Comment by arielcostas
20 days ago
Meaning to use your device you need to have a contractual relationship with a foreign (unless you are in the US) third party that decides what you can or cannot do with it. Plus using GrapheneOS is less of an option every day, since banks and other "regulated" sectors use Google Play Protect and similar DRMs to prevent you from connecting from whatever device you want. Client-side "trust" means the provider owning the device, not the user.
Android shouldn't be considered Open Source anymore, since source code is published in batches and only part of the system is open, with more and more apps going behind the Google ecosystem itself.
Maybe it's time for a third large phone OS, whether it comes from China getting fed up with the US and Google's shenanigans (Huawei has HarmonyOS but it's not open) or some "GNU/Linux" touch version that has a serious ecosystem. Especially when more and more apps and services are "mobile-first" or "mobile-only" like banking.
I think Play Integrity is the fundamental issue here, and needs to go. That's the crux of the issue.
Allowing apps to say "we only run on Google's officially certified unmodified Android devices" and tightly restricting which devices are certified is the part that makes changes like this deeply problematic. Without that, non-Google Android versions are on a fair playing field; if you don't like their rules, you can install Graphene or other alternatives with no downside. With Play Integrity & attestation though you're always living with the risk of being cut off from some essential app (like your bank) that suddenly becomes "Google-Android-Only".
If Play Integrity went away, I'd be much more OK with Google adding restrictions like this - opt in if you like, use alternatives if you don't, and let's see what the market actually wants.
Banks seem to actually "want" Play Integrity. At least they act like it. I bet they would like for normal online banking on user-controlled devices to completely go away.
Of course they do, and of course they would. Banks are in a crazy legal position where they are financially liable for user stupidity. If my bank account gets breached, it doesn't matter that I didn't take any reasonable security measures, the bank will still have to refund me. If the bank could say "you didn't follow our recommended security practices to use a PW manager and MFA or passkeys, so it's a FAFO situation for you," then they wouldn't be pushing for this stuff. But they can't do that because the government doesn't allow them to.
There is even government regulator pressure now for financial services to be liable for cases where the user legitimately authorizes a transaction to a party that turns out to be a scammer. Of course the banks want to watch your every move and control your devices. They would be stupid not to given the incentives.
20 replies →
Only because it's there. I don't think the would demand it if it wasn't offered, but once it's there imagine being in a bank and saying to management "it recommend we don't enable this security feature that works on 99.99999% of phones".
49 replies →
What's absurd though is that they have never demanded it for browsers. I think there is a much higher risk of someone being tricked into downloading a compromised browser with a backdoor than someone being tricked into downloading a modified version of their particular banking app. It gives the attacker the same level of control though.
41 replies →
Because it allows them to outsource "security", for "free".
If play integrity went away, all mainstream Android users would suddenly experience a huge increase in captchas and other security measures.
It’s funny to see the volume of comments on HN from folks who are outraged at how AI companies ferociously scrape websites, and the comments disliking device attestation, and few comments recognizing those are two sides of the same coin.
Play integrity (and Apple’s PAT) are what allow mobile users to have less headaches than desktops. Not saying it’s a morally good thing (tech is rarely moral one way or the rather) just that it’s a capability with both upsides and downsides for both typical and power users.
There is no logical inconsistency in disliking abusive scraping, remote attestation, malware, and CAPTCHAs at the same time. Of these, I merely dislike CAPTCHA while I make moral judgments about the other three.
I see creating a mechanism for remote attestation of consumer devices as morally bad because it's a massive transfer of power away from end users to corporations and governments. A scheme where only computers blessed by a handful of megacorporations can be used to interact with the wider world will be used for evil even if current applications are fairly benign.
1 reply →
It is not so simple!
Play Integrity's highest level of attestation features requires devices to be running a security update which is within a sliding window of 1 year.
LOTS of Android devices have not released a security update in many many years. This forces users to unnecessarily upgrade to higher end OEMs.
