Newpipe, now signed by Norman Reedus, verification picture and everything!
Google's shocking developer decree struggles to justify the urgent threat to F-Droid
Submitted 5 months ago by ardi60@reddthat.com to technology@lemmy.world
Comments
daniskarma@lemmy.dbzer0.com 5 months ago
Reygle@lemmy.world 5 months ago
Graphene users REPRESENT
Johnny101@lemmy.world 5 months ago
Google’s developer verification will only run on mainstream Android with play services. It’s not supposed won’t be running in standard AOSP so the easiest solution would be to switch to a custom ROM like GrapheneOS.
JeremyHuntQW12@lemmy.world 5 months ago
You can just install Android. Only certified vendors will have the blocking activated.
nasi_goreng@lemmy.zip 5 months ago
Well, fuck. Most of people use F-Droid on “certified vendors” device.
coolkie@lemmy.world 5 months ago
But remember, unlocking bootloader is harder and harder for many devices. And Google’s Play Integrity and API changes makes removing trace of unlocked bootloader harder. Many apps not just banking, ChatGPT, games, some of social media is completely unusable in that scenario.
Crozekiel@lemmy.zip 5 months ago
They are also working to similarly kill custom ROMs. Just recently the GrapheneOS team mentioned that Google is no longer making their hardware drivers Open Source, and so compatibility with new phones means reverse engineering their own drivers - which is a big reason that custom ROMs support such narrow hardware options already and very often come with limitations and/or features that just don’t work. At best, they figure out how to make it work, but it takes time and updates can lag significantly behind.
We have a lot of options on the software side for avoiding google (or android), but very limited options on hardware. We need open source mobile hardware support ASAP.
FreedomAdvocate@lemmy.net.au 5 months ago
They’re not so much working to kill custom roms as they are just not giving away their code anymore, going closed source for their own hardware.
Tattorack@lemmy.world 5 months ago
I don’t have that choice in Denmark due to NemID.
Johnny101@lemmy.world 5 months ago
Like other people have suggested, maybe get a second phone (one of those really cheap ones with play Services) and use that for that stuff, and keep your main personal phone google-free.
bay400@thelemmy.club 5 months ago
At this point the solution seems to just be having a second phone for that kinda shit
cosmo@lemmy.world 5 months ago
While true, the pool of unlockable devices are dwindling fast.
Tollana1234567@lemmy.today 5 months ago
even the OP is softlocking thier newer phones(arbitrary online application to unlock it) in the near future, i expect a full lock sooner or later
Johnny101@lemmy.world 5 months ago
True…. I heard GrapheneOS is having trouble porting to the Pixel 10
Paddy66@lemmy.ml 5 months ago
Contact your representative. And here’s F-droid’s article about it (including how to find your representative at the end of the article): f-droid.org/…/google-developer-registration-decre…
JeremyHuntQW12@lemmy.world 5 months ago
This involves paying a fee, agreeing to non-negotiable terms, and uploading personal government ID documents.
False.
There is no fee.
This article is garbage.
Paddy66@lemmy.ml 5 months ago
I’d be more worried about having to send gov ID docs - more creepy control by Google.
chimp@sh.itjust.works 5 months ago
You can send them your info for free, but for them to verify your app you need to pay $25
General_Effort@lemmy.world 5 months ago
European devs: Our laws will protect us!
Meanwhile, our laws:
Article 30
Traceability of traders
- Providers of online platforms allowing consumers to conclude distance contracts with traders shall ensure that traders can only use those online platforms to promote messages on or to offer products or services to consumers located in the Union if, prior to the use of their services for those purposes, they have obtained the following information, where applicable to the trader:
(a) the name, address, telephone number and email address of the trader;
(b) a copy of the identification document of the trader or any other electronic identification as defined by Article 3 of Regulation (EU) No 910/2014 of the European Parliament and of the Council (40);
take6056@feddit.nl 5 months ago
How is trader defined? Is it a developer that’s selling apps or also one that’s just providing it for free?
