Post AY5oXfluW3f4wEgPBY by liberloebi@digitalcourage.social
(DIR) More posts by liberloebi@digitalcourage.social
(DIR) Post #AWbu1vExAHDPQLLVce by eighthave@social.librem.one
2023-06-12T09:02:08Z
1 likes, 3 repeats
This screen that #Google shows on #Android when installing #FDroid really bugs me. It is purely based on the integer value targetSdkVersion, without considering our security model, public audits results, track record over 10+ years, exclusive use of memory safe languages, or even what our code actually does. It is as if #FDroid marked anything that comes from Google as containing ads and trackers. 1/2
(DIR) Post #AWbuJGoEE1B7F37MLw by eighthave@social.librem.one
2023-06-12T09:05:16Z
0 likes, 0 repeats
I will go one step further and say that calling F-Droid an "unsafe app" by this standard is dishonest. It seems that some at #Google also agreed, since the older version of that screen was honest: "Blocked by Play Protect" instead of "Unsafe app blocked". Looks like the #GooglePlay team is still focused on protecting their #monopoly, this time using scare tactics.
(DIR) Post #AWbuKnsQlVzG5aoYam by eighthave@social.librem.one
2023-06-12T09:05:33Z
0 likes, 0 repeats
I will go one step further and say that calling #FDroid an "unsafe app" by this standard is dishonest. It seems that some at #Google also agreed, since the older version of that screen was honest: "Blocked by Play Protect" instead of "Unsafe app blocked". Looks like the #GooglePlay team is still focused on protecting their #monopoly, this time using scare tactics.
(DIR) Post #AWbuLomEu7T5AdP0Bk by eighthave@social.librem.one
2023-06-12T09:05:44Z
0 likes, 0 repeats
I will go one step further and say that calling #FDroid an "unsafe app" by this standard is dishonest. It seems that some at #Google also agreed, since the older version of that screen was honest: "Blocked by Play Protect" instead of "Unsafe app blocked". Looks like the #GooglePlay team is still focused on protecting their #monopoly, this time using scare tactics. 2/2
(DIR) Post #AWbuODuuPDw5ifbWt6 by eighthave@social.librem.one
2023-06-12T09:06:10Z
1 likes, 1 repeats
I will go one step further and say that calling #FDroid an "unsafe app" by this standard is dishonest. It seems that some at #Google also agreed, since the older version of that screen was honest: "Blocked by Play Protect" instead of "Unsafe app blocked". Looks like the #GooglePlay team is still focused on protecting their #monopoly, this time using scare tactics. 2/2
(DIR) Post #AWbuvNKUQmRYT6NTZA by newsorpigal@mastodon.social
2023-06-12T09:12:08Z
0 likes, 0 repeats
@eighthaveFuck Google
(DIR) Post #AWbwG3OdpvXmgNkAhk by alteropen@noc.social
2023-06-12T09:27:05Z
0 likes, 0 repeats
@eighthave the irony of google claiming fdroid doesn't include their "privacy protections"
(DIR) Post #AWbxT3a6Ynf6yUrz9c by spockthebest@fosstodon.org
2023-06-12T09:40:38Z
0 likes, 0 repeats
@eighthave if sideloading stops being allowed than it is time for me to find a new phone. this was the biggest advantage of android phones.
(DIR) Post #AWcAw9rhZi8CGXJ7tQ by lehtimaeki@snapp.social
2023-06-12T12:11:32Z
0 likes, 0 repeats
@eighthave Why not update the target SDK to get rid of this?
(DIR) Post #AWcQh4xz6XCFzn4tGq by kkarhan@mstdn.social
2023-06-12T15:07:54Z
0 likes, 0 repeats
@eighthave I wounder if such #FUD is actionable, but that's #NotLegalAdvice...The fact that #NSAbook and other #PRISM collaborators don't get this put in fron t of their Apps says everything...
(DIR) Post #AWcRChoCjvZ7RKaGmW by Revertron@zhub.link
2023-06-12T15:13:49Z
0 likes, 0 repeats
@eighthave You don't get it! It is unsafe for #Google!
(DIR) Post #AWcUIX6Vkhozq7cJyj by mynacol@ipv6.social
2023-06-12T15:48:25Z
0 likes, 0 repeats
@eighthave I'm against #monopolies, but I fail to see a clear monopolistic behavior here. This check does not prevent running sideloaded apps, but it displays to users that there is some indication of potentially outdated and therefore unsafe apps. The targetSDK version is one of the few (and not that bad) programmatically checkable values.Increasing the targetSDK version is just good practice, as it tightens the SELinux sandbox of apps and can enforce better/more private API usage.