Google is effectively pushing out Xiaomi, Huawei, and many others that offer excellent budget options. Google is not just offering you the comfort of not having to fill out CAPTCHAs on your phone, most importantly they are playing monopoly.
11 replies →
This is only allowed to exist because the justice system and politicians are mostly tech illiterate.
Play Integrity is not compliant with any antitrust legislation, that's painfully obvious. The sole and only purpose of this system is to remove non-Google Android forks.
As someone working on a product that relies on Play Integrity and PAT to give legit mobile users zero captchas while challenging non-attested clients, I promise you are quite wrong here.
The benefits may not be sufficient to offset the harms you see, but if you don’t understand how and why these capabilities are used by services, I’m also suspicious you understand the harms accurately.
9 replies →
Id be more convinced that this was about malware and your security if you could turn it off.
I think this is mainly just an attempt to kill things like newpipe.
Add blocked bootloaders, remember when Huawei let you just do it if you wanted?
Most devices are just blocked and won't let you unblock. It is stuck it OS.
You can't even try alternatives.
HarmonyOS is open source (according to Wikipedia) but some of the tooling does not appear to be. I.e. can only get the simulator from mainland China.
OpenHarmony and LiteOS are open source, Harmony OS is partly proprietary.
> Maybe it's time for a third large phone OS
It's been that time for years. But it's easier said than done. The closest we've currently got are the various phone-targeted Linux distros out there. But they're not quite ready for serious usage for me; at least not on the Pinephone. Still, that's where to put your time & money if you're serious about wanting a change.
The thing is making a smart phone is hard. You need experienced and knowledgable embedded engineers to design every aspect of the phone. You need people who are knowledgable about RF and know how to go about regulations in various countries. You need software engineers to build up a whole operating system from scratch and probably do that multiple times as the available technology changes. Not to mention create an entire production line to fabricate the parts and assemble them.
And while efforts like Pinephone are good, they don't have the VC or talent to really make that a reality anytime soon on a massive scale. Most efforts in this space are open source which is great but doesn't really pay anything. People with these skills can easily work at any phone OEM and make good money. So I think it will take a massive company to do it. Maybe Microsoft wants to give it another go haha. Amazon has tried multiple times to make this a reality but it's just cost so much money and time that they keep shutting it down.
I don't have any answers, for something to become viable is has to appeal to the average consumer and getting to that point is like crossing a mountain.
There was Firefox OS, but they ended it too soon. Now, they’re just trying to make money from ads
Kai OS is a moderately successful continuation of Firefox OS.
1 reply →
Mozilla if you're listening - now's your chance; please bring it back. We actually have a reason to switch now.
> easier said than done
This is true for both the engineering and business sides. Cyanogen’s failure showed that it ultimately doesn’t matter how good your software product is if your business side of things is poorly run. Same with the Pebble smartwatch - amazing product, terrible back office.
> The closest we've currently got are the various phone-targeted Linux distros out there. But they're not quite ready for serious usage for me; at least not on the Pinephone.
This isn't the closest, since we have Purism Librem 5 phone, which many people (including me) are using as a daily driver.
Is Pinephone still going? I was excited for it a few years ago, but I checked in recently and a lot of people are calling it dead. They discontinued to "pro" model and it doesn't sound like the software has much active development going on.
The phones still exist and work fine. I know it's fun to declare things "dead", but I don't think you can reasonably say it of pinephones.
Eh, that's a multi-faceted question. I personally am tired of Pine. They've made some questionable calls over the past couple years and their "make open hardware with almost nothing working software-wise and see what the community does" business plan has started feeling exploitative to me.
PPpro was mismanaged especially badly. Nothing against the amazing community- it's just there were some hardware/firmware decisions by pine that made it especially hard to develop for. Meanwhile, the non-pro version is handicapped by a very slow processor.
There's still some development happening, and the window managers like KDE are still improving stuff on the front end. But you're right, it has slowed down. That all said, this is still the only non-Google/Apple device you can get in the USA that actually kinda works. I used both the non-pro and pro versions for a few months a couple years ago as my daily driver. I could make calls, send texts, connect to matrix, etc. I wouldn't claim that "it just worked" but it did work.
