TL;DR
- Efforts like Graphene OS face increasing pressure from apps that refuse to run on non-standard Android.
- The custom ROM project characterizes Google’s approach to device attestation as incomplete and flawed.
- Graphene OS is prepared to take legal action if Google won’t let it pass Play Integrity checks.
Why does this call the problem by it’s name, monopoly.
Android is another area Google are abusing their monopoly. Sure the phone market is a duopoly, but that doesn’t help. Apple is even more locked down and user abusing.
Lots of app companies, like bank apps, think locking their apps to only work on official Android is best for security, but that compounds the monopoly. It’s also arguably less secure!
I don’t even understand. Am I getting this wrong?? Does the payment processing happen inside the banking app?! Because if so, that’s the bigger problem isn’t it? All the checks for correctness should happen on the servers that the banking app connects to, not the banking app itself. If that’s already the case, then what are they worried about? I’m probably missing something here, but honestly I just don’t understand why they would do that.
The app will almost certainly mostly be just wrapping a web interface. But this dedicated browser can provide the site with all the access of an app. The idea will be only this browser can be trusted to access this site and can check the run environment before connects. I’m they’d do the same on the desktop, if they thought it would be swallowed.
the only reason I’ve wanted to be rooted in recent years is when I didn’t have hotspot on my plan and the most complete way around that was with root.
I think I would like a degoogled Lineage/Graphene OS though
Why is stuff like that included not included in every plan by default? As a European, I can’t even imagine paying extra for that. If I want to hotspot my data, my operator can kiss my ass and simply allow it, I’m paying for the data anyway.
for this case it was a plan that’s pretty discounted and also unlimited without hard throttle. they don’t want people using it on computers or game consoles probably
As Kevnyon@lemmy.world said: @NetworkOperator: Kiss my ass. I pay your for service. You wanna restrict me, I switch my damn plan. If I use it on my phone streaming 4K stuff from my home server or watch 1GB of data over hot spot on my phone is not their business.
In less free countries the provider also provides the handset and locks it all down.
Wtf, plans locking down device features. That’s mindblowing.
What get’s me is the “this phone cant be trusted” message on boot. Implying oem roms are trustworthy, but nothing i choose.
More power to them
Wow, I legit just ordered a used pixel yesterday to give graphene a try lol. Uncanny timing!
Anyhow, that’s great news! I can really see the EU sinking its teeth into this if nothing else.
I would totally buy a Pixel too but apparently most Pixels here are black market and the IMEIs are banned so I don’t wanna risk getting one that can’t connect to cell networks
Oof that’s scary. Good thing I have a decent enough return window to at least make sure stuff like that isn’t the case, at least.
Welcome! I’ve been on it for a month or so and I’m still so thrilled
Enjoy! For future reference I’d recommend just getting the latest Pixel as you’ll get the longest software support. E.g. a Pixel 8a is supported till May 2031, which is plenty of time to get a lot of usage out of your phone.
At the price of the Pixel 8a, I would suggest getting the Pixel 8 instead.
Personally I’m fine with 8as’ specs and don’t need any of the extra features of the Pixel 8 so I’d prefer to save the money and get an 8a. Plus 8as are supported for longer. Nothing wrong with getting an 8 instead if that’s what you want though
Right, I’d love to spring up for a 8th gen pixel but I live in an unsupported region and my currency is worth fuck all so I’ll have to make do with a secondhand 7 pro lol. Still fantastic longevity all things considered.
I’ll have to make do with a secondhand 7 pro
Ouch, that hits me right in the 7Pro feels lol. Make do, indeed, lolol.
Honestly, I don’t really need my phone for much so as long as the battery hasn’t degraded too much I’ll be more than happy!
I’m holding out for the 10. The 8 added mirrored display (so you can mirror your screen on a monitor… I’d rather this come with the Pixel Tablet 2 and the Pixel Tablet skipped it form some reason) and MTE, which GrapheneOS says is the most significant addition to security since they’ve started the OS. If those come with the 10, not to mention the 10 is supposed to have Google’s inhouse chip and not Samsung’s…yep, I’m upgrading.
