But we don't have anything like FF as an alternative to go from Android. Especially considering banks require "certified OS".
I also switched banks so I can use my bank card as the 2FA device, similar to CAP. [0]
[0]: https://en.wikipedia.org/wiki/Chip_Authentication_Program
Google and by extension banks, are claiming that the phone on, Android 9, without security updates AT ALL since 2009 is perfectly safe and secure to use.
Meanwhile, really well locked OS, hardened so well some of the improvements were later picked up upstream (both by Google and Apple), running _the_ latest AOSP version and releasing new security updates within hours is not considered safe and secure, despite assuring full chain of trust (including locked bootloader, verified boot, etc).
This is what Play Integrity does.
Of course Android supports better scheme, hardware attestation, but od course Google enforces their iron grip on the ecosystem, and instead uses the outdated, flaved system that certifies only the devices with preinstalled Google services running in the privileged mode. Snooping on everything you do and have.
Thats the reason.
* Enforce Hardware-DRM * Enforce PlayServices * Enforce apps which don't circumvent their business model e.g. YouTube-Downloaders ("Watch my ad again...") * Payment fees from PlayStore
Taking a look at the dangerous crap in the official Play Store confirms that. It is full of awful and dangerous apps. It was never about the security of the user.
I am really learing to live life without the internet anymore. Between the lock in, the privacy risks, and just the hassle, it is easier to act like I am living back in the 1990's and just get used to the "inconvenience" of life without a smartphone. I can leave my smartphone in a faraday bag and just pull it out when I need it, or just wait to be in wifi. (I am homeless living in a minivan so this makes it much harder for me.)
I just do not know how much this will effect GrapheneOS or I would get a Pixel 9a. It seems like it will not, at least for the older phones.
At least we still have linux (for now).
But more and more computer technology is looking like a trap.
If anyone has any recommendations for a dumb phone that will work with AT&T please let me know.
Funnily enough that's actually a good thing in a twisted way. Long term, it will either force manufacturers to become much better with their update support, because apps will refuse to work on non-patched devices... or they won't and we'll all have one of those devices at home rooted through a long known CVE as a proxy for device attestation.
1) an old iPhone with 0 personal data on it and in no way linked to my identity, which is used for completely untrustable commercial apps, and rarely even leaves the house.
2) a LineageOS Android which is my daily smartphone for things like camera and GPS, running almost exclusively open source apps, except for unavoidables like WhatsApp which are run in an separate profile
3) a GPD Micro PC running Void Linux, which is roughly the same size as the phone and a true swiss army knife. Its purpose is to reliably do what I want, when I want it. No systemd, for it does not spark joy. It is used for web browsing, note taking, light productivity, and playing movies on the TVs of friends who have overinvested in streaming and dongles only to find that $CHOSEN_MOVIE is not on any of their services.
I am not entirely happy with this state of affairs - too many devices, and still not enough siloing of closed apps like WhatsApp.
I find void linux super lightweight, can get great battery life out of it on an old thinkpad.
Is it though? Almost every new service has it, and all existing services keep offering it.
Been doing this for a while. I have a smaller Samsung S22 for the apps I absolutely need that won't run on my Graphene phone. The majority of my day-to-day stuff is handled on my older phone running Graphene.
Been tinkering with Ubuntu Touch, but AFAIK they haven't figured out how to solve the issues with VoLTE yet here in the US but its on my radar to try and make the switch soon.
I'd enjoy suggestions as to suitable unhindered devices.
P.S. I just hope we can continue to access / create unhindered devices -- and programs/apps (cough Manifest v3 cough).
Just observe that the key factor is to be independent from Google and then the only recommended devices from their side are exactly google devices where nobody here can have an idea of what is modified inside them.
You'd be better off supporting other distributions like Calyx, which have no problems in supporting other devices like the fairphone and so on.
https://calyxos.org/news/2025/08/01/a-letter-to-our-communit...
https://eylenburg.github.io/android_comparison.htm has a high quality comparison of the privacy and security between different alternate AOSP-based operating systems.
These are the only reasonably secure mobile devices with proper alternate OS support. It's not GrapheneOS forcing people to use these devices if they want a device to run it but rather other OEMs not providing what is required. The hardware requirements are listed at https://grapheneos.org/faq#future-devices. GrapheneOS has been working with a major Android OEM since June 2025 towards their future devices meeting these requirements and providing official GrapheneOS support.
> Their developers are constantly attacking GNU/Linux phones, which are the actual long-term solution for both freedom and security.
