- 0 Posts
- 74 Comments
Google is concerned with its own interests and only behaves as if it’s concerned with anyone else’s when there’s a perceived benefit to Google.
There’s a chance the preferences of some app developers were a contributing factor for Google, but I’m convinced it was about reigning in OEMs more than anything else. Your comment cites fragmentation, and there were things like Fire Phone from Amazon that didn’t ship with Google services. Fire Phone failed because it wasn’t good, but if Amazon had iterated on it or someone else had done a better job, it might have taken a big chunk out of Google’s Android profits.
excluding legitimate users
I hate this framing.
I’m generally disappointed there wasn’t more outcry about Google creating a remote attestation scheme. Microsoft proposed one for PCs a decade earlier and the New York Times called it out as a corporate power grab. I’m not sure if there was a general shift in thinking, if people thought about phones differently from PCs, or if Google had enough of that “don’t be evil” glow people didn’t question it.
I don’t love the term “sideloading”. It sounds like something more nerdy and less normal that just installing software from a source of the user’s choice.
No, I don’t think it’s likely Google will try to prevent it. That would violate the DMA in the EU, and several other jurisdictions have moved toward forcing Apple to allow software installation outside its app store. Between that and antitrust lawsuits in the USA, I think it’s very unlikely Google wants to attract more scrutiny from regulators.
But for that you have to blame Amazon, Netflix, Hulu, Disney, a lot of banks, a lot of games for using what is basically DRM for apps.
I don’t think those entities had the leverage to force Google to add remote attestation to Android. Safetynet didn’t show up until 2014 when Android was already established enough that not being on Android wasn’t a realistic option for any of them.
Instead, I think it was mainly a move by Google to make it so any OEM shipping a fork of Android without Google’s blessing would have angry users because some of their apps wouldn’t run.
Thanks for the (partial) citation. That’s enough for me to believe someone important outside Google actually believes there’s a security concern rather than Google just using it as an excuse to be controlling.
That doesn’t mean I actually accept the concern as legitimate. I’d find a postmortem of a real data breach where that was a factor at least a bit persuasive, and there are enough countries with disclosure laws I’m inclined to think there would be some if it was a problem in reality.
I know banks are pushing on Google to improve Android security, to avoid malicious apps with root access from messing with banking apps.
How do you know this? Do you have a link to a source that says it?
I’ve tried (not especially hard) to find sources in the past citing actual incidents where end-user devices running non-stock Android or with root access led to bank fraud or data breaches. I didn’t find anything to suggest that’s a problem in the real world.
The main malware problems I have seen reported for Android are:
- Malware in the Play Store. This is the only way I’ve seen Android malware in the wild, on a family member’s device.
- Zero-click exploits. The best prevention for these is an up-to-date OS. On an older device, that means a third-party build that won’t pass Google’s checks.
It’s unlikely they care much about a handful of people staying on old devices nor make all that much direct profit from phones sales. People who use old devices usually don’t spend huge amounts in the mobile ecosystem anyway.
What they really don’t want is OEMs selling non-Google-approved Android phones to the mass market. If important apps won’t run, those devices won’t sell.
Google’s primary aim with these changes is to improve app security for everyone
Bullshit. Google’s primary aim is to make sure that Android builds which aren’t Google-approved and may not integrate Google’s profitable services as deeply are not commercially viable.
Remember to leave one-star reviews for any apps that use this shit.
From what i understand, this works because there are multiple batteries charging at the same time?
That shouldn’t make a big difference in charge speed because it doesn’t change the ratio between capacity and input power. The difference is likely the silicon anode batteries Krudler mentioned; they’re not as easily damaged by fast charge rates as the graphite anodes used in most Li-ion batteries.
If you don’t like it, turn it off.
This would be a valid complaint if it was forced on you, but it isn’t. You can both ignore the warnings and disable the feature entirely.
As to why it does that, it’s using heuristics based on the APIs the app calls and maybe a bit about how it calls them. If there are enough patterns similar to malicious apps, you get a warning.
For my own use, I don’t care much, but I agree in theory. My 128gb Pixel 4A has 32gb free and I do not actively manage space on it. Android’s handling of SD cards is kind of terrible, making them mostly useful for media files. If I did much photography or videography with my phone, I’d want this more.
I hate the whole bloody smartphone ecosystem for shit like this. Microsoft Palladium was widely seen as a nightmare scenario when it proposed ceding a bunch of user control to the OS and app developers a couple decades ago, even by the mainstream press. It seems Apple and Google used it as a roadmap, likely because people don’t know how to use computers, and that doesn’t seem to be improving.
The part of the modern mobile OS security model that does have merit is that apps aren’t trusted. The PC model, even in multiuser operating systems with fancy permissions was that apps are user agents which are always doing something the user asked for, and therefore trusted as much as the user. The glut of spyware for Windows in the early 2000s proved that false.
The fact that somebody else doesn’t know how to use a computer shouldn’t force me to cede control over mine to participate in the modern world. Root is a bit of an escape hatch, but it’s a blunt instrument on Android, and Google tries to help app developers stop me from using that as well. I’m starting to feel like Richard Stallman was right about everything and I should go be a digital hermit, only running software I compiled from source.
That may be overstating it. Here are 8 recent Android phones with a headphone jack, card shot, and screen no bigger than 6.2".
I didn’t check current prices, OS update plans, or camera samples for these.
The charitable version is that when PCs (I’ll include the Macintosh in that category) were the dominant way people used computers, the average person struggled to use them effectively, often misconfiguring them or installing malware. I had hoped the fact that pretty much everyone born after the mid 1980s grew up with computers would help, but it didn’t.
