Google: 'Your $1000 phone needs our permission to install apps now'". Android users are screwed - Louis Rossmann

I just hope that the Graphene devs continue to support the last supported versions of Android that allow installing apks.

I couldn't be happier with my P7 that has been running Graphene since day one. Zero Google. Zero problems

This is the risk of "trusted computing" architectures. Who is governing the "trusted" part of that.

These cryptographic signatures are not as much of a death knell for Android as some would have you believe. The trick is to get a common code signing cert into your device, that is then used to sign any third party APK you want to run. You can avoid the Google tax this way. I assume that's how most sideloading sites and apps are going to handle this.

The question is, how do you add that certificate? Is it easy and straight forward (with plenty of scary warnings), as a user? Or is it going to be a developer options deal? Or will I need root to add the cert?

I'm not sure what that answer is right now.

I just want to finish this post with a few words about trusted computing models. Plainly: Apple has been doing this for years ... That's why you download basically everything from an app store with Apple. Whether on your Mac OS device, your iPhone, iPad or whatever iDevice.... Whether the devs need to sign it, or the app gets signed when it lands on the store, there's a signature to ensure that the app hasn't been tampered with and that Apple has given the app it's security blessings, that it is safe to run. Microsoft and Google have both been climbing towards the same forever. Apple embedded their root of trust in their own proprietary TPM which has been included with every Mac, and iDevice for a long ass time. Google also has a TPM, the Titan security module, I believe that was introduced around pixel 3? Or 4?... Microsoft made huge waves requiring it for Windows 11, and we all know what that discussion looks like. Apple requires a TPM (which they supply, so nobody noticed), Google has been adding a TPM and TPM functionality to their phones for years, and now Windows is the same. None of this is a bad thing. Trusted computing can eliminate much of the need for antivirus software, among other things. I digress. We've been going this way for a long time. Google is just more or less, doing what Apple has already done, and what Microsoft will very likely do very soon, making it a requirement. Battlefield 6 I think, was one of the first to require trusted computing on Windows and it will, for damned sure, not be the last that does. The only real hurdle here is managing what is trusted. So far, each vendor has kept the keys to their own kingdoms, but this is contrary to computing concepts. Like the Internet, it should be able to be done without needing trust from a specific provider. That's how SSL works, that's how the Internet works, that's how trusted computing should work. The only thing that should be secret is the private signing keys. What Google, Apple, and Microsoft should be doing, is issuing intermediary keys that can sign code signing certs. So trusted institutions that create apps, like... Idk, valve as an example, can create a signature key for steam and sign Steam with it, so the trust goes from MS root to intermediary key for valve, to steam code signing key, and suddenly you have an app that's trusted. Valve can then use their key to sign software on their store that may not have a coffee signing key of it's own. This is just one example based on Windows. And above all of this, the user should be able to import a trusted code signing cert, or an intermediary cert signing cert, to their service as trusted.

Anyways, thanks for coming to my Ted talk.

This is an android 16 feature, scheduled for sept 2026 "prerelease" and 2027 rollout. I expect/hope some phones will have a setting to disable "the security". If not, there is great opportunty for high end hardware linux first phones, with good android emulation software.

What even is the reason for this? All this is going to accomplish is less Android market share.

So yeah we'll do a decentralized Linux phone of sorts, if Google is going full 3rd Reich with Android we'll move to a Linux based OS phone.

Simple as that.

This was the main reason I have a spare android phone to install whatever I want on it and just factory reset if there’s an issue. Android / Google is really shooting itself in the foot cause there isn’t a point in owning an android after this imo

When it comes to the current final frontier, Linux phones, what brands/models would be the best option? Or are you all really recommending iPhones?

If they only cared about thwarting malware they could have just relied on code signing via public certificate authorities, like with binaries on Windows.

This is about Revanced, isn't it? They failed to kill it via the YouTube backend so now it's down to lock down the os and browsers as much as possible to keep feeding people the juicy ads.

I find it very strange how many people in the comments here think the solution is to buy an iPhone. Maybe you are all just rich and can afford to spend $1000+ based on vibes, but considering the Android market still has a massive value advantage I'm not really sure what the point of switching is. This all feels very similar to how some Westerners decided Chinese tech and even the Chinese government were suddenly problem-free just because Americans elected Trump for a second time.

