Android apps are blocking sideloading and forcing Google Play versions instead

kokesh , 53 minutes ago

Lucky Patcher?

mitrosus , 56 minutes ago

Long live custom degoogled ROM.

eleitl , 56 minutes ago

I get most of my stuff via F-Droid or I could use Obtainium. My tablet is Google-free. This sounds like my phone should be Google-free as well.

bad_alloc , 2 hours ago

Just the term “side loading” instantly frames installing software on a device you own as something shady.

SlothMama , 1 hour ago

Yes, that’s the implication, and it’s certainly intentional for you to think of it like that.

rottingleaf , 1 hour ago

I’ve had people clueless about tech tell me that:

using Linux and not buying Windows I rob MS’s developers,

not doing things the way big corporations want I deprive them of profits and thus rob their workers,

using your own device the way you want it is a crime if you have to bypass what the vendor does,

GPL and BSD licenses are not real sovereign citizen stuff, and if I’m not paying someone for software, I’m robbing the working class,

repairing things yourself in your house is robbing people working in those trades,

reading things in the Web is robbing university professors and book store workers and publishers,

having to learn a particular technology while doing my task at work means I’m a fraud and rob my employer or our clients, because apparently I have to keep all the today’s tech in my head before needing any of it,

if I don’t know some single thing another person knows, they are obviously better qualified than me (say, that other person can write Windows device drivers, while the job is about systems integration),

…

and I don’t remember more stupid shit from those people and I don’t want to, but generally being not a dumb ape in today’s world is considered suspicious apparently.

After that wonderful experience I might be silent about my views with people usually, but really I’ll never stop being anarchist (whatever kind of anarchism that is).

0x0 , 5 hours ago

So the EU’s been forcing Apple to allow sideloading and Google goes Nah, it’ll be fine?

boonhet , 3 hours ago

Google is allowing the app developers to choose (for now?). With Apple, developers never had the option to allow other stores or sideloading.

bitfucker , 2 hours ago

Ehh, this is basically just another form of DRM. No different than you having a Steam and GOG model. You can make your apps using DRM and enforce certain constraints

flatlined , 2 hours ago

No but you see we at Google aren’t locking down sideloading. It’s the individual app developers. With the api we gave them for that express purpose. Totally not us locking stuff down though, so EU please ignore us trying to indirectly close doors in our walled garden?

vext01 , 7 hours ago

I have an android DAP (music player) that runs Android 7. It’s a box with a headphone jack (remember those?) and it’s sole purpose is to play offline music from an SD card.

I side-loaded a few music players, because there’s no way I’m putting my Google password in android 7 in 2024.

I’d be upset if I couldn’t side load. These DAPs never have an up to date android.

Let’s hope the music apps I use don’t block sideloading.

Poweramp won’t. Musicolet?

diffusive , 4 hours ago

Likely android 7 would not honor (or even be aware) of this new metadata bit. You’ll be fine 🙂

heavy , 8 hours ago

Androids best advantage used to be full control of the device… Those were the days. Then it started with saying they know better than you, then locking you out. Now I’m waiting on a new, better solution.

Honestly it’s not like native Linux is too far fetched, but there would have to be a big open source common ground device collaboration.

0x0 , 5 hours ago

So the EU’s been forcing Apple to allow sideloading and Google goes Nah, it’ll be fine?

Plopp , 5 hours ago

Google still allows sideloading, it’s the app developers that can prevent you from installing their app from other sources than Google Play. Sideloading an app works fine on Android if the app’s developer allows it. Apple didn’t allow that even if the app devs wanted it.

diffusive , 4 hours ago

You are technically (and possibly legally) correct… But the spirit of the law is allowing customers to install what they want on their devices.

This move defuses the responsibility to the developers but EU showed in the past that what they care is the spirit of the law and not the law itself…and they are happy to change the laws to make them more adherent to the spirit

Plopp , 3 hours ago

I would be really happy if you’re right, but I sadly think Google’s fine here. As far as I understand it, this particular regulation is to prevent a powerful actor (Google, Apple) to use their monopolistic powers to shut alternative stores down. It’s not about allowing customers to install whatever and however. Google doesn’t shut anyone down with this, so they should be fine. They give the option for app developers to choose if they want to run only on an attested platform - which they sell as a completely optional security feature that nobody has to use.

