile-specific os or invested in arch enough to make a mobile friendly UI I would be interested
I strongly disagree. There is absolutely a use case for my mom not needing me to wipe her phone every time she tries to get Duolingo or whatever.
There is no scenario where an entire segment of devices should be locked to two companies having full control of what software can run worldwide, though. That part demands regulatory intervention.
One person’s inability to use a common device is not an excuse to make it worse for everyone else.
My parents are pretty incompetent when it comes to tech, but it wasn’t difficult for them to understand not to install random shit and call if in doubt.
It’s not one person, it’s the vast majority of the userbase.
Which, to be clear, is again not a reason to have a duopoly decide what software can be made or executed in the first place. It’s fine to have Google decide what the Play store will carry, and it’s even fine for Android devices to require a manual bypass to run unsigned software. It’s not fine for Apple and Google (and I guess Huawei by necessity) to have final arbitrary say on what software is acceptable on all handheld mobile devices.
That’s the same argument people used to praise Microsoft for forcing mandatory updates.
Every year they force untested updates breaking the OS or even bricking the hardware.
And Windows is still vulnerable despite the updates.This is weird in so many ways I have a hard time keeping track.
I mean, no, it’s not the same argument. One thing is about how when you have billions of handheld devices largely meant to function as out-of-the-box platforms for specific uses for non-tech savvy users it helps to have them locked out of the box to minimize software issues and maintenance. The other is about peace of mind and automated upkeep during downtime.
But at the same time… yeah, automated updates (which is not the same as mandatory updates) are a good thing. Especially for mainstream home computers that don’t have a sysadmin looking after them from a centralized location and have their upkeep down to whatever an individual user decides to do and when. There’s a reason a number of Linux distros meant for home devices also install updates in the background. It’s a good idea for gaming devices and home computers. The thing that used to piss people off about MS updates is that they used to interrupt people’s work to make them happen, which was exceedingly stupid.
None of which has anything to do with Windows or Microsoft pushing bad updates. Bad updates are bad and they aren’t any better for not being automated. Nobody cares if you updated yourself or the OS did it for you. If the system pushes a bad patch that bricks your system that’s really bad. That should never happen. For the record, it has happened to me way more often on Linux, but your mileage may vary.
And nooone of that has anything to do with vulnerabilities persisting. All systems have vulnerabilities. It’s about striking the right balance between how bad those are and how practical it is to close them up. You keep things as secure as you can while keeping them usable, based on what they are being used for.
What exactly are you trying to argue here?
You say automated updates good, mandatory updates maybe not?
But there’s no difference on Windows, that’s the point. You, as a user, get no choice.You will get broken updates and unwanted features whenever they decide, because it’s ultimately about the same thing with both MS and Android: taking away your control of your devices.
No, it’s about implementation. Implementation is implementation. If you want to discuss software in terms of principle we’re going to have a very short conversation. “You, as a user get no choice” because “they are taking away your control of your devices” is a meaningless statement.
I am arguing that yeah, there are scenarios where limiting the ability to install or run unsigned software at the user level makes perfect sense. Honestly, it may make sense most of the time. The mirage that it does not comes from mostly spending time in home computers where the only user is also the person acting as an admin.
Do I feel that most, if not all, devices should allow full access to a consenting user that understands they are very likely about to nuke their thing? Yeah, sure! It’s basic right to repair. But pretending that automating maintenance tasks or adding access restrictions is a fundamental, ideological problem is just… not how this works.
I think the change Google has announced is unacceptable. Just not for the reasons you’re describing and certainly not in the way you’re describing them. The difference is very important, because the last thing we need is a roaming mob of online dilettantes arguing that any restriction to access is a betrayal of fundamental freedoms.
Which, frankly, is how we ended up with the dumb notion that there’s no reason why you wouldn’t want your home computer updating itself every time you reboot it. Which in turn has nothing to do with the ability to not do that if the OS is running on something that is NOT a home computer where somebody needs to have manual control over what changes and when.