(DIR) Post #AWcZELzLdZNzyh5plA by monnier@oldbytes.space
2023-06-12T16:43:45Z
0 likes, 0 repeats
@eighthave It's important to read this in context: this is Google talking about privacy. I'll let you decide whose privacy is at stake here
(DIR) Post #AWcZvsp3R9qoGM2Dvk by eighthave@social.librem.one
2023-06-12T16:51:39Z
0 likes, 0 repeats
@mynacol I agree that bumping targetSdkVersion is good when there is no cost. When there is a cost, then devs should do a cost-benefit analysis. The targetSdkVersion sandbox also breaks features that people rely on, #UserFreedom means giving users real choices.Looking at the new screen, it looks like Google has blocked installing the app. Many users have said as much. That's the monopolistic part.And F-Droid v1.17 will have a higher targetSdkVersion. That cost a lot of dev time and money.
(DIR) Post #AWcbR8Xx7njZxgVD16 by th_willenbrink@mastodontech.de
2023-06-12T15:10:53Z
0 likes, 0 repeats
@lehtimaeki @eighthave A lot (most?) of the apps in F-Droid are on very old API levels and haven't been updated for years.Starting with Android 14 all those apps will be blocked by default. So most users won't install them anymore.If the developers want their apps to still be used they really should update them.
(DIR) Post #AWcbR9iGmva5ZyKxjk by rolandixor@mastodon.social
2023-06-12T15:20:50Z
0 likes, 0 repeats
@th_willenbrink @lehtimaeki @eighthave this may be your experience, but I haven't found it to be true with most of the applications I've used.
(DIR) Post #AWcbRAYNfBGUBaiZxg by th_willenbrink@mastodontech.de
2023-06-12T15:30:10Z
0 likes, 0 repeats
@rolandixor @lehtimaeki @eighthave If I sort the apps by the last update at least 80 % of them haven't received an update for more than a year.Some of them were last updated more than 12 years ago.I think every app not updated for more than e.g. 24 months should be removed from the store automatically.
(DIR) Post #AWcbRBH2z6zgQ7cFaC by rolandixor@mastodon.social
2023-06-12T15:36:03Z
0 likes, 0 repeats
@th_willenbrink @lehtimaeki @eighthave That could see some rather useful apps being thrown away unfairly.
(DIR) Post #AWcbRBu2e8BaN3rOMa by th_willenbrink@mastodontech.de
2023-06-12T15:37:32Z
0 likes, 0 repeats
@rolandixor @lehtimaeki @eighthave Usually it is advisable not to install abandoned apps.
(DIR) Post #AWcbRCi1eIAUs5FJGy by doragasu@mastodon.sdf.org
2023-06-12T16:59:00Z
0 likes, 0 repeats
@th_willenbrink @rolandixor @lehtimaeki @eighthave For things like the browser, sure. But for things like a calculator app that does not require any permission, does not access the network or filesystem, why should I need a new version?
(DIR) Post #AWcbRDVeflrpM0Swd6 by th_willenbrink@mastodontech.de
2023-06-12T17:06:12Z
0 likes, 0 repeats
@doragasu @rolandixor @lehtimaeki @eighthave So how do I know whether an app goes online?Since there is no separate permission for accessing the internet (at least not on my devices) I have to trust the developer telling me it doesn't?
(DIR) Post #AWcbRE4kZHwL6qsyKe by eighthave@social.librem.one
2023-06-12T17:08:27Z
0 likes, 0 repeats
@th_willenbrink @doragasu @rolandixor @lehtimaeki Yeah, you pretty much have to trust the developer. Or audit the code. You can use a firewall app, but Google Play doesn't allow most of those anyway. I recommend #CalyxOS for this, it has a nice built-in firewall app that actually can fully block internet access on an app-by-app basis, with the user in full control.
(DIR) Post #AWcbdW9jAigkex4hsm by th_willenbrink@mastodontech.de
2023-06-12T17:10:43Z
0 likes, 0 repeats
@eighthave @doragasu @rolandixor @lehtimaeki Well, I usually don't care.I just wanted to point out why it's unsafe to install abandoned apps which haven't been updated since years.
