Newpipe, now signed by Norman Reedus, verification picture and everything!
Graphene users REPRESENT
we need linux phones ASAP
They exist. People just don’t buy them. But there is a Ubuntu phone port you can install on your phone as an alternative to android.
But yeah it can get complicated like any Linux community project and isn’t at all mainstream.
People don’t buy them because they don’t fucking work.
We had a few good Linux phones back in the day but Nokia / Microsoft killed them trying to compete with iPhone OS and Android: Maemo / Meego were great but did not get a proper chance.
Jolla continued the legacy and Sailfish OS is still something worth checking out if you can find suitable hardware, or idk how complex it is to port it.
Seems to be new Jolla phone coming up at some point too: https://forum.sailfishos.org/t/next-gen-jolla-phone/23882
The Jolla was probably my favorite phone, but it broke so easily. I really hope they make something more sturdy this time around.
I think Linux phones will gain some real traction within five years. Last I heard, KDE is putting great effort into making apps for Plasma Mobile
I’ll believe it when I see it.
You cannot sideload on Linux.
Right, because side-loading is called “installing” on Linux
Does anyone know if existing linux phones can run 2FA apps such as Duo or Google authenticator?
deleted by creator
Or better apps like Aegis?
What is it with you people trying your best to get away from google but still using the most exchangeable app they have.Why do you need the google Authenticator? Proton has it too. Which (from searching) looks like it’s compatible for the Ubuntu systems. But that’s just from the search. I ‘m personally just using it with a android right now. I am currently eyeing up the fairphone Ubuntu as my next phone
Why do you need the google Authenticator?
Systems at work use google authenticator for 2FA. Prior jobs have used Duo.
they are interchangeable. you can export from google to use in proton. I’ve set all my google logins to proton too. I’ve not experienced this ‘locked in’ situation if you’re using your own phone to run the app.
Google Authenticator is merely a generic TOTP token storage app. The person you’re replying to was pointing out that Google Authenticator, specifically, isn’t necessary. There are alternatives, and unless you’re using a company-owned device that restricts the apps you can use there is no way for work to dictate which app you use for TOTP tokens.
Duo, Okta Verify, and other 2FA apps that use push notifications and such, are a different beast altogether.
My work has me using 3 different 2FA apps depending on what service I’m accessing. It’s great! Especially with the noticable battery consumption increase after setting up 2 more 2FA apps than I had before
Same reason collectivist people like social media censorship and gun control, to make them feel “safe” even though all it does is centralize power. Besides hi ow many people have the tech skills to even know what third party app repositories are?
They can run Keeppass, which does TOTP. It doesn’t do push notifs, like Duo does, though.
Contact your representative. And here’s F-droid’s article about it (including how to find your representative at the end of the article): https://f-droid.org/en/2025/09/29/google-developer-registration-decree.html
This involves paying a fee, agreeing to non-negotiable terms, and uploading personal government ID documents.
False.
There is no fee.
This article is garbage.
I’d be more worried about having to send gov ID docs - more creepy control by Google.
You can send them your info for free, but for them to verify your app you need to pay $25
Let’s hope that the rest of the world, specifically Europe smash this ridiculous proposal apart for what it is. Europe has already sorted out USB-C etc. Its not perfect and they don’t get everything right, but certainly big enough to make stuff right.
At this stage the EU probably pushed Google to do this. They’ve taken a sharp turn to authoritarianism.
I think the European leadership has changed and we need to watch our elected officials. However don’t think Google was pushed into anything. They’re now he company that does the opposite of their original manifesto. They’re evil don’t need that.
They’re too busy forcing chat control and age gates through our collective throats.
Yep. The E.U. has allowed itself to be dominated for too long by the US megacorps. It has the talent, ideas, and manufacturing to tell US firms to bugger off … and the sooner, the better for us all.
they are also going hard on surveillance, private info too, backed by RU of course.i think russell vought is behind the anti-porn verifications in the EU
Unless you want hillbilly outrage slop destabilising your continent, you better get control away from American tech companies.
Google’s developer verification will only run on mainstream Android with play services. It’s not supposed won’t be running in standard AOSP so the easiest solution would be to switch to a custom ROM like GrapheneOS.
They are also working to similarly kill custom ROMs. Just recently the GrapheneOS team mentioned that Google is no longer making their hardware drivers Open Source, and so compatibility with new phones means reverse engineering their own drivers - which is a big reason that custom ROMs support such narrow hardware options already and very often come with limitations and/or features that just don’t work. At best, they figure out how to make it work, but it takes time and updates can lag significantly behind.
We have a lot of options on the software side for avoiding google (or android), but very limited options on hardware. We need open source mobile hardware support ASAP.
They’re not so much working to kill custom roms as they are just not giving away their code anymore, going closed source for their own hardware.
You can just install Android. Only certified vendors will have the blocking activated.