3 replies →
realistically, the end point for moderately tech savvy folks is going to a be two-device setup. one cheap phone for basic communication , all the corpo stuff like banking and shirt-and-tie social media + a wifi hotspot. then a second "practical use" device that uses the hotspot, that you fully control and do your tinkering with.
edit: coming to think of it, teaching people to have a device for the "clean stuff" and separate one for the "stupid stuff" could even turn out to be a benefit.
This is already happening. It would be nice to have a purpose-built "clean"/”lame" device that not only did networking for you, but let you run whatever super special shit that garbage banking app needs attestation for while serving it over vnc or similar to your "dirty"/"cool" device. Then the lame device could be quite small, maybe even stuck on to the cool device as a dongle something.
Could the lame device be integrated or even better virtualised on the cool device?
Or staying at home
The end point is going to be you will only be able to connect to the Internet with a device that passes hardware attestation so people won't be able to tinker
This is really smart. It’s low friction. It’s a drag to need two devices, but it is a low compromise bridge to building up something like a pinephone/pinebook’s ecosystem without needing to keep swapping your sim card.
its how most home networks already work, when you think of it. you have a small locked down isp-provided technically-a-computer, that manages your connection, and behind that, you have all your own stuff on your home network.
if anything, it would be mobile computing "pulling the modem out of the computer", like home desktops did in the 90s. I probably still have that 14.4k pcmcia modem card laying around somewhere...
You make it sound like a bad thing! That's pretty much already where I'm at, and is in fact exactly what I want. My smartphone is for messaging and a handful of apps from major vendors (Google Maps, Youtube, 1Password, etc.) It shouldn't ever crash, have nagging software updates, require tinkering, etc., just like my microwave and washing machine. And for tinkering, I've got my Mac, my little Linux NAS, a variety of Linux handheld devices, etc.
Your heart is where your money. The device with the money would be the practical device for anybody except few RMS' followers.
And I'm happy to keep my heart/money away from the junk of social media and similar trivial shit. To give an example: I have two email ids, one for banking/government stuff and such and other for general purpose (sometimes I use those throwaway ones too for one-time things). If Google pulls this shit, I'm pretty much willing to go two-device - it would be actually more secure. I don't consider this some sort of RMS-idealogy, it is just the sensible next step.
I am already taking 4 devices with embedded batteries with me and it's pain during airport scans. I am not looking for taking 5th. :/
> Maybe it's time for a third large phone OS [...].
Apple and Google conspired to never allow that to happen. They've pushed Microsoft out of that sector. Microsoft! Name a bigger challenger.
Microsoft pushed itself out of the sector by having a lousy mobile platform.
Microsoft had a phenomenal mobile platform. The only problem they had was that they failed to convince anyone to build apps for it.
2 replies →
GNU/Linux phones already exist, although they're indeed being harmed by the duopoly.
That was before AI coding assistants.
A language model will create the market force to displace an oligopoly in the most influential sector of our society?
Hedge your bets.
Considering that Google and Apple can use them too, tt's unclear to me whether you think AI coding assistants will make it easier or harder for a third competitor to enter the field.
Lmao
> Android shouldn't be considered Open Source anymore
That idea died for me long ago, I had used Android since 2009 till 2020. I gave up on the dream of a Linux phone. Ubuntu had a nice sleek Phone UI they were working on. The issue is if nobody builds the phones and no carrier cares, nobody will pick it up. You need to push yourself into the market.
Microsoft could fill this weird gap if they wanted to the key things would be they would have to truly open source the OS. I could see Amazon trying again, but they'd need to invest a lot as well. It's an uphill battle needing a serious flagship phone. Your other problem is most apps need to be migrated.
Amazon was hopeless even with the apps, because they had their hooks into things even worse than google. They are shameless. Most other tech companies large enough to even try would be as bad or worse.
