It feel like we’re losing to Google, day by day. They aren’t killing AOSP directly, but they are making it useless step by step.
Now it’s Google Play Services, Play Integrity checks, installation source checks… more and more apps just refuse to run without GMS. Banking apps? Most of them don’t work. And it’s only getting worse. I run vanilla AOSP on my main profile, no Play Services. I keep GMS only in my work profile for the apps that absolutely need it. But now even some regular apps that don’t need any play services won’t work on my main profile anymore. They simply block your from running , like le chat.
Maps is google’s most important app there is no way to run without play services. Sure we can use webview or gmaps wv, but they don’t provide turn-by-turn directions. Earlier maps used to work without play services, but two years ago, an update stopped it from working. Now that old version is out of date and no longer works.
Google is slowly making GMS very important to run. The problem with GMS is they require to run as system app and has to have all the permissions by default.
Hope EU puts pressure to make google allow apps to run independently without GMS or atleast install them as user apps(like graphene os sandboxed play services).
If we keep going on like this, AOSP can only run fdroid apps in the future.
Realistically, change your approach to how you use your phone.
A majority of apps are not actually apps. They are a web app packaged in an apk so they can get elevated permissions and more data. Dont download apps, instead just install them from your browser as the web app they are. This is far more secure and far less invasive as generally a web app is containerized, at least thats my understanding in regards to firefox.
Instead of google maps, explore the world of open source navigation apps. Osmand has worked great for me, and tends to provide better info so im not panic merging at the last second. Theres a lot of them out there, and google maps has stagnated for so long that many of them are caught up in features. While its not open source, ive sesn a lot of people praise Magic Earth as well.
Buy phones on the premise of being allowed to use a custom rom. As much as i dont want a pixel because it is google, graphene os is battle tested and much more secure than stock android. But theres also lineage OS, eOS, and a few others out there.
If you need google play services, containerize it. I keep all apps i dont want having special permissions on a work profile. Funnily, i also keep my work apps on that profile, so if google wants my works data then they can handle the lawsuit if something bad happens lol.
I think a lot of people have forgotten that phones are tiny computers. The only real difference is the cell network, but we already have devices that can use those networks that arent phones, so it isnt an exclusive feature to phones. Android can be forked, but also we can emulate android on linux and there are already linux phones out there. If we grow the linux space for phones, then we effectively lose nothing of value while gaining increased freedom. For now, change how you use your phone, and only download apps if you have no other choice.
deleted by creator
For banking, I use the website instead of the application. I have very few non-open-source applications left on my phone.
in my country they won’t let you do that without at least their proprietary 2fa on your phone. and that of course needs play integrity in 90% of cases.
I was upset about Duo authenticator when I found out someone made a workaround that lets you export the secrets to a normal totp app. I can only hope you have some project like that for your situation
Real question is
Why can’t a rooted android fake play services?
If they really had interest in stopping you they could definitely stop you. That’s the direction they’re heading with all of these apps that are doing the integrity check. It’s just a matter of time that it’ll take for them to do it gradually enough not to make everything backward compatible explode.
Microg and stuff like that are probably on their way out within the next few generations.
When postmarket finally manages to reverse engineer the modems and the voice and support something with a half decent camera I’ll readily leave the ecosystem.
Afaik this is possible, but the banking apps don’t like rooting either. No achievement there.
why can’t we sandbox them in a goody two-shoes kind of environment?
I thought that was the reason for the cloned app that runs outside the Insular sandbox. I am dumb on the subject and making assumptions though.
Mainline linux on mobile is solving this problem as we speak: https://postmarketos.org/
I expect a full collapse of the Google Android behemoth about the same time we get Half Life 3.
I keep my old smartphone precisely so I can install banking apps and other annoyances.
Feel free to track the burner phone that stays on the same location, turns on once a week, is got tape on the cameras and never uses the browser.
ITT: no one has any idea.
hint: class war
Linux phone operating systems aren’t ready for daily use yet, but they are being actively developed. https://linmob.net/
we’d still have to deal with locked bootloaders and adoption.
I can’t wait for when they are ready!
It’ll be awhile. They’ve been in a development state since the launch of the original pinephone in 2020. And even the pinephone is going to be unavailable in two years as pine64 is ceasing sales on it. Not trying to crap on devs. I bought two pinephones (Braveheart & Mobian bundle). Tested multiple distros and excitedly followed their progress for years. I never had a reliable working phone in that four year span. IMO SailfishOS and Post Market OS are the two most usable mobile distros. SailfishOS now requires an ongoing subscription to use which I don’t like.
Linux based phones have been in development for more than a decade now. I had a Neo Freerunner from OpenMoko in 2008… it kinda worked, but it was not good enough for a daily driver.