Thankfully there are FOSS alternatives for apps like Authy. I recommend Aegis
For your banking app, you can use this list to check if it’s compatible: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
Using the web app might also be an option.
Thanks for the tips, I’m a happy Aegis user already! Thankfully, my main bank explicitly doesn’t care about custom roms and I’m thinking I’ll just cut ties with the ones who do and let them know that was the reason at this point. Worst case scenario, I still have my locked down old phone.
I’ve been using graphene for years at this point and it’s the best operating system I’ve ever had on a phone. Before this my favorite phone was a jail broken iPhone 5c. I even got a pixel tablet to take notes on for college recently and put graphene on it as well.
Only thing Google has right atm is leaving the bootloader on their phones unlockable.
I plan on doing the same thing, any tips on finding cheap recent-ish Pixels?
A brand new Murena Fairphone 4 (North America) is about $600 brand new, IIRC. I’ve been on one for the last 6 months and it’s excellent.
I’m planning on flashing my One Plus 9 Pro with Murena’s ROM. I’m working on getting de-googlefied.
Perhaps consider DivestOS as well if it’s supported, seems to be a way tidier package when it comes to security and privacy.
Thanks for the recommendation!
Stay away from both Fairphone and /e/OS/Murena. Fairphone fails hardware security in the most miserable way, and fundamentally breaks Android Verified Boot, while /e/OS is based on the highly insecure LineageOS, and it further rolls back security, while also repeatedly missing important security patches.
Also, 600 dollars is absolutely not cheap for a smartphone, and it’s especially not with it considering that both the hardware and software are highly insecure.
A Pixel can be purchased for much less, while being superior in every way.
Lineage OS is highly insecure ?
Yes, it is much worse than stock Android
https://madaidans-insecurities.github.io/android.html#lineageos
Thanks, I’ll check it out. I’ve installed lineage since it was Cyanogenmod on secondary devices for years. I dedicate them for audiobook playback and music playback. I’ll look in to it.
That kind of usage should be fine, it doesn’t really matter. Just wouldn’t use it for my primary mobile device.
The Pixel 6a is really cheap on the used market, and it still gets updates for at least 3 years.
The 7a isn’t that expensive either. I recommend staying away from Fairphones, Murena or /e/OS as these are highly insecure, and the companies behind them have repeatedly proven that they don’t give even the slightest fuck about the security of their users. They don’t publish important Android security patches on time, and Fairphone even managed to fully break Android Verified Boot, by signing their ROM with the publicly available (!!!) AOSP test signing keys. It should have been impossible to pass verification, but the vendor conducting the verification seems to be just as incompetent.
A used Pixel with GrapheneOS is your best option, while still being affordable.
I’m in an unsupported region so I’m afraid I can’t help much :(
In my case I just looked around a local eBay-like site and went with a reputable enough seller, fairly standard procedure there.
Where I am, Pixels are not sold officially either. I got a 7a for around $300. I picked a store with a physical office and made an order not through the site, but through said office. And at least could inspect the phone before buying.
Ah, that’s a nice way to go about it! I’d have loved to inspect mine beforehand as well but the only real way to grab one around here is importing yourself and paying 60%+ import fees on the damn thing or purchasing a preowned one. My living in a remote area also means there are none close by.
Considering the lawsuits, now seems like a good time.
Motorola ROM is fine
Even just being rooted on the stock Pixel rom is a fight. It’s a constant cat and mouse game to pass basic and device integrity, but as of recently a lot of us have been able to pass strong integrity as well which has been nice.
Even just being rooted on the stock Pixel rom is a fight.
That, I can see being more of an issue than an unmodified, trusted 3rd party OS. If I remember right, rooting makes the device fail Verified Boot:
It establishes a full chain of trust, starting from a hardware-protected root of trust to the bootloader, to the boot partition and other verified partitions including system, vendor, and optionally oem partitions.
https://source.android.com/docs/security/features/verifiedboot
Fair point. At least with stock rooted as I said there’s ways around it and I can pass all play integrity checks and such.
