After the news cycle recently exploded with the announcement that Google would require every single Android app to be from a registered and verified developer, while killing third-party app stores …
Most F-Droid users are NOT custom ROMs.
This means that as long as F-Droid does not get their own developer key - it will become useless.
F-Droid is privacy focused - both dev and user, and they oppose requiring devs to essentially give up their privacy and sign the APK with their own dev key.
Now, if F-Droid is dead, GrapheneOS becomes useless. Who would want to develop apps for the 0.0001% of the population (i.e custom ROM users)
I am the person you are talking about. I’ve looked into graphene before and I do host some of my own services at home. I also work full time and I don’t want to spend all of my free time managing things. I use F-Droid, but I am on stock android on my pixel.
I appreciate the privacy and FOSS nature of F-Droid, but I use things like Android auto Google maps for work, I use banking apps on my phone as well. I know technically micro G and blah blah blah, but like I said: work full time.
The constraint to require a valid signing isn’t something imposed by the license on the Android code. If you want to distribute a version of Android that doesn’t check for a registered signature, that should work fine.
I mean, the Graphene guys could impose that constraint. But they don’t have to do so.
I think that there’s a larger issue of practicality, though. Stuff like F-Droid works in part because you don’t need to install an alternative firmware on your phone — it’s not hard to install an alternate app store with the stock firmware. If suddenly using a package from a developer that isn’t registered with Google requires installing an alternate firmware, that’s going to severely limit the potential userbase for that package.
Even if you can handle installing the alternate firmware, a lot of developers probably just aren’t going to bother trying to develop software without being registered.
But if Graphene chooses not to do this, they diverge from the Android project. Which will take more time to maintain the project which will ultimately lead to more developers burning out and dropping out of the project.
It doesn’t need to be affected, but most open source projects don’t have the resources to keep going against big companies when most of their users aren’t contributing.
They already diverge by having a network permission and a bunch of other differences, and not being allowed to use Google Pay because of those differences
GrapheneOS isn’t dying. There’s an OEM partnership in the works and they’ll release devices with support for GrapheneOS in a year or two. GrapheneOS still provides updates and while the changes have made some things harder, the project is still going strong.
I’m checking out Graphene OS next week and pretty pumped about it. This Google ratfucking has been just the push I need to get off Android.
And obviously I haven’t stopped telling people around me haha
Most F-Droid users are NOT custom ROMs.
This means that as long as F-Droid does not get their own developer key - it will become useless. F-Droid is privacy focused - both dev and user, and they oppose requiring devs to essentially give up their privacy and sign the APK with their own dev key.
Now, if F-Droid is dead, GrapheneOS becomes useless. Who would want to develop apps for the 0.0001% of the population (i.e custom ROM users)
This.
I am the person you are talking about. I’ve looked into graphene before and I do host some of my own services at home. I also work full time and I don’t want to spend all of my free time managing things. I use F-Droid, but I am on stock android on my pixel.
I appreciate the privacy and FOSS nature of F-Droid, but I use things like Android auto Google maps for work, I use banking apps on my phone as well. I know technically micro G and blah blah blah, but like I said: work full time.
You are of course aware that Graphene OS is affected just like any other version of Android?
I don’t see why it would need to be affected.
The constraint to require a valid signing isn’t something imposed by the license on the Android code. If you want to distribute a version of Android that doesn’t check for a registered signature, that should work fine.
I mean, the Graphene guys could impose that constraint. But they don’t have to do so.
I think that there’s a larger issue of practicality, though. Stuff like F-Droid works in part because you don’t need to install an alternative firmware on your phone — it’s not hard to install an alternate app store with the stock firmware. If suddenly using a package from a developer that isn’t registered with Google requires installing an alternate firmware, that’s going to severely limit the potential userbase for that package.
Even if you can handle installing the alternate firmware, a lot of developers probably just aren’t going to bother trying to develop software without being registered.
But if Graphene chooses not to do this, they diverge from the Android project. Which will take more time to maintain the project which will ultimately lead to more developers burning out and dropping out of the project.
It doesn’t need to be affected, but most open source projects don’t have the resources to keep going against big companies when most of their users aren’t contributing.
They already diverge by having a network permission and a bunch of other differences, and not being allowed to use Google Pay because of those differences
And more and more, apps require to be run as playstore version only with server side checks…
I would guess that it’s probably not much by way of change — theoretically, maybe just a single line patch — to cause this check not to take place.
Graphene could sandbox the integrity check, just like they do with the Play Store.
It becomes an integrity check arms race. Graphene OS devs not keen on this idea, but they may not have a choice in the near future
Straight from the horse’s mouth. The rest of the post is a good reminder that GrapheneOS are morons.
But why would you lie about this?
Graphene is bult on top of android AOSP, which is owned by google… And of course they are fucking it over.
Check calyxos.org s recent blog posts, it is basically dying (and graphene is the same)
GrapheneOS isn’t dying. There’s an OEM partnership in the works and they’ll release devices with support for GrapheneOS in a year or two. GrapheneOS still provides updates and while the changes have made some things harder, the project is still going strong.
What happened to the Open Handset Alliance?
The what?
https://en.wikipedia.org/wiki/Open_Handset_Alliance
Google doesn’t “own” Android. They (and the OHA) are the maintainers. AOSP is open source.