Rendered at 08:12:25 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
linuxhansl 1 hours ago [-]
What Google is doing is shameful. One of the promises of Android was being more open than the restrictive Apple ecosystem.
Now that they reached penetration they do the switch - under the guise of security.
Just let me do with my hardware what I want to do it. Let it be my responsibility to install whatever I want (and stop calling it "side-loading", as if I am doing something shady from the "side").
We need to resist this! Alas, from the broader response it seems that most people just do not care.
sscaryterry 22 minutes ago [-]
This is worse than Apple. With Apple you knew where you stood day 1.
pjmlp 5 minutes ago [-]
Ah so the Do No Evil wasn't serious after all?! /s
Shame isn’t an applicable concept for a corporation.
transcriptase 1 hours ago [-]
I think the most fun part with Google is that if some wayward algorithm decides it doesn’t like you, along with nuking your app and developer account it will probably nuke your 20 year old gmail, your kids Google Drive accounts, your wife’s YouTube premium, the Adsense account of some company you worked for in 2008, and disable your Nest cameras.
And you’ll never reach a human to sort it out.
techpression 20 minutes ago [-]
We experienced this with Anthropic, not the same blast radius obviously, but out of nowhere account was terminated. No support available.
It was via someone’s 30+ year old classmate via LinkedIn the account got reinstated.
As a counterpoint to the right to the repair there should be a right to recover.
Gigachad 15 minutes ago [-]
There was a more direct case where someone’s child had been interacting with Gemini inappropriately resulting in Google nuking the entire families Google accounts.
m00dy 1 hours ago [-]
it's a nightmare.
khurs 1 hours ago [-]
Android users need to switch to Graphene.
Someone needs to create a Linux based mobile OS foundation - Google's domination is contrary to many large companies interests, and if Meta and many other such companies were approached, they may well donate large sums of money in their own strategic interests.
dryarzeg 17 minutes ago [-]
> Android users need to switch to Graphene.
Doesn't GrapheneOS supports only Google Pixel smartphones now? For most of the users, that would mean changing their phones beforehand. And if we're talking about common people (especially not in US), it's not even everyone who can afford that. Moreover, in my opinion, by buying Google phones you're feeding Google, and I, personally, would like to avoid that.
kalx 1 hours ago [-]
I tried. But then I didnt get access to essential services like banking and national resources.
Convincing developers, especially bank and gov apps, is near impossible and won't scale well. Going after Alphabet for not meeting DMA obligations seems the easier path. Might not go anywhere but worth a shot.
zerof1l 1 hours ago [-]
Graphene OS user here. Almost all of the apps I tried work fine. All the banking apps I use work. Have you tried reaching out to the app developer or the service and explaining what Graphene OS is and asking them to support it? I was able to persuade one app to do it.
Problem is that all banks require a national centrale controlled service for login (BankID in Norway). And it is this service that I cannot get to work running GrapheneOS. It worked a couple of months ago, but not anymore. And all customer services and complaints are directed to your bank who 1) has no idea what i am talking about and 2) no control over BankID verification requirements.
LadyCailin 9 minutes ago [-]
I’ve nearly decided to switch back to the code brick instead of BankID app. It’s less convenient, but with the way things are going, I’m just not sure I want to exist in the digital world much longer.
feelamee 10 minutes ago [-]
lol, this problem stopped me from installing GrapheneOS early.
But now.. I removed banking apps by myself because my state require room them to collect phone fingerprint and access to location EACH time they opened.
So... looks like now nothing stops me
kalx 1 hours ago [-]
Correction: i did get bank access. I just couldnt log into the bank without a google or apple controlled device.
Arnt 1 hours ago [-]
I know Graphene has innovative security measures, do you happen to know whether that includes anything wrt. phishing or social engineering?
(For those who haven't been following along: this whole affair started with phishing. People were social-engineered into installing an app and a little later their bank accounts were empty. A big issue in various poor countries.)
aquariusDue 50 minutes ago [-]
I keep hoping for something more radical like Jolla and SailfishOS taking off or postmarketOS becoming a true viable alternative but as things are looking like now there's a better chance we'll ditch phones altogether in 10 years when smart glasses will replace them instead.
DaSHacka 41 minutes ago [-]
Honestly don't think that would be so terrible, with how bad and locked down the mobile ecosystem has gotten.