You’re right that there’s value in having a software repository with “vetted” apps in it. And at the same time, there’s a difference between “here’s stuff we’ve done some kind of due diligence on” and “you aren’t allowed to install anything we haven’t okayed.” That’s what Apple and now Google are doing.
(I also think there’s value in having a word like “sideload” to describe the action of installing software not in a repository. It’s just that it’s tied up now in this paternal attitude from the big companies)
Yep. No disagreement from me on any of that.
At most I’d argue that I don’t mind that Apple does that as long as someone else does not. If Apple wants to have a closed system that’s all good, but from the perspective of regulation and anti-trust you can’t have EVERY platform be closed. You need at least one viable open competitor to prevent the owners of the hardware from owning all the software by definition. It’s just like I don’t have a problem with Nintendo needing to certify all the games on the Switch as long as there is a Steam Deck, or Sony certifying PS5 games as long as you can run games on a PC.
But if all the software on the planet had to be on either the PS5 store or the Nintendo eShop I would absolutely have a problem with those being locked down. That’s what this shift means for the mobile market.
That just sounds like the system needs a separate “Admin” mode to do things like that. Your mom can take the risk of messing with that herself (which can be very educational!), or leave that for you or someone else to handle. But that would let her make a more informed choice, even without technical ability.
Sure. I don’t disagree with that. In fact, that’s how it currently works on Android, more or less. It’s actually looser now than it has been in the past.
But “informed choice without technical ability” is not a thing. You can’t be informed if you don’t understand what you’re doing. People online that more or less understand computers but don’t necessarily understand how other people interact with computers tend to miss how this works. My mom doesn’t choose to take risks or not, she won’t read what’s on the screen and if she reads it she won’t understand it, and if she understands it she won’t trust it, because she doesn’t have the knowledge to distinguish a genuine message from the OS trying to ask for confirmation from a janky physhing request.
My mom thinks Whatsapp messages can hack her bank account and freaks out every time her phone asks her to reboot for an update. She doesn’t have the time or interest to get to a place where she can change that, and more to the point she shouldn’t have to. It’s prefectly fine to buy a device that will only let you do the things you want to do and won’t let you do the rest.
As you say, that device just needs some process by which someone who cares and knows how to do more stuff can reclaim full access.
Yeah this is where I’m at too, there is no reason these device makers should be locking us out of doing what we want with our phones. Their app store can exist along side other install options and compete on usability instead of monopoly.
Yep. I don’t need Google to let me install apks freely and I don’t need them to host everything on the Play store with zero supervision.
But I do need F-Droid to keep working and to be able to install software that Google has zero visibility on, or a way to unlock my device to be able to sideload stuff. There is zero reasonable argument to say that Google is the only valid arbiter of signed software on the planet.
I argue that would be even more of a use case for the device owner to have such control.
Then you’d have rights to control which software your mom can install on the phone.
Why, in the love of all free tech support would I ever want to do that?
I swear, people just don’t grasp how normies use computers. I don’t want my normie relatives to have me micromanage their devices, I want their devices to be foolproof and do the five things they need to do.
That’s not what I want for every device, though, so there needs to be an alternative for people who post on federated social media and performatively use open source software. If there are only two providers in a segment and both lock down all sideloading that’s not acceptable, but the concept of locked down devices by itself is not.
This is not such a challenging concept. I am convinced most people in this thread would get it just fine outside of the context of having a knee-jerk reaction to the last thing they read online.
It’s an option you have. Personally having to do the same thing for my family, I configure an idiot-proof setup and I don’t get random calls from my parents / grandparents.
Blocking sideloading won’t help you here either though. You can just leave your mom using Google play store which vets the applications on the store.
You can lock down a device security-wise without locking down a device freedom-wise.
That said, I don’t think there ever will be a foolproof device, that’s not realistic.
If you want to guarantee someone won’t fuck up their device that’s what Administration is for. That’s what child controls and safety features are for.
Its not that I “don’t get it” its that I’ve been there and done that. And I use the tools given to me to make my life better. Those tools are for managing what my normie grandparents can and can’t do, because in reality, they just want to face-time their grandchildren, check emails, and print photos. But they’re also targets for scammers.
