Technology

This is the risk of "trusted computing" architectures. Who is governing the "trusted" part of that.

These cryptographic signatures are not as much of a death knell for Android as some would have you believe. The trick is to get a common code signing cert into your device, that is then used to sign any third party APK you want to run. You can avoid the Google tax this way. I assume that's how most sideloading sites and apps are going to handle this.

The question is, how do you add that certificate? Is it easy and straight forward (with plenty of scary warnings), as a user? Or is it going to be a developer options deal? Or will I need root to add the cert?

I'm not sure what that answer is right now.

I just want to finish this post with a few words about trusted computing models. Plainly: Apple has been doing this for years ... That's why you download basically everything from an app store with Apple. Whether on your Mac OS device, your iPhone, iPad or whatever iDevice.... Whether the devs need to sign it, or the app gets signed when it lands on the store, there's a signature to ensure that the app hasn't been tampered with and that Apple has given the app it's security blessings, that it is safe to run. Microsoft and Google have both been climbing towards the same forever. Apple embedded their root of trust in their own proprietary TPM which has been included with every Mac, and iDevice for a long ass time. Google also has a TPM, the Titan security module, I believe that was introduced around pixel 3? Or 4?... Microsoft made huge waves requiring it for Windows 11, and we all know what that discussion looks like. Apple requires a TPM (which they supply, so nobody noticed), Google has been adding a TPM and TPM functionality to their phones for years, and now Windows is the same. None of this is a bad thing. Trusted computing can eliminate much of the need for antivirus software, among other things. I digress. We've been going this way for a long time. Google is just more or less, doing what Apple has already done, and what Microsoft will very likely do very soon, making it a requirement. Battlefield 6 I think, was one of the first to require trusted computing on Windows and it will, for damned sure, not be the last that does. The only real hurdle here is managing what is trusted. So far, each vendor has kept the keys to their own kingdoms, but this is contrary to computing concepts. Like the Internet, it should be able to be done without needing trust from a specific provider. That's how SSL works, that's how the Internet works, that's how trusted computing should work. The only thing that should be secret is the private signing keys. What Google, Apple, and Microsoft should be doing, is issuing intermediary keys that can sign code signing certs. So trusted institutions that create apps, like... Idk, valve as an example, can create a signature key for steam and sign Steam with it, so the trust goes from MS root to intermediary key for valve, to steam code signing key, and suddenly you have an app that's trusted. Valve can then use their key to sign software on their store that may not have a coffee signing key of it's own. This is just one example based on Windows. And above all of this, the user should be able to import a trusted code signing cert, or an intermediary cert signing cert, to their service as trusted.

Anyways, thanks for coming to my Ted talk.

Remember everyone…Google never cared about you or your phone or your privacy. They are a marketing company and make money selling your data. Your data is all they care about. They don’t offer a wide range of products, like search and Gmail and all of their office products for free, just for the fun of it.

If they only cared about thwarting malware they could have just relied on code signing via public certificate authorities, like with binaries on Windows.

The openness of Android is the thing that kept me on the platform. Now that the openness is being removed, iOS is now more appealing.

Sadly, I think most of the customers that use Android never sideload a single app at all. I don't expect this to create a mass exodus, but a smaller one with power users.

So yeah we'll do a decentralized Linux phone of sorts, if Google is going full 3rd Reich with Android we'll move to a Linux based OS phone.

Simple as that.

I just hope that the Graphene devs continue to support the last supported versions of Android that allow installing apks.

I couldn't be happier with my P7 that has been running Graphene since day one. Zero Google. Zero problems

This is an android 16 feature, scheduled for sept 2026 "prerelease" and 2027 rollout. I expect/hope some phones will have a setting to disable "the security". If not, there is great opportunty for high end hardware linux first phones, with good android emulation software.

I didn't get it. EU pushes Apple for sideloading option. Android will come with embedded Linux terminal support and you can even run native Linux apps on your Android phone with Android 15.

I guess some C-Level assholes forcing this change in Google but this does not make any sense...

This was the main reason I have a spare android phone to install whatever I want on it and just factory reset if there’s an issue. Android / Google is really shooting itself in the foot cause there isn’t a point in owning an android after this imo

When it comes to the current final frontier, Linux phones, what brands/models would be the best option? Or are you all really recommending iPhones?

Is Linux viable as a mobile os yet?

What even is the reason for this? All this is going to accomplish is less Android market share.