Rolling the dice on a new technology could wind up being much more favorable.
Timshel 11 minutes ago [-]
Not really a solution at the moment if you do not want to give money to Google by buying a Pixel (hopefully the deal with Motorola will work).
It's because only Pixel devices have proper hardware security to build anything secure on top.
cromka 60 minutes ago [-]
Those reasons are explained clearly and openly. Ironically, your /o/OS is way less open than GOS on Google hardware.
preisschild 1 hours ago [-]
I wonder if it makes sense to create an independent hard-fork of AOSP in the future. But probably the only option to keep this somehow maintainable is to replace many android-specific components with other userspace linux components that are already well maintained (systemd, networkmanager, wayland)
kalx 23 minutes ago [-]
Would this not require some control over the hardware? Which would be difficult for the FOSS community?
preisschild 16 minutes ago [-]
maybe not, heck people reverse engineered apple hardware and implemented it in various FOSS driver stacks
But yeah, vendors maintaining their drivers upstream in FOSS projects would obviously make it easer
darig 1 hours ago [-]
[dead]
nusuth31416 2 hours ago [-]
I use Android because it lets me install whatever I want on my phone, which it does not seem to me, controversial. The phone is either mine or it is not. I don't want Google's protection. Particularly, if I can't refuse it.
kalx 21 minutes ago [-]
Well… you can run android without google? The problem is that essential security services require apple or google devices and you as a member of society need the security services.
realusername 5 minutes ago [-]
Let's call them anti-competition services since there's nothing in these increasing security.
gadders 52 minutes ago [-]
I just launched an app in the Google Play Store. I did find it a bit weird that I had to provide my physical home address to get my app listed. Not sure what I would do if someone turned up to complain. Make them a cup of tea?
Izkata 7 minutes ago [-]
It's because of a law in California. Don't remember the reason behind it, but Google decided to apply it everywhere. It's also why I let my app die years ago instead of publishing the updated version.
r_lee 38 minutes ago [-]
well they can swat you, order pizza, send you packages (who knows with what inside), spread false info about you if you've given out more info etc...
all it takes is one guy who gets too mad for some reason
and it's gonna be a lot more costly for you to do anything about it vs. that guy who gets to be completely anonymous about it
Arnt 6 minutes ago [-]
How? I don't see the address published.
They can sue you and Google will give your address to the court, clearly. But swat? Send packages? How?
someonebaggy 36 minutes ago [-]
This is so that you can be sued or prosecuted if the app is malicious.
realusername 21 minutes ago [-]
There's no such requirement for publishing a website
anilgulecha 3 hours ago [-]
I understand the frustration (I'm an avid fdroid user across many many devices). But this article comes off as childish with the virus/trojan/"malware vendor".
With such an article, many (including perhaps google) get the ammo to disregard what fdroid says, by branding them as childish/not to be taken seriously. for eg: no reputable news org is going to post this.
I thought the same thing but he apparently has a point. The stated purpose covers only a tiny sliver of the capabilities. The agreement points to the TOS where it (last time I looked) says service may be terminated at any time without stating a reason. Nothing guarantees it won't be used for things other than security. And finally he has a point where it also doesn't really do much for security.
If we ask their fine search engine, the AI helpfully explains malware to be software designed to gain unauthorized access to disrupt, extort payments and/or hijack devices.
If you still think the shoe doesn't fit, imagine what would happen if one managed to create an app with the same capabilities. Google would remove it immediately for being malware. Obvious malware.
r_lee 33 minutes ago [-]
I'd usually say it'd be far fetched
but I can totally see Google banning developers and removing their apps for political reasons, where some lobbying group bombs them with emails
because with this they're explicitly saying they're now choosing who gets to be in or out, there's no way for them to say we can't do anything about it
I do think this would improve security, but I also think it's sort of a Trojan horse to lock down the ecosystem
stingraycharles 2 hours ago [-]
Isn’t Google going to do what Apple has been doing since forever? Or is Google somehow doing something worse?
RobotToaster 48 minutes ago [-]
I bought an android instead of an apple because I didn't want the kind of malware apple has always shipped with idevices
jb282 1 hours ago [-]
Apple's policies were established when you purchased the phone. Apps come through registered developers and their vetting.