All that type of money went to llms, who is going to spend that on a phone os now? Not who should, but who actually would? They gave up on browsers, they gave up on mobile oses. There is a real risk that the next step is the US gov takes X% of google instead of enforcing antitrust in a year or two.
Linux phones will never take off because banking and media/drm apps, and by extension social media apps, will just boycott them and kill it off. The tone has been set, this comment applies to any major player trying to break into the mobile market moving forward.
This is honestly very bleak news.
Yeah, I'm disappointed in their efforts. I do like the Kindle tablet for my preschooler because its cheap and gets the job done, though we limit her screen time.
I'm just name dropping from the perspective of a big org that could fund such a thing correctly, but they would need to start over IMHO.
I'm not sure of another big player who could invest billions into such an endeavour.
I don’t even think Microsoft could. Google bullied them out last time with windows phone and the YouTube app debacle.
Until we have serious antitrust legislation against Google and Apple wielding their market power against any new entrants we are stuck with a duopoly.
At the very least, Google needs to lose Android, and probably YouTube as well.
"At the very least, Google needs to lose Android, and probably YouTube as well."
Wishful thinking department unfortunately. Modern US capitalism wouldn't allow that to happen—and a large majority of users are so addicted to the electronic heroin provided (seemingly for free but not) by the likes of Big Tech—Google et al—to care let alone do anything about the problem.
Given the state of the Kindle and Fire TV interfaces, I hope Amazon keeps far away.
I would strongly argue that they would have to start over completely.
Not sure porting the apps would be such a big problem.
You could probably get away with porting only a tiny fraction of all apps.
I only use ~10-20 apps. If I was sure those work reliably I'd not hesitate to move.
Here's a list for anyone who's interested:
* Firefox * Money / bank * Identity * Maps * Email / calendar * Public transport * Chat (Whatsapp, signal, telegram, Facebook messenger, hangout, slack, discord..) * Camera * Music * Podcasts * YouTube * Taxi * Renting bikes * Parking * Digital "postbox" (not email) * Gym * 2FA * Calculator * Phone/SMS * Google Drive
Everyone only uses ~10-20 apps, the problem is that no one uses the same ~10-20 apps.
1 reply →
Open source is a relative thing. Compared to iOS, Android is "incredibly open source!"
> "GNU/Linux" touch version that has a serious ecosystem
That is a very hard problem, unless someone with serious name recognition like Linus Torvalds starts to lead that kind of effort, or a big company like Microsoft suddenly decides that putting 1 billion towards GNU/Linux would be in their interest. With small efforts, it will remain scattered.
Crowdfunding has a lot of power if there is name recognition behind the effort. Star Citizen has already gathered $800 million with mostly enthusiasm and a good start. Who is there to lead the effort for GNU/Linux phone development?
A GNU/Linux phone is dead on arrival unless it provides features that the masses consider a benefit. It's been attempted countless times, and every time it fails to gain adoption because the benefits rarely outweigh the downsides (yes, I know I will get at least one free software maximalist disagree, but in general, adoption rates support my point: these phones are used by such a small minority they're effectively a measurement error in the data).
If anyone wants to give it a shot again, don't start with a GNU/Linux phone, start with something the masses actually will care about. Reverse-engineered, adversarially-interoperable social media apps for all the mainstream networks with no ads/dark patterns? Cool. Adblocking by default? Sure thing. Built-in support for a wide range of cloud providers (including standard protocols such as SFTP/S3/etc). And so on.
Address actual pain points that people have. "GNU/Linux" by itself does not address anything. The non-technical majority don't even know what that is or means, and even for technical people it isn't a perk by itself - sure, you can run whatever software you want... but you (or someone else) still need to write said software to begin with... or you could just trade a bit of money and "freedom" and buy an iPhone which doesn't have any of those problems.
There were crowdfunding efforts like: Purism Librem, Liberux NEXX, /e/ foundation, eelo, Ubuntu Edge, Jolla phone. But none were really successful. The closest was probably Mozilla with Firefox OS, now Kai OS. I still own an Alcatel OT Fire phone, it's HTML5 all the way!