These devices provide objectively far less privacy and security at a hardware, firmware and software level. Linux itself is not a long term approach to privacy and security due to being a massive monolithic kernel written in C with very poor security. A long term approach will involve moving over current software onto a reasonably secure base. Moving to a dramatically less private and secure desktop operating system stack would be a huge regression in both the short and long term. It's not advancing as quickly in those areas, would not the usability/functionality people expect and is definitely not the future of secure devices. Android's current incarnation based around the Linux kernel is not the future of secure devices either, but it's far more private and secure today with a clearer path to moving forward.
Those links don't really help your case, to be frank. Nothing strcat says reads as incorrect or even particularly controversial, they have personal beef with CalyxOS but their criticisms of the choices of the project are largely on point. They're justifiably upset by the mental health accusations too, it's kind of a joke that one of those people in the thread tried to gaslight strcat about how these accusations are somehow not a recurring issue when I, as a third party observer, have seen it come up all the fucking time.
Meanwhile, you're imagining "attacks" on GNU/Linux phones, when most of what I read from them regarding those was sober and reasonable, if not particularly positive, but they're allowed to do that. Their priorities are clearly security and none of those phones really have any.
CalyxOS has essentially been discontinued, see https://calyxos.org/news/2025/08/01/a-letter-to-our-communit.... It hasn't received the 2025-06-05 or later patch level.
Are you calling the above a "character attack"?
I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.
I didn't say anything about CalyxOS: I don't care about this.
GrapheneOS is actively working with a major Android OEM towards a subset of their future devices meeting all of our official requirements and providing official GrapheneOS support. This OEM is providing us with partner access to Android which is already helping the project. The vast majority of mobile devices have poor security including lack of firmware security updates and lack of essential defenses for providing the security GrapheneOS offers. GrapheneOS has to do substantial work on each supported device to integrate the hardening features and fix the issues those uncover. Supporting other devices is not easy and involves a lot of resources.
> Are you calling the above a "character attack"?
Yes, it is a character attack falsely claiming our goal is to "force Google" on people. That's utter nonsense.
Support for the devices we're working on with an OEM will become available and will be much better than their current devices not meeting our requirements. They were already planning to make substantial improvements to security but now more will be done and the end result will be devices we can support. The devices will meet all of the official requirements listed at https://grapheneos.org/faq#future-devices and may not be more secure than Pixels initially but future generations can make further improvements and we can do lower level hardening at a firmware and even hardware level. It starts with the OEM having devices meeting the very reasonable baseline standards.
> I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.
These have absolutely atrocious security and do not come anywhere close to the security requirements listed at https://grapheneos.org/faq#future-devices. Using devices with outdated components not receiving important security patches for known vulnerabilities and not providing basic defenses is not what GrapheneOS requires. It's far more than security features being lacking. The standards we list are very reasonable, which is the position of the OEM we're working with which did not previously meet them. There's nothing Pixel exclusive listed there, only standard security patches and features. We've kept the requirements lower than what Pixels provide to keep room for other devices such as only requiring 5 years of proper support instead of 7, omitting many unimportant security features, etc.
Both devices are still closed source hardware with closed source firmware, not open devices. They have a closed source SoC (CPU, GPU, MMU, etc.), radios, SSD, memory, battery, touchscreen, etc. They're advertised as if they're open despite that being the case. PinePhone has misleading marketing presenting the cellular baseband as having open source firmware available as a replacement when it doesn't based on having an extra general purpose CPU running a super outdated proprietary fork of Android next to the cellular baseband which can be replaced, but not the cellular baseband firmware itself. The radios are also less isolated and much less secure including lacking proper security support. The most important and most privileged component in a device is the SoC, which is not more open.
Can you give me a quote where they outright say this? Because my hunch is that what they actually say is something along the lines of 'because it doesn't have the security requirements that we desire' which would be true. Whatever their reasons for those choices, it also makes sense to limit scope given the extreme constraints they're working under and that scope is best limited to phones with the widest security feature support for their security-focus Android OS.
> Are you calling the above a "character attack"?
Grow up.
aka, insecure.
All phones are insecure to some extent, most phones compared to GrapheneOS/Pixels are less secure and this has largely proven out whenever there's been leaks of the capabilities of law enforcement phone cracking tools.
Anyone can fork GrapheneOS and build it for other phones if they want, instead of doing this the developers instead focus their time and effort on the most suitable hardware for their needs. This isn't a part of some agenda or a swipe at Linux, open source or Stallman's cholesterol filled heart, it's just pragmatism.
It really seems like you're more concerned about hurt feelings than objective fact here. Every link you've provided thus far was framed by you as evidence of poor decisions or behaviour on the part of the GrapheneOS team but you've done nothing to elaborate, and after reading the content of those links for myself there is nothing there that support the things you've been implying.