Google has changed the game on something you already own. I'm sure their lawyers have done their homework, but in some jurisdictions this is certainly actionable.
someonebaggy 35 minutes ago [-]
They already lost a lawsuit and were fined a hundred billion dollars in the EU for locking down Android. Maybe they think since they already lost once, they can't lose again.
r_lee 32 minutes ago [-]
hundred billion?
0x53 2 hours ago [-]
I think the point they are trying to make is that in the terms of service Google says they get to define what is malware (halfway through article) so the author is trying to point out that exact danger: what happens when Google gets to randomly call things malware.
realusername 20 minutes ago [-]
I have the opposite opinion, Google is doing a lot of garbage in the name of "Security", time to play their game and report their control on Android as security vulnerability
bouncycastle 43 minutes ago [-]
Does this mean that apks that i've built and installed through adb will stop working? That would be a real damn shame.
foxrider 1 hours ago [-]
This would be the line for me. If at some point I'm unable to build an .apk and install it on my phone without Google letting me, I'm moving to Huawei.
aerzen 1 hours ago [-]
Does Huawei not use android or Google play services?
animuchan 53 minutes ago [-]
It's Android but without Google's services, there's an alternative app store.
The irony of Chinese vendors providing a breath of fresh low-DRM air.
pjmlp 1 minutes ago [-]
Partially true, HarmonyOS NEXT is its own thing, with a Typescript based language ArkTS.
No, Google is barred from providing any services to them by the US government.
koolala 36 minutes ago [-]
not like that no, some US carriers don't allow them though like AT&T blocks you to google or apple phones. for them only pixel supports a way out with graphene.
foxrider 54 minutes ago [-]
No, they use AppGallery and HMS.
pjmlp 6 minutes ago [-]
This kind of speech will only go with fellow technical users, most folks buying phones at the usual phone operators won't care less.
wolfi1 1 hours ago [-]
I'm still a little bit confused why the EU does not take action in this. This is definitely a monopolist overreach which has to be shutdown from the beginning
hurfdurf 56 minutes ago [-]
But they did. EU formally allows all these measures by Google in the name of "security" as described in Digital Markets Act Art. 6 (4) fourth paragraph.
Indeed. I wonder if it falls foul of labour law. Blacklisting is illegal and whitelisting (certification) is normally done with multiple competing third party certifiers.
r_lee 30 minutes ago [-]
this is something the EU would love, it's part of the whole Transparency thing where you dox yourself to everyone
HNers (especially Americans) are super naive and think the EU is some bastion of freedom. no. it just wants to be a huge nanny state but in a wholesome way, where you can do whatever you want as long as it's approved
willtemperley 23 minutes ago [-]
> In computing, a trojan horse or trojan is a kind of malware that misleads users as to its true intent by disguising itself as a normal program. [1]
Google is Trojans all the way down. What is the true intent of almost every Google product? Data harvesting.
Every single product is spyware of some kind. They've even managed trojanize TVs by subsidising manufactuers to ship their spyware.
The frustrating part is that security features often look like malware from a technical perspective. The intent is different, but the capabilities can overlap.
skybrian 1 hours ago [-]
I understand not being happy about what Google is doing, but it seems like F-droid can’t be trusted not to heavily spin things.
cuvert 37 minutes ago [-]
If the companies would keep their own word and never overreach maybe nobody would overreact. How many times did we hear in the past "It's just for..."
skybrian 23 minutes ago [-]
If companies play nice, people will stop making stuff up about them? I don’t believe that for a second, and it’s a poor excuse for making stuff up.
echelon 1 hours ago [-]
There is no spin here. Google is pulling up the ladder.
There won't be an open web, there won't be user installs, there won't be anonymity.
Everything will be identified, attested, and allowed only when Google permits it.
Nevermind them choking startups and small biz out of the oxygen they need to survive.
skybrian 1 hours ago [-]
What are talking about? Android Device Verification has nothing to do with what websites browsers can access.
I've already disabled Play Protect ages ago because it kept removing apps I had installed through F-Droid. Actually, I almost only install apps via F-Droid. I wonder if the ADV will install with Play protect disabled ?
WarOnPrivacy 4 hours ago [-]
My Android 15 handset doesn't have com.google.android.verifier process. It could be a Ulefone thing. They're especially pro-user (ex:root friendly).