Well, fuck. Most of people use F-Droid on “certified vendors” device.
If only. Most people I know have never heard of F-Droid… Only privacy-savvy people have.
While true, the pool of unlockable devices are dwindling fast.
even the OP is softlocking thier newer phones(arbitrary online application to unlock it) in the near future, i expect a full lock sooner or later
True…. I heard GrapheneOS is having trouble porting to the Pixel 10
Also, aren’t some critical apps like banking apps starting to ban unlocked / non-stock systems? Heard someone complaining about this a while ago.
Yes, banking apps, streaming apps, even some shopping apps. This has been a problem for a long time. Sometimes its for “security” reasons and sometimes its simply because the app uses Play Service APIs. Another issue on de-googled systems is push notifications, though that is often fixed through alternates like Unified Push
But remember, unlocking bootloader is harder and harder for many devices. And Google’s Play Integrity and API changes makes removing trace of unlocked bootloader harder. Many apps not just banking, ChatGPT, games, some of social media is completely unusable in that scenario.
I don’t have that choice in Denmark due to NemID.
Like other people have suggested, maybe get a second phone (one of those really cheap ones with play Services) and use that for that stuff, and keep your main personal phone google-free.
This is the way for me too
At this point the solution seems to just be having a second phone for that kinda shit
I don’t like that my neighbours are noisy, guess i should get a second house for when they’re shouting
ah yes because phones are $400,000-$1,000,000+
I’m comparing the impracticality, not the monetary impact
ah yes because those things are completely unrelated
-
Carrying two massive slabs because a few apps won’t run on one of them
-
Having a second home because some nights you can’t sleep in one due to noisy neighbours
Where the more simple solution would be:
- Have a phone that can run all of the apps you need so you don’t need to buy and carry around a second phone
- deal with your neighbours and sort stuff out rather than buy and travel to and from a second home.
-
I’m starting to think these for-profit companies only care about making money.
gulp You might be right
European devs: Our laws will protect us!
Meanwhile, our laws:
Article 30
Traceability of traders
- Providers of online platforms allowing consumers to conclude distance contracts with traders shall ensure that traders can only use those online platforms to promote messages on or to offer products or services to consumers located in the Union if, prior to the use of their services for those purposes, they have obtained the following information, where applicable to the trader:
(a) the name, address, telephone number and email address of the trader;
(b) a copy of the identification document of the trader or any other electronic identification as defined by Article 3 of Regulation (EU) No 910/2014 of the European Parliament and of the Council (40);
How is trader defined? Is it a developer that’s selling apps or also one that’s just providing it for free?
Bear in mind that an open source license is a contract and it usually involves some form of reciprocity, like crediting the dev by name. That’s in principle not different from a sponsorship deal, where some sports stadium gets the name of a corporation.
The actual definition is even wider, though. I don’t see who you get out of that.
Trader defined in the DSA
‘trader’ means any natural person, or any legal person irrespective of whether it is privately or publicly owned, who is acting, including through any person acting in his or her name or on his or her behalf, for purposes relating to his or her trade, business, craft or profession;
https://eur-lex.europa.eu/legal-content/En/TXT/HTML/?uri=CELEX%3A32022R2065#art_3
If F-droid ever has more than 50 employees, annual turnover over EUR 10 million, or over EUR 10 million on the balance sheet, then they will have to collect the same information.
What pisses me off it that they say they do this for security. It changes absolutely anything.
They really think that malware developers will say “oh no! I need to submit a picture of an id card to sign my malware! It’s literally impossible to submit a jpg of a stolen id card, I’m ruined and out of a job!”
What does it change? Waste 20 minutes of some malware developer while they register under a stolen id? They already have a system that scans for known malware and automatically remove it.
I don’t think it’s going to be as simple to verify as uploading a pic of an id
If it’s like the play store verification, it’s quite simple. The main problem is that once “verified”, Google publicly doxxes individual devs by publishing their residential address + private phone number + private Gmail on their dev page, and this is unacceptable for anyone except who used stolen identities
They really think that malware developers will say “oh no! I need to submit a picture of an id card to sign my malware! It’s literally impossible to submit a jpg of a stolen id card, I’m ruined and out of a job!”
Which is irrelevant. They can block any malware - now impossible to do with sideloading of apps during pop-ups.
Thing is, Play Store is already filled with malware or near-malware from seemingly verified developers. I ran into several scam clone apps just today. It’s even snuck in through OEM apps.
Same on iOS, which supposedly verifies devs.
If ‘verification’ and curation is their idea of security, well… It appears their system is already overloaded, yet they want to expand it?
That was fundamentally F-Droid’s retort.
It’s absolutely insane that anyone pretends Google Play and the App Store are fine though.
Has anyone scrolled through any search and not seen a sea of heavily marketed scam apps?
