Android apps are blocking sideloading and forcing Google Play versions instead

koncertejo , 12 hours ago

If the Play Store becomes required like that then Android’s already-shaky status as an open source base platform is going to go out the window. I’m glad there are non-Google distros of Android but there really needs to be more of a push to make a completely FOSS phone platform.

IllNess , 12 hours ago

There are Linux phones available. I,m going to guess popularity of those devices to increase soon.

MrLLM , 11 hours ago

I,m going to guess popularity of those devices to increase soon.

I don’t want to be pessimistic about it, however I think it’s gonna be like Windows: enshittification will happen, but inconvenience is “too small” for people that they’ll rather check for a workaround than leave the platform.

My guess is that we need something more appealing like the Steam Deck to make people take the step.

IllNess , 10 hours ago

My guess is that we need something more appealing like the Steam Deck to make people take the step.

Hear me out! The Steam Phone®!

5714 , 10 hours ago

Steam’s UI is tolerable, but inconsistent. In a SteamDeck, OK, but in a phone? Idk.

I get that this isn’t meant that seriously.

vividspecter , 10 hours ago

I’d be happy with 2010 era desktop Linux level of support. It doesn’t need to get everybody to switch, just needs to be good enough for my needs.

SnotFlickerman , 11 hours ago

That was the hope with Android, too.

The problem is that as the OS is “free” that means it costs less functionally for the device manufacturer to get an OS on the device, so now they can pour more money into bloatware.

Android was supposed to stop bloatware but all it did was enable it.

Even without a forced “store” Linux is prey to the same issue of piecemeal support from various vendors all with in-house solutions that all stink.

namingthingsiseasy , 11 hours ago (edited 10 hours ago)

But part of the appeal of Linux is the fact that you can repurpose existing computers running other OSes to run Linux instead. This is a great way to lower the barrier to entry for Linux, because it’s easy to test it on a Live USB or a dual boot. It’s much harder to do this on phones because they have locked bootloaders.

Another problem is that phones are not productivity devices - they’re consumption devices. Maybe this is just my personal bias, but I don’t think people will be as passionate about liberating their phones because they’re inherently less useful than computers. Convenient, yes, but useful? Not as much.

That said, I would love to be proven wrong. I would definitely consider a Linux phone if they become more popular/useful, but I can’t really justify spending hundreds of euros/dollars on something for which I don’t see any particular use.

IllNess , 10 hours ago

When I say Linux phones, I mean selling a phone with Linux already or Linux ready, not taking existing phones with Android and putting Linux on them.

Examples:
Purism Librem 5
PinePhone Pro
Pro1 X
Volla Phone X23

vikingtons , 9 hours ago

As much as I want that to be the case, I don’t think full mobile gnu+Linux is really ready to use daily?

I haven’t exactly been keeping up with things, mind you

IllNess , 8 hours ago

Yes. I think a huge issue is Linux doesn’t handle other app activities like how Android’s Intent or Broadcast does.

timbuck2themoon , 2 hours ago

I sub to a few mobile Linux feeds and I want but don’t at all think mobile Linux is ready, even for tech devotees. Too battery hungry, not enough ease of use, missing functions, etc. And that’s not including lack of apps.

Sailfish gets closest so far I think. But yes, not ready. Ubuntu touch last time I tried is fine but still a bit out of sorts.

AceFuzzLord , 6 hours ago

Sadly the only people who would switch over to an actual Linux phone would be the people like the stereotypical Linux using Lemmy user. The average android user would just continue on like nothing happened because they’re not tech literate enough to know what’s going on or why they should care.

helenslunch , 6 hours ago

Linux isn’t even popular on desktop. No way a mobile version becomes popular without some massive shifts in Linux ideology and culture.

XTL , 21 minutes ago (edited 11 minutes ago)

There aren’t, really. There are a few antiques and half baked things.

A big problem is that these days, unless you’re the size of Apple or Samsung, it’s impossible to get a reasonable hardware soc and modem other than one which only runs a soon obsolete blob laden android which is going to be EOL before you’ve even finished your design.

The hardware is not there. The firmware/hw data/platform isn’t there even to begin OS work with. And there’s a global shipping, regulation and mobile operator hell waiting on the other side. And a product lifecycle that’s only a few years long.

Yes, I’ve worked for phone manufacturers.

FangedWyvern42 , 4 hours ago

There are Linux mobile operating systems like PostmarketOS, but they are too early in development to be used by most people.

whats_all_this_then , 4 hours ago

The more I think about it, this may finally convince me to…shudders…switch to an iPhone. I’ve always stayed on Android because despite the recent Google bullshit, it still for the most part lets me do whatever. Side-loading apks is a huge part of that.

