Anyone even remotely privacy or security conscious needs to vote with their wallet in protest and stop buying Android phones, otherwise it's only a matter of time 'til Google bans side-loading and it becomes impossible to buy a phone that can run any kind of anonymous or end-to-end encrypted communication software.
Stop buying Android and what? Buy an iPhone that's even more locked down or live like an outcast that can't access essential services? Because those are the realistic options.
For years I've been buying middle-of-the-road Android phones because they provide pretty good bang for the buck, but if I can't use a computer I paid for however the fuck I want, I'm just going to start getting the cheapest crap I can get away with and use it as little as possible. "Vote with your wallet" doesn't have to mean total abstinence.
I think getting a flagship device that's a few years old probably makes for a better experience. I check the LineageOS supported devices list, then search eBay for something from there.
in all things. I would encourage you and everyone who reads this post to stare down this option with realistic consideration. In a society this broken, it is the solution to more and more things. To checkout, to accept the hard mode because to pick the path of convenience is to be exploited.
I respect at least your choice but I'm not growing tofu on the farm. Veganism is one of those protests that while i appreciate going after factory farms, you're only enabled to do so by large corporations.
Flip phones can access essential services just fine, if some business or government office is only allowing something to be done via smartphone app, that’s a problem.
Do you not have to use a 2FA app for things like banking? In Singapore, they are phasing out 2FA options other than the banking app. The banking apps only work on iPhones and Google-approved Android phones. It's pretty bad.
Wow. My bank provided me with an external token to do 2FA. If I have to guess, however, the code that generates the OTP code (assuming that is a code that is requested) should be easy enough to reverse engineer.
I admit, though, that being forced to RE a f**ing android app just to do banking is grounds to change the aforementioned bank. Isn't there any other alternative in Singapore?
In your country, maybe. Over here you're dead in the water without a smartphone — can't access banking except by going to the branch and standing in the queue for an hour or two, can't access most government services. Limit your selection of goods (like electronics, but not only that) by something like 90% (and also increase prices by 30-50%) because brick and mortar shops sell old crap at much higher cost than it was ever worth, and the only real solution is buying from a major marketplace which is only available as a mobile application.
This concept originated in China and is spreading. Beware.
@achrono (I cannot reply to the other post, I don't know why). Yes, you can use just a web browser.
> Mobile Payments
They work with a card, no smartphone required. Moreover, cash didn't cease to exist.
> Navigation
Again, physical maps are a thing. Google Maps or OpenStreetMap are accessible by browser. Having a physical map and having to follow road signs can be a beautiful experience. If one is addicted to a machine that tells them where to go, navigators are still a thing (no smartphone required)
>All manner of IoT devices
Don't put an IoT device in your house if you don't know what it does and how it works. If the only way to interface to it is via an app... then you don't know what it does and how it works. Don't put it in your house.
>Wearables
I don't even know what are wearables: if I write it on Firefox it underlines it in red. By doing a quick search, I can see images of watches. Watches can work without an app. Moreover, watches that work without an app are usually less expensive than the other kind.
>Digital versions of ID (Mobile Passport Control)
Don't. I know that some governments are pushing this crap thinking it's the future. Simply don't. Imagine you're at the airport and you accidentally drop your passport. You pick it up, nothing lost. Imagine you drop your phone and it stops working. You lost:
- Your documents
- Your money (if you rely on your phone for paying and don't have cash with you, which seems a growing trend among people I know)
- All your ways to contact people for help
Instead:
- Your wallet is stolen: you lost all your money and your cards, but you have your documents (at least the passport because it surely does not fit a wallet).
- Your phone is stolen: you lost all the ways to contact people, but you can buy another one
- Your passport is stolen: you can contact your embassy.
Smartphones are becoming a SPOF (Single Point Of Failure) for our lives.
Are you for real? I'm totally on board with using free and open alternatives, but if you're not going on a mountain trail then a physical map is going to be drastically worse than any navigation software.
Also FWIW I have a card-sized passport that I can easily get stolen with my wallet.
Ok, I admit I do not own any such passport (for now).
But for navigation... I use a mixture between physical maps and directions and online data. Specifically, before departure, I simply use OpenStreetMap to look at the route. If the route is very long I know I will be traveling by highways, so I rely on noting down only some keypoints. Then at the end of the route (near the destination), where I know I will get lost, I screenshot the map and I print it out (or have it on my laptop, it depends).
But, and I hesitate to point it out, because I am finding that people think it is somehow minimal entry stakes, one does not need any of those things..
You wouldn't get very far without WeChat and AliPay in China. Last time a good friend of mine was there, many merchants simply refused to accept cash. The few that did had made it known how much they were inconvenienced by doing that.
Same for basically every interaction with locals, for accessing government services, or even just using the public transportation.
It's pretty similar for locals AFAIK.
And before anyone replies that he didn't have to travel there — no, he did, unless he was willing to look for another job (which are very sparse here, you hold on to a good job for dear life).
He's talking about concert tickets and similar entertainment events, where several of the major providers no longer provide PDF tickets and instead only send them to a phone app. It is possible to make enough of a stink and collect tickets on the day, but that option is increasingly difficult to find.
Buy Apple; the point is to hurt Google. If enough people do it, Google might reconsider. Show them that the open ecosystem is the only value Android added, and if they refuse to bring back the open ecosystem then their platform will slowly die. Won't be long until Google's as locked-down as Apple at this rate, so all Android gives you is a power-hungry OS that protect your privacy even less than iOS does.
