Do not accept the premise of assholes.
I hope we can get the EU to fund a truly open Android Fork. Maybe under some organisation similar to NL Labs.
--- edit ---
Furthermore, the need for a trustworthy binary to be auditable to a certain hash or something would make banning this a simple task if Google would want to go that route.
This is actually the advantage of doing it. You make the thing (call it a "personal app loader" or something rather than a "circumvention tool"), they ban it, now you campaign against them or make antitrust arguments presenting the ban as an anti-competitive practice or use the ban to refute claims that they're not inhibiting third party app distribution.
Even if you know they're going to be the villains, you still want to make them actually do it so that everyone can see them doing it.
I do think having a technical bypass is good - it isn't mutually exclusive with also having a legal bypass. I just hope that the gov'ts are smart enough, and agile enough, to make this happen before it becomes too late (aka, once the gates close, it will never open again, like apple's ecosystem).
Bad legislation gets written everywhere, the difference is, in the EU it doesn't pass.
Before it was unclear so it was better to allow installation of apps without any verification to appear as more open.
Remember any regulation/law has unintended consequences. At one point Apple decided that PWAs would no longer be supported in EU so they don't have to provide equal capabilities to implement them in alternative web browsers, fortunatelly they changed their mind by obtaining an exception. PWAs is the only alternative choice for making "proper" apps on iOS (no hacky sideloading methods).
I think overally DMA is more a loss than a win (good on paper, terrible in practice). It codified worse things. The EU app stores are still fully controlled by Apple (harder to install, they can just decline or drag notarization of any apps or revoke your license to dev tools, you need to still pay them, etc.).
For various apps the EU market is too small (esp. for things that need to be global) to invest into the development so while you can for example theoretically develop a real alternative web browser to Safari/WebKit (forbidden by App Store rules) nobody is willing to do it.
Edit: Google could ultimately use that as a lever in licensing deals with manufacturers. It'd marginalize everything.
https://images.squarespace-cdn.com/content/v1/60f1421e1afcf4...
The same EU that keeps pushing for breaking encryption and chatcontrol? No thank you
The two are not equivalent issues; the first one is ill-formed as stated.
Cryptography is a tool of control. It's "dual-use", in the same sense like a knife or nuclear fission is - its moral valence depends on who is wielding it, and to what end.
In the context we're discussing, encryption is being used against the people. Working encryption is in fact needed to make chat control work - it's fundamental to it, the same way it is to Developer Verification and Safetynet/Remote Attestation. It would be great if EU decided to break that set of encryption applications. Alas, chat control only wants to break E2EE on messages, and uses encryption elsewhere to guarantee E2EE stays broken.
A more general comment about this thread, and related ones in the past: people really need to stop thinking about "encryption" and "security" as inherently good. They're not. Most of the social problems with computing, the attempts at user disempowerment and disenfranchisement, persist because they apply cybersecurity solutions.
The core question of security is always: who exactly is being secured, and from who.
How are things in the EU on whether it's legal to buy a SIM card without showing ID?
The task, therefore, is to convince enough politicians to establish an independent unit that can address this issue without direct political influence.
Fund the unit with enough money so that it can take care of the cybersecurity and sovereignty of all citizens.
A side effect of this would hopefully be that these politicians would then be digitally literate enough to recognize nonsense such as chat control as such and reject it outright. I hope that most politicians would not really want such omnipotent surveillance tools if they could truly grasp their scope.
It varies per country. In some you can just buy one (or more) SIM cards at a supermarket without any ID.
I believe devices I own should let me do whatever I want with them and I agree that the verification is BS, but I'll work around it in the ways I can which means building more for the web.
If that ever drops the open pretense (since both traffic and trust authority are largely centralized and thus easily controllable) then I'll only write for self hosted linux boxes.
We as individuals can only do so much. We'd need actual organization and some measure of political power to do anything more since normal people do not care about this.
The tl;dr is that a PWA implies an app which is based in the cloud. So suddenly you need a server, and you need to store user data, which means costs and dealing with privacy and security.
If something could be built as a native app without depending on a central server, it could also be built as a PWA without a central server. You don't need to store user data centrally at all, just because it's a webapp. You can just have the clients use localStorage or IndexedDB or whatever.
You still have to host the static files for the webapp itself, but that can be made very cheap.