No, trust me, it’s that you don’t get it.
What you’re describing is an inordinate amount of effort and you clearly don’t realize just how much. There are billions of people with billions of devices. People who can “configure an idiot-proof setup” at all are outnumbered many thousands to one.
There isn’t a you to configure anything for most people with a mobile phone. That’s not how that works. It either works out of the box and forever or it’s broken and unusuable.
And sure, locking it down is no guarantee. People can still mess up their Apple phones, and those do like a thing and a half. Less than that without Apple’s strict supervision. But this is a matter of degrees. The difference between a few of those thousands of unsupervised normies making a mistake each year and 10% of them making a mistake each year is the difference between Android being a viable platform and it being a broken mess nobody uses.
I feel like I’m weirdly relitigating every other conversation I have with people about Linux over here. It’s kind of exhausting.
And to reiterate, that doesn’t make Google insisting on having the ID of the author of every piece of software allowed to run on Android acceptable. It’s just the difference between a reasonable objection and… not that.
You’re right, it is an inordinate amount of effort.
So much effort, that I don’t believe doing it on the scale Android / Google would need to do is possible.
We see Google, Apple failing at this insurmountable effort all the time. Even Linux has failed at it sometimes with supply chain attacks.
And frankly I don’t feel that Google can do better than what they’ve done already in terms of sideloading. Right now of you don’t want to go through the app store, you have to ignore two separate warnings when you side load a malicious app. At that point it’s negligence.
Because of that I don’t feel that adding this restriction to sideloading will help the situation. I believe it’s a cop out, if anything they should direct the effort to the Play Store more. There is plenty of actually harmful malware on the Play Store that we can see in the news is a much larger impact than sideloading applications.
That’s probably why no one is empathizing with what you’re asking for, there is too much showing this change is in bad faith.
We did have that impossible to screw up device in feature phones. But we traded that for pocket computers that enable us to install, and build apps.
As for Linux, I completely agree with you. It still needs to improve user friendliness. It’s improved exponentially lately, and could be argued to be better than Windows, but it’s still not as good as smartphone computers which are the epiphany of user friendliness (and ignoring the dark patterns being added).
For the record, people are misunderstanding what Google is doing. They aren’t enforcing full verification of every app, and presumably they’re not preventing third party stores, since regulators have already forced their hand on that front.
They are demanding to keep verifiable ID on the authors of every app for the app to be able to launch from any source. Their pitch is not to centralize, which they would like to do but aren’t allowed to do, their pitch seems to be to give you a paper trail where you know who made the malware because Google literally has a copy of their ID on file. Microsoft already has this for Windows as a certification system, but crucially on Windows you get a (deliberately very scary) “this app is unsigned and is probably malware” pop up that you can still bypass. It take a lot of unintuitive clicking, but you can still run the software. Google is saying they won’t have that workaround at all now on the subset of devices they flag as “Android certified”.
In practice this is fairly neutral in terms of security, but it focuses on enforcement and visibility. Besides the very real question of how to even implement this for distributed development or open source applications of the kind that doesn’t bother submitting to Google Play, it may also have a heck of a chilling effect on a whole bunch of things you really don’t want chilled in terms of privacy and anonimity for developers. It means if you want to control what software can be on ANY phone you need to get to basically three companies across the planet and that’s enough. Likewise if you want to go after someone who made a piece of software for whatever reason.
But that’s not what the conversation we’re having is about, partly because nobody seems to be looking past the headlines, partly because nobody wants to engage with the nuance of the situation and is looking at it from the myopic perspective of principled access at the cost of added complexity when that’s not at all what this is about.
I understand the paper trail that this is creating.
But it does come across as Google gatekeeping.
For example, what if I want to build an app, and distribute it outside of app stores with zero involvement from Google? It appears that cannot be done because I’d need to identify with Google through the developer program.
What happens if Google doesn’t like that I made a chat app that bypasses censorship in specific country, it gets removed from play store, so i publish it on my website. What if Google gets mad at this and flags my identification?
Suddenly no one can install my app that has nothing to do with Google.