Recently moved to graphene couldn’t be happier
I don’t care about these apps but it will only get worse over time if not addressed. I could see things as simple as Spotify, Netflix, etc. Refusing to run
I don’t use those services either but that’s not a future I want
I could see things as simple as…
Last I heard, the McDonalds’ app doesn’t work, of all things.
https://discuss.grapheneos.org/d/9123-the-mcdonalds-app-doesnt-work/
Wow, there you go then.
Literally 1984 (/s)
Can’t even order Donalds from your phone that you bought with your own money anymore 🫡
Neither does the BBC’s couch to 5k app, for who knows what reason.
Even without the custom ROMs, the whole Android ecosystem is a colossal fucking mess.
I’ve got old apps that won’t work any more. It’s not even compatible with itself.
People give Windows a load of shit, and deservedly so for some of it, but it’s a million times more usable than Android when you want shit to “just work”.
I’ve got old apps that won’t work any more.
I’m actually for this. The bar to entry for the Play Store is too low with too many low quality and unmaintained apps. I’m all for booting insecure and super old apps. They cheapen the ecosystem.
Well that’s all very well, but I’ve got a bathroom speaker I can no longer access.
So how about instead of Daddy Google deciding what’s best for everyone, they let things run and give you a warning?
Hell, I’ve even got games I’ve paid for that are now gone. Honestly, fuck them for even thinking that’s acceptable.
Why can’t you connect to the speaker with Bluetooth?
It doesn’t allow direct connection. You have to dick about with a stupid app to put it in “speaker mode” first.
Gives me Sonos vibes.
I won a Sonos speaker years ago, thing needed (from memory) an app to switch to AUX mode. The speaker sounded great but I didn’t want to install an app just to use the thing.
In a grand spectacle my ex’s cat kicked a potplant off a windowsill into our fish tank. That shorted a power board, we didn’t have breakers (ceramic / wire fuses) which ended up killing the speaker.
Honestly as nice of a speaker it was, good riddance.
Damn that sucks!!! I wish there was a way to sandbox older apps. I’ve ran into the same issue with old apps before.
The problem is allowing the APIs it uses to exist at all in the OS is a huge security hole.
So it’s my choice to run them?
If I can download an APK, I should be able to run it in a “compatibility mode” and have the OS do it’s best to run it.
It can’t.
A compatibility mode would involve meaningful cost, massively compromise security, and not have a chance in hell of working.
They could just spin up a container of some sort. It’s still fundamentally Linux, so it should be possible to run Android inside an lxc container the same way you can run a desktop Linux distro in docker (which is based on the lxc functionality in the Linux kernel)
The point is that you have to emulate a fuckton of low level access to even have a chance of anything working. Either you replace the actual hardware access with junk data, making none of the apps work, or you break the whole permissions structure, and your security is completely gone.
All of those APIs were deprecated because it’s impossible to provide them in any way that resembles security.
So how about instead of Daddy Google deciding what’s best for everyone, they let things run and give you a warning?
That is not what’s happening. It takes tons of work to maintain backward compatibility but you’re framing it as though it doesn’t and they’re just being a holes on purpose.
Same, it’s why I never buy a game or app nowadays, they will just stop working when the new OS version comes around, devs already got their money so they don’t have any incentive to care, and contrary to PC I can’t do shit about it myself on my phone, there’s no “androidbox” to run old apps inside my phone.
Software that is 10 years old and unmaintained is likely unsafe to use and therefore shouldn’t work. Windows has a lot of issues specifically because it’s backward compatible with ancient software, actually. Security and a path forward should matter more than clinging to old software that must stop working someday regardless of how hard you try to delay it. Emulation/VMs are and should be a way to work around that on desktop and it would actually be nice if mobile OSes had that too. That way at least the ancient software can be sandboxed and not a security weakpoint. The right approach though is not to do this horrible patchwork of APIs like windows which creates a security nightmare
Same with iOS, I don’t know why you are singling out Android here. My favorite game back when I used an iPad stopped working after certain update. It was a puzzle with rails and colored trains, can’t remember the name now.
