Language

I'm getting really sick of products being only available subsidized by a level of invasiveness that should be illegal.

The government should need an individualized warrant to purchase my data. And honestly Google should need one to collect it

I realise you're being facetious, but if anything Google made my phone more expensive with the certification process.

To be clear, Kolanaki is saying that that is not how an OS should behave.

I think that just falls under "make it a bit harder to navigate to certain things so I'm less likely to fuck shit up."

you can get all the right you need with a little trickery. I mean, psexec is made and distributed by Microsoft, freely. a simple download. and I don't think it's bad that the average user can't run everything immediately as TrustedInstaller or SYSTEM.

I mean nobody is shocked that they both suck. If it's not open source you are not in control.

Sure, but there's a good argument that that should be an end-user issue, and not something that the OS/Phone manufacturer should be trying to mitigate. It's a risk you take when owning a device, that you can also break it, or get it infected.

Otherwise, why bother selling the phone in the first place, rather than contracting it out under a rental agreement?

So? Don't run fishy files off the internet unless you're open to the risks. Have secure walls that require either a setting change or individual permission grants before they can access secure apps.

Operating systems are prone to natural monopoly or duopoly. Furthermore there's anti consumer incentives here in that governments want surveillance data and os companies sell it.

Where competition fails to protect consumers governments must. And that includes protection from governments. I know it's ironic today as we're in a fascist regime, but that's one of the basic principles of my country. So anyways please Europe protect us worldwide consumers from American companies.

my younger sister would be in so much trouble.

your younger syster should have parental controls on, and it's worrying that you suggest it is not the case. I don't know their age but most probably they shouldn't be able to install any apps from anywhere without parent approval.

She'd have various accounts phished within a day.

guessing fron what we already know, she probably shouldn't have half of those accounts.

Can't IT lock things down if they so desire? That is the owner of the device using it as they see fit: Locking it down so the non technical users of the device can't break it. That you keep suggesting that devices should come out of the box restricted would make your IT job obsolete and in fact impossible to perform.

Edit: And before you ask yes I have worked in IT support, although I currently do not.

I have worked in IT. People still manage to screw up shit that's locked down. Babysitting everyone because some people are just technologically incompetent is stupid and does not solve any actual problems.

A hidden option to unlock power user mode solves this

That's the only reason I'm still on android. If I install a different OS I won't be able to login to do anything government related. I won't even be able to pay with my credit card online. I could get a physical code device from the government, but I'm not gonna lie, I really like the ease of access of having an app for that stuff, instead of a seperate device I have to have on me at all times.

All those "apps" are websites. You could say NFC is special, but so is gps.

I think they're both pretty big problems. An open OS and hardware that supports it seems to be a huge hurdle, but at least there is a clear vision of how to solve it. The problem you bring up though... It seems like we've almost gone too far at this point and it's gonna be really hard to put the cat back in the bag. It seems like something we need to solve with legislation potentially?

This. Alternative OS exist: Ubuntu Touch, postmarketOS, SailfishOS, just to name a few.

What is missing are the apps people want. And those include mostly commercial apps, where the developers need to weigh dev hours vs profits, and decide to only target the big two for obvious reasons. That is the key problem.

That's what the OP is referring to: Google just announced they will do their best to kill off sideloading.

Nope

These requirements go into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified Android device in these regions must be registered by a verified developer.

2027 and beyond: We will continue to roll out these requirements globally.

https://android-developers.googleblog.com/2025/08/elevating-android-security.html?m=1

We can hope…

Aren’t they claiming this move is specifically to comply with the EU’s Digital Services act?

Exactly right. The message of the post is that "side-loading" is only used in reference to exploitation services. We could just as easily refer to side loading in Linux and it would be accurate in every way, except that there is no exploitation.

It's literally the exception that proves the rule.

There is no functional difference.

The key difference is that one is advised, the other is enforced.

If you used Linux before the repos were fully developed then you understand why they were created.

Who else remembers "dependency hell?"

Corpos just took the same idea and twisted it into something else.

It may feel like a double standard but it's not

Most Linux stores are created and maintained by volunteers

Those stores aren't limiting software they host based on what makes them the most money. Money isn't involved.at all

Linux won't stop you from adding more stores

Linix won't stop you from manually adding any other software, either as a package or even manually building it from scratch

My package manager installs all of the dependencies the program needs and takes care of updates, too. If I install directly from the developer, I have to do all that myself. Fuck that.

Nothing ever comes “directly from the developer”, and any developer that attempts to do so ends up in a level of hell not yet documented. There are way too many distros, way too many architectures, way too many moving targets, that also includes iOS, macOS and Windows. No single developer can hit them all. There's no standard packaging either. So, usually they only package for one or a handful of popular distros, or one container format. But that's the magic of FOSS. Anyone can take the source code and repackage it, redistribute it and make it available for others. This is assumed to be a strength and not a weakness of FOSS and Linux. Thus, the distros create their own official repositories where they make themselves responsible that everything will mostly work nicely with one another.

