Android apps are blocking sideloading and forcing Google Play versions instead

koncertejo , 8 hours ago

If the Play Store becomes required like that then Android’s already-shaky status as an open source base platform is going to go out the window. I’m glad there are non-Google distros of Android but there really needs to be more of a push to make a completely FOSS phone platform.

IllNess , 8 hours ago

There are Linux phones available. I,m going to guess popularity of those devices to increase soon.

MrLLM , 7 hours ago

I,m going to guess popularity of those devices to increase soon.

I don’t want to be pessimistic about it, however I think it’s gonna be like Windows: enshittification will happen, but inconvenience is “too small” for people that they’ll rather check for a workaround than leave the platform.

My guess is that we need something more appealing like the Steam Deck to make people take the step.

IllNess , 6 hours ago

My guess is that we need something more appealing like the Steam Deck to make people take the step.

Hear me out! The Steam Phone®!

5714 , 6 hours ago

Steam’s UI is tolerable, but inconsistent. In a SteamDeck, OK, but in a phone? Idk.

I get that this isn’t meant that seriously.

vividspecter , 6 hours ago

I’d be happy with 2010 era desktop Linux level of support. It doesn’t need to get everybody to switch, just needs to be good enough for my needs.

SnotFlickerman , 7 hours ago

That was the hope with Android, too.

The problem is that as the OS is “free” that means it costs less functionally for the device manufacturer to get an OS on the device, so now they can pour more money into bloatware.

Android was supposed to stop bloatware but all it did was enable it.

Even without a forced “store” Linux is prey to the same issue of piecemeal support from various vendors all with in-house solutions that all stink.

namingthingsiseasy , 7 hours ago (edited 7 hours ago)

But part of the appeal of Linux is the fact that you can repurpose existing computers running other OSes to run Linux instead. This is a great way to lower the barrier to entry for Linux, because it’s easy to test it on a Live USB or a dual boot. It’s much harder to do this on phones because they have locked bootloaders.

Another problem is that phones are not productivity devices - they’re consumption devices. Maybe this is just my personal bias, but I don’t think people will be as passionate about liberating their phones because they’re inherently less useful than computers. Convenient, yes, but useful? Not as much.

That said, I would love to be proven wrong. I would definitely consider a Linux phone if they become more popular/useful, but I can’t really justify spending hundreds of euros/dollars on something for which I don’t see any particular use.

IllNess , 6 hours ago

When I say Linux phones, I mean selling a phone with Linux already or Linux ready, not taking existing phones with Android and putting Linux on them.

Examples:
Purism Librem 5
PinePhone Pro
Pro1 X
Volla Phone X23

vikingtons , 5 hours ago

As much as I want that to be the case, I don’t think full mobile gnu+Linux is really ready to use daily?

I haven’t exactly been keeping up with things, mind you

IllNess , 4 hours ago

Yes. I think a huge issue is Linux doesn’t handle other app activities like how Android’s Intent or Broadcast does.

AceFuzzLord , 2 hours ago

Sadly the only people who would switch over to an actual Linux phone would be the people like the stereotypical Linux using Lemmy user. The average android user would just continue on like nothing happened because they’re not tech literate enough to know what’s going on or why they should care.

helenslunch , 2 hours ago

Linux isn’t even popular on desktop. No way a mobile version becomes popular without some massive shifts in Linux ideology and culture.

FangedWyvern42 , 1 hour ago

There are Linux mobile operating systems like PostmarketOS, but they are too early in development to be used by most people.

whats_all_this_then , 20 minutes ago

The more I think about it, this may finally convince me to…shudders…switch to an iPhone. I’ve always stayed on Android because despite the recent Google bullshit, it still for the most part lets me do whatever. Side-loading apks is a huge part of that.

If it’s turning into a shittier iOS clone, what’s the point?

tabular , 8 hours ago

Google Pain Services. Google Pisses Itself API.