It doesn't make a whole lot of sense, at least not unless I put myself into the mindset of a child and read any negativity expressed towards FOSS projects as an attack, or taking their choice to not target phones I like personally.
The linked security-related arguments aren't reasonable at all. They talk about improving users' security but instead the actual result is less security for the majority of people, due to (1) the high price of the supported hardware, (2) reliance on Google hardware not trusted by many users (https://news.ycombinator.com/item?id=45101524).
Your username is fsflover and your posts clearly have an ideological bias that favours purely open source solutions even if it goes against reason.
> The linked security-related arguments aren't reasonable at all. They talk about improving users' security but instead the actual result is less security for the majority of people, due to (1) the high price of the supported hardware, (2) reliance on Google hardware not trusted by many users
All SoCs are a black box and all of them are made by untrustable companies that are likely already working with the security services of whatever country they're R&D'd or manufactured in. There is no good solution to this, so they picked the best worst option.
Nonetheless, most of the evidence that is available shows that GrapheneOS on Pixels are the most secure phones currently available. So, clearly not security theatre, whereas if they also supported phones that didn't even let you lock the bootloader it absolutely would be.
GrapheneOS isn't to blame for every other phone manufacturer dropping the ball.
Thanks for the clarification. Free software ideology is not like a religion, where people believe in a god. Every Stallman's essay explains a very practical reason for following his ideas. FLOSS protects you from the enshittification, walled gardens, backdoors (to a degree) and similar things.
GrapheneOS have put themselves in Google's walled garden in terms of the supported devices and now Google can easily make them less secure or even kill them completely at will.
This is like saying "you clearly have an ideological bias that favors democracy/ or freedom even if it goes against reason". Sometimes a tyranny is more efficient at forcing people to do a particular thing, e.g., produce weapons. It doesn't mean that choosing it can be reasonable sometimes.
> All SoCs are a black box and all of them are made by untrustable companies
You clearly can't understand that different people have different threat models. This is a huge problem of GrapheneOS developers: they never accept this possibility and force the single threat model upon everyone. This reminds me of Apple by the way: They do the same. In reality, some people can trust Chinese devices more than Google's ones (imagine that), or trust a particular company that didn't perform a ton of evil action like Google did (that's me and many others).
> There is no good solution to this
The good solution to this is security through compartmentalization, which is the best security approach ever invented. The more varied hardware people use, the harder it is to make a targeted attack or to mass compromise every single device sold.
> most of the evidence that is available shows that GrapheneOS on Pixels are the most secure phones currently available
I don't dispute that, and you won't find me saying that GrapheneOS is insecure in itself. I am saying that they did a wrong bet long-term, and their approach leaves a lot of people without Google's hardware insecure.
> not security theatre, whereas if they also supported phones that didn't even let you lock the bootloader it absolutely would be.
Once again, this is implying one single threat model upon everyone. I never leave my phone unattended, so nobody can secretly reflash it. And whenever I suspect a compromise, I reflash it myself using a disposable VM on Qubes OS. Does it look somewhat secure to you?
The purpose of GrapheneOS is not an OS which people can install on as many devices as possible where substantial security sacrifices need to be made even compared to the stock OS and a reasonable level of privacy and security cannot be provided due to lack of firmware/driver updates. Without the hardware-based features we use as part of our work, it would also hardly actually be GrapheneOS.
Support for installing another OS on devices has been removed or is in the process of being removed by several OEMs. Providing an OS for most mobile devices isn't an option in the first place.
GrapheneOS is actively working with a major OEM since June 2025 on a small subset of their next generation devices meeting all of our official requirements and providing official GrapheneOS support. The initial phase of support may still require people to install it themselves, but it will be another option than Pixels and the plan is to do more than that. The OEM is very interested in GrapheneOS and there may be devices sold with it as an official option. We'll be able to start doing lower level hardening work on firmware rather than our work not going below the level of the hypervisor, kernel and kernel drivers beyond reporting vulnerabilities or making suggestions. We already do a large amount of low-level work specific to devices and will be doing much more of it in the future including at a lower level. We have a lot of improvements we want to make at the level of the boot chain and secure element.
GrapheneOS in the long term will be a hardware, firmware and software project working closely with one or more OEMs to make highly private and secure devices. We'll support the existing Pixel devices until end-of-life and will add support for new generations of Pixels as long as they continue meeting our requirements, but our focus will shift to devices made in partnership with OEMs.