To me, even if it seems like a benign change, I can see how it can be exploited by Google to push whatever agenda they want.
If Google disappeared the day after this is rolled out, would I still be able to add a valid identifier to my apk without Google’s involvement?
maybe technology is not for everyone. but if grandpa wants to video chat with his kids, maybe it’s the responsibility of the kids to help him. set up child limits or deal with the occasional problems. if grandpa cannot determine if an app is safe, they will install plenty of unsafe apps from the play store too, as google play’s vetting is not nearly as good as some like to argue, so it’s better for them if they just can’t do so by themselves.
Nnnno.
Grandpa is not a child. Grandpa is an adult. With, you know, income and independence and a full brain. Grandpa is well within his rights to own appliances that do things grandpa doesn’t fully understands but that are useful to Grandpa.
There is value for Grandpa (and for your jock brother that doesn’t understand computers, this isn’t an age problem) to have access to applications where he pays some company to do a thing for them. Those companies can take some of the complexity out of their hands, and Grandpa should be protected from abusive practices. It’s not on Grandpa to do research on technology just to make a phone call now any more than it was for 1960s grandpas.
Nnnno.
Yyyyes.
Grandpa is not a child. Grandpa is an adult.
of course. that’s out of question. However the tools provided by parental controls is what can solve this problem effectively. It’s specifically for the case when the user cannot use the device responsibly for one reason or another. you set parental controls up, and now they can’t break their phone.
what is the reason you think the parental controls function is not appropriate for grandpa? does it block him from doing something he should be able to do freely?
Grandpa is well within his rights to own appliances that do things grandpa doesn’t fully understands but that are useful to Grandpa.
I totally agree! And with that, he is well within his rights to break his phone accidentally. the question is not that. the question is whether you want to help him avoid that. with parental controls you can allow him to do everything he needs to do.
There is value for Grandpa (and for your jock brother that doesn’t understand computers, this isn’t an age problem) to have access to applications where he pays some company to do a thing for them. Those companies can take some of the complexity out of their hands, and Grandpa should be protected from abusive practices.
Yes. That works if grandpa is willing to ask professionals before (or after) doing something stupid. If that applies, you don’t set up parental controls for him, but allow him to do whatever.
If he is not willing to do that, he needs to be barred from breaking his phone. That’s why you support google’s plan, because they implement that, right?
But the problem is that they implement it ineffectively because they can still install plenty of hot garbage from the play store, and it’ll make every other user’s lives harder who know at least somewhat what they are doing, plus of those who are willing to give help to relatives any day. Because they either won’t be able to install apps that they trust, outside of the play store, or it will come with huge consequences like making google play integrity checks fail, or these apps being restricted in what can they do.that is why you don’t implement such insanity on all phones worldwide, but only individually for those people that need this kindof stronger guidance.
It’s not on Grandpa to do research on technology just to make a phone call now any more than it was for 1960s grandpas.
who needs to do research on that? you gave him the phone, it’s your job to show him how to place a call. but this point is not even relevant because google’s planned limitations wouldn’t do anything so that your grandpa can place a call if he doesn’t know how to do that.
Is this the context? https://mastodon.social/@arstechnica/115091392102147470
[email protected] - Google will block sideloading of unverified Android apps starting next year
Google says it’s no different than checking IDs at the airport.
https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/?utm_social-type=ownedNo difference from checking IDs at the airport? So Google wants a government body to handle their platform on their behalf and to ensure a common playing field where at the airport I can choose whatever vendor I’d like?
REMOVE SHOES BEFORE BOOTING ANDROID.
Unless you pay extra for Android pre-check. Get the right credit card and you can get it for free, plus lounge access!
No difference from checking IDs at the airport?
An airplane is a glorified autobus. You don’t need an ID to get on one of those.
This isn’t a fight over security, or even the control to form a walled garden. This is to eliminate privacy, the ability to run anonymously written code. This forces every bit of code to be tied to a name and face. It shortens the legal legwork needed to pin down who made what, this will be used to eliminate anonymous groups compiling their own E2EE communication network. Time is important when your trying to use a compromised member of a group to make a honeypot trap.