Cris_Color , 8 hours ago

Well that fucking sucks

odelik , 8 hours ago (edited 8 hours ago)

This seems like a brilliant feature to roll out as they’re getting investigated by the DOJ for being a monopoly.

over_clox , 8 hours ago

Also, didn’t the EU declare that Apple needs to allow other app stores on their devices?

This seems like a bonehead move all around…

kusivittula , 7 hours ago

everyone wants to be like apple

halcyoncmdr , 5 hours ago

This has almost nothing to do with Google, it’s a feature that has to be enabled by the app developer. Meaning they want to exclude users getting the APK for their app from elsewhere.

Ohmmy , 4 hours ago

Kinda. It might be 3rd parties using it but it 100% and API designed by Google to keep apps on Google Play.

halcyoncmdr , 4 hours ago

For all we know it could have been requested years ago by developers who have apps that get pirated but there was no mechanism in place to implement it at the time, and wasn’t a priority.

Just because it’s beneficial to Google maintaining more direct control now, that doesn’t necessarily mean that’s the origin.

madis , 3 hours ago

Well, there is a separate system for pirating prevention, the Google Play license check. That has existed for years.

FierySpectre , 2 hours ago

If an app gets pirated they’re going to have thrown out this check too.

lemmee_in OP , 5 hours ago

Google : “You don’t own your phone, we own you.”

philodendron , 2 hours ago

I unironically think so. It offloads the blame onto individual app developers. Google can turn around and say oh well it’s what the market wants

penquin , 8 hours ago (edited 7 hours ago)

What’s the point of having an android phone then? I fucking hate android so much, but I only use it, not iOS, because of sideloading. Of If they take that away from us then why not just get an iPhone then? Our only hope is Linux phones picking up a little.

Peruvian_Skies , 6 hours ago

One reason would be that with an iPhone, you’re paying two to five times the price of an Android phone with comparable hardware.

ChaoticNeutralCzech , 6 hours ago

It’s the apps that prevent themselves being sideloaded. Presumably, their devs will enact similar policy on EU iOS too.

lemmee_in OP , 4 hours ago

This is just Google’s clever way of not removing the sideloading feature from their OS.

They let app developers to prevent users from using sideloaded app.

This way they can avoid antitrust lawsuits.

cm0002 , 7 hours ago

which cannot be worked around.

Well, at least not without root lol

Root detecting apps to Side loading detecting apps:

First time?

ChaoticNeutralCzech , 6 hours ago

I installed FakeStore and set the app’s installed_by* property from Package Manager to FakeStore (com.android.vending, the same as Google Play Store), which was enough to fool the public transport app I’m using. Is this the workaround you’re talking about, or does it require MicroG too?

• Not what it’s actually called, can’t remember that

cm0002 , 3 hours ago

Yea that sounds about right, really hiding root is straight up magic as is (even though it’s a cat and mouse game lol) and achieving that is 98% of the hard work of hiding the fact an app has been sideloaded. Short of a complete overhaul from Google where they actually try that is.

Which, if I’m being honest, doesn’t seem like they are. It seems like a rather simple system all things considered. There’s no Playstore specific keys or signatures or file checks or hashs as far as I can tell. Its just a flag and checking if Playstore exists on the device at all

chiisana , 7 hours ago

App developers need ways to know the app has not been modified in unsanctioned manner, glad to see Android finally catching up on security with integrity checks.

Natanael , 7 hours ago

No, this will only lead people without access to Google Play to be forced to get it from somebody who has modified the app to fake the check.

praise_idleness , 7 hours ago

Which obviously sucks but also is exactly what developers want or just don’t care

Chozo , 6 hours ago

If they don't have access to Play, then the developer of that app specifically does not want to service them as a user. Developers have to enable this feature in their own apps for it to do anything. If that developer wanted to support de-Googled users, they wouldn't enable this in the first place.

surge_1 , 6 hours ago

Yup, this is important for certain apps with a high security bar. Surprised at all the downvotes.