The purpose of GrapheneOS is not something people can download for their existing device to make it less bad. That's not even generally possible due to lack of support for using another OS and crippling of devices when another OS is used, especially the security features. You're talking about doing something which has never been the project's purpose. The purpose requires using the best available devices and ideally working with an OEM to make better devices for it as we're working towards (the first generation will likely not be more secure than Pixels, but it will meet our official requirements and improve from there).
As opposed to a black box from Google, that nobody really knows exactly what it does...
They even tell you in their usage guide that it's more secure to use Google's app store than e.g. F-Droid (which neglects several good security practices for an app store), and that it's not a good idea to blindly aim for "degoogling" at all costs.
Go away with your baseless FUD.
The biggest thing that excludes most phones from supporting GrapheneOS is the lack of unlockable bootloader. Pixel phones also allow the developers to target a large but homogeneous hardware base.
The second big thing is that the "non-exhaustive list of requirements" is basically "whatever new Pixels do". Your conclusion that Pixel phones are "the only ones with secure enough hardware" is overstretching what's happening here.
The developers took the Pixel as a template because it's a well selling line, with good security, and generally with unlocked bootloader, and modelled the requirements based on it. It's a reasonable approach to the development of a niche security oriented OS because: "In order to support a device, the appropriate resources also need to be available and dedicated towards it". It has the downside that it makes it sound like no other phone has comparable security features.
Are the fully supported Pixel 6/6a more secure than any other non-Pixel phone sold on the market today?
As for Pixels being more secure than non-Pixel phones, I would say they are more secure, due to existing hardware security features that most non-Pixel phones do not have, and just as importantly, due to still getting regular security updates from the vendor. Pixel 6 in particular is supported until late 2026, if I recall correctly.
This is the problem for most Android phones on the market - most of them stop getting security updates after a year or two, so your only option is hoping that one of the alternate Android OSes pick up the slack, e.g. Lineage or Calyx.
EDIT: That they modeled their security requirements based on the best device available at the time is simply how this works if the priority is security. They picked best of what was available, built features around that, and refuse to compromise for new device models if at all possible. And yes, no other Android phone has comparable security features for what they are doing. That's not how "it makes it sound", that's just reality.
You cannot install GrapheneOS on a Pixel that was locked by the carrier, it's literally the first prerequisite they mention [0]. From here came my initial comment saying that the biggest thing that excludes most phones from supporting GrapheneOS is the lack of unlockable bootloader.
This is what should give you pause when you declare one phone to be "best HW for security" because it supports GrapheneOS. Some Pixels are unsupported even with the same HW/FW/SW.
Mighty all-knowing of you.
Just read my first comment, see what I objected to, see what arguments I used, and then think 2-3 times if you really added to the conversation. There must be better way to pad your comment count.
edit: exactly who on this planet is motivated by "comment count" other than spammers?
edit2: the only way I can make your comments comprehensible is if I assume that you thought somebody was angry that they couldn't install Graphene on a phone with a locked bootloader. Before you assume the person you're talking to is insane, you should consider the alternatives.
Why not ? This seems to be exactly the push that was needed.
- Fairphone 5 works with Ubuntu touch - Xperias that are from previous gen can run Sailfish OS
I've looked into others, don't recommend
Wish there were other alternatives. PinePhone Pro got discontinued. This is truly a duopoly.
At the EXACT moment everyone is now looking for Google alternatives. This is truly snatching defeat from the jaws of victory.
https://liliputing.com/pinephone-pro-linux-smartphone-has-be...
Now the phone is running stock firmware from 2020, with Android security patches from 2020, and with numerous publicly known vulnerabilities. The banks work fine, Google Pay works fine, every Play Integrity check passes, even the strongest one (device integrity).
The only reason I see for it being implemented this way is not to lock the bad guys out from your phone, but to prevent you from doing anything to the banking applications, even through it is still possible through said vulnerabilities.
One of said banks also refuses to run if it detects remote assistance clients on your phone (like TeamViewer), or even Discord, because apparently these were used in scams over the past few years, and we need to protect even the stupidest at the expense of everyone else. How did we come to this "future"? The worst days of desktop Windows weren't even remotely close to this nonsense.
Nobody's willing to pay for it, so only Google, who have to do this for a bunch of other reasons, actually does it.
On the contrary, governments are imposing other restrictions on OS'es (like EU Chat directive), as well as making more and more critical government functions (like eID, and the various equivalents, and the banks) that can never work without OS certification, are utterly dependent on the App stores (it requires the ability to replace apps on user's devices without being detected), and thereby driving people deeper into Google and Apple's arms. Despite the fact that this makes the EU totally dependent on yet another US company, making this stupid. And, of course, it makes securing anyone in the EU against US spying an exercise in futility.