General_Effort@lemmy.world 5 months ago
Bear in mind that an open source license is a contract and it usually involves some form of reciprocity, like crediting the dev by name. That’s in principle not different from a sponsorship deal, where some sports stadium gets the name of a corporation.
The actual definition is even wider, though. I don’t see who you get out of that.
Trader defined in the DSA
>‘trader’ means any natural person, or any legal person irrespective of whether it is privately or publicly owned, who is acting, including through any person acting in his or her name or on his or her behalf, for purposes relating to his or her trade, business, craft or profession; eur-lex.europa.eu/legal-content/En/TXT/HTML/?uri=…
If F-droid ever has more than 50 employees, annual turnover over EUR 10 million, or over EUR 10 million on the balance sheet, then they will have to collect the same information.
seraphine@lemmy.blahaj.zone 5 months ago
we need linux phones ASAP
JeremyHuntQW12@lemmy.world 5 months ago
You cannot sideload on Linux.
OsrsNeedsF2P@lemmy.ml 5 months ago
Right, because side-loading is called “installing” on Linux
Blindsite@lemmy.today 5 months ago
They exist. People just don’t buy them. But there is a Ubuntu phone port you can install on your phone as an alternative to android.
…ubports.com/…/status-update-on-the-next-noble-ba…
But yeah it can get complicated like any Linux community project and isn’t at all mainstream.
captain_aggravated@sh.itjust.works 5 months ago
People don’t buy them because they don’t fucking work.
Johnny101@lemmy.world 5 months ago
I think Linux phones will gain some real traction within five years. Last I heard, KDE is putting great effort into making apps for Plasma Mobile
Sir_Simon_Spamalot@lemmy.world 5 months ago
I’ll believe it when I see it.
hietsu@sopuli.xyz 5 months ago
[deleted]nailbar@sopuli.xyz 5 months ago
The Jolla was probably my favorite phone, but it broke so easily. I really hope they make something more sturdy this time around.
FE80@lemmy.world 5 months ago
Does anyone know if existing linux phones can run 2FA apps such as Duo or Google authenticator?
Appoxo@lemmy.dbzer0.com 5 months ago
Or better spps like Aegis?
What is it with you people trying your best to get away from google but still using the most exchangeable app they have.ubergeek@lemmy.today 5 months ago
They can run Keeppass, which does TOTP. It doesn’t do push notifs, like Duo does, though.
Smoogs@lemmy.world 5 months ago
Why do you need the google Authenticator? Proton has it too.
MrSulu@lemmy.ml 5 months ago
Let’s hope that the rest of the world, specifically Europe smash this ridiculous proposal apart for what it is. Europe has already sorted out USB-C etc. Its not perfect and they don’t get everything right, but certainly big enough to make stuff right.
FreedomAdvocate@lemmy.net.au 5 months ago
At this stage the EU probably pushed Google to do this.
MrSulu@lemmy.ml 5 months ago
I think the European leadership has changed and we need to watch our elected officials. However don’t think Google was pushed into anything. They’re now he company that does the opposite of their original manifesto. They’re evil don’t need that.
SpaceCadet@sopuli.xyz 5 months ago
They’re too busy forcing chat control and age gates through our collective throats.
kalkulat@lemmy.world 5 months ago
Yep. The E.U. has allowed itself to be dominated for too long by the US megacorps. It has the talent, ideas, and manufacturing to tell US firms to bugger off … and the sooner, the better for us all.
Tollana1234567@lemmy.today 5 months ago
they are also going hard on surveillance, private info too, backed by RU of course.i think russell vought is behind the anti-porn verifications in the EU
ghosthacked@lemmy.wtf 5 months ago
Unless you want hillbilly outrage slop destabilising your continent, you better get control away from American tech companies.
art@lemmy.world 5 months ago
I’m starting to think these for-profit companies only care about making money.
edgyspazkid@lemmy.wtf 5 months ago
Wispy2891@lemmy.world 5 months ago
What pisses me off it that they say they do this for security. It changes absolutely anything.
They really think that malware developers will say “oh no! I need to submit a picture of an id card to sign my malware! It’s literally impossible to submit a jpg of a stolen id card, I’m ruined and out of a job!”