But I think Sailfish OS has a mature ecosystem, they are well recognized in the EU and based on GNU/Linux. I use it daily, after moving from UBports, and it serves me well. Hopefully SfOS gains more popularity.
You highlighted the problem I was stating: Effort is scattered among small players. I would love for SailfishOS to win, but crowdfunding is hard with random Thingamabob companies; it needs name recognition behind it.
For the new ecosystem to win, it needs to have its own user base for companies building apps to recognize it. Even with SailfishOS, the banking apps still require Android compatibility layer, which is slowly eroded with Play Services and Play integrity check disabling those one by one in the coming years.
11 replies →
> But none were really successful.
By which criterion? I'm happily using Librem 5 as a daily driver; wrote this reply from it.
5 replies →
> [...] someone with serious name recognition like Linus Torvalds starts to lead that kind of effort [...]
Linus is a kernel hacker, and already busy tending to his own project.
"GNU/Linux" is effectively a committee of communities, with sometimes conflicting goals. It took Canonical and Valve to put things into shape on the desktop, and that's mostly because desktop was becoming less relevant.
I see two ways for things to change here:
- A massive, for-profit corporation, someone willing and able to challenge Google and Apple on an even ground, is hell-bent on making a Linux-based phone (Microsoft failed even after acquiring Nokia);
- Another platform shift happens, making smartphones irrelevant in comparison (think: when smartphones displaced desktops).
Microsoft was stupid, in EU they were slowly reaching 10% when they decided to kill WP, it was getting momentum as the alternative for those that didn't want Android and weren't going to spend Apple money for a phone device.
And actually the development experience was much better than Android to this day.
But that isn't coming back, especially after they killed all developer good will on Windows OS for everyone that invested into WinRT as platform.
3 replies →
Everything coming from China is going to be closed source as well, and it's going to be pretty hard for banks to onboard themselves on open source solutions. I think the ultimate solution is: two phones, one shitty one just for banking/trading/whatever, which only stays at home most of the time, and one Linux phone that we more or less own, for calls/texts/web browsing, which stays with us.
It only matters if you treat phones as a development environment.
It's tempting to have full control over everything OSS style, but the reality is you can only tenably have that for very specific parts of life.
i wanted my phone to be more than just a kiosk though. thank fuck desktop never ended up in this mess
3 replies →
Why? I have the freedom to fix or modify most things I own. What makes phones so special that it justifies licking the boot of some techbro billionaires?
This is the problem - many apps refusing to run on non-blesses platform.
Years ago I loved tinkering with the devices but then I wasn't able to use my bank and it was getting more and more annoying so at one point I just stopped...
The biggest problem are: 1) lack of drivers (so creating custom roms/OS for the devices is problematic), 2) locked bootloaders and 3) many apps requiring PlayServices and other stuff (mostly banks).
There is postmarketOS, it looks awesome but - device support is very lacking and there is no way to have bank and PopularApps (whatsapp/instagram/etc) running on it so it's popularity is microscopic…
Maybe another European Citizen Initiative to force makers to provide those things (bootloader and drivers)?
"Years ago I loved tinkering with the devices but then I wasn't able to use my bank and it was getting more and more annoying so at one point I just stopped..."
Until now I've steadfastly refused to use banking on my smartphones because of these problems (and I usually use rooted phones).
The trouble is it's becoming more and more difficult to avoid phone payments/banking. My solution is to get a small phone specifically dedicated for the purpose and use it for no other purpose (it's a pain but the best compromise). That way I don't have to worry about my main smartphone.
Of course, the best solution would be for governments to regulate for banks to accept multiple access/payment system of which there are a number. Standardized and regulated protocols would solve many of these problems but that's a too bigger subject to address here.
> My solution is to get a small phone specifically dedicated for the purpose and use it for no other purpose (it's a pain but the best compromise). That way I don't have to worry about my main smartphone.