But it saves a little bit of money now, and gives the US, ie. Trump, yet another loaded gun aimed at the head of the EU economy. What could possibly go wrong?
Sell your airbus stock.
Rooted. Usually with unlocked bootloader. Safe.
Also phones on Android 9 unpatched since 2009. Etc.
:)
It's also Deep Web, not Open Web.
Furthermore, it's US-based, with an unknown amount of Tencent backing, going back to before even its creation.
That sounds... fine? Like... there are actually alternatives. Sure, if their plan is to phase out those alternatives, then that's bad, but... the current situation seems fine?
business account can request such devices so if any malicious people cant withdraw funds without pressing a same combination in all devices (there are multiple devices) so there is no rogue employee
sorry, we can't do anything for you then
Know Your Customer is acceptable. Nanny Your Customer is not.
There's also systems like PaySafeCard, which is accepted by Steam.
The last one applies in my country. You can of course go to the bank branch for every little financial operation, which is bad enough by itself for us living in cities, but is practically impossible for my relatives in the rural area, who would have to drive 100 km to the nearest bank branch, and then back just to move some money between two accounts.
Even if you don't care for anyone else but your country, it will come to you also, I promise.
Forcing you to use foreign megacorps for essential services should be illegal if not already.
The only realistic thing left for me is moaning about it on the ole 'net and hoping (probably in vain) that this disease doesn't spread further to other countries. Western democracies are already in the process of copying several bad ideas we implemented 10+ years ago (and China more than 20 years ago), I don't see a reason why this also wouldn't be ported over.
And the digital sovereignty argument doesn't really work, one of the banks uses its own payment system — mostly copied from Chinese AliPay — and it's the most popular one here. Zero dependence on "the West" other than the phones themselves, where they think they have an alternative in Huawei and friends, and you're gonna have to depend on someone in any case, even just for internet infrastructure, or even cash printing machines.
A smartphone today is the most essential and private thing you have. This is as far from "zero dependence" as you can get.
> they think they have an alternative in Huawei and friends
Do Huawei phones work for banking in your country? If yes, does it mean, Google Play / integrity isn't necessary?
> Forcing you to use foreign megacorps for essential services should be illegal if not already.
The only two major mobile operating systems are developed by American companies. The two most popular global payment processors are maintained by American companies. The hardware is jointly developed by a bunch of countries, basically all of them in North America and Western Europe.
If one brings up digital sovereignty, should I think not of "the West", but of Tokelau, South Africa, or Brazil?
CBDCs solve this in theory, but the government would add the requirement back just for funsies.
BankID in Sweden and similar in other European countries.
I can't see them changing this in the foreseeable future, major parts of their userbase run the cheapest phones one can buy, and they're much more interested in as much data as possible, so near 100% device coverage has to be important for them.
They even have Linux versions:
https://aur.archlinux.org/packages/warsaw
https://aur.archlinux.org/packages/warsaw-bin
Who even knows what this malware does? I sure as hell don't want to find out.
For the bank, things like "fraud prevention" override literally everything. There is no limit they wouldn't cross and there is no freedom they wouldn't trample in the pursuit of their goals.
People get so mad about kernel-level anti cheat in video games, but when your bank does it, I've never heard of it before. I sure am glad my bank doesn't do this for now.
They think everything they do is justified and necessary. They've got a "legitimate" reason to do it so it's alright. Because total nonsense like fraud prevention is totally worth giving up our freedom for.
Cash is positioned as suspicious. In 10 years, it might very well be illegal.
It's not relinquishing control, but separation of concerns for hardware.
Bank should manage their hardware, not your hardware.
Okay, I guess more to the point, I don't want the banking app forcing the OS that I use. They can provide their own damn hardware!
> the banks/governments give the people devices to use for these things,
The devices will cost "a reasonable amount" and have GPS tracking "for your safety".
Those devices have no network, no connectity, no gps, and no interface besides a tiny 7-segment lcd display and some 0-9 buttons for pincode entry.
Kicking banks off the internet/apps would make Android and Apple less cushy.
Here's my attempt at future history: Firstly they'll require you to prove your current location, to ensure that the request isn't made by a remote hacker; they'll do this by integrating their own cellular modem, as well as scanning local wi-fi networks. Then, at a second phase, they'll integrate a camera and microphone to perform a face identification, asking you to speak out a particular phrase while performing a particular motion. At the start they'll only require you to turn the mic and camera on during active usage, but eventually they'll say that these have to stay on continuously so that they can ensure that the device wasn't tempered with. And if we aren't careful, we'll accept every single small added requirement, until we're boiled alive.
