The discussion I stumbled upon, about this SSH app for Android, is really worrying. Will Google really manage to make it impossible to root your phone?

But there’s more to this, it’s more complicated. In the Big Picture, Google has every incentive to make these changes — they lead to more security, and they’re aligned with Google’s corporate goals as well.

  • When talking to users, Google will emphasize control over hackers.
  • When talking to stockholders, Google will emphasize control over users.

Edit: I disagree with “they lead to more security”. That’s not “security”, let’s not turn words upside-down.

    • ptasznik666
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      SafetyNet isn’t a shit anymore and it could be ez passed on unlocked BL with magisk. Play integrity check is nightmare nowdays specially on stock roms but it also can be passed on some phones/custom roms using lsposed or other magisk modules.

      • clb92@feddit.dk
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        SafetyNet isn’t a shit anymore and it could be ez passed on unlocked BL with magisk

        The real challenge has yet to come, from what I’ve understood, once basic attestation eventually gets abandoned over hardware-backed attestation.

      • Da_Boom@iusearchlinux.fyi
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Tell me what module will allow me to pass CTS on a stock ROM, I can’t find fuck all - the most I can find is mods to pass basic Attestation, and “disable” CTS - the problem is that SafteyNet, for phones that are known to have a working CTS, will fail if CTS is disabled - to this day I have 2 apps that I can no longer use as they require CTS.

        If you can tell me any app, short of a custom ROM that I can use to bypass this behaviour, it will make me incredibly happy.

        (google wallet, which Idgaf about, but also this other app that allows me to block companies from checking my credit score)

        • ptasznik666
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          https://github.com/kdrag0n/safetynet-fix/releases

          It should work. Flashed this on more than 10 devices stock/custom and it not working only on shitsung Galaxy a13.

          My current setup is lineageos with magisk (magisk delta fork) and microg also installed as module and i pass safetynet without a problem.

          edit: fuck g00gle

  • Urist
    link
    fedilink
    arrow-up
    41
    ·
    1 year ago

    That has to my understanding been Google’s project all along (making Android crappy that is). IIRC they bought Android, which due to utilizing the Linux kernel was GPL software. The solution was therefore to seperate Android from all the tools that make Android work, splitting core functionality away from the now AOSP and over to Google services. By abuse of market position we are now in the position where stuff like Google push services, safety net and etc are now basically forcing people into their ecosystem. It will not get better, as witnessed with the company’s attempts at making email and most sites on the internet dependant on their ecosystem as well.

      • Urist
        link
        fedilink
        English
        arrow-up
        16
        ·
        edit-2
        1 year ago

        To some extent you are of course right in that the underlying technology of Android has improved. What I was referring to was a design strategy aimed at crippling those who might want to present a Google-free Android alternative.

        EDIT: I also want to add that MicroG, though a great project, is to my knowledge not Google free and probably never can be.

          • Urist
            link
            fedilink
            English
            arrow-up
            11
            ·
            1 year ago

            From their main page:

            (…) privacy-caring users can reduce or monitor data that is sent to Google (…)

            From their dedicated Google connections page:

            In general, we obviously try to minimize the connections to Google, but some services strictly rely on them and would just not work without.

            I mean, sure you can ask for sources, but maybe take a little less aggressive stance when the information is so readily available. This took me way more time to write than you would have used looking it up yourself.

      • stravanasu@lemmy.sdf.orgOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        This is an interesting take. Could you share some resources or links to follow this line of reasoning more in detail? Especially resources that are somewhat “noob-friendly”. Cheers.

  • red@feddit.de
    link
    fedilink
    arrow-up
    25
    arrow-down
    1
    ·
    1 year ago

    Will Google really manage to make it impossible to root your phone?

    Google has managed this years ago, but it’s optional. There was a fairly short timeframe when most phone makers enforced it, but now most allow power users to disable the security and root their phones. But usually they will disable some security-sensitive features like Samsung Knox. And many security-sensitive apps like banking apps will not let you run them anymore (if yours does, great for you, but that also means your bank’s security is shit, just FYI).

      • ricecake@beehaw.org
        link
        fedilink
        arrow-up
        9
        ·
        1 year ago

        Depends on your level of security consciousness. If you’re relying on security identifiers or apis that need an “intact” system, it certainly can be a security issue if you can’t rely of those.

        That being said, it’s not exactly a plausible risk for most people or apps.

      • noddy@beehaw.org
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        That’s right. And if there is, the issue is the bank, not your phone. Rule number 1 in security is never trust the client.

  • BCsven@lemmy.ca
    link
    fedilink
    arrow-up
    21
    ·
    1 year ago

    Thankfully GraphenOS and others are maturing very well and will be a good replacement to googles BS. Hopefully they can keep custom versions alive that will support the apps you want

  • NRoach44
    link
    fedilink
    English
    arrow-up
    18
    ·
    1 year ago

    The linked article — and others — explain that in Android 10+, (a) executable binaries can no longer reside in a read/write directory, and (b) access to /sdcard will go away. Simply put, these changes destroy my application’s ability to function, and that of Termux as well.