This has been my solution as well and I can't help but wonder, given the recent push for digital ID, insurance, etc. if we will all eventually be carrying a separate data-only device for digital security/attestation purposes.
4 replies →
OpenHarmony is open source. There are also: Ubuntu Touch and Sailfish OS being developed. Actually I am writing this from Sailfish OS. I can login to my bank using a web browser here in the EU. I have Telegram, Signal clients, maps, sideloaded packages, full terminal - I fully control the phone, in contrast to Android. I don't own and don't need Android phone at all. So definitely more people should usealternatives to closed Android/iOS.
Ah yes, sailfish is actually pretty usable. (Unlike Ubuntu Touch, tbh). I've used it in the past on my Nexus5 for some years. However, they are still not 100% open source and they're too much into the AI-Hype as of recently (Mind2). Also, I'd like to have more official ports. It's such a hassle to be dependent on that one guy who maintains that port for your device...
I somewhat agree with the protected systems part though. For example, handling payments. Now iOS and Android could both have 0-days that allow fraudulent payments to be made for all I know but there's a certain degree of trust there with 2 large companies.
But then again we still use visa/mastercard duopoly that allows you to make payments so long as your have their card number.
And then again x2; nothing will ever change, we live in a corporate hellscape where men in suits & ties make all the decisions, get themselves wealthier and the general public are too apathetic to band together on anything because they'd rather foot shoot than have someone not from their tribe receive a single cookie crumb.
> a contractual relationship with a foreign (unless you are in the US) third party that decides what you can or cannot do with it.
I see where you're coming from, but companies like Google have local legal representation (e.g. in Ireland for the EU), and have to operate under EU rules if they want to do business here (just like how a EU business has to operate under US rules). If the EU says that you should be allowed to do your own thing - and they have - then Google can either comply or leave.
Don't attribute more power to companies than they have - they want you to believe they can get away with this, but don't echo their rhetoric.
Ok, how do I as a developer from Croatia get in touch with a legal representative from Google? And I don't mean 5 layers of indirection through AI chatbots and chatbots, forms and canned responses?
As a single developer, you have very little weight against Google. The same is true of a single developer in the US.
What does have weight is the European Union, which Croatia is a member of. If the EU parliament makes a law that Google is not allowed to have these kinds of rules and do business in the EU, then Google will listen. Given the horrible state of the US government, the EU is just about the only force left in the world able and willing to stand up against these tech giants in a way that forces them to pay attention and act responsibly.
1 reply →
https://support.google.com/faqs/answer/6151275
You don't. You'd have to sue them.
...that makes it worse though. It's just intrusion from more legacy states.
The whole point here is that this requirement is a vector by which states and state-like corporations can exert control over the internet. And the "inter" in internet is weakened by this.
The EU is planning to make Play Store de facto mandatory, so no more Graphene in the EU
https://www.androidheadlines.com/2025/07/eu-age-verification...
Only if you want to use the age verification app.
The EU has different parts. This probably violates a constraint imposed by a different part, which the part pushing this hasn't noticed yet.
Graphene can run the Play Store, can't it?
We used to have a very nice option called Blackberry. Oh how I miss those phones.
> Maybe it's time for a third large phone OS
I don't think that the problem is the OS. The problem is access to the hardware. Hardware manufacturers can decide to prevent you from installing an alternative OS on your hardware.
If the law made it mandatory to allow this, it would be a lot easier to go with alternative OSes like GrapheneOS.
> Huawei has HarmonyOS but it's not open
I was thinking at some point that they would go with AOSP and their own Huawei Services on top. Could have been fun. Also I wonder why they don't just support GrapheneOS as an alternative OS.
Alas, no distinction is made between (a) a computer owner that wants to write software to run on their computer versus (b) an "app developer" who wants to write "mobile apps" and distribute them to others for financial gain
The computer owner in (a) is not creating "malware". Any arguments that "verification" is for the protection of users (not commercial benefit of Google) are inapplicable in (a). Unlike the software in (b) the software in (a) only runs on the computer owner's computer, not anyone else's computer. There is no need in the case of (a) for Google to know about what software is running on the computer owner's computer.^1 Surely Google would agree there is no need, i.e., no right, for a computer owner seeking "verification" to know what software is running on Google's computers or the identities of Google employees.