What we have now is much better, but there’s still some ways to go before I’m able to ditch my non-linuxy smartphone.
Sailfish only needs a subscription to get updates, you can use it without a sub.
I use danctnix on my pinephone, which is basically arch. It does the basics, that’s about it. What’s missing is more convenient apps. Most of the stuff is catered to desktop.
Of all the OSes I tried, I liked ubports the best, but it was not updated and not all hardware worked iirc, and suffered the same problem of apps. At least arch gets updated constantly.
We are in war with big tech, why would anyone think they would just let us win without a fight.
Hope EU puts pressure to make google allow apps to run independently without GMS or atleast install them as user apps(like graphene os sandboxed play services).
I doubt they will put any pressure. EU decided to rely on GMS for their upcoming Digital ID app. While they claim they want to switch to open source alternatives of big tech services, they designed their app so that it forces EU citizens to either comply with Google’s ToS, or Apple’s.
Related discussion: https://github.com/eu-digital-identity-wallet/av-doc-technical-specification/issues/18
Damn we are stupid in the EU!
What do we want: digital sovereignty
When do we want it: ehrm… Well… We have some things in pipeline and it is really hard…
They know that NSA is directly spying on us and they don’t care
Furthermore, they do not seem particularly open to criticism on this subject…
if you could just have read one more update on that issue, you would’ve seen that it is moved to a discussion post now
Well spotted, my bad!
The link the new discussion is here: https://github.com/eu-digital-identity-wallet/av-doc-technical-specification/discussions/19
The app is reference implementation, not supposed to be used.
Run as many open source apps as you can is about the best option. Also, OSMAND does provide turn-by-turn directions.
What it does not do well is street addresses, so at times you may find that you have to use the GPS coordinates of the place you are going to in order to get directions.
It’s never had any trouble with street addresses for me. It’s using open street map so if there are addresses that aren’t right you can submit changes.
Where it has trouble for me is on long trips over great distances. If you ask it to route a 6-hour trip to another state through a couple of metropolitan areas It has a pretty good chance of sending you a non-optimal route.
I’ve found that it can get you to businesses fairly well. where I have seen failures is navigating to an individual’s home address. What you can do is you can get the nearby intersection of two roads fairly easily, but the home address is much more difficult.
It is only slightly on topic, but I’d like to give a hateful shout out to Ticketmaster/Live Nation’s new “mobile only” ticketed events that require you to have an iPhone or fully Google blessed Android phone. They do not allow you to use a QR code or printed ticket anymore, only their app with a constantly changing bare code or Google wallet (unsure of the IOS experience).
I am going to a concert this weekend and I either have to dig up some old phone that can work with this app or sell my tickets.
I stopped going. Fuck it. Not giving in to their bullshit.
I’ve been quietly boycotting them for over 13 years now, shortly after online scalpers started having their field day with their sites. It sucks not being able to go to any major shows but I have made myself compromise by going to small local shows only and it hasn’t been that bad.
Everyone votes with their wallets, so as long as people keep paying, they’ll keep making us jump through more and more hoops.
So messed up that they too are the scalpers. A band I liked put pressure on them and managed to catch them in their bullshit, but that is rare.
That’s how I’m feeling I will go after this concert since they already have my money.
The local folks probably deserve tye attendance more anyway. So many nepo babies…
It was the fees for me. Their CEO needs to be Luigi’d for leading a parasitic company that has made so many music venues go under.
Someone recently crack their shit code. Can use offline app after extract secret once. Will link once find.
Edit: https://conduition.io/coding/ticketmaster/ app (javascript) https://github.com/conduition/ticketgimp
Thanks, that might be a handy workaround.
Boop, source found.
Thanks!
Just go to the box office when you get there and present an ID that matches the name the tickets were purchased under. Depending on the venue, they will either print your ticket or text you a link that opens a page in your browser that can be scanned.
Everything I’ve read is that they only offer accommodations to people during time of purchase, and even then you’re basically at the mercy of the venue. I’m going to call them and see what I can do, but I don’t have high hopes.
I’ve never had an issue loading my tickets in the browser.
Then you weren’t at one of the new “mobile only” ticket events. https://help.ticketmaster.com/hc/en-us/articles/9786597785617-How-do-I-use-Mobile-Entry-tickets
Maps?
Use OsmAnd and MagicEarth? I’ve been using it for years now. Works fine.
Comaps has been awesome for me
Yeah, this is a problem. I attempted to switch to GrapheneOS just a month ago and had to roll back to stock Android. One of my banking apps worked, but 3 others didn’t. My 2FA app didn’t work. I stopped receiving important texts as they were previously RCS and that refused to validate no matter what I did.
Google has made it extremely hard to degoogle.
Why not just access your financial institutions in a web browser?