However, if it sits at home in a drawer, it can keep its camera on all it likes, transmitting images of darkness, and tell the bank repeatedly where your home address is, and sometimes (when in use) confirm what your face looks like. Not a privacy issue I think?
Probably it would become expected that you carry the thing around and it replaces cash and cards, but that seems to me to be the crucial step if it's going to have meaningful potential for spying.
So, like, legislate it?
Prior art exists on this point.
DNB in Norway does for sure. Same for BankID , national electronic identity authorization provider. There are good programmers out there that know their stuff. Find a bank that has a hacker culture like DnB.
I remember that I chose them just by comparing uMatrix output between them and SpareBank - the other big player. DNB had no 3rd party trackers showing, while SpareBank had a lot.
FYI, I know that Revolut is a Europe-wide bank which does not use Play integrity. In case anyone needs it.
I've only had one non-banking app trigger the "used Play integrity" warning, though that app apparently does not care and still works fine.
But there is this escooter app in Norway called Ryde, that blocks itself from even being seen on Play Store. They are otherwise very good, excellent support, responded positively to some UI feature requests. They also have a living wage policy for their battery maintenance mechanics.
How would I approach them about changing how they verify phones? I'm no dev really and feel like it's a little above me.
The convenience is great but increasingly businesses now begin to offer this as the ONLY way to pay.
I keep telling people because I'm seeing it begin. This is how it happens, this is the endgame for freedom, democracy and life as you know it. Give the West 20-30 years, it will happen in some developing countries sooner.
They will require the approved app to buy and sell. Without it you will be outside the financial system, and maybe will starve.
They will require the approved app to only run on the approved operating system. You will have 2-3 options for the approved operating system but total surveillance will be a mandatory feature on all of them.
Finally, they will punish you for wrongthink when your surveilled device detects you writing or saying it.
As the world gets worse political leaders will become more authoritarian until one finally checks the last box on that list, and that's the end.
There will be no escape except for death.
All the pieces are coming into place. Every time you hear them talking about better security for XYZ you can see how it's one of the pieces on the board, being moved one square.
I don't think there is one guy who has this master plan I think it's the inevitable end state for surveillance capitalism that's as pervasive as ours.
I am an atheist, I think the Bible is all fairy tales, and yet the "Mark of the Beast" vibes I get from where the world is going are out of control. The mark on your hand or your forehead that will be required to buy or sell, that was what you'd be forced to accept once the Antichrist took over, or whatever. The 2,000 year old fairy tales were not wrong they are starting to set it up now, you carry the device in your hand, they will do it through payments and banking.
Cash or normal credit/debit card, but I guess that for native having a credit/debit card costs more money and cash well, it's cash like everywhere else with its pros and cons.
And if you still can, use the website.
I also had enough. Switching to Linux pretty soon.
So many apps even refuse to be installed on older versions of iOS/Android.
That's because they see older versions of Android decrease in usage so they think it's fine to lock them out and potentially lose customers[1], but they're not going to do that to the majority of them.
If the majority stops falling for the propaganda and "upgrading" to a worse experience, other businesses will follow.
[1] I have told businesses that changes to their site have made me no longer want to do business with them, and seen responses ranging from complete dismissal to quick reversion.
Another solution might be to to add an optional Uncertified Profile that if turned on allows unregistered apps but sandboxes them and marks them with a "dangerous" badge. That might ensnare these trojans and malicious apps that pose as legit. That might be enough to scare grandma and let people who know what they are doing do what they want.
Although, frankly I'd just prefer google just made a "Secure Profile" to keep bank apps and other high-security apps away from everything else.
Surely apps are sandboxed on android by default?
ATMs won't let me send money or do any other kind of maintenance
Oh, and you can always send money by withdrawing cash and giving it to the other person physically.
Or go to the bank branch, or write a cheque.
I won't travel to another city or country just to hand money in cash.
I won't travel to a branch to... I have never ever written or received a cheque, what the heck even is a cheque? A piece of paper someone can photo-copy?
I used to be able to do all of my banking from a web browser, from any browser/OS I liked. I've had a fob that displayed a 6-digit code rotating every 30s. This used to be simple and secure. What you propose is ludditism.
You are also quite quick to dismiss cheques as someone that never even tried them...
Online banking is dead simple to secure: require a TOTP token. It's something you have (like a debit card) + something you know (PIN/password). The poison being introduced is through a third party, and entirely unrelated to the original function.
Are these limited to only "approved" apps? Usually you can add an auth to an app via a qr code or string. Why can't people use whatever auth app they want, or even just roll their own?
We previously tried to work with a much smaller company which was a startup and ended up going bankrupt. The current partnership with an OEM is a new thing entirely separate from that and it's not a small company or startup.