My guess is if the EU is going to take this further it would have to be regarding a potential monopoly on the attested platforms on the device. Google only offering their own platform as trusted could potentially be seen as another monopolistic behavior. If we’re lucky.

EddoWagt , 4 hours ago

Man I really hate how they stripped your permissions to access the internal and external storage, files can no longer access data from other apps even if you say allow all file access. Also if your phone supports SD cards, you might notice that you don’t have write access to it for some reason on later versions of android. (I really struggled with this with my Galaxy S9 on Lineage), had to use apps that remounted my SD card and what not

thisbenzingring , 9 hours ago

the google store environment is such a pain, at work we have android based Zebra barcode readers… today when I was sideloading our app one of the devices kept uninstalling it because of google play… what a fucking pain in the ass

only when intune fully took it over did it stop…

DONT MAKE ME LIKE INTUNE GOOGLE… JFK

doctortran , 28 minutes ago

Did you turn off Play Protect?

And yeah, when we set these barcode scanners up, unfortunately it made me appreciate Intune’s Android management tools. I despise Microsoft and Google, but Microsoft won that round of “Who do I hate the least right now?”

T156 , 13 hours ago

What is a “trustworthy software environment”?

Does that mean that it will get mad and fail you for having Developer options enabled? Having F-Droid installed? Having it plugged into a computer?

x00za , 11 hours ago

If it detects wrongspeak it will tell the authorities.

FierySpectre , 8 hours ago

According to the dumbfucks making the government application of Belgium (to read official communication) trustworthy means having developer mode disabled.

whats_all_this_then , 6 hours ago

There’s a bank here that refuses to let you log into their app if you have developer options enabled. Their service was getting much better until that point, but I dropped them completely after that.

I use developer options to get better screen density on my large ass screen, and to you know…develop apps 🤷‍♂️

FUCK THESE ASSHOLES WHO THINK THEY CAN TELL ME WHAT I CAN AND CAN NOT DO WITH MY PHONE

tilefan , 13 hours ago

gee I wonder how long it will be before I can download the custom patches to get around this

mp3 , 13 hours ago (edited 12 hours ago)

Revanced patches will go BRRRRR on these

cheers_queers , 13 hours ago

i JUST started enjoying adfree YouTube via revanced, now it could go away?! fuck lol

Peruvian_Skies , 13 hours ago (edited 13 hours ago)

This has absolutely nothing to do with ReVanced.

cheers_queers , 11 hours ago

oh okay, thanks

subignition , 13 hours ago

It's not like dedicated people aren't going to be able to just patch out the calls to this API from the apps themselves...

This feels like yet another attempt at DRM that is doing more harm than help.

Peruvian_Skies , 13 hours ago (edited 13 hours ago)

You mean like literally every single attempt at DRM since the Big Bang?

Azzu , 10 hours ago

Indeed, I already bypass SafetyNet and Play integrity with some kind of xposed module, I don’t expect this to change.

mrvictory1 , 7 hours ago

Can you tell me which modules you use? I am trying to pass SafetyNet on Waydroid but can’t pass even basic integrity.

Azzu , 7 hours ago

idk where I got it from, but it’s called “Universal SafetyNet Fix” by kdrag0n

mrvictory1 , 5 hours ago (edited 5 hours ago)

Did you just install the module and passed safetynet or did you have to use custom fingerprint? Also are you on custom or stock rom?