1. None that outweighs the owner's right to privacy. Microsoft, Apple and Google all use _default_ telemetry
https://gist.github.com/alirobe/7f3b34ad89a159e6daa1
https://github.com/cedws/apple-telemetry
https://apple.stackexchange.com/questions/437068/eliminating...
https://therecord.media/google-collects-20-times-more-teleme...
"Alas, no distinction is made between (a) a computer owner that wants to write software to run on their computer versus (b) an "app developer" who wants to write "mobile apps" and distribute then to others for financial gain."
I could be wrong:
https://developer.android.com/developer-verification
"For student and hobbyist developers
We're committed to keeping Android an open platform for you to learn, experiment, and build for fun. We recognize that your needs are different from commercial developers, so we're working on a separate type of Android Developer Console account for you. We'll share more information in the coming months."
Will "verification" also be required for "hobbyists", otherwise known as computer owners, or "ad targets" in Google's framing of the www. Who knows
Putting restrictions on distributing bad software ("malware") to others is one thing. It makes sense, But putting restrictions on computer owners ("hobbyists") who write, compile and run software on their own computers is another thing entirely
> Maybe it's time for a third large phone OS, whether it comes from China getting fed up with the US and Google's shenanigans (Huawei has HarmonyOS but it's not open) or some "GNU/Linux" touch version that has a serious ecosystem. Especially when more and more apps and services are "mobile-first" or "mobile-only" like banking.
This makes me laugh. Not at you, but at the cycle. This was the convo years ago when this was possible, but getting consumers to trust a 3rd party like PalmOS (which was actually pretty darn good compared to android) is practically not possible.
It's not about consumer trust, it's the chicken-and-egg problems of users and app devs.
App devs only care about platforms with enough users, users only care about platform with enough 3rd party devs support.
I wouldn't use a bank that made it difficult for me to access my account. I don't know why most people do. I know why a few need to, but not most. There's a lot of unnecessary bedmaking going on in tech.
Because it's the only bank that doesn't require a mailing address and I don't have a mailing address.
How does one not have a mailing address in $current_year?
5 replies →
We're long, long overdue for a 3rd phone OS option. The bank thing has me wondering. Maybe getting a nice, local branch is one of the next sane privacy steps if it lets me escape this phone.
Less and less of AOSP is being updated also, as Google rolls most of its new features and updates behind the Play Services system. Install Graphene and you will see what I am talking about - the SMS app for example hasn't been updated in probably a decade and looks and functions like it did back in Android 4 (KitKat). Same with the other built-in apps. While I used Graphene myself for a solid 6 months, the features you have to give up on using or find some obtuse workaround for aren't appealing to the "normies" who just want their phone to do what they want, no matter the unseen ethical cost (in this case, sacrificing the ability to freely install 3rd party apps). Someone on another forum said it very well - people like "us" were Google's foot in the door, now along with Apple they have such a stranglehold on the mobile OS space that a 3rd viable and comparable contestant becomes less and less likely by the day. Throw in how Google starting with Android 16 is not releasing updated drivers with AOSP and Graphene probably doesn't have much life left in it, either.
> While I used Graphene myself for a solid 6 months, the features you have to give up on using or find some obtuse workaround for aren't appealing to the "normies" who just want their phone to do what they want
Did you use GrapheneOS with the Play Services? Sounds like you didn't. Of course if you don't use the Play Services, you lose... the Play Services. But GrapheneOS allows you to run them in the sandbox.
> Throw in how Google starting with Android 16 is not releasing updated drivers with AOSP and Graphene probably doesn't have much life left in it, either.