Our requirements are listed at https://grapheneos.org/faq#future-devices. The devices we're working on with this OEM will meet these requirements and provide an alternative to Pixels for GrapheneOS. They may not initially be quite on the same security level as Pixels, but they will provide what's listed there and can get better from there.
https://grapheneos.org/releases
(Pixels only)
Go for Calyx or any other android distro, they have zero difficulties in supporting more devices.
Personally, I wish there was an open/libre device on the market that GrapheneOS could target.
You mean, Pinephone and Librem 5?
Also: Android. If I didn't need Android/iOS apps, I'd be using a Nokia 3210.
The last cellbrite leaks show it as more secure against attacks from le than the current iphones, and that's more important to me than abandoning google hardware.
It's not our fault that the only other devices providing the security features we need don't allow GrapheneOS to be installed or to use those features. Massively lowering our standards and using low security hardware missing the basics we depend on and have built major protections around wouldn't make sense. It's not what GrapheneOS exists to provide. People can use LineageOS if they don't have the same priorities we do.
You need legislation.
You can have a popup, but it must have a call-to-action. Explain to users how to fight this.
Some things to advocate for to counter the direction we've been going in.
1. Termination of WIPO Copyright Treaty (prerequisite for #2)
2. Repeal of DMCA. (primarily because of Section 1201)
3. Enact and enforce, Right to ownership, Right to repair laws.
4. Enforce antitrust laws. / Break up monopolies
Nothing will be resolve via legislation when the people making the bill are the same people in the revolving doors from the transnational corporations where the bill suppose to govern. A lot needs to be altered if we want this really to serve the 99%.
This "fight" will always be lost, because the other side is 99% of the population and they want to stop scammers more than they want to enable you to publish software to a personal tracking device anonymously...
Also, Windows works pretty well with software from third-party sources, or would you forbid them in Windows as well? Sure, there are the occasional crypto scams which disable a hospital here and there, but this can arguably be prevented by not giving non-admins admin permissions.
Yeah, which is why no one with any sense is going to be fighting againist this. Third-party installs on Android are largely scams. I don't think you've thought this through.
> Also, Windows works pretty well with software from third-party sources, or would you forbid them in Windows as well?
Windows is well known for being insecure compared to others. Apple have also worked to secure users against third-party apps.
> Sure, there are the occasional crypto scams which disable a hospital here and there, but this can arguably be prevented by not giving non-admins admin permissions.
Don't they use local privilege escalation attacks as part of the attack?
The reality is we don't need to fucking remotely rootkit someone's phone to scam them. This isn't how the vast, vast majority of scams are done.
Relying on client side trust is a recipe for disaster, any anyone even kind of technically minded should see that.
Granny is when someone on the phone tells her how, because she needs to report some stuff to the FBI, IRS, etc.
Just point granny to the super secure Play Store and have her download anydesk and boom, now you remote control her entire phone. And you didn't even need to hire a development team to do it.
If the intention was to make it easier to spread the word, you've already failed.
Anyway, this whole library should have been a copy-pastable snippet for a dialog or toast (what's with the duplicate code?); the only value added is the translation, which most app devs already have a pipeline for.
The code part is so trivial that I suspect it doesn't even meet the legal bar for copyright protection in many jurisdictions.
People under-value copy-pasting. I'd rather copy/vendor a thousand lines of code (with license+credit intact) than add it as a dependency.
I'm working on a side project, and needed a CPIO library for Go. CPIO is a fixed thing, a good implementation is "done". U-root[1] has a really decent implementation, so I've vendored 2500+ lines of code, as otherwise I'd have to (indirectly) depend on almost 700.000. Great value.
A CC0 copy-pastable snippet, plus maybe this helper library with a permissive licence. The only way this would go popular is through slacktivism, so you need to remove any friction.
https://github.com/woheller69/FreeDroidWarn/blob/master/libr...
I don’t have any hope that this will sway Google, but at least the users are being warned.
I'm sure everybody would profit from that...
https://blog.google/products/google-pay/google-wallet-age-id...
I wonder how badly Google's shenanigans will affect sales of new Android devices too. I've been looking to buy a foldable at some point, but I'll have to make entirely sure it won't be of an effectively broken (too new) Android version.
Hence they are comfortable making this overreaching decision.
“You want sideload on Apple? Go buy an Android”
I see this change as win, personally.
a) it will finally shut the fuck up braindead sideload, Apple bootlicking, haters
b) EU can go after both Google and Apple to allow sideloading (one can only dream!)
Win-win.
If you want to know if your Banking App is compatible: https://privsec.dev/posts/android/banking-applications-compa...
https://shop.fairphone.com/the-fairphone-gen-6-e-operating-s...