It’s always security when someone wants to take our freedom away. Always security…
Not always. It can also be about the children.
About keeping the children safe
That’s also security.
Not really, it’s more about children not being exposed to things usually. Hence starting with age requirements for porn and they move forward to other things.
“Protecting the children from harmful content and predators”, “protecting people from terrorists and criminals”, “protecting users from hackers” are all forms of security, and are all used as arguments to erode freedoms.
It all boils down to: just give up this bit of freedom so we can keep everyone safe.
Both things can be true. It definitely is better for security. It’s pretty much indisputably better for security.
But you know what would be even better for security? Not allowing any third-party code at all (i.e., no apps).
Obviously that’s too shitty and everyone would move off of that platform. There’s a balance that must be struck between user freedom and the general security of a worldwide network of sensitive devices.
Users should be allowed to do insecure things with their devices as long as they are (1) informed of the risks, (2) prevented from doing those things by accident if they are not informed, and (3) as long as their actions do not threaten the rest of the network.
Side-loading is perfectly reasonable under those conditions.
It’s pretty much indisputably better for security.
I dispute this. While adding extra layers of security looks good on paper, flawed security can be worse than no security at all.
Android packages already have to be signed to be valid and those keys already are very effective in practice. In effect these new measures are reinventing the wheel as to what a layperson would think this new system does.
Adding this extra layer in fact has no actual security benefit beyond posturing/“deterrence”. Catching a perpetrator is not the same thing as preventing a crime. Worse - catching a thief in meatspace has the potential to recover stolen goods, but not so in digital spaces - either the crime is damage or destruction of data for which no punishment undoes the damage or the crime is sharing private data which in practice would almost certainly have been immediately fenced to multiple data brokers.
And were only getting started with this security theater:
- Nothing prevents an organization from hiring a developer for long enough to register before being flushed (or the same effect with a burner account on fiver)
- Nothing in this program does anything to get code libraries vetted - many of these developers may accidentally be publishing code from poisoned wells that they have no practical knowledge of.
- None of these measures make scams less profitable.
- None of this addresses greyware - software that could technically qualify as legal (because the user agreed to terms of service for a service of dubious value)
- All of this costs time and resources that will likely inevitably be shouldered on low paid engineers that could have put that effort to better uses.
- Metrics and statistics may likely be P-hacked to reflect that the new system as a success (because there’s internal pressure to make it look good) this turning-security-into-press-releases would have collateral of making accountability overall worse.
But you know what would be even better for security?
While we’re at it we could add the tropes of removing network connectivity, or switch to using clay tablets kept in a wooden box guarded by a vengeful god. Both of those would be more secure, too.
Users should be allowed to do insecure things with their devices
100% agree with you here - it’s fundamentally the principle of “Your liberty to swing your fist ends just where my nose begins”. Users should be given the tools and freedom to do as they want with their property - up until it affects another person or their property in an unwanted way.
Most Android owners don’t even know they have Android phones. They are not informed.
Of course they know that. It’s about power and money. After all, they already have a security program that filters out malware. If we believe their stated reasoning (which we don’t), they’re tacitly admitting that their current security program is a complete failure, and also that they will not try to fix it.
The justification is simple, I don’t see the confusion, they want absolute power and for all alternatives to wither and die ? What is there not to understand ?
“Google stands for free and open internet”
https://blog.google/outreach-initiatives/public-policy/keep-internet-free-and-open/
Aged like milk.
Don’t be evilBe evil when it makes money.
And of course the motto should have been, “Don’t do evil.” That would have been a respectable goal. But it wasn’t, because even back then they only wanted to be slightly better than Microsoft.
aged like a corpse in a bathtub more like it.
Mmmm head cheese
Don’t be something or other, hey check out this week’s doodle!
I am perfectly ok with android apps being required to be signed by not just a certificate (they always were just it could be self signed and just needed to match to upgrade without removing data) but a list of trusted entities.
As long as:
- I can install my own key on my phone (I’d I am trusted)
- major distributors like fdroid and have a key installed without friction (like web CAs)
- Google let’s me mark their key as untrusted (I probably won’t but I should be able to refuse things they trust (at install time, not disabling preloaded apps like settings)
Without this it feels too much extending the monopoly despite being forced to allow 3rd party stores.
Technically illegal where I live.
In Brazil you can’t sell a device with a given feature and then remove said feature in a software update. Even Apple, known for never allowing downgrades, was forced to downgrade and pay a fine to a customer after his iPad 3 updated to iOS 7 and lost an iOS 6 feature.
In other words… every single Android device sold until today in Brazil allows sideloading. Even if a single customer uses a sideloaded app, removing the ability to sideload freely would be illegal, and because the original feature didn’t require a developer signature it can’t be enforced now.
The issue is, as always, if this went to court somebody would have to manage to explain to a tech illiterate judge what a “developer signature” is, how this relates to “sideloading” and so on.
