Comment by ggm
1 month ago
If you can adb unlock, and it's not a closed box, then people can run F-Droid and install apps. Which means they can run independent path code without "sideload" in the apk download-and-install-by-hand sense. I guess for google, F-Droid IS sideloading.
If you unlock and you cannot run google wallet or your banking app, it's a closed box and the EU anti-monopoly lawsuit may still apply on this. But, if they can make a "trust" story run about LEA access to lawful decode or something, this might go away.
I'd say that the projections about fuschia and the like have turned out to be less interesting than some people hoped: but having two OS in the public eye (3 or more if you include Android TV and whatever closed systems run on Nest and Chromecast) was always a mistake.
I can live inside termux but there are things termux struggles to do, (like tcpdump maybe? and interacting simply with data downloaded from outside termux because of sandbox rules), which I very much would want.
I do not like how Android interacts with removable storage. It's an anti-pattern.
> I can live inside termux but there are things termux struggles to do,
Because that isn't part of the set of allowed NDK APIs.
https://developer.android.com/ndk/guides/stable_apis
Anything that termux manages to do outside of that list is more out of sheer luck that Android team hasn't closed down that specific Linux syscall.
Initially Android only got the NDK back in Android 2.0, due to pressure from game developers, and Dalvik having such a lame performance, it was never for writing full applications.
I love termux, but it's really not a replacement for full fat linux. There's tio many incompatibilities with how linux software expects to run for it to work for a dev workflow (unless your workflow is to immediately ssh into something else).
The most compatible setup I found is proot-distro into alpine, which bypasses a lot of the android blockers, and the bionic-libc incompatibilities by using musl. Comes at a performance cost, however.
I think in general their plans are contrary to the DMA if they prevent F-Droid from existing. The big bet seems to be that Trump can coerce the EU into repealing the law entirely.
> (50) [...] In order to ensure that third-party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper, it should be possible for the gatekeeper concerned to implement proportionate technical or contractual measures to achieve that goal if the gatekeeper demonstrates that such measures are necessary and justified and that there are no less-restrictive means to safeguard the integrity of the hardware or operating system.
> (54) Gatekeepers can hamper the ability of end users to access online content and services, including software applications. Therefore, rules should be established to ensure that the rights of end users to access an open internet are not compromised by the conduct of gatekeepers. Gatekeepers can also technically limit the ability of end users to effectively switch between different undertakings providing internet access service, in particular through their control over hardware or operating systems. This distorts the level playing field for internet access services and ultimately harms end users. It should therefore be ensured that gatekeepers do not unduly restrict end users in choosing the undertaking providing their internet access service.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%...
Surely most governments have a compelling interest in preserving the ability to sideload apps on Android for software development, information security research, and preserving the open competitive ecosystems that so many bought into and invested in with such terms.
The ability for open source software developers to write and run applications on their [fork of AOSP with a bunch of binary closed source out-of-tree kernel modules] devices should be protected, in order to prevent anti-competitive practices from squandering the open platform the community has helped to build.
Play Store requires a DUNS number and registration therefore these days.
F-Droid does not require a DUNS number for app upload.
(F-Droid is one of a number of third party APK registry and APK installer services. The F-Droid web service hosts signed Android "APK" software packages and updates which can be uploaded by registered users and downloaded without registration or login. The F-Droid application installs APKs from the F-Droid web service; though app install and update requires more taps to install or update multiple packages due to Android's lack of functionality to add third-party package repos with keys, a standard feature in modern Linux software package management systems.)
Android app developers can already choose whether their app can be installed or run on a device that doesn't pass Play Integrity checks.
If non-rooted third-party AOSP forks with recent Security Patch Levels fail Play Integrity checks and thus cannot work with retail banking apps for example, then old versions of Android for which there are no longer updates should also fail Play Integrity checks.
Open standards for modern software management include: schema.org/SoftwareApplication , W3C Verifiable Credentials, Sigstore, SLSA, and OCI Artifact registries which already support signatures.
There are various tools which sideload APKs over HTTPS without any checksum or signature (e.g. from GitHub releases instead of from for example an OCI Registry) which are as reckless as curl | sh.
Couldn't bash and zsh run in a container2wasm WASM container that, in a browser tab without install, gets its own SELinux security context like all apps since Android 4.4+?
Does ls -Z work in Android Terminal (or termux, or the ChromeOS term)?
Students and Family Link accounts are currently denied access to containers on Chromebooks.
So on a Chromebook the same curriculum is limited to JupyterLite in WASM which almost works offline in a browser, instead of a local repo2docker container or a devcontainer.json (because there is no money for students to have server resources (like shells, CI, GitLab+k8s resource quotas) other than their provisioned computer).
container2wasm: https://github.com/container2wasm/container2wasm :
I'd guess that these will support their virtualization framework so that you don't have to depend on tmux.
Android Terminal works pretty well on the pixel at the moment, so hopefully the merged version in ChromeOS-style laptops and tablets will be fully usable.