The difference is that package repositories are safe havens of compatibility. While appStores are enforced cages that cannot be escaped. If a package repository tries to fuck up with users, hurt the FOSS space (looking at you Ubuntu Snaps), or gets compromised by a bad actor; you just move to another repository, another distro, a different format, another safe space. If Android or Apple decides to enshittify and fuck over customers, users, get compromised or do something to hurt developers, you are fuck out of luck. This difference matters.

Because the Linux repositories are apathetic third parties (ie they have no reason to care whether or not you download any given app) while Microsoft and apple are financially incentivised for you to buy buy buy.

This means that when you download a .exe from a vendor instead of going through the windows store you're cutting Microsoft out of their cut of what you paid and you're denying Microsoft information about what it is that you bought. But the flipside is Microsoft didn't impartially verify that it's not malicious.

When you download a .deb instead of going through apt, you're also denying them their cut (of nothing) and you're denying the repository managers the ability to see what you're doing, but Linux people generally trust repository managers to not be selling their habits to advertisers and governments.

I will say there is a reason to side load on Linux though, paid software is sometimes unavailable through repos.

And yet on Linux the advice seems to be never ever download directly from the developer

That's just advice for making life easy for new people, because distro-packaged software is more likely to work well with the operating system. I run packages from devs, even nightly automated builds of stuff, all the time.

And yet on Linux the advice seems to be never ever download directly from the developer

Are people really giving this advice that often and that strongly? I find myself building more and more things from source these days. Especially with modern languages that OS maintainers are actually having a difficult time packaging in the way they're used to.

Installing from a repo via a terminal does not feel like an App Store at all. It's only the GUI apps that do and those are all entirely optional. Exactly how it should be. God's in his heaven. All's right with the world.

I measured the heights of myself and my niece and found them to be different, clearly a double standard must be involved.

You yourself mentioned a lot of differences between corporate app stores and distros' software repositories. Why are you surprised people rate them differently?

Perhaps because your standards are different from more Linux users' standards.

I for example would rather take my chances with a random volunteer rather than trust a corporation that had a history of breaking laws and I know it to want to make money off me.

Well, the only instances I know of modern phones getting infected are Apple devices where a text message somehow gets into the kernel with zero clicks. Apparently apple insists they're too incompetent to fix this.

It was said you were to destroy the Sith, not join them!

Plot twist: EU is literally wanting to require Google Play services and a Google approved OS to use social media

Fucking what

Edit:

Might not be the case afterall: https://discuss.grapheneos.org/d/24601-eu-is-banning-bootloaders-unlock

Verification by radio equipment of the compliance of its combination with software should not be abused in order to prevent its use with software provided by independent parties.

we do not expect any issues for GrapheneOS

Humans are creatures of habit, and risk averse most of the time. Risk, being change of any sort when things seem "stable."

All you can do is lead by example and enjoy life and tell those poor souls they're stupid for spending money for something they can change the look like MS Office easily.

Ngl, I installed a few OnlyOffices just because of UI.
\ It has ribbon UI and about the same placement of buttons as MS Office stuff.

It's fine.

(Based in Latvia, but they had a Russian momma, now Singapore.)

because the interface “looks dated”.

The real issue is M$ intentionally not following standards, so that opening an Office doc may or may not properly render in other suites. Hooray for EEE. Fuckers.

I get what you are saying but is it really too much to ask for an interface that looks like it belongs there?

This is fine, but the other 582 pages contain some real doozies.

GrapheneOS still intends to support all the supported devices until EOL. The sideloading change doesn't affect them. It won’t apply to GrapheneOS. It only applies to certified OSes and GrapheneOS is not certified because it doesn’t license Google Mobile Services. As per the rip out of the device trees for Pixels, that just makes Pixels like other phones. GrapheneOS has been able to expand it's automation to build that device support themselves. For new devices, making the support will take longer than it did in the past though, but they will still support those Pixels, as long as they meet the hardware requirements and still allow third-party OS support with all security features intact. Besides that GrapheneOS is actively talking with a major Android OEM right now in order to help them reach the security requirements for a subset of their future devices. They are very optimistic about that.

Just an FYI I think they still did not deliver on the promise of open sourcing.

And I believe you're still supposed to buy a license unless that's changed recently.

Right? Linus Torvalds keeps that source code under lock and key.

REMOVE SHOES BEFORE BOOTING ANDROID.

No difference from checking IDs at the airport?

An airplane is a glorified autobus. You don't need an ID to get on one of those.

I don't know about you, but my Pixel 6a already does this. When I go to install an APK not from the app store directly it warms me, requires me to acknowledge that the APK was downloaded through Firefox, and acknowledge what permissions it is requesting.

Let me answer your question with a question: How many things do you do with your phone that aren't also able to be accomplished with a website already? I'd be willing to bet that the answer is in the single digits. And for most of those, that limitation is likely to be entirely arbitrary, instituted by a developer as an anti-consumer form of lock-in.

Delivering application-like experiences via the web allows users to make accessibility changes to that experience without the developer needing to support it explicitly. It also allows users to implement plugins that extend and improve their experience, by removing undesirable content or adding functionality that you haven't provided. And because browsers are built on open standards, there's no longer any device ecosystem lock-in; I should be able to access all of the websites I want to from any browser on any device. Users could even build their own bespoke applications, without the need to enable a developer mode on their phone or get a certification from a megacorp.