What does it change? Waste 20 minutes of some malware developer while they register under a stolen id? They already have a system that scans for known malware and automatically remove it.
FreedomAdvocate@lemmy.net.au 5 months ago
I don’t think it’s going to be as simple to verify as uploading a pic of an id
Wispy2891@lemmy.world 5 months ago
If it’s like the play store verification, it’s quite simple. The main problem is that once “verified”, Google publicly doxxes individual devs by publishing their residential address + private phone number + private Gmail on their dev page, and this is unacceptable for anyone except who used stolen identities
JeremyHuntQW12@lemmy.world 5 months ago
They really think that malware developers will say “oh no! I need to submit a picture of an id card to sign my malware! It’s literally impossible to submit a jpg of a stolen id card, I’m ruined and out of a job!”
Which is irrelevant. They can block any malware - now impossible to do with sideloading of apps during pop-ups.
brucethemoose@lemmy.world 5 months ago
Thing is, Play Store is already filled with malware or near malware from seemingly verified developers. I ran into several scame clone apps just today.
TeddE@lemmy.world 5 months ago
That was fundamentally F-Droid’s retort.
keegomatic@lemmy.world 5 months ago
Both things can be true. It definitely is better for security. It’s pretty much indisputably better for security.
But you know what would be even better for security? Not allowing any third-party code at all (i.e., no apps).
Obviously that’s too shitty and everyone would move off of that platform. There’s a balance that must be struck between user freedom and the general security of a worldwide network of sensitive devices.
Users should be allowed to do insecure things with their devices as long as they are (1) informed of the risks, (2) prevented from doing those things by accident if they are not informed, and (3) as long as their actions do not threaten the rest of the network.
TeddE@lemmy.world 5 months ago
It’s pretty much indisputably better for security.
I dispute this. While adding extra layers of security looks good on paper, flawed security can be worse than no security at all.
Android packages already have to be signed to be valid and those keys already are very effective in practice. In effect these new measures are reinventing the wheel as to what a layperson would think this new system does.
Adding this extra layer in fact has no actual security benefit beyond posturing/“deterrence”. Catching a perpetrator is not the same thing as preventing a crime. Worse - catching a thief in meatspace has the potential to recover stolen goods, but not so in digital spaces - either the crime is damage or destruction of data for which no punishment undoes the damage or the crime is sharing private data which in practice would almost certainly have been immediately fenced to multiple data brokers.
And were only getting started with this security theater:
- Nothing prevents an organization from hiring a developer for long enough to register before being flushed (or the same effect with a burner account on fiver)
- Nothing in this program does anything to get code libraries vetted - many of these developers may accidentally be publishing code from poisoned wells that they have no practical knowledge of.
- None of these measures make scams less profitable.
- None of this addresses greyware - software that could technically qualify as legal (because the user agreed to terms of service for a service of dubious value)
- All of this costs time and resources that will likely inevitably be shouldered on low paid engineers that could have put that effort to better uses.
- Metrics and statistics may likely be P-hacked to reflect that the new system as a success (because there’s internal pressure to make it look good) this turning-security-into-press-releases would have collateral of making accountability overall worse.
But you know what would be even better for security?
While we’re at it we could add the tropes of removing network connectivity, or switch to using clay tablets kept in a wooden box guarded by a vengeful god. Both of those would be more secure, too.
Users should be allowed to do insecure things with their devices
100% agree with you here - it’s fundamentally the principle of “Your liberty to swing your fist ends just where my nose begins”. Users should be given the tools and freedom to do as they want with their property - up until it affects another person or their property in an unwanted way.
JeremyHuntQW12@lemmy.world 5 months ago
Most Android owners don’t even know they have Android phones. They are not informed.
fading_person@lemmy.zip 5 months ago
It’s always security when someone wants to take our freedom away. Always security…
boonhet@sopuli.xyz 5 months ago
Not always. It can also be about the children.
fodor@lemmy.zip 5 months ago
Of course they know that. It’s about power and money. After all, they already have a security program that filters out malware. If we believe their stated reasoning (which we don’t), they’re tacitly admitting that their current security program is a complete failure, and also that they will not try to fix it.
interdimensionalmeme@lemmy.ml 5 months ago
The justification is simple, I don’t see the confusion, they want absolute power and for all alternatives to wither and die ? What is there not to understand ?
ezterry@lemmy.zip 5 months ago
I am perfectly ok with android apps being required to be signed by not just a certificate (they always were just it could be self signed and just needed to match to upgrade without removing data) but a list of trusted entities.