Of course, API feature parity between native and web apps is a separate issue. But the argument about server costs doesn't seem like a good one.
To me, the attention to these verification changes seems misplaced. We need to defend the ability to unlock the bootloader, pressure Google to revive AOSP and then encourage people to switch to a more user-friendly OS.
You're already unable to install what you want on a stock OS due to Android permission model treating you as a third-class citizen, after Google and OEMs.
Despite that, there are some things that should not be for profit in my opinion. A good OS platform is one such thing.
If Google decides to pull this off, then I guess reflashing to a custom ROM with this crap patched out will be a very first step I'll be recommending to anyone who cares.
They don't do it out of goodness of their hearts, which is why it's more solid than relying on goodwill - Microsoft simply has an offering that depends on that for certain high profile clients.
Frankly they should still be getting sued for the way Edge and Cortana are bundled.
Google will simply revoke the keys for the "loader" APK. But that's fine for malware, its authors will just use the next stolen credit card to register a new account.
That's also why this has nothing to do with security.
Giving google control over what code runs on $device regardless of how that code got onto the device.
A revoked key doesn't care about how the APK got there...
You don't have to distribute via the app store, you dont have to get Googles permission to publish the app or have them sign it.
This looks like purely app validation, we only run apps we can prove originate from the author.
Having the file signed by a relatively centralized authority makes it much easier for Google to gain control outside of their realm.
Android may ultimately win the arms race, but if they want to be evil, we should make their task as tedious as possible.
Wasn't this kind of solution considered and sort of dismissed (because of too much centralization iirc) by F-Droid (can't find the reference now)? It seems like something that's worth trying, but in the end it's just a band-aid. If it gets any traction Google will shut it down. The real disease is dependence on a duopoly of (quasi)-proprietary OS for the dominant computing platform of our time.
1. The loader will just get banned.
2. The application ID and permissions are that of the loader. To have different applications with separate data and permissions you would need multiple copies of the loader.
3. You miss out on other android security features such as application signing validation for updates.
Wouldn't this break all kinds of things, like app sandboxing, the permission system, app intents, …?
So interesting as a fun exercise, but not really useful for probably quite a few apps.
And a day after you release, Google will say "Oh no you don't" and unverify your app, preventing it from being installed or run. Which is you know, kind of the point of this maneuver.
Google's not going to let you keep your signing key if you do this with it.
It's going to be the same as Play Protect using the PackageVerifier API. Even if won't trust that Play Protect will continue to allow adb installs, if you go to the developer options you can disable package verifiers for adb installs.
>the concept
This would not really work considering you can't do a lot of things at runtime. You can't create activities, you can't create services, you can't declare permissions, you can't use permissions, etc. Pretty much everything in your manifest can't be done properly. You can't really do a job faking it. You would have to declare a ton of dummy activities with all different permutations of things like launch mode, document launch mode, intent filters, etc.
What you can do are things like game engines like how the android godot editor works where you aren't loading full android apps, but projects into the editor.
I'd imagine Google would plug any major holes in their soon to be closed garden, assuming that is their intention. So this and any other fix to the problem of 'install app through not-Google Play' that goes via technical means that Google can just cover up after a month or two doesn't actually move the needle any meaningful amount.
In the same vein, using adb isn't a real solution to that same problem for most people, since having to use adb is a massive jump in required effort that's going to leave all the normies behind, with only the super-dedicated willing to go through the hassle, and an equivalent amount of developer effort is going to be left behind as well, since their audience just got decimated, and they themselves might not even bother to develop something that even their dad or sister is going to bother/be able to install. Anything that's much more complicated than 'go to website, download thing, run thing, click your way through' doesn't solve for this.
The actual problem is to have Google not be knobheads about it, and the only way that's realistically going to happen is through the law, but that's not looking all that likely in my view.
And as others mention, using adb (or Shizuku) might also be a workaround for tech-savvy users (for the time being). We list some other potential temporary workarounds at https://keepandroidopen.org. But none of it is viable for the other 99%.
There's really no solution to the dilemma other than stopping Google from implementing it altogether. And for that, we need regulatory action — which means we need to advocate and educate consumers and lawmakers about the threat that this poses.
Right back to Symbian signed AppTRK and rolling back hardware clocks. Great.