If it’s turning into a shittier iOS clone, what’s the point?

Corkyskog , 1 hour ago

Don’t do IOS, it’s such a pain. It took us 2 days to figure out how to play an audio book file that I was able to download an F-droid app for and play in like 3 minutes.

0x0 , 3 hours ago

So the EU’s been forcing Apple to allow sideloading and Google goes Nah, it’ll be fine?

boonhet , 1 hour ago

Google is allowing the app developers to choose (for now?). With Apple, developers never had the option to allow other stores or sideloading.

bitfucker , 30 minutes ago

Ehh, this is basically just another form of DRM. No different than you having a Steam and GOG model. You can make your apps using DRM and enforce certain constraints

flatlined , 26 minutes ago

No but you see we at Google aren’t locking down sideloading. It’s the individual app developers. With the api we gave them for that express purpose. Totally not us locking stuff down though, so EU please ignore us trying to indirectly close doors in our walled garden?

bad_alloc , 26 minutes ago

Just the term “side loading” instantly frames installing software on a device you own as something shady.

Kolanaki , 11 hours ago

I just won’t use any apps that do this. Simple.

QuadratureSurfer , 11 hours ago

Good luck when banking apps start doing this.

over_clox , 10 hours ago

Oh shit…

Chozo , 10 hours ago

I'll be real, I wouldn't trust a banking app from any third-party storefront to begin with. That's the sort of app I'd really want to be properly vetted and secured.

Maeve , 9 hours ago

When did Google start verifying security on play?

Chozo , 8 hours ago

Play Protect has been around for a few years now and will disable apps it detects that are abusing user data.

Maeve , 8 hours ago

My point is, it doesn't do much, if anything.

rxin , 5 hours ago

All it does, in my experience, is to constantly nag you to uninstall lucky patcher.

Cris_Color , 9 hours ago

If you’re using a custom de-googled rom you don’t have the play store, so this would just gut that functionality :/ same for any other app that decides they need this, which if the past is anything to go on is going to be a ton of apps that really don’t need it

Azzu , 8 hours ago (edited 8 hours ago)

But, there’s no difference in security between using a different storefront? The difference in security depends on the app itself, not where it was downloaded from.

Chozo , 5 hours ago (edited 5 hours ago)

Assuming the app is legitimate, sure. But unless you can verify the code, yourself, then you're having to trust that the source you download from hasn't altered the APK in some way. That's a pretty big risk for most people when it comes to finance apps.

Azzu , 5 hours ago

Yeah but I mean if your bank would offer their app through F-Droid as an addition to Google Play, there is no reason to assume the app suddenly got less secure.

mrvictory1 , 5 hours ago

APKs are signed, you can verify the integrity of an APK. If you have a previous version of an app installed, a new version with incorrect signature won’t even install.

bdonvr , 10 hours ago

Do we really need banking apps? Fuck it I’ll use their website.

QuadratureSurfer , 10 hours ago

The features you miss out on would be direct deposit from checks and app notifications (usually there are a few that you want enabled but are only available through the app).

bdonvr , 9 hours ago

Most banks I’ve used allow SMS notifications for things like deposits and purchases.

The check things is true but I need to use it like less than once a year so eh.

Landless2029 , 3 hours ago

There’s an app to make web apps icons. Or just use Firefox to add the bookmark to your homepage

Hermit - Lite apps browser

kalpol , 43 minutes ago

Some places are ditching the website and going app-only. Stockpile as an example.

Kolanaki , 10 hours ago (edited 10 hours ago)

Cash. No app part. Just cash.

QuadratureSurfer , 10 hours ago

Yeah until the cops pull you over and take your cash under civil asset forfeiture because it’s “suspicious that you have so much cash on hand”.

ij.org/…/highway-robbery-in-reno-nevada-cops-use-…

Maeve , 9 hours ago

I knew a dev once that absolutely refused to use banks. I'm a populated California city. With security cameras all over outside, everywhere. Buried cash in Mason jars. We lost touch but I always wondered how that worked out.

Kolanaki , 9 hours ago (edited 9 hours ago)

There’s no way my broke ass would ever have that much cash.

ohwhatfollyisman , 10 hours ago

personally, i wouldn’t trust a third-party created app with my banking details. what’s more, i’ve removed all banking apps from my phone.

i don’t need to allow access to my finances on the device which is most likely to get pinched out of everything i own. plus google and apple don’t need to know which banks have accounts of mine.

imo that additional inconvenience to conduct all banking transactions from a browser is worth the candle.

x00za , 9 hours ago

Can’t give up the fight just because you want convenience.

subignition , 11 hours ago

It's not like dedicated people aren't going to be able to just patch out the calls to this API from the apps themselves...