They’re not removing a feature though, so that whole argument falls over instantly.
Today: I can sideload a non verified apk.
After the update: I grab the same apk and I can’t sideload it.
Also, let’s stop calling it “sideloading”. Sideloading has a bad vibe. We just want to INSTALL software on our own devices.
thank god for brazil
… Brazil is one of the first countries this’ll go into effect and I also remember something about how that first batch of countries was chosen because their governmemts support this change.
because their governmemts support this change.
I can see how Google’s PR team might use this argument, but it’s certainly illegal in Brazil so our government most definitely isn’t supporting this decision. Also, it needs to be way more specific than “government” - who exactly is endorsing this? Procon? Anatel? Polícia Federal?
Either way, the actual reason for targeting Brazil as one of the first is because we do love our piracy, which naturally translates into sideloading being frequent.
brazil and piracy are a match made in heaven, I remember when I was 8 and my mom went with me to a openstreet market to buy xbox360 games, all were pirate copies selling in open sky to anyone to buy, copyright be dammed, and of course can’t forget the famous “gato” to watch all tv channels for free with a android box that definetly does not has a backdoor in it
Best of luck to Brazil then. Hopefully you get them to change course.
Brazil has actually been really good about holding the mega corps to account recently. I’m very hopeful for them.
The problem might be that Google will argue this isn’t a downgrade at all, but an upgrade (for “security” reasons). I don’t want to be a pessimist, but the tech illiterate judges could eat that up.
That’s exactly what they’re hoping for, and why we need to keep pouring out our outcry to reach them and hope they become more tech-literate.
technically you will still be able to install apps from outside the play store, but the developer will need to verify their identity with google.
Of course, most developers will refuse to do so (myself included), and so most apps will not be able to be installed. From a technical perspective, installing apps from other sources will still be allowed. So i can see judges ruling that this is not a feature removal.
You and I both know this is google killing non play store apps, but I don’t think the tech illiterate judges will see it that way.
Technically you can still install apps unsigned through ADB.
Considering it’s easier than ever to start up something like Shizuku, it could be used to grant f-droid access to install apps bypassing the requirement.
Obviously not a good solution by any means.
but the developer will need to verify their identity with google.
If I purchase a device today, it’s got the ability to install apps that are not verified. This is a feature. If now it’s restricted, it violates our code.
Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices.
Are they actually proposing to make any previously sold devices “certified” through a software update, though? Your points are right on if this edict applied to all devices.
A “certified Android device” is a device running Google Play Services, Play Protect, Google’s WideVine DRM scheme and a few other requirements. If you purchase a device from a known manufacturer, like Samsung, you’re falling into this category.
Isn’t this illegal in Europe? Was that the whole point of forcing apple to allow alternative app stores?
Technically, third party app stores are allowed. Developers “only” register with google to receive a developer certificate. Isn’t apple doing the same thing in response to the EU regulations and that has been allowed?
Seems like a weasel around the requirement to get rid of the actual benefit of 3rd party stores.
If you have a Mac, have you ever tried installing an app and have it refuse because it’s not signed by Apple, and then you had to go into settings and click “allow anyway?”
This is that, except without the allow anyway feature, like iOS. It doesn’t matter if it comes from the play store or elsewhere, as this story originally had us believe.
No, Google is following Apple’s exmaple.
I can’t believe how useless the EU regulations are.
It’s because they regularly overstep their bounds and force overseas companies to do things they have no right to make them do, which actively hurt their business. Of course companies are going to do their very best to comply while making it have as little impact as possible!
Open source community keeps trusting Google and they keep using the Embrace, Extend, Extinguish https://en.m.wikipedia.org/wiki/Embrace,_extend,_and_extinguish
Anyone that builds their entire company and/or product around being reliant on a multi-billion/trillion dollar company providing them with their source code for free so you can use it to get around using their services is only setting themselves up for disaster.
If you rely on Google giving you their source code, you need to have a backup plan ready at all times for what to do when Google don’t give you their source code.
What should anyone have done different? Not built for one of the largest platforms with the most users?
Android is so big because the community let them embrace it. Since the beginning the community should have worked in a true open solution. Now it’s really late to try to make a Linux phone
It doesn’t need to be Linux though - AOSP is still open source. Companies like graphebe using it just needed to not depend on Google to provide them the hardware and software to keep their OS viable. It’s entirely on them.
Luddite. I’ve let AI manage my finances and mortgage for about a month now. Hold on, there’s a knock at the door, some dudes with a big van or something
Linux would suck on a phone. Sorry it is barely usable on a laptop. We get worse battery life hardware less supported. Sure we put up with it but most people just want stuff to work.
This is because the community did not spent too much time optimizing for this goal. This is what I am saying, the open source community should invest more on Linux phone.
