The "write-or-execute" policy causing this havoc is remarkably similar to what is being done with WebExtensions v3 banning any dynamic code execution. Termux wants to be able to bring down code & let users run it, but that's verboten. Similarly, all WebExtensions will be forbidden from bringing down code (or accepting user entered code).
That sounds fine/good for like 98% of extensions. But the other 2%... extensions like GreaseMonkey/VioletMonkey/TamperMonkey, or one could imagine something like IFTTT or PushBullet, where the extension might perhaps want some intrinsic extensibility to itself: those are all now verboten. There's not really any discussion or push/pull on the new security regimes. Computers just get more and more clamped down.
I'm interested to see how Termux goes forward. In the past they seemed to have some "in-APK packaging" notions for how to deal with Android 10+. I haven't stumbled upon a good description of what this is or how it would work, and I'm not really sure whether these ideas are still active or whether F-Droid and using ever aging SDKs is the way forward.
Termux still works fine on any Android device, all you've got to do is install it through F-Droid or similar. Google Play is the party blocking W+X, Android itself will happily execute your downloaded binaries (for now, at least).
There are also other APIs that are absolutely verboten by Google Play but will work fine if the app is installed through alternative app stores.
I think this is not the worst situation. Downloading executable code is very rare in normal use cases and is extremely common and powerful for malware. For the common user, its better to just turn this off. And for the power user, they are free to sideload apps that can do whatever they want.
Its to do with the Play Store requiring apps to target the Android 10 api level. Details at [1].
[1] https://www.xda-developers.com/termux-terminal-linux-google-...
The "write-or-execute" policy causing this havoc is remarkably similar to what is being done with WebExtensions v3 banning any dynamic code execution. Termux wants to be able to bring down code & let users run it, but that's verboten. Similarly, all WebExtensions will be forbidden from bringing down code (or accepting user entered code).
That sounds fine/good for like 98% of extensions. But the other 2%... extensions like GreaseMonkey/VioletMonkey/TamperMonkey, or one could imagine something like IFTTT or PushBullet, where the extension might perhaps want some intrinsic extensibility to itself: those are all now verboten. There's not really any discussion or push/pull on the new security regimes. Computers just get more and more clamped down.
I'm interested to see how Termux goes forward. In the past they seemed to have some "in-APK packaging" notions for how to deal with Android 10+. I haven't stumbled upon a good description of what this is or how it would work, and I'm not really sure whether these ideas are still active or whether F-Droid and using ever aging SDKs is the way forward.
Termux still works fine on any Android device, all you've got to do is install it through F-Droid or similar. Google Play is the party blocking W+X, Android itself will happily execute your downloaded binaries (for now, at least).
There are also other APIs that are absolutely verboten by Google Play but will work fine if the app is installed through alternative app stores.
14 replies →
I think this is not the worst situation. Downloading executable code is very rare in normal use cases and is extremely common and powerful for malware. For the common user, its better to just turn this off. And for the power user, they are free to sideload apps that can do whatever they want.
1 reply →
The play store version isn't being updated, owing to a policy change by google affecting their package manager