This feels like yet another attempt at DRM that is doing more harm than help.

Peruvian_Skies , 11 hours ago (edited 11 hours ago)

You mean like literally every single attempt at DRM since the Big Bang?

Azzu , 8 hours ago

Indeed, I already bypass SafetyNet and Play integrity with some kind of xposed module, I don’t expect this to change.

mrvictory1 , 5 hours ago

Can you tell me which modules you use? I am trying to pass SafetyNet on Waydroid but can’t pass even basic integrity.

Azzu , 5 hours ago

idk where I got it from, but it’s called “Universal SafetyNet Fix” by kdrag0n

mrvictory1 , 3 hours ago (edited 3 hours ago)

Did you just install the module and passed safetynet or did you have to use custom fingerprint? Also are you on custom or stock rom?

Azzu , 1 hour ago

Don’t remember, sorry

Am on e/os/

whats_all_this_then , 2 hours ago

I’ve used Magisk with the safetynet module + hiding root from apps with like a 95% success rate. Quick search for “magisk safetynet” and look at the xdadevelopers threads

whats_all_this_then , 2 hours ago

Whoa, is Xposed still a thing that works? Had to use Magisk instead to get the safety net stuff working on Lineage OS android 11

Azzu , 1 hour ago

Xposed is just an API which is provided by the LSPosed Magisk module.

vin , 1 hour ago

Why would that be possible? Wouldn’t the developer have their server rejected any calls from “unsigned” apps?

heavy , 6 hours ago

Androids best advantage used to be full control of the device… Those were the days. Then it started with saying they know better than you, then locking you out. Now I’m waiting on a new, better solution.

Honestly it’s not like native Linux is too far fetched, but there would have to be a big open source common ground device collaboration.

0x0 , 3 hours ago

So the EU’s been forcing Apple to allow sideloading and Google goes Nah, it’ll be fine?

Plopp , 3 hours ago

Google still allows sideloading, it’s the app developers that can prevent you from installing their app from other sources than Google Play. Sideloading an app works fine on Android if the app’s developer allows it. Apple didn’t allow that even if the app devs wanted it.

diffusive , 2 hours ago

You are technically (and possibly legally) correct… But the spirit of the law is allowing customers to install what they want on their devices.

This move defuses the responsibility to the developers but EU showed in the past that what they care is the spirit of the law and not the law itself…and they are happy to change the laws to make them more adherent to the spirit

Plopp , 1 hour ago

I would be really happy if you’re right, but I sadly think Google’s fine here. As far as I understand it, this particular regulation is to prevent a powerful actor (Google, Apple) to use their monopolistic powers to shut alternative stores down. It’s not about allowing customers to install whatever and however. Google doesn’t shut anyone down with this, so they should be fine. They give the option for app developers to choose if they want to run only on an attested platform - which they sell as a completely optional security feature that nobody has to use.

My guess is if the EU is going to take this further it would have to be regarding a potential monopoly on the attested platforms on the device. Google only offering their own platform as trusted could potentially be seen as another monopolistic behavior. If we’re lucky.

EddoWagt , 2 hours ago

Man I really hate how they stripped your permissions to access the internal and external storage, files can no longer access data from other apps even if you say allow all file access. Also if your phone supports SD cards, you might notice that you don’t have write access to it for some reason on later versions of android. (I really struggled with this with my Galaxy S9 on Lineage), had to use apps that remounted my SD card and what not

vext01 , 5 hours ago

I have an android DAP (music player) that runs Android 7. It’s a box with a headphone jack (remember those?) and it’s sole purpose is to play offline music from an SD card.

I side-loaded a few music players, because there’s no way I’m putting my Google password in android 7 in 2024.

I’d be upset if I couldn’t side load. These DAPs never have an up to date android.

Let’s hope the music apps I use don’t block sideloading.

Poweramp won’t. Musicolet?

diffusive , 2 hours ago

Likely android 7 would not honor (or even be aware) of this new metadata bit. You’ll be fine 🙂

chiisana , 11 hours ago

App developers need ways to know the app has not been modified in unsanctioned manner, glad to see Android finally catching up on security with integrity checks.

Natanael , 11 hours ago

No, this will only lead people without access to Google Play to be forced to get it from somebody who has modified the app to fake the check.

praise_idleness , 11 hours ago

Which obviously sucks but also is exactly what developers want or just don’t care

Chozo , 10 hours ago

If they don't have access to Play, then the developer of that app specifically does not want to service them as a user. Developers have to enable this feature in their own apps for it to do anything. If that developer wanted to support de-Googled users, they wouldn't enable this in the first place.

surge_1 , 10 hours ago

Yup, this is important for certain apps with a high security bar. Surprised at all the downvotes.