That was an inconvenience, but one I could make if it was the only issue. It was more the total accumulation of things. My 2FA app pulling support for “unsigned” operating systems coupled with missing work texts due to RCS failure were the main straws to break the camel’s back. Having to find an alternative and then manually change all 2FA was almost a deal breaker in itself. That played into using a web browser for my financial institution access.
Work texts go to the work phone. Work 2FA also on work phone. I use a hardware TAN generator for web banking.
My work 2FA is physical token based, it is my personal 2FA that causing me problems. Email and text authentication is insecure enough that I try and use a software authenticator whenever possible.
Great point about the work phone. I don’t want a work phone as I don’t have any desire to be reachable 24/7 outside of the rotating week I’m on call, but if I was expected to have email and Teams and everything on my phone I would definitely require one. Thankfully my work texts are all for team updates, heads up about issues, scheduling matters, etc, but I still consider those to be important while not riding to a separate work phone
There is always a trade-off with privacy and security. It’s totally okay to decide you prefer convenience over privacy.
If you wanted to give it another shot:
- You could use a different 2FA app - I know Bitwarden works well
- You can use a soft phone SMS, bonus that you can send and receive from a computer
That was why I wanted to move to GrapheneOS, I could selectively use Google services or apps for convenience while still being more secure than stock Android. I’ll have to plan my next attempt out instead of Yolo and adapt, lol.
I do plan to migrate to a new 2FA, but Authy made that hard by getting rid of their desktop app so you can’t port and have to go to each service and manually sign up a new app one by one. I tend to boycott services when they get that anticonsumer/anticompetitive out of principle.
Missing texts is definitely a deal breaker. I hate how RCS was championed as the “open” protocol and yet only google and samsung are able to implement it… we were lied to. Or i feel lied to idk i thought it was an open knowledge spec when we were hearing about forcing apple to support it.
Convenience and security probably.
The website version of a lot of banks require you login (each time) with a customer numer and then random letters from your password and or pin, which takes forever so I never bother unless I need the website.
Im (more) paranoid whenever I use a sensitive website. Quadruple checking the domain name, am i on https (even tho i use no-http and have a password manager). It’s a bit more relaxing using an app.
Theres probably some security downsides (other than user error), but a modern banking site shouldn’t suffer much since they invest heavily in locking down their shtuff.
Google has made it extremely hard to degoogle.
Just remember that there are no nice reasons why they are working this hard to keep your phone captive.
We can argue about how bad it will get, but there’s only worse things coming from this effort.
Oh, totally, which is why I am working towards as much decoupling as possible. I plan to replace my Nest gear with Ubiquity for cameras and stuff as I can afford it, and eventually set up my own offline automation server. This can only end badly for consumers.
The collusion between services like Authy and Google indicates this to me, but it’s also effective and means I have to pivot in slower degrees. I am encountering similar issues moving to Linux from Windows, so this is a full Silicone Valley issue.
With respect to 2FA, if you want to be more ready for any future next time, you could migrate to an open-source TOTP app. E.g. andOTP. I use this one, it’s fine. The underlying standards don’t change in decades, so you can choose any compatible client and be without trouble for years and years. And it may be good to do in any case, googlified phone or not. Good apps also tend to provide password-protected backups.
I have no knowledge about RCS though, never used it so can’t tell. Otherwise GrapheneOS user for ~2 years, before that LineageOS, before that CopperheadOS for another few years.
Your absolutely right and I will be moving to an open source TOTP solution going forward, it just sucks that great services keep getting enshitified and we have to keep moving to better pastures. LastPass to Bitwarden, now Authy to something else.
EU won’t be too friendly either given the nature of their recent identification app. You should still write to your legislators, but they’re a mostly tech-illiterate bunch, so expect it to be a low ROI activity.
Really do consider donating to projects like GrapheneOS. The GrapheneOS team are a very passionate and clever group, and I’d like to think that they can at least give us something to work with, even if Google completely cuts the cord. Hopefully they can also secure an additional revenue stream once they release their own phone.
If it really does all fall through and there’s no deGoogled way to run Android apps, I’ll keep a separate phone, preferably with a removable battery, with regular Android just to host the proprietary apps. Treat it as a work phone, i.e. power off when not needed, don’t connect to my main home network, don’t do anything that doesn’t need to be done on it. Proprietary apps only make up a small fraction of my mobile workflow, so everything else stays on another phone that respects my privacy.
I am thinking a tablet with Linux and a hotspot rather than phone number. Maybe supplement with a dumb phone in a Faraday bag for your phone, Iike on Swisscows.
they’re a mostly tech-illiterate bunch
Y’all keep saying this… These people are not stupid, they are corrupt. Start calling spade a spade. You are giving them something to hide behind jfc.
Maybe postmarketOS?