DoucheBagMcSwag , 6 hours ago (edited 6 hours ago)

Slippery slope. Soon it wil be for all fucking mundane apps because they don’t want you running a modded version…which is my fucking choice to do

chiisana , 6 hours ago

This is Lemmy. If you’re not advocating for FOSS, or piracy to spite the corporations, you’re gonna get downvoted. I don’t care. We need better security standards whether these kids like it or not.

smiletolerantly , 2 hours ago

Security by default is fine, but not if its being forced.

If I go out of my way to root my phone or sideload an app, I have a reason for that. I’m fine with an app going “Hey! This phone is rooted / this app is not from an official source! Wait 10s before you can click ‘I understand and take full responsibikity in case of a security breach’”.

I’m not OK with an app going “I will not work on this device because yiur environment is non-standard, period”.

x00za , 5 hours ago

They can check their own integrity without Play services. And even then, ME AS A USER, doesn’t want the app to decide this for me.

noodlejetski , 4 hours ago

certain apps with a high security bar

like the McDonalds app, which already requires workarounds to work on rooted devices?

surge_1 , 3 hours ago

Of course not, sometimes it really is just corpo bs, don’t use their app if it’s such an issue for you.

brbposting , 3 hours ago

You want affordable food, you WILL pay them with your data. Always on location please! Oh and precise as well, thank you.

Cheems , 5 hours ago

It’s my phone. If I’m specifically going out of my way to do that, they have no right to force me to do it their way.

mrvictory1 , 51 minutes ago

Why do you think apps should verify their integrity in the first place? In the case of banking apps or other online apps, the APIs they use should be secure in the first place so a user can’t achieve anything meaningful by modifying API calls. In the case of offline games with monetization, a hacker who makes a pirated APK will also remove the restriction so legitimate players on non standart ROMs will get screwed. In the case of messaging apps with a “delete messages” or “one time view” function ie. Whatsapp, the sender shouldn’t take that their actions will be respected by other clients because modded apps exist and Whatsapp doesn’t care if you install it on a rooted device.

mctoasterson , 7 hours ago

This is stupid. I will dig further into the real impact to Graphene.

Kolanaki , 7 hours ago

I just won’t use any apps that do this. Simple.

QuadratureSurfer , 7 hours ago

Good luck when banking apps start doing this.

over_clox , 7 hours ago

Oh shit…

Chozo , 6 hours ago

I'll be real, I wouldn't trust a banking app from any third-party storefront to begin with. That's the sort of app I'd really want to be properly vetted and secured.

Maeve , 6 hours ago

When did Google start verifying security on play?

Chozo , 5 hours ago

Play Protect has been around for a few years now and will disable apps it detects that are abusing user data.

Maeve , 4 hours ago

My point is, it doesn't do much, if anything.

rxin , 1 hour ago

All it does, in my experience, is to constantly nag you to uninstall lucky patcher.

Cris_Color , 5 hours ago

If you’re using a custom de-googled rom you don’t have the play store, so this would just gut that functionality :/ same for any other app that decides they need this, which if the past is anything to go on is going to be a ton of apps that really don’t need it

Azzu , 4 hours ago (edited 4 hours ago)

But, there’s no difference in security between using a different storefront? The difference in security depends on the app itself, not where it was downloaded from.

Chozo , 2 hours ago (edited 1 hour ago)

Assuming the app is legitimate, sure. But unless you can verify the code, yourself, then you're having to trust that the source you download from hasn't altered the APK in some way. That's a pretty big risk for most people when it comes to finance apps.

Azzu , 1 hour ago

Yeah but I mean if your bank would offer their app through F-Droid as an addition to Google Play, there is no reason to assume the app suddenly got less secure.

mrvictory1 , 1 hour ago

APKs are signed, you can verify the integrity of an APK. If you have a previous version of an app installed, a new version with incorrect signature won’t even install.

bdonvr , 6 hours ago

Do we really need banking apps? Fuck it I’ll use their website.

QuadratureSurfer , 6 hours ago

The features you miss out on would be direct deposit from checks and app notifications (usually there are a few that you want enabled but are only available through the app).

bdonvr , 5 hours ago

Most banks I’ve used allow SMS notifications for things like deposits and purchases.