DoucheBagMcSwag , 10 hours ago (edited 10 hours ago)

Slippery slope. Soon it wil be for all fucking mundane apps because they don’t want you running a modded version…which is my fucking choice to do

chiisana , 10 hours ago

This is Lemmy. If you’re not advocating for FOSS, or piracy to spite the corporations, you’re gonna get downvoted. I don’t care. We need better security standards whether these kids like it or not.

smiletolerantly , 6 hours ago

Security by default is fine, but not if its being forced.

If I go out of my way to root my phone or sideload an app, I have a reason for that. I’m fine with an app going “Hey! This phone is rooted / this app is not from an official source! Wait 10s before you can click ‘I understand and take full responsibikity in case of a security breach’”.

I’m not OK with an app going “I will not work on this device because yiur environment is non-standard, period”.

0x0 , 3 hours ago

This does jack-all for security, it’s just monopolization in disguise and you’re buying into it.

x00za , 9 hours ago

They can check their own integrity without Play services. And even then, ME AS A USER, doesn’t want the app to decide this for me.

noodlejetski , 7 hours ago

certain apps with a high security bar

like the McDonalds app, which already requires workarounds to work on rooted devices?

surge_1 , 7 hours ago

Of course not, sometimes it really is just corpo bs, don’t use their app if it’s such an issue for you.

brbposting , 7 hours ago

You want affordable food, you WILL pay them with your data. Always on location please! Oh and precise as well, thank you.

Cheems , 9 hours ago

It’s my phone. If I’m specifically going out of my way to do that, they have no right to force me to do it their way.

mrvictory1 , 4 hours ago

Why do you think apps should verify their integrity in the first place? In the case of banking apps or other online apps, the APIs they use should be secure in the first place so a user can’t achieve anything meaningful by modifying API calls. In the case of offline games with monetization, a hacker who makes a pirated APK will also remove the restriction so legitimate players on non standart ROMs will get screwed. In the case of messaging apps with a “delete messages” or “one time view” function ie. Whatsapp, the sender shouldn’t take that their actions will be respected by other clients because modded apps exist and Whatsapp doesn’t care if you install it on a rooted device.

whats_all_this_then , 2 hours ago (edited 2 hours ago)

This!

APK signatures exist and they’re enough for making sure the file you got isn’t modified. Warning people when they use apks for stuff like banking, I get, but if they wanna take the risk, it’s on them.

Blocking root makes no sense because I’d argue that if the person knows enough to root their phone and got past all those bricked phone/thermonuclear war warnings, the onus is on them to not get their keychain compromised by giving root to some random app. Again, a warning is fine.

Aside from that, people need to understand: THE CLIENT IS NEVER SECURE. NO EXCEPTIONS.

Any self respecting secure API is made under the assumption that all the calls are coming from some malicious state actor using curl until proven beyond doubt that it’s an actual user.

penquin , 11 hours ago (edited 11 hours ago)

What’s the point of having an android phone then? I fucking hate android so much, but I only use it, not iOS, because of sideloading. Of If they take that away from us then why not just get an iPhone then? Our only hope is Linux phones picking up a little.

Peruvian_Skies , 11 hours ago

One reason would be that with an iPhone, you’re paying two to five times the price of an Android phone with comparable hardware.

whats_all_this_then , 3 hours ago

Hardware isn’t everything. Apple has a couple of advantages over iPhone that let them do more with less:

• iOS needs to support a MUCH fewer devices than Android. Even before they switched to their own silicon, they’ve been optimizing the OS to the hardware really well giving you devices that go toe to toe with Android flagships of the same generation with SIGNIFICANTLY better hardware and like double the RAM. Also why Apple doesn’t really care to increase RAM as much as the android side of things.
• Apple silicon is actually really good and making their own hardware allows them to optimize on both sides of the equation and lets them do more with less.

The selling points for Android (at least the way I’ve seen it over the years) have always been full control (talking about non-root, I’d rather not go down the root rabbit hole here) and (since iPhone 11 started doing firmware blocks on parts) reparability…but both seem to be going out the window lately.

Prices are crap though, but then again Android phones on the top end don’t seem much better. 1-2 gen old iPhones are usually a bit more reasonable though tbh.

ChaoticNeutralCzech , 10 hours ago

It’s the apps that prevent themselves being sideloaded. Presumably, their devs will enact similar policy on EU iOS too.

lemmee_in OP , 8 hours ago

This is just Google’s clever way of not removing the sideloading feature from their OS.