Azzu , 3 hours ago

Don’t remember, sorry

Am on e/os/

whats_all_this_then , 4 hours ago

I’ve used Magisk with the safetynet module + hiding root from apps with like a 95% success rate. Quick search for “magisk safetynet” and look at the xdadevelopers threads

whats_all_this_then , 4 hours ago

Whoa, is Xposed still a thing that works? Had to use Magisk instead to get the safety net stuff working on Lineage OS android 11

Azzu , 3 hours ago

Xposed is just an API which is provided by the LSPosed Magisk module.

whats_all_this_then , 1 hour ago

Huh…the more you know. I just assumed Magisk was a spiritual successor, apparently I misunderstood how any of it works.

vin , 3 hours ago

Why would that be possible? Wouldn’t the developer have their server rejected any calls from “unsigned” apps?

doctortran , 29 minutes ago (edited 21 minutes ago)

Possibly, but many apps don’t actually need to phone home to function.

Of course that doesn’t stop developers arbitrarily requiring it.

Kolanaki , 13 hours ago

I just won’t use any apps that do this. Simple.

QuadratureSurfer , 13 hours ago

Good luck when banking apps start doing this.

over_clox , 13 hours ago

Oh shit…

Chozo , 12 hours ago

I'll be real, I wouldn't trust a banking app from any third-party storefront to begin with. That's the sort of app I'd really want to be properly vetted and secured.

Maeve , 11 hours ago

When did Google start verifying security on play?

Chozo , 10 hours ago

Play Protect has been around for a few years now and will disable apps it detects that are abusing user data.

Maeve , 10 hours ago

My point is, it doesn't do much, if anything.

rxin , 7 hours ago (edited 2 minutes ago)

All it does, in my experience, is constantly nag you to uninstall lucky patcher.

mr_right , 1 hour ago

aww man is that still a thing ( as in working )

Cris_Color , 11 hours ago

If you’re using a custom de-googled rom you don’t have the play store, so this would just gut that functionality :/ same for any other app that decides they need this, which if the past is anything to go on is going to be a ton of apps that really don’t need it

Azzu , 10 hours ago (edited 10 hours ago)

But, there’s no difference in security between using a different storefront? The difference in security depends on the app itself, not where it was downloaded from.

Chozo , 7 hours ago (edited 7 hours ago)

Assuming the app is legitimate, sure. But unless you can verify the code, yourself, then you're having to trust that the source you download from hasn't altered the APK in some way. That's a pretty big risk for most people when it comes to finance apps.

Azzu , 7 hours ago

Yeah but I mean if your bank would offer their app through F-Droid as an addition to Google Play, there is no reason to assume the app suddenly got less secure.

mrvictory1 , 7 hours ago

APKs are signed, you can verify the integrity of an APK. If you have a previous version of an app installed, a new version with incorrect signature won’t even install.

bdonvr , 12 hours ago

Do we really need banking apps? Fuck it I’ll use their website.

QuadratureSurfer , 12 hours ago

The features you miss out on would be direct deposit from checks and app notifications (usually there are a few that you want enabled but are only available through the app).

bdonvr , 11 hours ago

Most banks I’ve used allow SMS notifications for things like deposits and purchases.

The check things is true but I need to use it like less than once a year so eh.

Landless2029 , 5 hours ago

There’s an app to make web apps icons. Or just use Firefox to add the bookmark to your homepage

Hermit - Lite apps browser

kalpol , 2 hours ago

Some places are ditching the website and going app-only. Stockpile as an example.

Kolanaki , 12 hours ago (edited 12 hours ago)

Cash. No app part. Just cash.

QuadratureSurfer , 12 hours ago

Yeah until the cops pull you over and take your cash under civil asset forfeiture because it’s “suspicious that you have so much cash on hand”.

ij.org/…/highway-robbery-in-reno-nevada-cops-use-…

Maeve , 11 hours ago

I knew a dev once that absolutely refused to use banks. I'm a populated California city. With security cameras all over outside, everywhere. Buried cash in Mason jars. We lost touch but I always wondered how that worked out.