    That sounds like proper security to me? Inability to access the user’s storage is a bit lame, but they’ve been moving to nicer APIs for that anyway.

    Android is a mobile phone OS, not desktop / embedded Linux.

    • lemillionsocks@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      A mobile phone that increasingly has more of your life on it at that. So whereas 12 years ago you might have just lost your contact list and some fart sound boards, today you have bank apps, payment apps, tickets, cards, identification, auto logged in shopping access, and more!

      I know more recent versions of android made me curse at google for adding all these guard rails and walls making doing some stuff more difficult.

      On the other hand I recently had a phone fall out of my pocket and in the time it took me to get from the corner back to the place I dropped it someone had nabbed it. I was suddenly a lot more appreciative of the restrictions in place that turned my stolen device into a chargeable paper weight.

    • conciselyverbose@kbin.social
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      That sounds like proper security to me?

      For casual consumers, I guess. But for power users being able to download, modify, and execute code is core functionality. Shit doesn’t work without it.

  • katy ✨@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    1 year ago

    No they’re making it more secure to protect mainstream users, who are the bulk of Android users, at the cost of niche apps.

  • Sky Cato@beehaw.org
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    If android were GPL 3 the users would be protected from “tivoization” aka locked hardware. Too bad Google don’t want that happen

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      If at least Linux kernel were GPLv3 we’ll be safe from OEMs preventing unlocking bootloader.

      If whole Android was GPLv3… Too good to even imagine, it’s not going to happen anyway so why even imagine…

  • people_are_cute@lemmy.sdf.org
    link
    fedilink
    arrow-up
    11
    arrow-down
    1
    ·
    1 year ago

    Aren’t there over a hundred OEMs shipping models with their own Android builds? Google will have to convince every single phone manufacturer to lock down their devices the way it wants, which doesn’t seem very easy.

    • Urist
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      Not when all of them, from a business pov, need to be able to run Google services. As a case study we saw how brutal it was for Huawei to be locked out.

    • rentar42@kbin.social
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Yes. Everyone can just release a tweaked Android version and Google can’t really stop them.

      But if you plan to ship Google services (including the play store, which effectively makes a device an “Android device” in many users eyes) then you will have to be able to pass Googles verification suite.

      That’s already the case today and adding new requirements to that in new Android versions happens all the time.

    • Vlyn@lemmy.zip
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 year ago

      You missed the point. If Google pushes this through you won’t be able to root your device anymore.

      Without rooting it gets a bit tough to install your favorite custom ROM.

      • Ghoelian@feddit.nl
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        You don’t need to root the stock ROM to install a custom one, you just need an unlocked bootloader

        • Vlyn@lemmy.zip
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          There are phones with locked bootloaders. But for now there are ways to unlock them. In theory though they could just lock the bootloader and that’s it, if you can’t jailbreak the device or root the stock ROM you’re out of luck.

            • Vlyn@lemmy.zip
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Yeah, my experience was mostly from that time. For example with an original Galaxy S (custom ROM + overclocking).

              I also had a OnePlus One, which was unlocked of course, but the key combination to get to the bootloader was super unreliable or straight up didn’t work at times.

              Funny thing is: Now that it’s easier to install a custom ROM I’ve just been running stock for years.

                • Vlyn@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  Sorry, that was more of a general comment to the topic (especially with Google getting more strict lately, see the Chromium and YouTube drama).

                  I didn’t expect someone to link old news, so I treated it more like a discussion.

  • HidingCat@kbin.social
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    A phone will be an appliance, and I’ll just do very basic stuff with it. Real computing will be done at the desktop anyway.

    • phario@lemmy.ca
      link
      fedilink
      English
      arrow-up
      14
      ·
      edit-2
      1 year ago

      Nah this is changing.

      This of course is what they said about tablets. Now people are replacing desktop or laptop workflow with tablets, or alternatively tablets are being designed with removable keyboards so the lines are blurred.

      I know scientific researchers who now only travel to conferences with tablets instead of their laptops.

      Finally, I predict that we’re moving to cloud computing. It’s the natural way. You VPN into a network and your computing is done on a cluster or on a central computer.

      The same is already happening for gaming. People are connecting controllers and glasses like the Xreal Air to phones, then networking into a computer to play a desktop game on their phone.

      • Mane25@feddit.uk
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        Not for me it isn’t, smartphones and tablets have always been a horrible user experience (and I’m always bewildered by stories about them replacing desktop/laptops for people), I only have a smartphone out of social pressure, making them even worse is going to drive me away further.

      • cmnybo@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        I couldn’t imagine ever replacing a PC with a tablet. Almost none of the software I need is available as an app and what is available just isn’t the same. The lack of processing power is also a big issue. A cheap laptop is much more powerful than an expensive tablet. Also, I don’t want a tablet that is pretty much owned and controlled by Google or Apple.

