Edit: be sure to read geoffschmidt's reply below /edit
The buried lede:
> a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification
So a natural limit on how big a hobby project can get. The example they give, where verification would require scammers to burn an identity to build another app instead of just being able to do a new build whenever an app gets detected as malware, shows that apps with few installs are where the danger is. This measure just doesn't add up
Oh! I thought I had found the crucial piece finally after ~500 words, but there's indeed better news in the section after that! Thanks, I can go sleep with a more optimistic feeling now :)
Also this will kill any impetus that was growing on the Linux phone development side, for better or worse. We get to live in this ecosystem a while longer, let's see if people keep damocles' sword in mind and we might see more efforts towards cross-platform builds for example
That's like accepting vaders 'altered' deal, and being grateful it hasn't been altered further.
If google wants a walled garden, let it wall off it's own devices, but what right does it have to command other manufactures to bow down as well? At this stage we've got the choice of dictato-potato phone prime, or misc flavour of peasant.
If you want walled garden, go use apple. The option is there. We don't need to bring that here.
Google Certified Devices is any device that has GMS (Google Mobile Services) installed - ergo almost all of them. It's worth noting that a _lot_ of apps stop functioning when GMS is missing because Google has been purposefully been putting as much functionality in them instead of putting them in AOSP. So you end up in a situation where, to make an Android phone compatible with most apps, you need GMS. Which in turn means you need your phone to be Google Certified, and hence must implement this specification.
The others answered the question, but I wanted to add that this is "new English" to me as well (also non native though). I first saw it in chats with mostly teenagers in ~2021, where I've also learned "let's go" isn't about going anywhere at all (it means the same as w)
This is the first sign we're getting old :) new language features feel new. The language features I picked up in school, that my parents remarked upon, were simply normal to me, not new at all. I notice it pretty strongly nowadays with my grandma, where I keep picking up new terms in Dutch (mainly loan words) but she isn't exposed to them and so I struggle to find what words she knows. Not just new/updated concepts like VR, gender-neutral pronouns, or a new word for messages that are specifically in an online chat, but also old concepts like bias. It's always been there but I'd have no idea what she'd use to describe that concept
Yes, but it's often just "a W" or simply "W" in response to something good or seen as a "win."
There is also the same thing with L for loss/loser. "that's an L take", "L [person]", "take the L here", etc.
They are pretty straightforward in their meaning, basically what you described. I believe it comes from sports but they are used for any good or bad outcome regardless of whether it was a contest.
This isn't a "W", but I am finding my own "W" from this by seeing others distrust Google, and remembering to continue supporting and looking for open alternatives to Google.
Ok, but sideloading is already a thing. What will this way to install unverified apps be? I doubt it will be an extra screen asking "Are you super-duper sure you want to enable sidloading???" after the one already asking the same question.
They talk about doing it under pressure, so my guess is there might be a waiting period before you're allowed free reign, or maybe per-app. Or some level of calling google, listening to 10 minutes of how poor billionaires are going to starve if you have control of your own device before being allowed to unlock it.
That doesn't say that you can just build an APK and distribute it. I suspect this path _still_ requires you to create a developer console account and distribute binaries signed by it... just that that developer account doesn't have to have completed identity verification.
That's not fine at all. A developer who doesn't want to (or can't) distribute through the Play Store will now need to teach their users how to enable developer mode and toggle a hidden setting. This raises the barrier a bit more than the current method of installing outside the Play Store.
Maybe this sounds dark but see also how the net is tightening around phones that allow you to run open firmware after you've bought the hardware for the full and fair price. We're slowly being relegated to crappy hobbyist projects once the last major vendors decide on this as well, and I don't even understand what crime it is I'm being locked out for
We're too small a group for commercial vendors to care. Switching away isn't enough, especially when there's no solidarity, not even among hackers. Anyone who uses Apple phones votes with their wallet for locking down the ability to run software of your choice on hardware of your choice. It's as anti-hacker as you can get but it's fairly popular among the HN audience for some reason
If not even we can agree on this internally, what's a bank going to care about the fifty people in the country that can't use a banking app because they're obstinately using dev tools? What are they gonna do, try to live bankless?
Of course, so long as we can switch away: by all means. But it's not a long-term solution
I think pretty soon I'll carry a "normal" phone in my bag for things like communication and banking/ticketing, but I'll carry a device I actually like in my pocket. It'll be the best of both worlds - content I want to see often and easily in my pocket, and the stuff I don't want to be distracted by will be harder to reach on a whim.
Yes, I think I'll have to do the same. I've been in the market for a new phone but the one I had pretty much settled on removed the option to update the boot verification chain so I'm obviously not buying that. Might as well buy apple then
It seems like a finite solution though. Having a second phone is not something most people will do, so the apps that are relegated to run on such devices will become less popular, less maintained, less and less good
Currently, you can run open software alongside e.g. government verification software. I think it's important to keep that option if somehow possible
Let me guess, a warning box that requires me to give permission to the app to install from third-party sources? Is that not clear enough confirmation that I know what I'm doing? /s
A simple yes/no alert box is not "[...] specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer". In fact, AFAIK we already have exactly that alert box.
No, what they want is something so complicated that no muggle could possibly enable it, either by accident or by being guided on the phone.
The angry social media narratives have been running wild from people who insert their own assumptions into what’s happening.
It’s been fairly clear from the start that this wasn’t the end of sideloading, period. However that doesn’t get as many clicks and shares as writing a headline claiming that Google is taking away your rights.
> The angry social media narratives have been running wild from people who insert their own assumptions into what’s happening.
No, until this post, Google had said that it wouldn't be possible to install an app from a developer who hadn't been blessed by Google completely on your device. That is unacceptable. This blog post contains a policy change from Google.
> The angry social media narratives have been running wild from people who insert their own assumptions
There may have been exaggerations in some cases but these hand wavy responses like "you can still do X but you just can't do Y and Z is now mandatory" or "you can always use Y" is how we got to this situation in the first place.
This is just the next evolution of SafetyNet & play integrity API. Remember how many said use alternatives. Not saying safetynet is bad but I don't believe their intentions were to stop at just that.
Sorry what? Their original plan absolutely was the end of sideloading on-device outside of Google's say so. That's what the angry social media narratives were that you seem upset about. Anyone being pedantic and pointing out that adb install is still an option therefore sideloading still exists can fuck off at this point.
I don't think this section is actually the same as the present state just with a new alert box.
I suspect they mean you have to create a android developer account and sign the binaries, this new policy just allows you to proceed without completing the identity verification on that account.
What are you talking about? This change for "experienced users" was only just announced and not part of any previous announcement. It has not been clear from the start at all.
You're right: if the logic is that low-install apps are the most dangerous (because they can fly under the radar), then making it easier for unverified apps to reach a "small" audience doesn't really solve the problem
The buried lede:
> a dedicated account type for students and hobbyists. This will allow you to distribute your creations to a limited number of devices without going through the full verification
So a natural limit on how big a hobby project can get. The example they give, where verification would require scammers to burn an identity to build another app instead of just being able to do a new build whenever an app gets detected as malware, shows that apps with few installs are where the danger is. This measure just doesn't add up