Windows and Linux are quite a lot better in this regard.
I suppose you’re talking about a 32-bit app that wasn’t updated for the newer 64-bit architecture. If yes, then there’s actually a technical reason behind it, not just Apple being dicks. Because other than 32-bit apps, every app that received a 64-bit update should still work on the latest iOS.
I’m not singling them out, it just happens to be a thread about Android.
There’s no reason for mobile OS’s to be flaky like this. There’s nothing magic about either that means old stuff can’t be supported. It’s just that trillion dollar corporations apparently can’t afford the resources.
There kind of is, software changes and things need to be updated by comparison, your windows example is a double edged sword, there’s a lot of bloat and Microsoft can’t make changes that might be beneficial on windows because of all the backwards compatability layers and services they generally leave in. It’s good and bad in it’s own way.
I’ve got old apps that won’t work any more.
That’s true for every operating system. Old apps aren’t updated to use new system APIs and such and they eventually stop working.
Yet I can compile applications that work on Windows XP, and they still work under Windows 11.
It’s not as if Android is some svelte slimline OS where every byte matters. There’s plenty of room there for keeping compatibility with older apps.
Dude there’s millions of lines of code and thousands of hours per year that keep old windows shit running. It’s a nightmare to support that. Microsoft has made that a priority and you can easily argue it shouldn’t be, but you seem convinced that’s the only valid path. It’s not.
On desktops we can use virtual environments, translation layers, plenty of solutions to make old programs and games work on a modern OS. Phones are somehow incapable of this.
I’ve got old apps that won’t work any more.
People give Windows a load of shit… but it’s a million times more usable than Android
Where do you run your old Windows Phone apps nowadays? What about new Windows Phone apps?
On my Windows Phone silly
Can’t tell if that’s a horrible wallpaper or a totally fucked up screen
It’s a photo from a disused quarry that my granddad used to work in
I see it! That’s pretty cool.
Dude, that’s sick, thank you! I wish I had a better pic to offer but this is the best I can do since Jerboa app is not currently letting me upload pictures in a comment…
🤘🏼
Ah, memories.
Memories? Pssshhhh, he took that pic an hour ago…
How?!
Ah shit, here we go again
It still works. Most of the apps are borked. Windows Explorer hasn’t been updated in 5+ years so doesn’t work with most sites. Baconit escaped reddit’s 3rd party app purge and still works. Imgur still works well but with all the genX on it reminds me of icanhazcheezeburger.
with a device equipped with a camera of sorts, if I had to guess
How we all wish there was a third option, I would genuinely take less functionality in favour of privacy and performance. I don’t need AI and fancy image processing. I want to use my phone to pay the old way, like when samsung copied the magnetic strip info, not like now where google gets a copy of my receipts.
Sucks iOS is the alternative, nearly gave in last week but the price was just too much for what I was getting.
I really hope they fix this. When support for my old OnePlus 6 stopped, I was going to install a custom ROM until I realized bank apps, and most security-centered apps, wouldn’t work. So I ran with an out-if-date, possibly vulnerable OS for a year until (probably) corrosion from liquid exposure finally did the phone in.
Really bad thing to incentivize.
wonder what calyxos is doing.
They don’t want apps that collect personal data.
Really the only thing holding me back from switching to GrapheneOS is that some of my apps fail CTS.
If a proper pathway is defined for custom ROMs I’d switch in a heartbeat.
Hoping this initiative leads to a reasonable outcome.
I hope some OEM (especially those opposed to google) picks up and develops mainline linux like Pine Phone. There are already several mobile UXs and distros with prebuilt images available as well, and it has been shown multiple times that Android apps can run fairly easily on linux. It would be a big risk, but I think it’d at least find a market success like the Steam Deck.