EspadaV9 3 hours ago [-]
Checked my Pixel 7 XL Pro and the app is installed and running (Version 1.0.866414232
com.google.android.verifier). I was able to force stop it, and disable it. Will check later to see if reenables itself.
stavros 2 hours ago [-]
I don't understand how this is legal in the EU under the DMA, does anyone know?
pimeys 1 hours ago [-]
I already contacted the DMA authorities and complained how this has an effect on German diabetes communities and they replied that I am not the first one who approaches them on this and they are already investigating it.
Google is just trying how far they can push this.
sebastiennight 1 hours ago [-]
Do you have any pointers on how to find the correct authority and reach out? I'd like to inform my EU audience.
I don't get what part of that your think enables them to deny access to third parties distributing their apps on alternate stores. If you're referring to the last paragraph, that very explicitly says that any such security must be an optional setting that is not default. So unless users opt into verified only apps, Google can't force that, according to the DMA.
1 hours ago [-]
slowmovintarget 4 hours ago [-]
> Disguising itself as the innocuously-titled “Android Developer Verifier” (ADV) process, this trojan horse runs surreptitiously in the background as a system service with full root privileges, quietly awaiting an activation signal. The service cannot be blocked, disabled, or removed. Unlike a commonplace bit of malware, this extraordinary strain won’t be detected and neutralized by Play Protect (the malware scanning and remediation service that is installed on all Android Certified devices). In fact, Play Protect is itself the vector through which this virus is transmitted and installed.
> That is because it is Google themselves who is propagating ADV. And once activated, this malevolent process has exactly one goal: to block you from running software by developers who haven’t been approved centrally by Google.
The rest of the article is a claim that Google's new terms of service amount to "malware is any software we [Google] don't like."
It seems like Google is aiming for its own walled garden.
selectively 9 minutes ago [-]
[dead]
Rekindle8090 4 hours ago [-]
[dead]
p0w3n3d 57 minutes ago [-]
[flagged]
Rekindle8090 30 minutes ago [-]
[dead]
ranger_danger 4 hours ago [-]
> How long before they designate all ad-blocking software as malware, block installation on all Android certified devices worldwide, and permanently designate all developers of this class of software as malware creators?
History shows that when a "slope" appears... regulation steps in, technology evolves to solve the problem, or the culture shifts to reinterpret the thing.
In almost every case, the feared "bottom" of the slope was never reached because humans constantly built ramps or bridges along the way.
weikju 4 hours ago [-]
> In almost every case, the feared "bottom" of the slope was never reached because humans constantly built ramps or bridges along the way.
Perhaps it happens because the slope is called out...
thinking_cactus 2 hours ago [-]
I alternate my thoughts frequently (which I believe is healthy), and sometimes I think we should let things take their course a bit more before reacting. It's certainly tiresome and can be pointless (some people claim 'hysterical') to fight lots of changes, not necessarily this one but some like it.
But I've come to realize there are serious downsides to letting things run their course too. Some changes are very hard to roll back (famous 'cat's out of the bag') just taking a lot of time to reverse if ever. For example, once there is a long term contractual agreement, if one parties decides to roll back they may just not be able to until the contract expires (like renting land; or worse, selling). A change in software systems for example that need backward compatibility can be quite difficult in technical and nontechnical ways.
I think people need to also keep some sympathy for the protests and let people protest more. I'm leaning more toward: if in doubt, provide visibility to a cause (even if not full support). It's okay to save yourself some energy (in particular for the most important causes). Some things might have to run their course for people to understand they were valuable, and we will probably have to eat some frogs as a consequence. Don't lose you sanity ;) (As the saying goes, "Don't you dare go hollow.")
RedComet 28 minutes ago [-]
"or the culture shifts to reinterpret the thing"
Yes. You see it already.
"Actually it is good that I can't run programs that haven't been approved by Google on my own device."
ozgrakkurt 2 hours ago [-]
This is a useless argument since there is no way to measure what case is this and what is not.
You can say "Classic slippery slope fallacy." to whatever seems like that to you.
This is an antipattern to scientific thinking as you can frame something x and then say all x are like this, look I created this framework to think about x. But in reality there is no empirical basis for this thought. And it serves no purpose other than doing more argument or winning arguments.