        Running interactive software in the cloud doesn’t work very well if you don’t have a good, low latency fiber internet connection.

    • albinanigans@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      While this is the case for me personally, a lot of folks just pull out their cellphones to do the work they need. I feel like we’re the minority with this opinion.

      • HidingCat@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        That’s fine, that’s their choice. I get the feeling some here want to impose how things should be for others too.

  • Zacryon@feddit.de
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    With Ubuntu Touch, we offer a truly unique mobile experience - a viable alternative to Android and iOS. We provide a free and open-source GNU/Linux-based mobile operating system.

    Commercial maintainers

    (Companies like Volla, FXP and Fairphone offer compatible Ubuntu Phones as part of their business. Their reputation rests on preventing any major problems and taking a long view. Some devices can even be bought with Ubuntu Touch already installed!

    https://devices.ubuntu-touch.io/

  • Leafeytea@beehaw.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Have read the thread, since I am currently considering replacing my dinosaur Samsung S5. It still works like a charm and I have zero issue with it doing what I need it to do. I long ago unlocked and rooted it. I was starting to feel like replacing it may be wise before it should suddenly not work out of the blue since it’s so old.

    My question is: should I be moving on to iPhone if these sort of issue with newer Androids are going to make them more difficult to use as I want? or do iPhones have the same problems? Forgive my ignorance since I know nothing about iPhones. I am just curious.

    • Onihikage@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      iPhones are much, much more of a walled garden because Apple is an anticompetitive control freak that loves planned obsolescence. The EU is having to force them just to allow other app stores on iOS other than Apple’s, and obviously it’s impossible to install a different OS on an iPhone (and it’s becoming impossible to manually install MacOS on their desktop machines).

      Meanwhile on Android phones you can install any app store you want (Play, Amazon, itch, F-Droid, etc.) or just download an APK and install it directly, like we’ve done for 30 years on PCs. Many Android phones have an unlockable bootloader so you can flash a custom build of Android or even Linux on it. Even if the stock ROM doesn’t let you acquire root access, a third-party build often will (though many banking apps will complain if you try to use them while rooted). I put GrapheneOS on my Pixel so I could deny Play Services most of the incredibly invasive permissions it wants; other ROMs exist for many popular Android phones such as CalyxOS, LineageOS, etc.

      In my experience, I haven’t really needed root for anything on a recent device. Running a custom ROM takes care of most of the reasons to want root in the first place, and what’s left isn’t worth the risk, to me at least, of a malicious or compromised app having root access to the device.

    • averyminya@beehaw.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      No definitely not.

      You’d want basically any phone that has a build for lineageOS if you really care about that sort of stuff. But in all honesty, if you buy a phone that has what you want without having most of what you don’t want (LG, Sony are two that come to mind) they’ll last you a good 5 years by which point someone will have made a different OS for the phone.

    • jemorgan@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I was a dedicated Android user from the Galaxy S2 to the Pixel 3, and was on Google phones since the nexus 5. I always had my phone rooted, and until it became too inconvenient, I was really into ROM hopping.

      When I got the nexus 5, I vowed not to get another Samsung phone because of how hard they were making it to unlock your bootloader. Then on the pixel 3, Safety Net kept realizing I was rooted and breaking the apps I needed for work, and I realized I was having to plug my phone into my computer to fix things way more than I wanted to. I ended up just running stock because I didn’t want to worry about not being able to log into my mobile banking when I was out of the house.

      When I was looking at replacing my pixel 3, it was clear that Google was no longer as root friendly as they once were, so I started looking at other Android options. I wasn’t impressed. It occurred to me that the main reason I’d always avoided Apple was because of the lack of root support

      So I went out on a limb and got the iPhone 12 Pro, and to my surprise, I loved it. If you’ve already accepted the idea of leaving the FW stock, it’s perfect. I get updates the day they roll out, the hardware is so much nicer than anything I’ve seen from Android (that’s partially subjective), the software/hardware integration is so good that it blows me away. I don’t know if I’ve ever seen so much as a UI stutter, I still get a solid 2 days/two nights of battery life on a >2 year old phone. The 3rd party apps are more consistently high-quality, and the native apps actually feel consistent and thought out, rather than feeling like the work of 10 different teams throwing stuff at the wall to see what sticks. And a lot of people don’t care about this, but it’s a huge deal to me; Google is an ad-tech company that sells user data to advertisers. Apple is a hardware company that sells devices to users. The difference in their policies on user privacy are stark, which means I no longer have to worry about every website I visit knowing what prescriptions I’m taking.

      Siri is useless, especially compared to Google assistant. Notifications are better on Android. Ecosystem integration is a huge selling point for Apple products, IT really can’t be overstated how well things work together, but that only matters if you are open to owning an Apple Watch, AirPods, AirTags, an iPad and a MacBook. I miss the *variety * of apps on the Play Store, especially free ones.

      I’m not a loyalist for either team, they’ve each got pros and cons, but my best effort at an objective analysis makes me feel that the iPhone is a lot better of a fit for someone like me.