Kolanaki , 11 hours ago (edited 11 hours ago)

There’s no way my broke ass would ever have that much cash.

ohwhatfollyisman , 12 hours ago

personally, i wouldn’t trust a third-party created app with my banking details. what’s more, i’ve removed all banking apps from my phone.

i don’t need to allow access to my finances on the device which is most likely to get pinched out of everything i own. plus google and apple don’t need to know which banks have accounts of mine.

imo that additional inconvenience to conduct all banking transactions from a browser is worth the candle.

x00za , 11 hours ago

Can’t give up the fight just because you want convenience.

mctoasterson , 13 hours ago

This is stupid. I will dig further into the real impact to Graphene.

chiisana , 13 hours ago

App developers need ways to know the app has not been modified in unsanctioned manner, glad to see Android finally catching up on security with integrity checks.

Natanael , 13 hours ago

No, this will only lead people without access to Google Play to be forced to get it from somebody who has modified the app to fake the check.

praise_idleness , 13 hours ago

Which obviously sucks but also is exactly what developers want or just don’t care

Chozo , 12 hours ago

If they don't have access to Play, then the developer of that app specifically does not want to service them as a user. Developers have to enable this feature in their own apps for it to do anything. If that developer wanted to support de-Googled users, they wouldn't enable this in the first place.

surge_1 , 12 hours ago

Yup, this is important for certain apps with a high security bar. Surprised at all the downvotes.

DoucheBagMcSwag , 12 hours ago (edited 12 hours ago)

Slippery slope. Soon it wil be for all fucking mundane apps because they don’t want you running a modded version…which is my fucking choice to do

chiisana , 12 hours ago

This is Lemmy. If you’re not advocating for FOSS, or piracy to spite the corporations, you’re gonna get downvoted. I don’t care. We need better security standards whether these kids like it or not.

smiletolerantly , 8 hours ago

Security by default is fine, but not if its being forced.

If I go out of my way to root my phone or sideload an app, I have a reason for that. I’m fine with an app going “Hey! This phone is rooted / this app is not from an official source! Wait 10s before you can click ‘I understand and take full responsibikity in case of a security breach’”.

I’m not OK with an app going “I will not work on this device because yiur environment is non-standard, period”.

0x0 , 5 hours ago

This does jack-all for security, it’s just monopolization in disguise and you’re buying into it.

x00za , 11 hours ago

They can check their own integrity without Play services. And even then, ME AS A USER, doesn’t want the app to decide this for me.

noodlejetski , 10 hours ago

certain apps with a high security bar

like the McDonalds app, which already requires workarounds to work on rooted devices?

surge_1 , 9 hours ago

Of course not, sometimes it really is just corpo bs, don’t use their app if it’s such an issue for you.

brbposting , 9 hours ago

You want affordable food, you WILL pay them with your data. Always on location please! Oh and precise as well, thank you.

Cheems , 11 hours ago

It’s my phone. If I’m specifically going out of my way to do that, they have no right to force me to do it their way.

mrvictory1 , 6 hours ago

Why do you think apps should verify their integrity in the first place? In the case of banking apps or other online apps, the APIs they use should be secure in the first place so a user can’t achieve anything meaningful by modifying API calls. In the case of offline games with monetization, a hacker who makes a pirated APK will also remove the restriction so legitimate players on non standart ROMs will get screwed. In the case of messaging apps with a “delete messages” or “one time view” function ie. Whatsapp, the sender shouldn’t take that their actions will be respected by other clients because modded apps exist and Whatsapp doesn’t care if you install it on a rooted device.

whats_all_this_then , 4 hours ago (edited 4 hours ago)

This!

APK signatures exist and they’re enough for making sure the file you got isn’t modified. Warning people when they use apks for stuff like banking, I get, but if they wanna take the risk, it’s on them.

Blocking root makes no sense because I’d argue that if the person knows enough to root their phone and got past all those bricked phone/thermonuclear war warnings, the onus is on them to not get their keychain compromised by giving root to some random app. Again, a warning is fine.

Aside from that, people need to understand: THE CLIENT IS NEVER SECURE. NO EXCEPTIONS.

Any self respecting secure API is made under the assumption that all the calls are coming from some malicious state actor using curl until proven beyond doubt that it’s an actual user.