And because downloadable and cacheable progressive web apps are a thing, as well as local storage options for browsers, the experience for an end-user of a browser-only phone wouldn't need to be any different in low-signal or high-latency situations.

The web is a mature and proven platform for delivering arbitrary code and data, plugins make the web more accessible and easier to use, and web standards make the world more open. It's not a perfect platform, of course, but it's the one we've got; I think making it the default rather than the fallback for the devices most people use more than any other would be a great boon for the world at large.

As for KaiOS, I don't think that's really a good successor of Boot2Gecko; from what I've seen they went the app route, which kind of fundamentally violates the spirit of what B2G was supposed to be.

I, too, hate web dev being the standard. It's inevitable though. Mostly OS agnostic, easy to learn, etc.

You own nothing and will be happy is not a communist idea, it's the endgame of capitalism for 99.9% of the people.

Ooof; yeah: that'd be a dealbreaker for me, too. I've got a OnePlus, as well (Nord N20), and, while I can definitely tell there's some battery optimization going on, it's never killed my alarms; it's the only alarm clock I use so somewhat vital.

Unfortunately, I haven't heard anything (yet). Most of anything I've heard about them has been from "static" sources (like the above); I don't hang out in any chatrooms or the like they may have. I do know they have an account on the Fediverse, though (@furilabs@fosstodon.org), so you may be able to ask them directly?

I have a Ulefone, which is too small of a brand for there to be much specific guidance on how to counter some of the unwelcome power management stuff

OS is FuriOS if that helps you out of that knot.

Signed by who? Google? If so how does that not basically give them a monopoly on what can be installed?

And what about privacy? If somone wants to build an app to help whistleblowers, they have to expose themselves to a shady shitty mega Corp like Google?

They do but they focus so much on their apps that apps are becoming more practical than the websites to use for small tasks. They are even trying to usher people to use their apps for seed generators. And some other stuff like seeing instantly how much money was withdrawn from your account after a purchase only is useful with a phone app notification. Other "digital banks" like revolut or monzo simply does not exists outside of the app world and in terms of exchange rates and what not, they simply have no competition if you travel couple times a year.

The website only works with Chrome

It's not one person, it's the vast majority of the userbase.

Which, to be clear, is again not a reason to have a duopoly decide what software can be made or executed in the first place. It's fine to have Google decide what the Play store will carry, and it's even fine for Android devices to require a manual bypass to run unsigned software. It's not fine for Apple and Google (and I guess Huawei by necessity) to have final arbitrary say on what software is acceptable on all handheld mobile devices.

Yep. No disagreement from me on any of that.

At most I'd argue that I don't mind that Apple does that as long as someone else does not. If Apple wants to have a closed system that's all good, but from the perspective of regulation and anti-trust you can't have EVERY platform be closed. You need at least one viable open competitor to prevent the owners of the hardware from owning all the software by definition. It's just like I don't have a problem with Nintendo needing to certify all the games on the Switch as long as there is a Steam Deck, or Sony certifying PS5 games as long as you can run games on a PC.

But if all the software on the planet had to be on either the PS5 store or the Nintendo eShop I would absolutely have a problem with those being locked down. That's what this shift means for the mobile market.

Sure. I don't disagree with that. In fact, that's how it currently works on Android, more or less. It's actually looser now than it has been in the past.

But "informed choice without technical ability" is not a thing. You can't be informed if you don't understand what you're doing. People online that more or less understand computers but don't necessarily understand how other people interact with computers tend to miss how this works. My mom doesn't choose to take risks or not, she won't read what's on the screen and if she reads it she won't understand it, and if she understands it she won't trust it, because she doesn't have the knowledge to distinguish a genuine message from the OS trying to ask for confirmation from a janky physhing request.

My mom thinks Whatsapp messages can hack her bank account and freaks out every time her phone asks her to reboot for an update. She doesn't have the time or interest to get to a place where she can change that, and more to the point she shouldn't have to. It's prefectly fine to buy a device that will only let you do the things you want to do and won't let you do the rest.

As you say, that device just needs some process by which someone who cares and knows how to do more stuff can reclaim full access.

Yep. I don't need Google to let me install apks freely and I don't need them to host everything on the Play store with zero supervision.

But I do need F-Droid to keep working and to be able to install software that Google has zero visibility on, or a way to unlock my device to be able to sideload stuff. There is zero reasonable argument to say that Google is the only valid arbiter of signed software on the planet.

Why, in the love of all free tech support would I ever want to do that?

I swear, people just don't grasp how normies use computers. I don't want my normie relatives to have me micromanage their devices, I want their devices to be foolproof and do the five things they need to do.

That's not what I want for every device, though, so there needs to be an alternative for people who post on federated social media and performatively use open source software. If there are only two providers in a segment and both lock down all sideloading that's not acceptable, but the concept of locked down devices by itself is not.

This is not such a challenging concept. I am convinced most people in this thread would get it just fine outside of the context of having a knee-jerk reaction to the last thing they read online.