E: apparently it needs to be said that I am not suggesting you switch to Linux on your phone today; just that development needs to accelerate. Please don't be one of the 34 people that replied to tell me Linux is not ready.
Android has always been a fairly open platform, especially if you were deliberate about getting it that way, but we've seen in recent months an extremely rapid devolution of the Android ecosystem:
- The closing of development of an increasing number of components in AOSP.
- Samsung, Xiaomi and OnePlus have removed the option of bootloader unlocking on all of their devices. I suspect Google is not far behind.
- Google implementing Play Integrity API and encouraging developers to implement it. Notably the EU's own identity verification wallet requires this, in stark contrast to their own laws and policies, despite the protest of hundreds on Github.
- And finally, the mandatory implementation of developer verification across Android systems. Yes, if you're running a 3rd-party OS like GOS you won't be directly affected by this, but it will impact 99.9% of devices, and I foresee many open source developers just opting out of developing apps for Android entirely as a result. We've already seen SyncThing simply discontinue development for this reason, citing issues with Google Play Store. They've also repeatedly denied updates for NextCloud with no explanation, only restoring it after mass outcry. And we've already seen Google targeting any software intended to circumvent ads, labeling them in the system as "dangerous" and "untrusted". This will most certainly carry into their new "verification" system.
Google once competed with Apple for customers. But in a world where Google walks away from the biggest antitrust trial since 1998 with yet another slap on the wrist, competition is dead, and Google is taking notes from Apple about what they can legally get away with.
Android as we know it is dead. And/or will be dead very soon. We need an open replacement.
The main problem is that mobile OS is simply not useful without banking or government apps and they won't ever appear on FOSS systems because giving control to user is exactly the opposite of what's in their interest.
I don't understand why people need banking apps on their phone. I only ever access my banking info from the PC...
Many cheaper online banks rely on their mobile app. Your debit card will not work wirhout an in-app confirmation. There's no web interface ("not secure enough").
Can I switch banks and make my life less convenient? Sure. Would I do it just to stick it to google? No.
it's not really a need, it's more an imposition. we're forced to do everything via the app
2fa with a banking app, a lot of banks work that way
That's insane. They don't have TOTP? Or Passkeys? Or (God forbid) SMS or email verification? The only 2FA option is using their shitty app? I think I'd rather switch banks...
It became hard to do that in my country. I changed banks twice in a year because they became shit but even the third one uses its app as 2fa. At least it is a better bank...
None of my banks (a couple French and Belgian ones) seem to support anything but auth via app. Can't log in on my computer without my phone.
I know Credit Mutuel can provide you a physical card with a bunch of codes of which one is selected at random at auth time
Had family use it because they had a Huawei phone
Interesting! Maybe it's worth switching banks, at least once I get the courage to move to Linux mobile.
Vancity credit union uses standard TOTP. But RBC uses their stupid app where I live.
In Sweden many parts of society requires an app called BankID. We authenticate getting mail packages, sign contracts, book a time in health care, etc with this app. It's needed everywhere. Buying a bus ticket. A phone without this app is not sufficient to function in swedish society.
Aren't you able to get a dongle for 2fa like in Denmark? We have MitID but you can easily get a dongle so you don't need a phone
Yes, true. But then you need to carry an extra device. I know it's just inconvenience.
Sounds a bit dystopian
A little bit yes, since the BankID is owned by private companies. There are those who are working on a free software version and some people think that the government should have an official authentication app free from private interests. But it's been hard to make people aware and care about these issues. It's like the xkcd worlds smallest open source violin. At the same time, many things that relate to proving that I am me has become very convenient in this society. For example I moved to a new apartment and they just sent a link to the contract and I signed it with the app and that was that, I did my taxes by just checking that the info they had was correct and signed it on my phone, etc.
Interesting. I'm an online notary. I sign papers with essentially an encrypted certificate from my Linux PC.
I had nothing but problems with banking apps. Can't do anything if location is off, or it doesn't like your IP, or if it thinks you have rooting software installed. And if it doesn't work right, no one at the bank knows how to help. I just stopped using them, eventually.
If only banks could figure out how security works...
and you can do it from your phone too using a browser other than android-chrome or ios-safari.
In my country, for all the banks I use, I need to have an app on my phone to access their website with my Linux computer.
So a Linux phone would need to provide this as I can’t be without access to my accounts.
Wat.
thats pretty common, in my country as well.
like a two factor authentication. but without TOTP. but with a proprietary app by the bank provided.
Ohhh right. Yeah that's weird. Like I said elsewhere, I would find a new bank if I had that problem.
Yeah it’s part of the 2 factors authentification process.
Back in the days you received some card reader generating a code, but that ain’t the case anymore..
So Linux would need to have a native version of these apps or a way to efficiently emulate Android or iOS.
Those card readers are called TOTP and we can do that with apps now. Not like the specific app in question but just like a standard password manager that stores all your TOTPs.
I didn’t know this. But I guess the bank has to allow it.
Last time I checked my banks were only allowing you to do such things through an app or at the bank (which is far from my village).
If it is what the user wants, then it is a factor for adoption. It is a hard sell to say "yes it can only perform half the stuff you usually do with a phone, but you don't need that anyways". It comes across as condescending, too.
My intent is not to be condescending. It is to make people aware of the fact that they have a choice: They can choose to subject themselves to increasingly-closed and exploitative platforms, or they can choose the extremely minor (I would argue non) inconvenience of using the browser or another computer to access their banking information.
Convenience and the ability to back outside the comforts of my own home.
Which is an odd take as when I statted using "smart phones" not a singke.one supported apps from banks or government,.yet here we arw.