Comment by michaelt
11 hours ago
Operate European tech infrastructure without a dependency on America challenge (Impossible)
For 99% of smartphone users, you can't get apps onto their phones without Apple and Google signing the app and letting you into their store, and users can't install the app without an Apple/Google account.
Why remove a dependency on Google, when you'll still be 100% dependent on Google?
Anybody working on "Digital ID" has already made peace with the fact that it can be turned off overnight if Trump says so.
On Android you don't need to sign in with a Google account. You do need it for the play store but many brands have alternatives. Like the Samsung app store, Honor has their own too, I'm sure more brands do. And there's always aurora.
Yes not many use it but if you cut this path off then people will never get there.
Step by step. We realize we will not get there in one day.
Its the same as with bicycle paths. Initially - those make no sense, leading from nowhere to nowhere. Give it a few years, and a usable network emerges.
Right now there is serious money and brainpower being poured into sovereign cloud tech. Thanks to the gift of open source and standards, its actually not impossible to create modern systems with zero US dependency.
I fear, though, that as with everything else Microsoft Excel will be the hardest dependency to deal with.
Why adding an additional, unnecessary, superficial requirement?
It's not necessary to provide the functionality and enforces the dependency onto he potentially hostile actor (case in point: Microsoft disabling email account of Chief Prosecutor of ICC because US requested so).
It stifles innovation in the future and hurts GrapheneOS right now.
Let me turn the question back at you: why do you think adding unnecessary dependency is better than not adding it?
Does it serve users, governments, service?
Does it anything good for the interested parties or does it only serve Apple, Goggle and the US government?
It's an objection to adding a new dependency, not an attempt to remove an existing one. If we can't stop adding new dependencies, we are certain to be stuck with the status quo forever.
Being able to install whatever apps you want on Android without any sort of dependency on a Google signature or API was the standard for a decade and a half.
Let's not act like things have always been this bad and thus we should just accept it as the norm, because they haven't, the noose is actively tightening as time goes on.
It is still the standard today and for the foreseeable future. The only difference is that it will also be possible to install an app not distributed through a preinstalled app store on Google Android builds without a warning as long as the APK has a Google signature.
You can just as well say "the correct reaction to having a guns aimed at your head is NOT to give the guy another gun ... you know, in case the first one fails to fire when he starts pulling triggers".
Plus, the net difference is that this gives Google and Apple the ability to kill the ability of individuals to make payments (and tax them) ... do you want that?
(And I would say, compared to having European banks tax them, the answer is not so obvious)
The real issue is, of course, that this moves the burden of keeping phones secure onto Google and Apple, who are very willing to take on that burden in trade for a percentage of all consumer payment traffic in Germany. It's yet another choice between "spend money now to build a government department to secure payments ... or have Apple/Google do that for you". And they're choosing to save a little bit of money in the short term in trade for what is effectively a new tax.
Oh, but Google doesn't really excel in making phones "secure".
Sure, their researchers are great, but Google itself claims that several years old phones running Oreo are safe and secure. They also extended the time for vendors to bring patches to the new vulnerabilities, they themselves slowed down - compare timeframe between patches released by GrapheneOS and patches released by Google - the latest GOS release provides patches for vulnerabilities that will be fixed by Google in.... October 2026: https://grapheneos.org/releases#2026040300
Compared to EU governments' security for their citizens Google has absolutely perfect, world-class, bullet-proof, iron-clad ultimate security.
I do get that that's not exactly impressive. It isn't.