They let app developers to prevent users from using sideloaded app.

This way they can avoid antitrust lawsuits.

sxan , 2 hours ago

F-Droid

Most of the apps I have and use are installed via Droidify. The ones that aren’t are company apps, like banking or airline. I could just used the web sites for those; they’re only conveniences.

My phone isn’t rooted, and I didn’t read the article so I don’t know how this will affect me. If push comes to shove, I’ll simply bite the bullet and get a phone I can install Linux on next time, regardless of how polished for daily driving it is.

T156 , 11 hours ago

What is a “trustworthy software environment”?

Does that mean that it will get mad and fail you for having Developer options enabled? Having F-Droid installed? Having it plugged into a computer?

x00za , 9 hours ago

If it detects wrongspeak it will tell the authorities.

FierySpectre , 6 hours ago

According to the dumbfucks making the government application of Belgium (to read official communication) trustworthy means having developer mode disabled.

whats_all_this_then , 4 hours ago

There’s a bank here that refuses to let you log into their app if you have developer options enabled. Their service was getting much better until that point, but I dropped them completely after that.

I use developer options to get better screen density on my large ass screen, and to you know…develop apps 🤷‍♂️

FUCK THESE ASSHOLES WHO THINK THEY CAN TELL ME WHAT I CAN AND CAN NOT DO WITH MY PHONE

odelik , 12 hours ago (edited 12 hours ago)

This seems like a brilliant feature to roll out as they’re getting investigated by the DOJ for being a monopoly.

over_clox , 11 hours ago

Also, didn’t the EU declare that Apple needs to allow other app stores on their devices?

This seems like a bonehead move all around…

kusivittula , 11 hours ago

everyone wants to be like apple

halcyoncmdr , 9 hours ago

This has almost nothing to do with Google, it’s a feature that has to be enabled by the app developer. Meaning they want to exclude users getting the APK for their app from elsewhere.

Ohmmy , 8 hours ago

Kinda. It might be 3rd parties using it but it 100% and API designed by Google to keep apps on Google Play.

halcyoncmdr , 8 hours ago

For all we know it could have been requested years ago by developers who have apps that get pirated but there was no mechanism in place to implement it at the time, and wasn’t a priority.

Just because it’s beneficial to Google maintaining more direct control now, that doesn’t necessarily mean that’s the origin.

madis , 7 hours ago

Well, there is a separate system for pirating prevention, the Google Play license check. That has existed for years.

FierySpectre , 6 hours ago

If an app gets pirated they’re going to have thrown out this check too.

lemmee_in OP , 9 hours ago

Google : “You don’t own your phone, we own you.”

philodendron , 6 hours ago

I unironically think so. It offloads the blame onto individual app developers. Google can turn around and say oh well it’s what the market wants

thisbenzingring , 7 hours ago

the google store environment is such a pain, at work we have android based Zebra barcode readers… today when I was sideloading our app one of the devices kept uninstalling it because of google play… what a fucking pain in the ass

only when intune fully took it over did it stop…

DONT MAKE ME LIKE INTUNE GOOGLE… JFK

cm0002 , 11 hours ago

which cannot be worked around.

Well, at least not without root lol

Root detecting apps to Side loading detecting apps:

First time?

ChaoticNeutralCzech , 10 hours ago

I installed FakeStore and set the app’s installed_by* property from Package Manager to FakeStore (com.android.vending, the same as Google Play Store), which was enough to fool the public transport app I’m using. Is this the workaround you’re talking about, or does it require MicroG too?

• Not what it’s actually called, can’t remember that

cm0002 , 8 hours ago

Yea that sounds about right, really hiding root is straight up magic as is (even though it’s a cat and mouse game lol) and achieving that is 98% of the hard work of hiding the fact an app has been sideloaded. Short of a complete overhaul from Google where they actually try that is.

Which, if I’m being honest, doesn’t seem like they are. It seems like a rather simple system all things considered. There’s no Playstore specific keys or signatures or file checks or hashs as far as I can tell. Its just a flag and checking if Playstore exists on the device at all

cheers_queers , 11 hours ago

i JUST started enjoying adfree YouTube via revanced, now it could go away?! fuck lol

Peruvian_Skies , 11 hours ago (edited 11 hours ago)

This has absolutely nothing to do with ReVanced.

cheers_queers , 9 hours ago

oh okay, thanks

tilefan , 11 hours ago

gee I wonder how long it will be before I can download the custom patches to get around this

mp3 , 10 hours ago (edited 10 hours ago)

Revanced patches will go BRRRRR on these