Mobile OS makers wanted to create systems that were harder to break so people wouldn’t have be stuck with devices they couldn’t use or expose their data to criminals. They did so in part by limiting the feature set. Vanilla Android won’t connect to ad-hoc wifi networks despite huge user demand on their bug tracker. Google locked the issue without explanation.
I’ll admit I haven’t really thought about installing Fonts on Android despite my eagerness to customize it in other ways (I have root on all my devices). None of the things I do with an Android device require it, and heavily customizing the look and feel of the OS doesn’t interest me.
nobody is refusing to offer their sevices on linux because it is vulnerable
That’s not quite true, though in that case it’s about the service provider being unable to verify that the user isn’t running a operating system configured or modified to work against the interests of the service provider.
Maybe, but the archetypal non-technical user, my mother does want to run a third-party ROM. Her phone is out of its official support period, and she knows that security updates are important and would like a way to get them. Most people, at least in wealthy countries do have a technical person in their lives they can ask things like that. She doesn’t want to buy a new phone because it would be too big and lack a headphone jack, a position I share.
I had to recommend against running what I run (LineageOS, Magisk, Play Integrity Fix). Without PIF, too many apps will refuse to run on LineageOS. She doesn’t need root for much else (maybe adblocking) and doesn’t have the knowledge to make good decisions about whether to grant root permissions to an app that asks (Magisk doesn’t have an allowlist-only mode, but it should). Finally, keeping root through an update is fussy. It’s not hard, but it’s an extra step that has to be done in the right order every week or two.
Unlike Firefox in 2024, a third-party Android build that’s easy enough to install and isn’t sabotaged by Safetynet would something many non-technical users care about: an extended useful life for their devices.
Can you cite examples of rooted smartphones leading to significant data breaches or financial losses? When the topic comes up, I always see hypotheticals, never examples of it actually happening.
It seems to me a good middle ground would be to make it reasonably easy (i.e. a magic button combination at boot followed by dire warnings and maybe manually typing in a couple dozen characters from a key signature) for users to add keys so that they can have a verified OS of their choice. Of course, there’s very little profit motive to do such a thing.
Google doesn’t want distributions of open source Android without Google services to be a viable option for mainstream users because that would reduce their ability to extract profits from the Android ecosystem.
While the focus is surely more on OEMs than end users at this point, I’m sure Google wants to keep the difficulty level for end users high enough that it remains niche.
I think the main reason third-party ROMs aren’t more popular is that Google and certain app developers fuck with people who use them. The article addresses the difficulties later on, but comes up short in my view on just how much of a hassle it is for someone who isn’t a tech enthusiast who wants, for example to keep an older phone up to date for security reasons.
I think the main motivation for Google is limiting user control over the experience. More user control leads to unprofitable behaviors like blocking ads and tracking, which is also the motivation for recent changes to the Chrome web browser that make content blocking extensions less effective. In all cases, companies that try to take away user control claim the motivation is security, usually for the benefit of the user.
typically portraits are taken with 50mm lenses
While photographers use a variety of focal lengths for portraits, the focal length that’s most associated with portrait photography is 85mm. This article from lens review site Imaging Resource illustrates the point; most of the lenses are 85mm or equivalent (e.g. 42.5mm on m43 with a crop factor of 2 making the field of view equivalent to 85mm).
It’s one thing to place limits on a few Chinese phones that have low market share outside China (Netflix is not available inside China), but only offering low-quality streams on the world’s most popular smartphone OS would surely have a significant impact on subscription numbers. Netflix may have even signed contracts with content providers requiring them to meet certain DRM standards.
I believe the situation would be different if Google hadn’t built a remote attestation system for Android. Netflix might have had to renegotiate a contract or two, but underserving a huge fraction of the market isn’t viable long-term.
What would have happened if Google never created an attestation system for Android? Would Netflix give up such a large market?
Netflix can downgrade Chinese phones that aren’t common in the west and third-party ROMs because those represent a tiny fraction of their potential customer base. I doubt they’d be inclined to do so for all of Android.
Here are things I’m currently using root for on LineageOS:
- System-wide adblocking (hosts file with Adaway). Yes, there’s DNS-based adblocking, but sometimes that can be slow or not play nice with public wifi networks.
- Battery management. I use AccA to limit my battery capacity and charge rate to keep it from wearing out. I might not care as much if the battery was easy to replace.
- File management, as there’s an increasing amount of the filesystem blocked off without it.
- App + data backups with Neo Backup.
I wish this stuff was a little more mainstream. Part of it is simply self-interest: there would be more unlockable devices and fewer app developers trying to block their apps from running on third-party ROMs if more people ran them.
Part of it is I think that would be a better world. Big tech would have a bit less power. Devices would last longer.
Subsidized devices blur the line between a fee for terminating service early, and paying off the cost of the device. Perhaps the former should be banned to encourage competition, and the cost of the device and the service clearly separated. That way it’s clear when the device is paid off and (in my imagined ideal regulatory scenario) must be unlocked.
a poor person would have to pay BOTH. An early termination fee AND then go buy a new phone
They probably don’t have to pay the fee. They might owe it legally, but the likely consequences for not paying are some impact on their credit score and inability to get service from that carrier under their own name for a while.
I suppose it depends on whether you think regulation should be used to dissuade poor people from buying expensive phones. That seems like a reasonable enough goal, though I don’t believe that’s the proper role of government.
I’ve always bought phones outright, used when finances so dictated. I agree that’s the wiser approach.
Yes, but it requires root: AccA.