As long as:
- I can install my own key on my phone (I’d I am trusted)
- major distributors like fdroid and have a key installed without friction (like web CAs)
- Google let’s me mark their key as untrusted (I probably won’t but I should be able to refuse things they trust (at install time, not disabling preloaded apps like settings)
Without this it feels too much extending the monopoly despite being forced to allow 3rd party stores.
Zacryon@feddit.org 5 months ago
“Google stands for free and open internet”
blog.google/…/keep-internet-free-and-open/
Aged like milk.
OrteilGenou@lemmy.world 5 months ago
Don’t be something or other, hey check out this week’s doodle!
GreenKnight23@lemmy.world 5 months ago
aged like a corpse in a bathtub more like it.
OrteilGenou@lemmy.world 5 months ago
Mmmm head cheese
Hobo@lemmy.world 5 months ago
Don’t be evilBe evil when it makes money.
fodor@lemmy.zip 5 months ago
And of course the motto should have been, “Don’t do evil.” That would have been a respectable goal. But it wasn’t, because even back then they only wanted to be slightly better than Microsoft.
sudoer777@lemmy.ml 5 months ago
[deleted]OrteilGenou@lemmy.world 5 months ago
Can’t you install graphene on Pixel 6?
trolololol@lemmy.world 5 months ago
I think that’s the one I have, but please explain what mainline Linux kernel means? Would it be about installing bare Linux instead of Android?
sudoer777@lemmy.ml 5 months ago
It means you can use the regular Linux kernel instead of fucking around with a custom kernel (like Asahi) or with some sort of Android layer (like Halium)
Lightfire228@pawb.social 5 months ago
There’s the FairPhone 6, running e/OS, Which is a deGoogled port of android, running microG
Bogasse@lemmy.ml 5 months ago
If f-droid doesn’t expect to survive I think the whole stack /e/OS relies on might eventually collapse (microg, lineage, …).
spaghettiwestern@sh.itjust.works 5 months ago
Damn, I was hoping my Oneplus 6T was worth a couple grand. Nope. Someone has one on Swappa unlocked and in mint condition for $180. A Oneplus 6 is listed on Ebay for $130.
leastaction@lemmy.ca 5 months ago
It seems to me that part of the problem is overreliance on phones as computing devices. A lot of things, like banking, are best done on an actual computer. We have become too dependent on phones.
MashedTech@lemmy.world 5 months ago
Maybe we have this view because when we refer to computers we see a more open ecosystem that’s not found in the mobile phone era. I want that same liberty with my phone.
ZombieMantis@lemmy.world 5 months ago
“Year of the Linux Phone” has a nice ring to it.
DarkSideOfTheMoon@lemmy.world 5 months ago
Open source community keeps trusting Google and they keep using the Embrace, Extend, Extinguish …wikipedia.org/…/Embrace,_extend,_and_extinguish
AmericanEconomicThinkTank@lemmy.world 5 months ago
Best part: the better names in the alt os and device scenes don’t sell in us markets.
Unless you do the legwork of flashing your own device, most of us are out of luck.
I just love a good market stranglehold.
goatinspace@feddit.org 5 months ago
supersquirrel@sopuli.xyz 5 months ago
I will literally go without a smartphone if Google does this, this is insane I would have bought an iphone if I wanted a junk device I don’t actually own.
Tiger_Man_@szmer.info 5 months ago
Would this be possible to bypass by bulding an app from source and convincing android that you are a developer who is testing his program?
barnaclebutt@lemmy.world 5 months ago
Isn’t this illegal in Europe? Was that the whole point of forcing apple to allow alternative app stores?
blueworld@piefed.world 5 months ago
For those in Europe, write your representatives.