Apple now allows sideloading of apps and Google is trying to get rid of sideloading.

What... the Fuck?

I have LineageOS on my second phone, so the issue doesn't apply to custom ROMs, as the developers assured me. On my main phone, however, I still have the stock ROM because it's a new and expensive phone, and there are no custom ROMs for it yet, especially as it's a MediaTek. If they try to block sideloading, it would be a good time to report it to the European Union.

This defeats the entire purpose of me having android

Like I'm just going to switch to an iPhone now. Not because Apple is any better, but because I have more family with them.

They took away our SD cards, they took away our removable batteries, they took away our headphone jacks. Now they're taking away side loading apps, and that's it. I'm done. The death of android.

If Google is going to lock down my device to the point where I can't install apps without their permission, I might as well dump Android and go straight to Apple. I sacrificed my phone being good for the openness of the platform, but if Google loses that openness, why shouldn't I go with Apple?

be me
buy new phone, chose android cause I can install anything on it
get free iphone from work
sell iphone on ebay cause I can install anything I want on my android
google doesnt want me to install anything I want

Fuck me. I kept the wrong phone.

How does this affect "second-party" apps (i.e. apps you have created yourself)? Are you still allowed to go to Android studio, make an APK, transfer it to your own phone, and install that app? If no, this spells the death of experimental indie developers on Android.

I bought a Pixel recently and for 2 days I tried to make it work. 2 whole days of fumbling pain! And I felt fucking horrible. Almost nothing is customizable and everything coated in a thick layer of AI. Every google app has dark patterns. Don't like it? Well too bad, apps like goog photos keep on asking if you want to upload your life with a recurring popup that tries to trick you. Don't want Google Search Bar? Well... you don't get to say no bitch, don't make me hurt you. It is not a healthy relationship.

So. I just took the plunge and flashed GrapheneOS. Graphene will take a bit of work getting replacements for some of my needed apps like mail and map. But there are lots of neat options and I'm having fun with it. Problem fixed.

I used the graphene web install. I booted up my Pi 4B+ and used gnome-disks to flash a MicroSD with Ubuntu 24.10 then installed the two packages in the web install instructions then I got Brave (I went to the Brave homepage and they have some curl option to download. I needed to install curl, did that then got Brave installed. Once brave is installed you have to disable browser fingerprinting memory reduction and disable the "brave shield" (the little shield near the address bar) for the web installer GrapheneOS page. (It's a fresh install, on a Pi, and I know the site, no real risk)

After this you can just press the big buttons on the page and follow the instructions on the page.

There are many ways to do this. They have lists of compatible browsers and operating systems. I picked (eww) Ubuntu and (eww) Brave because they seemed easiest on the list and I did not virtualize or use containers in any way cause it messes up the webUSB magic the website uses. I like to play it safe as possible when firmware is involved so I didnt speed up the instructions. And also when you buy a Pixel, big thing! Turn on dev tools and toggle your oem bootloader setting off and on again. If it can't do that you need to return the phone because it's locked down by carrier.

Well... I hope my long sleep deprived ramblings help someone else break their chains. Read a bunch about it before starting! Good Luck!

Can you at least put a custom ROM on to disable this?

Joke's on them, my phone only cost $300

I think I am just done with the whole concept of the convenient prepackaged tech product, and especially staying "connected" with them.

For example, I stopped wearing a smart watch this summer and it's been a positive. I was the type to wear it 23 hours a day and track my sleep with it and everything. It turns out that not instantly seeing every notification or knowing the exact minute of the day are not a big deal, sans are even good for me.

Part of what I've also done is use my phone a lot less and my linux desktop a lot more. I use it as a mobile communication device and not my computer for everything. I guess the next time I need to replace it I'll either get an iphone since everybody in my family has one, or I'll see where these wonderful Linux phone projects end up.

Their arguments are kind of lame. To install APKs from outside the store is already an involved process that generally makes it harder for the uninformed to sideload. Make sideloading a bit harder, but possible. My xiaomi makes me wait and read warnings before installing APKs, for example.

I know it's not really ready for it yet, but I guess I'm gonna be looking into a Linux phone before I thought I would.

I readily await the visibility and interest this will give mobile linux development.

Will this kill FDroid ? I imagine yes since you have to install it from a download.