(DIR) Post #AWceabP7VCZBvkZmHw by mynacol@ipv6.social
2023-06-12T17:43:47Z
0 likes, 0 repeats
@eighthave What sandbox restrictions break existing features? Maybe we developers have to change APIs/add new permission requests etc., but fundamentally all the stuff the F-Droid client does should be possible.(Except for the stuff #Termux does, there is currently no method known how to support current targetSDK versions)
(DIR) Post #AWcgH95kk6Z8WlMq1o by th_willenbrink@mastodontech.de
2023-06-12T18:02:41Z
0 likes, 0 repeats
@eighthave @mynacol The F-Droid has had several updates not too long ago.So the developer(s) should have considered to upgrade the API level.That Android or Google will start checking the API level has been known for quite some time.Not doing anything about it and complaining afterwards is not the appropriate way to handle those things.
(DIR) Post #AWcltgD0Yv3i0rxFuy by eighthave@social.librem.one
2023-06-12T19:05:43Z
0 likes, 0 repeats
@th_willenbrink @mynacol I agree that not doing anything about it and complaining would be a bad way to handle this. That is not what is happening in #FDroid. The targetSdkVersion sandbox literally breaks access to functionality, by design. That is a central design goal. Those who do not understand that do not understand what a sandbox is. The key question here is who gets to decide which functionality remains functional, and which gets banned by the sandbox.
(DIR) Post #AWcmWkD5cSEZiUcWIq by mynacol@ipv6.social
2023-06-12T19:12:43Z
0 likes, 0 repeats
@eighthave @th_willenbrink At first, a tightened sandbox removes access and therefore features. But if a more secure/privacy respecting API is created to support those features, it's a net improvement.I think of the old message bubbles and Picture in Picture modes using the "allow to draw over other apps" special permission. Nowadays, apps can provide this functionality without needing this abusable special permission.So what functionality in #FDroid is absolutely not possible with new APIs??
(DIR) Post #AWcnDf8UMQfoQnvv4S by th_willenbrink@mastodontech.de
2023-06-12T19:20:31Z
0 likes, 0 repeats
@eighthave @mynacol I doubt that a higher API level would break any essential functionality of F-Droid.Since I personally think that the F-Droid App is absolutely horrible I'm using Droid-ify instead.This app provides basically the same functionality as F-Droid just with newer API level and a much more user-friendly UI.
(DIR) Post #AWcq3qbv8vTIzCi9wG by eighthave@social.librem.one
2023-06-12T19:52:22Z
0 likes, 0 repeats
@th_willenbrink @mynacol What it breaks is well documented, if you're interested, you can find some of it documented in our issue tracker. If Droid-ify works for you, then great! That's #UserFreedom in action. I fully support custom clients since that is the only way to deliver certain kinds of user experiences. For the record, the official F-Droid client supports many things that Droid-ify does not, like mirroring. The core logic is available as libraries: https://f-droid.org/2023/05/02/three-client-libraries.html
(DIR) Post #AWcqQ1V3Kzyl854adE by eighthave@social.librem.one
2023-06-12T19:56:22Z
0 likes, 0 repeats
@mynacol @th_willenbrink Off the top of my head, I'm currently struggling to get a decent user experience for offline repo mirrors on USB thumb drives using recent storage APIs. Google has locked out lots of functionality to limit how apps use local folders. If you have invasive apps installed, then that limits the damage. If you have good #FreeSoftware installed, then that limits the possibilities. There are many other real world examples out there.
(DIR) Post #AWcqjEO9dr8Gba0OjQ by th_willenbrink@mastodontech.de
2023-06-12T19:59:49Z
0 likes, 0 repeats
@eighthave @mynacol This topic will have to be addressed sooner or later.As Google announced I think last year already that with Android 14 for a certain time there will be a warning when trying to install apps with more than four API levels below the current.After that period the installation will be blocked completely.So either we will have different versions of the F-Droid App for different Android versions or the developers need to sort it out in a different way.
(DIR) Post #AWcsH18DXOEZHzE1vk by th_willenbrink@mastodontech.de
2023-06-12T20:17:08Z
0 likes, 0 repeats
@eighthave @mynacol Ok, the requirements seem to be quite different. I use app stores to download new apps when I need them. In addition they should update the installed apps automatically.That's it.I don't understand why I would want to have a local repository on a thimb drive?
(DIR) Post #AWcsJggzzB60ldldYG by th_willenbrink@mastodontech.de
2023-06-12T20:17:38Z
0 likes, 0 repeats
@eighthave @mynacol Ok, the requirements seem to be quite different. I use app stores to download new apps when I need them. In addition they should update the installed apps automatically.That's it.I don't understand why I would want to have a local repository on a thumb drive?