In the end what you wrote equates to "I don't think all of this will happen".
Chaning many possibilities makes the outcome less and less likely obviously.
Also the same principle applies to most religions I know of, for example:
- Assume there is God
- Assume it did create universe.
- Assume x
...
Then this also fits the same pattern and be called the "x fallacy" but it is useless to create an argument like this. This is useless mainly because this thinking pattern is ubiquitous in any world view.
More productive discussion might be to pick some steps in the theory they chained together and argue on that imo.
dminik 55 minutes ago [-]
Is it a fallacy if you've said before that Google is aiming to create a walled garden, Google itself has already started saying it wants a walled garden and they've already implemented several such steps?
charcircuit 1 hours ago [-]
This is not malware. It's an official part of Google Play Services.
ale42 46 minutes ago [-]
It all depends on how you define malware. If malware is software doing something that is contrary to the user's interests, then for many users it is indeed malware.
someonebaggy 33 minutes ago [-]
Too much hedging in this comment.
Malware is something that maliciously breaks your computer.
This maliciously breaks my computer so it's malware. There's no difference between this and the ILOVEYOU virus, except the delivery mechanism.
charcircuit 14 minutes ago [-]
>this malevolent process has exactly one goal: to block you from running software by developers who haven’t been approved centrally by Google.
This claim is made by FDroid with no evidence. They make this scary claim which goes against everything Google has claimed so far. They are a biased party, and I can't trust their opinion. I would appreciate if they shared a more in depth investigation or a way to verify there big claim.
mdp2021 41 minutes ago [-]
The point is that it is said to tamper with your installations. If it does, it is malware.
Now that they reached penetration they do the switch - under the guise of security.
Just let me do with my hardware what I want to do it. Let it be my responsibility to install whatever I want (and stop calling it "side-loading", as if I am doing something shady from the "side").
We need to resist this! Alas, from the broader response it seems that most people just do not care.
- https://en.wikipedia.org/wiki/Don%27t_be_evil
And you’ll never reach a human to sort it out.
As a counterpoint to the right to the repair there should be a right to recover.
Someone needs to create a Linux based mobile OS foundation - Google's domination is contrary to many large companies interests, and if Meta and many other such companies were approached, they may well donate large sums of money in their own strategic interests.
Doesn't GrapheneOS supports only Google Pixel smartphones now? For most of the users, that would mean changing their phones beforehand. And if we're talking about common people (especially not in US), it's not even everyone who can afford that. Moreover, in my opinion, by buying Google phones you're feeding Google, and I, personally, would like to avoid that.
Convincing developers, especially bank and gov apps, is near impossible and won't scale well. Going after Alphabet for not meeting DMA obligations seems the easier path. Might not go anywhere but worth a shot.
[1] https://privsec.dev/posts/android/banking-applications-compa...
(For those who haven't been following along: this whole affair started with phishing. People were social-engineered into installing an app and a little later their bank accounts were empty. A big issue in various poor countries.)
Rolling the dice on a new technology could wind up being much more favorable.
Long term I would probably have more hopes in https://postmarketos.org/
I bought a /e/os Fairphone instead.
* (March 2026) Motorola announces a partnership with GrapheneOS Foundation - https://motorolanews.com/motorola-three-new-b2b-solutions-at...
But yeah, vendors maintaining their drivers upstream in FOSS projects would obviously make it easer
all it takes is one guy who gets too mad for some reason
and it's gonna be a lot more costly for you to do anything about it vs. that guy who gets to be completely anonymous about it
They can sue you and Google will give your address to the court, clearly. But swat? Send packages? How?
With such an article, many (including perhaps google) get the ammo to disregard what fdroid says, by branding them as childish/not to be taken seriously. for eg: no reputable news org is going to post this.
PS: https://keepandroidopen.org/ is better done.
If we ask their fine search engine, the AI helpfully explains malware to be software designed to gain unauthorized access to disrupt, extort payments and/or hijack devices.
