← Back to context

Comment by andyjohnson0

3 years ago

Its to do with the Play Store requiring apps to target the Android 10 api level. Details at [1].

[1] https://www.xda-developers.com/termux-terminal-linux-google-...

18 comments

andyjohnson0

Reply
rektide  3 years ago

The "write-or-execute" policy causing this havoc is remarkably similar to what is being done with WebExtensions v3 banning any dynamic code execution. Termux wants to be able to bring down code & let users run it, but that's verboten. Similarly, all WebExtensions will be forbidden from bringing down code (or accepting user entered code).

That sounds fine/good for like 98% of extensions. But the other 2%... extensions like GreaseMonkey/VioletMonkey/TamperMonkey, or one could imagine something like IFTTT or PushBullet, where the extension might perhaps want some intrinsic extensibility to itself: those are all now verboten. There's not really any discussion or push/pull on the new security regimes. Computers just get more and more clamped down.

I'm interested to see how Termux goes forward. In the past they seemed to have some "in-APK packaging" notions for how to deal with Android 10+. I haven't stumbled upon a good description of what this is or how it would work, and I'm not really sure whether these ideas are still active or whether F-Droid and using ever aging SDKs is the way forward.

  • jeroenhd  3 years ago

    Termux still works fine on any Android device, all you've got to do is install it through F-Droid or similar. Google Play is the party blocking W+X, Android itself will happily execute your downloaded binaries (for now, at least).

    There are also other APIs that are absolutely verboten by Google Play but will work fine if the app is installed through alternative app stores.

    • pjmlp  3 years ago

      Nope, Android started to ban linking to native APIs that aren't officially part of the NDK, like Linux syscalls.

      More recent versions will just kill the application if they get used, and Termux folks refuse to accept that they have to go through JNI for specific OS features, so they won't be around for much longer, other than on rooted devices.

      Or they might eventually accept how things are done on Android.

      13 replies →

  • Gigachad  3 years ago

    I think this is not the worst situation. Downloading executable code is very rare in normal use cases and is extremely common and powerful for malware. For the common user, its better to just turn this off. And for the power user, they are free to sideload apps that can do whatever they want.

    • R0b0t1  3 years ago

      The problem is you can't actually turn it off like you think you should be able to do. As well, you should expect feature parity (automated updates and so on) with the R^X turned off.