The check things is true but I need to use it like less than once a year so eh.

Kolanaki , 6 hours ago (edited 6 hours ago)

Cash. No app part. Just cash.

QuadratureSurfer , 6 hours ago

Yeah until the cops pull you over and take your cash under civil asset forfeiture because it’s “suspicious that you have so much cash on hand”.

ij.org/…/highway-robbery-in-reno-nevada-cops-use-…

Maeve , 5 hours ago

I knew a dev once that absolutely refused to use banks. I'm a populated California city. With security cameras all over outside, everywhere. Buried cash in Mason jars. We lost touch but I always wondered how that worked out.

Kolanaki , 5 hours ago (edited 5 hours ago)

There’s no way my broke ass would ever have that much cash.

ohwhatfollyisman , 6 hours ago

personally, i wouldn’t trust a third-party created app with my banking details. what’s more, i’ve removed all banking apps from my phone.

i don’t need to allow access to my finances on the device which is most likely to get pinched out of everything i own. plus google and apple don’t need to know which banks have accounts of mine.

imo that additional inconvenience to conduct all banking transactions from a browser is worth the candle.

x00za , 5 hours ago

Can’t give up the fight just because you want convenience.

subignition , 7 hours ago

It's not like dedicated people aren't going to be able to just patch out the calls to this API from the apps themselves...

This feels like yet another attempt at DRM that is doing more harm than help.

Peruvian_Skies , 7 hours ago (edited 7 hours ago)

You mean like literally every single attempt at DRM since the Big Bang?

Azzu , 4 hours ago

Indeed, I already bypass SafetyNet and Play integrity with some kind of xposed module, I don’t expect this to change.

mrvictory1 , 1 hour ago

Can you tell me which modules you use? I am trying to pass SafetyNet on Waydroid but can’t pass even basic integrity.

Azzu , 1 hour ago

idk where I got it from, but it’s called “Universal SafetyNet Fix” by kdrag0n

cheers_queers , 7 hours ago

i JUST started enjoying adfree YouTube via revanced, now it could go away?! fuck lol

Peruvian_Skies , 6 hours ago (edited 6 hours ago)

This has absolutely nothing to do with ReVanced.

cheers_queers , 5 hours ago

oh okay, thanks

tilefan , 7 hours ago

gee I wonder how long it will be before I can download the custom patches to get around this

mp3 , 6 hours ago (edited 6 hours ago)

Revanced patches will go BRRRRR on these

T156 , 7 hours ago

What is a “trustworthy software environment”?

Does that mean that it will get mad and fail you for having Developer options enabled? Having F-Droid installed? Having it plugged into a computer?

x00za , 5 hours ago

If it detects wrongspeak it will tell the authorities.

FierySpectre , 2 hours ago

According to the dumbfucks making the government application of Belgium (to read official communication) trustworthy means having developer mode disabled.

whats_all_this_then , 26 minutes ago

There’s a bank here that refuses to let you log into their app if you have developer options enabled. Their service was getting much better until that point, but I dropped them completely after that.

I use developer options to get better screen density on my large ass screen, and to you know…develop apps 🤷‍♂️

FUCK THESE ASSHOLES WHO THINK THEY CAN TELL ME WHAT I CAN AND CAN NOT DO WITH MY PHONE

thisbenzingring , 3 hours ago

the google store environment is such a pain, at work we have android based Zebra barcode readers… today when I was sideloading our app one of the devices kept uninstalling it because of google play… what a fucking pain in the ass

only when intune fully took it over did it stop…

DONT MAKE ME LIKE INTUNE GOOGLE… JFK

heavy , 2 hours ago

Androids best advantage used to be full control of the device… Those were the days. Then it started with saying they know better than you, then locking you out. Now I’m waiting on a new, better solution.

Honestly it’s not like native Linux is too far fetched, but there would have to be a big open source common ground device collaboration.