If you still think the shoe doesn't fit, imagine what would happen if one managed to create an app with the same capabilities. Google would remove it immediately for being malware. Obvious malware.
but I can totally see Google banning developers and removing their apps for political reasons, where some lobbying group bombs them with emails
because with this they're explicitly saying they're now choosing who gets to be in or out, there's no way for them to say we can't do anything about it
I do think this would improve security, but I also think it's sort of a Trojan horse to lock down the ecosystem
Google has changed the game on something you already own. I'm sure their lawyers have done their homework, but in some jurisdictions this is certainly actionable.
The irony of Chinese vendors providing a breath of fresh low-DRM air.
https://developer.huawei.com/consumer/en/arkts/
And now they are adding yet another one, AOT compiled, Cangjie
https://cangjie-lang.cn/en
Using Android fork has been a transition step.
https://www.eu-digital-markets-act.com/Digital_Markets_Act_A...
HNers (especially Americans) are super naive and think the EU is some bastion of freedom. no. it just wants to be a huge nanny state but in a wholesome way, where you can do whatever you want as long as it's approved
Google is Trojans all the way down. What is the true intent of almost every Google product? Data harvesting.
Every single product is spyware of some kind. They've even managed trojanize TVs by subsidising manufactuers to ship their spyware.
[1] https://en.wikipedia.org/wiki/Trojan_horse_(computing)
There won't be an open web, there won't be user installs, there won't be anonymity.
Everything will be identified, attested, and allowed only when Google permits it.
Nevermind them choking startups and small biz out of the oxygen they need to survive.
- https://news.ycombinator.com/item?id=47935853 (2 months ago, 889 comments)
- https://news.ycombinator.com/item?id=47139765 (4 months ago, 378 comments)
- https://news.ycombinator.com/item?id=47778274 (3 months ago, 68 comments)
Google is just trying how far they can push this.
> That is because it is Google themselves who is propagating ADV. And once activated, this malevolent process has exactly one goal: to block you from running software by developers who haven’t been approved centrally by Google.
The rest of the article is a claim that Google's new terms of service amount to "malware is any software we [Google] don't like."
It seems like Google is aiming for its own walled garden.
Classic slippery slope fallacy.
https://en.wikipedia.org/wiki/Slippery_slope
History shows that when a "slope" appears... regulation steps in, technology evolves to solve the problem, or the culture shifts to reinterpret the thing.
In almost every case, the feared "bottom" of the slope was never reached because humans constantly built ramps or bridges along the way.
Perhaps it happens because the slope is called out...
But I've come to realize there are serious downsides to letting things run their course too. Some changes are very hard to roll back (famous 'cat's out of the bag') just taking a lot of time to reverse if ever. For example, once there is a long term contractual agreement, if one parties decides to roll back they may just not be able to until the contract expires (like renting land; or worse, selling). A change in software systems for example that need backward compatibility can be quite difficult in technical and nontechnical ways.
I think people need to also keep some sympathy for the protests and let people protest more. I'm leaning more toward: if in doubt, provide visibility to a cause (even if not full support). It's okay to save yourself some energy (in particular for the most important causes). Some things might have to run their course for people to understand they were valuable, and we will probably have to eat some frogs as a consequence. Don't lose you sanity ;) (As the saying goes, "Don't you dare go hollow.")
Yes. You see it already.
"Actually it is good that I can't run programs that haven't been approved by Google on my own device."
You can say "Classic slippery slope fallacy." to whatever seems like that to you.
This is an antipattern to scientific thinking as you can frame something x and then say all x are like this, look I created this framework to think about x. But in reality there is no empirical basis for this thought. And it serves no purpose other than doing more argument or winning arguments.
In the end what you wrote equates to "I don't think all of this will happen".
Chaning many possibilities makes the outcome less and less likely obviously.
Also the same principle applies to most religions I know of, for example:
- Assume there is God
- Assume it did create universe.
- Assume x
...
Then this also fits the same pattern and be called the "x fallacy" but it is useless to create an argument like this. This is useless mainly because this thinking pattern is ubiquitous in any world view.
More productive discussion might be to pick some steps in the theory they chained together and argue on that imo.
Malware is something that maliciously breaks your computer.
This maliciously breaks my computer so it's malware. There's no difference between this and the ILOVEYOU virus, except the delivery mechanism.
This claim is made by FDroid with no evidence. They make this scary claim which goes against everything Google has claimed so far. They are a biased party, and I can't trust their opinion. I would appreciate if they shared a more in depth investigation or a way to verify there big claim.