This sounds incorrect. Google decided to stop sending the device tree of the Pixel devices in AOSP. And GrapheneOS is still fine, though it will take more effort because they won't get the device tree from Google.
> or some "GNU/Linux" touch version that has a serious ecosystem
How could this realistically happen? Developers of popular apps adore the control and illegitimate de-facto ownership that client side "trust" gives them, so they'll refuse to make apps for that platform. They'll also use said client side "trust" to block them. Thus, it can't reach critical mass to force adoption by these developers.
I think that the answer are vendor-independent standards.
The main issue being solved here is that security relies heavily on those actors like Google and Apple. Banks, companies etc. have high security requirements (rightly so) and basically need to tick boxes. So if the only way to obtain, say, MFA, is through something only Goole/Apple provides, they will require Google or Apple devices.
If we had reasonable standards alternatives can become a reality.
That's not really going to fix anything here.
The reason a big company can do this is because they can absorb big liability risk and insure it appropriately.
A standard can't do that.
> banks and other "regulated" sectors use Google Play Protect and similar DRMs to prevent you from connecting from whatever device you want.
This totally sucks but is there anything preventing you from using your bank's website in-browser in your phone, other than the terrible UI, tiny text, and inability to select the correct checkbox?
Yes. The 2FA via either biometrics or some other means requires us to have the bank's own app - even in small local branches - where said app is only available through one of the app stores.
Tizen already exists...where phone OS' fall down is that ALL of the cellular modems are extremely patent encumbered (althogh Hauwei has a large portion of the 5G ones) and there doesn't exist an open specification let alone open implementation of their interfaces.
It seems most banking apps do work: https://privsec.dev/posts/android/banking-applications-compa...
Wouldn't a third large phone os have the same problems as GrapheneOS?
Other than depositing checks, I've always thought that phone bank apps are overrated. Banking is too serious for a phone- I'd rather do it on a real computer. I could fairly easily give up banking apps entirely.
In my case, the website is equal or superior to the app in every aspect except one: you cannot deposit scanned paper checks via the website, only via the app.
Web channel traffic is typically a tiny fraction of mobile traffic for banks. In some banks its like single digit share.
Problem is 99.99% of the population probably doesn't care (or even know about the issue). Companies respond to the market. If there is no demand or pressure for something more open, they won't make it.
It doesn't even matter if it's foreign or not, it's a matter of who owns the thing: you buy a smartphone or you buy a service that allows you some use of said smartphone? Fuck services.
There will never be a third large OS unless Google Play Integrity is legislated out of existence. And it looks like governments like Google Play Integrity so that won't happen
I wish Firefox OS had succeeded, my first ever app was for it, it was all so much simpler and so much more free than the locked down systems of both major mobile OSes.
> the provider owning the device, not the user
That's been the case since they got rid of removable batteries. You don't own a device you can't reliably turn off.
What's even the point of all the bullshit with Google play protect if in the end I can access my bank from a web browser. That stupidity is protecting no one
> in the end I can access my bank from a web browser.
If your bank allows you to access all features from a browser, consider yourself lucky. Mine requires the app to authorize any online transaction.
Here in Poland most banks are usable via web browser + SMS for auth.
3 replies →
> access my bank from a web browser
Unless you get SMS or some normal TOTP app as 2FA, using the web page usually requires the bank's proprietary app to authorize. So you circle back to the the same issue.
this should be banned…
My bank doesn't allow me to deposit checks digitally without the stupid app. Almost everything else is available on the website.
LineageOS still exists.
Not merely a foreign third party: one operating fairly cozily within a country with a hostile and erratic government.
If Trump ordered Google, tomorrow, to put some egregious measure in place in Android (or Chrome, or Google Search), I, personally, would not want to bet that they would refuse him. And frankly, I don't know that I can even imagine the kinds of things he might try to get them to do.
We absolutely need better competition in smartphone OSes—we need it across the board in tech, really, from a wide array of countries.
These control freaks will not control me. Banking on GrapheneOS? The web app works fine.
More and more people are starting to see how you really own nothing anymore.