Why not? Freedom isn't a given --- you need to fight for it.
A society which value freedom should of course give a lot of it to its citizen, and expect them to defend and improve it for everyone.
A society where freedom is never a given, is not going to foster much of it.
If you would factory-reset your device right now, it would reset to the version of Play Services that came with the installed device firmware, but upon startup the services framework would likely fetch information that it is outdated and won't continue until you have upgraded it.
In this state you could probably use your device and sideload apps, but none of the Google Mobile Services (Play Store, Gmail, Maps, YouTube,...) and 3rd party apps which require Google APIs will work
Apple allows developers to self-sign a handful of apps (exclusively from source!) with short-lived certs - it's a complete PITA to maintain a simple app for personal use, and you still need an account. Google is heading in the same direction.
https://developer.android.com/developer-verification/guides/...
I don't have a "legal name". Sounds like some sovcit bullshit. I go by several names, none of which is canonical. Maybe other countries formalize this idea, but the countries where I am a citizen/resident do not.
> A private email address and phone number for Google to contact you. These will need to be verified using a one-time password
I love that email OTP is good enough for this, but apparently not for anything else, where I'll need an approved verified secure attested super official app.
Considering every country has passports and passports all have the person's legal name on them. And thst the passport standard only supports having one name with a primary and secondary identifier. You must be mistaken.
It's also fairly common for instance for women to have multiple names from their marriage(s).
1. doxx yourself of they kill your account
2. re-build every app with pointless newer api version literally every year or it gets taken down.
3. Push an update or a new app or they kill your account.
..
My guess is enshittification, some random exec is trying to save a few pennies in server and storage costs.
..
I'd also say that google makes so much money from ads and data-brokering that everything else they do is not vital for their survival and thus undergoes a sort of "genetic drift" where they just make random decisions.
Thats okay, they jumped the shark when the imperative for ads took over.
Combat abuse. I don't think this is a solvable problem, so obviously this won't be a silver bullet. But maybe will it impose more cost on the abusers creating a nicer app store experience for everyone. Or maybe this only imposes cost on the honest ones? I don't know how much validation they do.
> 2. re-build every app with pointless newer api version literally every year or it gets taken down.
Fix vulns. This also gets rid of abandoned apps. It also probably provides an "opportunity" for the dev to agree to new T&C.
> 3. Push an update or a new app or they kill your account.
This one seems shakier to me, but it might feed into an effort to get rid of abandoned apps. But I disagree with this being healthy for the ecosystem, if that's actually the reason.
I'm not trying to defend google, but from working in FAANG, some of this is obvious. None of these things save a significant amount of server or storage costs. Some of it is clearly anti-abuse and efforts to defend themselves from the constant stream of crap that tries to make its way into the app store.
> everything else they do
Google isn't like some dude (sundar) making decisions. It's a bunch of millionaires and billionaires making decisions. There's some high level guidance, but the difference between different divisions is 100% based on who's running that particular show.
When an app works but keeps getting updated, that means the enshittification is starting. How else do you extract money out of a completed app?
In regards to this new package name registration whoever is running the repo of such packages would register a new package name for each app.
"Avoid Google. Don't buy Google products, especially their phones."
Money is the corporate language, especially for Big Tech, which is always several steps ahead of legislation.
Ironically their phones are the best way to avoid this shit, because they are one of the few that properly support securely installing de-googled Android Versions.
I hope the OEM GrapheneOS is in contact with makes a better alternative.
How much MB (kb?) does this dependency add to apk?
EDIT: The AAR file is 26KB: https://jitpack.io/com/github/woheller69/FreeDroidWarn/V1.3/... But most of it looks to be from R.txt and I think that file gets deduped/compressed during app packaging?
I don't think this meets the bar for copyrightable code. Copyright protects creative expression. Displaying a single dialogue does not take creative expression, and pretty much any developer given the task would produce code identical to this.
Also you're misquoting. The license is GPL-3, not AGPL.
Something that is too small to be considered creative should be a documented example you copy and adopt into your app, not a dependency.
The only exceptions to this are things like "A dependency that contains all unicode planes and categorizes characters", which isn't creative, but is useful and too large to copy-paste, and also updates over time.
Or the timezone database file, another case of something that should be "public domain" knowledge (uncopyrightable), but makes sense as a dependency.
This is not that sort of thing.
This easily meets thresholds for creative work. The basic concept is nigh-trivial, but the concrete implementation is still creative.
That I doubt; it seems more like it's deliberately large and complex enough to be copyrightable, because otherwise it wouldn't be.