Buying closed stuff to show we want an open ecosystem?
At this point, I believe the most effective ways one can help with this is:
(1) advocacy - it's slow and difficult, but having people at least agree / be familiar with the idea that closed stuff is bad is a good first step.
Open ecosystems can't work for the general public if it's trapped in closed networks that won't work on anything else than the two big mobile operating systems, so making people start using open chat apps and such will help a lot. It'll take years, but so be it. It's worth it I think.
(2) helping improve the more open stuff.
I think Linux mobile for instance is a potentially viable alternative in the medium term for at least the basic use cases: Calls, SMS, GPS / Maps, Signal, photos. All this has no reason not to work with some polish. I daily drove Linux mobile 4 years ago for a year. The main thing I'm missing is good hardware for it, and a lot of polish but nothing impossible. Yeah, indeed, no payment with the phone (Google Pay / Apple Pay). But it's still possible to use the physical cards and not use the phone for this.
You've got to be kidding. Doesn't work, Apple is even more locked down than what this article announces. No sideloading whatsoever, signature checks ala Play Protect are mandatory and cannot be switched off, no alternative app stores, etc.
Not sure why this is downvoted. The entire value proposition of Android is the semi-open OS. For things you can’t do with Apple devices, you use the myriad of Android devices out there.
Yet most of the world runs Android. Its main value proposition was always wide selection of hardware for however much money you're willing to spend, not its relative openness.
I make relatively decent money by our standards, and I wouldn't even think about dropping $700-1000 on a phone (which isn't even officially sold or supported over here). For the vast majority of people it's their whole income over 2-4 months. I don't know or care how much you make, let's say it's $10k per month. Imagine if you had to pay $20-40k for a phone which is good for maybe 5-8 years.
Banking apps, messaging apps, streaming apps, even video games all want locked down devices. They will use hardware cryptography to discriminate against us and refuse service if they can't cryprographically prove we're using a corporate owned device.
Naughty user. Looks like you've been tampering with your device, installing unauthorized software and whatnot. Only money laundering drug trafficking child molesting terrorists do that. I'm gonna have to deny your request to log you into your bank account.
I'm curious if GrapheneOS or other custom Android builds would be able to avoid these restrictions reasonably.
Obviously this is going to impact the supply of apps, since the market share of custom Android is smaller than even the market share of people willing to sideload or use an alternative store on a mainstream Android phone. Many developers might quit the game.
The problem with custom ROMs is that many government, banking, and similar apps don't run on them without workarounds. Some of those apps also consider this as a TOS violation as well.
When Microsoft first proposed a remote attestation scheme for PCs under the name Palladium, it was widely seen as a nightmare scenario. Even the mainstream press was critical[0]. There was barely a whimper when Google introduced Safetynet a decade later.
It wasn't OK in 2003. It wasn't OK in 2014. It isn't OK now. I'm just not sure what anybody can do about it.
There are many third-party money apps that login to your online banking that are a violation of ToS. That doesn't stop people using them. In fact, when they get really big, they can be legitimised by banks. For example, to get my mortgage, I had to use a third party service that logs in to my online banking account and ingests all my transactions to show that I saved for my deposit legitimately.
Then I won't run those apps. Seriously. I know not everyone has this option, but it's been my experience that a lot of processes do in fact have workarounds when you show them the cryptic error their poorly behaved app throws.
GrapheneOS has offical support for hardware attestation[0].
It does require the developer to make minor adjustments, and most banks are simply too risk averse to agree to doing that (I would know, used to be a senior android app dev at a bank).
I don’t use any utility apps (identity, banking, services etc) on my phone and stick to the desktop web. And don’t use services that do require me to have a Google or apple account and phone. (Spoiler: I do)
I hope my tiny datapoint shows up in some aggregated stats somewhere.
The alternative is just Apple; if Google loses enough users they might reconsider. Essentially the only real advantage Android had over Apple was being a more free platform/ecosystem; if they're going to do away with that, then they should be shown that this means they'll lose a lot of users.
GrapheneOS is a beautiful stop-gap, but there are real bona-fide Linux smartphones out there. To be clear, there are not many, the hardware often isn't great, the software often isn't great. PinePhone and Librem come to mind.
Cell carriers will just start requiring the attestation as well. And eventually, even an internet connection will - wifi routers will have to attest to ISP equipment, etc.
The final phase is "AI" monitoring everything you do on your devices. Eventually it won't just be passive, either, but likely active: able to change books you read and audio you listen to on-the-fly without your consent. It will be argued that this ok because the program is "objective".
At this point, I would stop using commercial cell carriers and ISP-provided equipment altogether, even if that means setting up mesh networks with an underground community. User control or bust.
I've been keeping an eye on FuriLabs (Furiphone). They maintain FuriOS - Debian with an Android kernel. Has a container for running Android apps. Price is reasonable though I don't know how it'll be affected by tariffs in the US. It's tempting.
Pretty sure Bunnie named it “precursor” because the plan is to make the actual phone (with a cellular modem) next. If I had the cash to support him and buy a Precursor I would.
Android is decades ahead of that in security, functionality, utility, devex, and design. It's a fools errand to try and modernize that, over building on top of AOSP.