Android in its current state is the same as Chromebooks. A glorified walled garden of google’s crappy choices & DRM which just so happens to run on the Linux kernel because it’s free. People downvote me for this, but I maintain that even Dalvik and the android runtime itself is an inefficient relic of 10+ years ago when mobile devices had at most 2gb of ram and a tiny low power ARM processor.
It runs like complete crap sometimes on modern devices despite huge advancements in the underlying tech. It feels like a knockoff JVM which is already a known memory hog.
On top of that, it sticks with single kernel releases with proprietary OEM binaries so you have devices out here running on kernels as old as 3.x because no custom ROM will be able to recompile the device modules for a newer kernel.
It is almost hilarious to me that Moonshell, a multimedia homebrew software for the Nintendo DS (4mb of RAM), has more complete features, file compatibility, and better UI design than at least 95% of the music apps on Google Play. And it was written by literally one guy. I was honestly surprised at just how many music players lacked functionality as basic as supporting m3u playlists.
I hope some OEM (especially those opposed to google) picks up and develops mainline linux like Pine Phone.
Huawei is being forced to do it. But like Android, their HarmonyOS is not 100% open-source. There’s also KaiOS, which some Nokia and Alcatel, and all Jio, devices use.
even Dalvik and the android runtime itself is an inefficient relic of 10+ years ago when mobile devices had at most 2gb of ram and a tiny low power ARM processor.
Both the ones I mentioned are designed to be more memory efficient. KaiOS in particular is aimed primarily at feature phones and entry-level smartphones.
I feel that the mobile world is ripe for disruption. There has not been excitement for new devices in a while from me and my friends who are all into tech. I remember 00s and early 10s where we used to discuss new devices all the time.
Most of us are STUCK with Apple and Google because they have both built walled gardens. It is not just the apps, it is also moving away from open standards, moving away from even files. e.g., 10 years ago mp4 files used to hold all the metadata related to a TV Show/Movie so if you put that into a device (iTunes for example) it’ll have all the metadata, now this info is in a separate database. SMS for all it’s flaws was open, now google wants us to believe RCS is also open (LOL).
This has led to a basic degradation in all the basics, echoing your example that it is impossible to find a decent music app.
Even apples own music has has ACTIVELY DEGRADED. Bottom bar of apple music app was “Albums”, “Songs”, “Artists”, and “Playlists” and YOU COULD CHANGE THE BOTTOM BAR. Now it is literally “Home” == Ads, “Browse” == Ads (pls buy apple music), “Search” == Ads. and LITERALLY only 1 page called “Library” where you can access your own purchased library. Same happened with apple books.
Android has seen similar shitty stuff, I remember being excited about actually FUN android games, tiny thief, vector, cut the rope, where is my water, etc. Now it is all ads, paywall nonsense.
Not to mention the Today page of the Playstore ACTUALLY USED TO BE USEFULL for highlighting some apps. And is not LITERALLY ONLY F***** ADS.
I feel/hope/pray that we have a SteveJobs 2007 type iPhone event around the corner, because everyone is ready for it.
There really is a dearth of choices. I’ve little love for Google’s version of android, mostly for privacy reasons.
If I could get a decent phone that ran at reasonable speed for a tolerable price, without the tracking, I’d be willing to give it a go - and endure more than a few pain points.
Getting an “a” series pixel for a few hundred and going grapheneOS seems like a good option, no?
I have tried it. Pixel 6a.
My banking app works. That’s good.
RCS messages don’t. Could live without that.
Merlin bird ID doesn’t. Pain point all right, but I’ll live.
My Galaxy Watch doesn’t. Probably not GrapheneOS’ fault, and I should buy a better watch, but that will only happen when this one dies.
Now I use a pixel 7a with stock ROM. Everything works, and if I get sick of it, I can get back to GrapheneOS and it’s quirks…
The problem of being stuck on an old kernel isn’t because of Google or Android, but because of chip makers (e.g. Qualcomm) not providing drivers.
I do blame Google. It’s their platform. They could mandate upstream kernels.
They could define auto discoverablity for their platform hardware. Then it would be possible for generic ROMs to boot on any Android phone.
