The discussion I stumbled upon, about this SSH app for Android, is really worrying. Will Google really manage to make it impossible to root your phone?
But there’s more to this, it’s more complicated. In the Big Picture, Google has every incentive to make these changes — they lead to more security, and they’re aligned with Google’s corporate goals as well.
- When talking to users, Google will emphasize control over hackers.
- When talking to stockholders, Google will emphasize control over users.
Edit: I disagree with “they lead to more security”. That’s not “security”, let’s not turn words upside-down.
That has to my understanding been Google’s project all along (making Android crappy that is). IIRC they bought Android, which due to utilizing the Linux kernel was GPL software. The solution was therefore to seperate Android from all the tools that make Android work, splitting core functionality away from the now AOSP and over to Google services. By abuse of market position we are now in the position where stuff like Google push services, safety net and etc are now basically forcing people into their ecosystem. It will not get better, as witnessed with the company’s attempts at making email and most sites on the internet dependant on their ecosystem as well.
deleted by creator
To some extent you are of course right in that the underlying technology of Android has improved. What I was referring to was a design strategy aimed at crippling those who might want to present a Google-free Android alternative.
EDIT: I also want to add that MicroG, though a great project, is to my knowledge not Google free and probably never can be.
deleted by creator
From their main page:
(…) privacy-caring users can reduce or monitor data that is sent to Google (…)
From their dedicated Google connections page:
In general, we obviously try to minimize the connections to Google, but some services strictly rely on them and would just not work without.
I mean, sure you can ask for sources, but maybe take a little less aggressive stance when the information is so readily available. This took me way more time to write than you would have used looking it up yourself.
deleted by creator
This is an interesting take. Could you share some resources or links to follow this line of reasoning more in detail? Especially resources that are somewhat “noob-friendly”. Cheers.
deleted by creator
It already is. Fuck SafteyNet. It’s DRM for phones.
SafetyNet isn’t a shit anymore and it could be ez passed on unlocked BL with magisk. Play integrity check is nightmare nowdays specially on stock roms but it also can be passed on some phones/custom roms using lsposed or other magisk modules.
SafetyNet isn’t a shit anymore and it could be ez passed on unlocked BL with magisk
The real challenge has yet to come, from what I’ve understood, once basic attestation eventually gets abandoned over hardware-backed attestation.
Thankfully GraphenOS and others are maturing very well and will be a good replacement to googles BS. Hopefully they can keep custom versions alive that will support the apps you want
Aren’t there over a hundred OEMs shipping models with their own Android builds? Google will have to convince every single phone manufacturer to lock down their devices the way it wants, which doesn’t seem very easy.
Yes. Everyone can just release a tweaked Android version and Google can’t really stop them.
But if you plan to ship Google services (including the play store, which effectively makes a device an “Android device” in many users eyes) then you will have to be able to pass Googles verification suite.
That’s already the case today and adding new requirements to that in new Android versions happens all the time.
Not when all of them, from a business pov, need to be able to run Google services. As a case study we saw how brutal it was for Huawei to be locked out.
The linked article — and others — explain that in Android 10+, (a) executable binaries can no longer reside in a read/write directory, and (b) access to /sdcard will go away. Simply put, these changes destroy my application’s ability to function, and that of Termux as well.
That sounds like proper security to me? Inability to access the user’s storage is a bit lame, but they’ve been moving to nicer APIs for that anyway.
Android is a mobile phone OS, not desktop / embedded Linux.
That sounds like proper security to me?
For casual consumers, I guess. But for power users being able to download, modify, and execute code is core functionality. Shit doesn’t work without it.
deleted by creator
You missed the point. If Google pushes this through you won’t be able to root your device anymore.
Without rooting it gets a bit tough to install your favorite custom ROM.
deleted by creator
You don’t need to root the stock ROM to install a custom one, you just need an unlocked bootloader
On most, if not all, modern Android phones you can just unlock the bootloader from the dev menu. No rooting required.
There are phones with locked bootloaders. But for now there are ways to unlock them. In theory though they could just lock the bootloader and that’s it, if you can’t jailbreak the device or root the stock ROM you’re out of luck.
deleted by creator
Yeah, my experience was mostly from that time. For example with an original Galaxy S (custom ROM + overclocking).
I also had a OnePlus One, which was unlocked of course, but the key combination to get to the bootloader was super unreliable or straight up didn’t work at times.
Funny thing is: Now that it’s easier to install a custom ROM I’ve just been running stock for years.
deleted by creator
Sorry, that was more of a general comment to the topic (especially with Google getting more strict lately, see the Chromium and YouTube drama).
I didn’t expect someone to link old news, so I treated it more like a discussion.
A phone will be an appliance, and I’ll just do very basic stuff with it. Real computing will be done at the desktop anyway.
Nah this is changing.
This of course is what they said about tablets. Now people are replacing desktop or laptop workflow with tablets, or alternatively tablets are being designed with removable keyboards so the lines are blurred.
I know scientific researchers who now only travel to conferences with tablets instead of their laptops.
Finally, I predict that we’re moving to cloud computing. It’s the natural way. You VPN into a network and your computing is done on a cluster or on a central computer.
The same is already happening for gaming. People are connecting controllers and glasses like the Xreal Air to phones, then networking into a computer to play a desktop game on their phone.
Not for me it isn’t, smartphones and tablets have always been a horrible user experience (and I’m always bewildered by stories about them replacing desktop/laptops for people), I only have a smartphone out of social pressure, making them even worse is going to drive me away further.
I couldn’t imagine ever replacing a PC with a tablet. Almost none of the software I need is available as an app and what is available just isn’t the same. The lack of processing power is also a big issue. A cheap laptop is much more powerful than an expensive tablet. Also, I don’t want a tablet that is pretty much owned and controlled by Google or Apple.
Running interactive software in the cloud doesn’t work very well if you don’t have a good, low latency fiber internet connection.
This is my take on it as well. My phone is for basic quick communication. My real productivity happens on my laptop and desktop.
Will Google really manage to make it impossible to root your phone?
Google has managed this years ago, but it’s optional. There was a fairly short timeframe when most phone makers enforced it, but now most allow power users to disable the security and root their phones. But usually they will disable some security-sensitive features like Samsung Knox. And many security-sensitive apps like banking apps will not let you run them anymore (if yours does, great for you, but that also means your bank’s security is shit, just FYI).
A banking app allowing itself to run on rooted devices isn’t a security issue.
That’s right. And if there is, the issue is the bank, not your phone. Rule number 1 in security is never trust the client.
Depends on your level of security consciousness. If you’re relying on security identifiers or apis that need an “intact” system, it certainly can be a security issue if you can’t rely of those.
That being said, it’s not exactly a plausible risk for most people or apps.
deleted by creator
No they’re making it more secure to protect mainstream users, who are the bulk of Android users, at the cost of niche apps.
If android were GPL 3 the users would be protected from “tivoization” aka locked hardware. Too bad Google don’t want that happen