Fro me f-droid's post:
https://f-droid.org/2025/09/29/google-developer-registration-decree.htmlWhat do we propose?
Regulatory and competition authorities should look carefully at Google’s proposed activities, and ensure that policies designed to improve security are not abused to consolidate monopoly control. We urge regulators to safeguard the ability of alternative app stores and open-source projects to operate freely, and to protect developers who cannot or will not comply with exclusionary registration schemes and demands for personal information.
If you are a developer or user who values digital freedom, you can help. Write to your Member of Parliament, Congressperson or other representative, sign petitions in defense of sideloading, and contact the European Commission’s Digital Markets Act (DMA) team to express why preserving open distribution matters. By making your voice heard, you help defend not only F-Droid, but the principle that software should remain a commons, accessible and free from unnecessary corporate gatekeeping.
https://f-droid.org/2025/09/04/twif.html [^antifeatures]: F-Droid Anti-Features overview: https://f-droid.org/docs/Anti-Features/ [^howmanyusers]: How many F-Droid users are there, exactly? We don’t know, because we don’t track users or have any registration. “No user accounts, by design”: https://f-droid.org/2022/02/28/no-user-accounts-by-design.html [^sideloading]: ‘“Sideload” is a weird euphemism that the mobile duopoly came up with; it means “installing software without our permission,” which we used to just call “installing software” (because you don’t need a manufacturer’s permission to install software on your computer).’ — Pluralistic: Darth Android: <https://pluralistic.net/2025/09/01/fulu/> [^playprotect]: “Google Play Protect checks your apps and devices for harmful behavior”: <https://support.google.com/googleplay/answer/2812853>
klobuerschtler@lemmy.world 5 months ago
EU be like: Really? Didn’t you learn from Apple?
EonNShadow@pawb.social 5 months ago
My job doesn’t allow me to use a jailbroken/rooted device
So if/when this goes through I’ll be switching to iOS.
Given the choice between two closed platforms, I’ll pick the one that ostensibly says they’re privacy focused instead of the one actively enshittifying their product.
AlteredEgo@lemmy.ml 5 months ago
How does google plan to enforce this? Will they disable side-loading for any app that isn’t registered with google?
cronenthal@discuss.tchncs.de 5 months ago
There’s never been a more urgent time to switch to Linux on pretty much every device.
damon@lemmy.world 5 months ago
Hopefully they go to court to get an injunction. Hopefully, they also go to the powers that be in the EU, those same powers have been so focused on the Apple App Store they failed to take into account Google can do something like this with the Play Store. It would be a shame for the F-Droid project to end but it is completely avoidable.
WhatAmLemmy@lemmy.world 5 months ago
This is why I didn’t bother switching to GOS, Lineage, Calyx etc despite being sick of Apple’s anti-foss monopoly — marketed as Privacy™️ and Security™️ — for years.
The late stage capitalism of western oligarchies indicated that Google’s rug pull of AOSP was an imminent inevitability. After already having to change my services and workflows multiple times over the last 2 decades — despite careful analysis and forethought — due to services ever changing value propositions, acquisitions, and all other forms of enshittification, I’m at the point where I won’t bother wasting energy on 99% of digital products unless they’re open source and I can run them indefinitely on my own Linux server.
The more dependent you grow on digital products, the more interdependent they become, and the more time and effort is required to replace or substitute them.
ook@discuss.tchncs.de 5 months ago
I am really glad to see these articles popping up now. Since the news broke a week back or so it was suspiciously quiet about this, despite lots of negative comments here.
Goretantath@lemmy.world 5 months ago
So when this happens, can’t fdroid just make a PC side installer that syncs apps to the phone through adb? Sure it sucks that you can’t just tap to install now but at least people could still use their 600 dollar phones for as long as they were supposed to by plugging in every now and then when your PC fdroid client tells you there’s updates. Heck on the meta quest I used adb only with the quest headset once I got it configured, it was some self hosted adb server and let me do all the sit I needed a computer for in the first place without one, maybe fdroid could change the client to use a “remote adb” solution like that?