(DIR) Post #AWcstVrliOOFcCt6Bs by eighthave@social.librem.one
2023-06-12T20:24:07Z
0 likes, 0 repeats
@lehtimaeki For those who believe that targetSdkVersion is more important than other features, #FDroid Basic is available, and it targets 33 (the latest). The official alpha is available already, the release will be out any day now https://f-droid.org/packages/org.fdroid.basic/
(DIR) Post #AWcsxo9heqmxUrKB4i by mynacol@ipv6.social
2023-06-12T20:24:51Z
0 likes, 0 repeats
@eighthave @th_willenbrink I'm not that deep into Android development, but two ideas:1. Can you use the "allow full storage access" (sth like that) permission?2. The Storage Access Framework should work just fine. Let the user select a folder on _any_ storage provider (think of cloud storage) and you should be able to create files and folders in the selected folder just fine. Only caveat: This does not support standard POSIX syscalls AFAIK.
(DIR) Post #AWd0Wc07XVdFcANwVk by arne@monocles.social
2023-06-12T21:49:34Z
0 likes, 0 repeats
@eighthave I sometimes also had that thought after they marked monocles chat as malware which it absolutely is not. For me using a Google Android or iOS is not a solution anymore and once I thought giving up support for these OS but many people just don't understand what's the problem with using these companies tools or buying their devices build by slaves. Let's hope the Android open source project will stay active as long as possible!
(DIR) Post #AWdlquyhO9Ko6lu9aq by doragasu@mastodon.sdf.org
2023-06-13T06:39:55Z
0 likes, 0 repeats
@eighthave @th_willenbrink @rolandixor @lehtimaeki Calyx is nice, but unfortunately it is not "Magisk friendly". I had it installed for about a month and had to go back to "LineageOS for microG" when I discovered OTA updates do not work if you have your boot patched by Magisk.
(DIR) Post #AWdnvXNujdW2I71sxs by TheFool@mastodon.online
2023-06-13T07:03:04Z
0 likes, 0 repeats
@eighthave @fdroidorg It's not quite the same. If you flagged everything from Google as containing ads and trackers, you'd at least probably be right 99% of the time.
(DIR) Post #AWdpZH5worFPJ58bjM by waotzi@taobox.pub
2023-06-13T07:21:34.130989Z
0 likes, 0 repeats
@eighthave what's the problem with updating the SDK version? Just provide a f-droid legacy app for old devices... I think like 95% of devices use something like android 8+
(DIR) Post #AWduChik9uc2zmLDEm by eighthave@social.librem.one
2023-06-13T08:13:30Z
0 likes, 0 repeats
@th_willenbrink @mynacol One central goal of my work in #FDroid is to provide all the tools to give users access to updates and new apps, no matter what the conditions. That means when data is too expensive, the internet is out, when f-droid.org is unjustly blocked or censored, etc. Offline and nearby mirroring provides a failsafe way to get apps and updates.
(DIR) Post #AWdxxcnKahs7BsYHnk by cooopsspace@infosec.exchange
2023-06-13T08:55:35Z
0 likes, 0 repeats
@eighthave also you should just install CalyxOS proper if you can, it'll make life so much easier than trying to brute force something Google doesn't want you to do.
(DIR) Post #AWebMpPohWEXmjYvCq by Groundrise@mastodon-belgium.be
2023-06-13T16:17:04Z
0 likes, 0 repeats
@eighthave "Doesn't include the latest privacy protections" As if they care, I recall them flagging Exodus as unsafe as well.
(DIR) Post #AWeyTqMbs607hONOlM by aiquez@troet.cafe
2023-06-13T20:36:07Z
0 likes, 0 repeats
@eighthave i had the same issue with standard installation over PLAY, but i think you can easily install fdroid over #APK-file (downloadable) then you install in fdroid the apps you want
(DIR) Post #AWfw0vOM5nHQ94EeuW by cinux@mastodon.social
2023-06-14T07:43:09Z
0 likes, 0 repeats
@eighthave Everytime I see a message form the big player regarding "it is not safe" i negate this statement. Because as you say. They only want to save there Monopol.😏
(DIR) Post #AXKmDfPV5zyV1Z1wUC by snake_B@tuiter.rocks
2023-07-04T00:36:33Z
0 likes, 0 repeats
@eighthave #Google doesn't like #opensource #apps and their #community #applications, really dishonestly by part of them...
(DIR) Post #AXl4f0T2PxI12AuZEm by IvidappAvidapp@mastodon.social
2023-07-16T17:05:43Z
1 likes, 1 repeats
@eighthave Wow very nice warning on privacy from "google" ... haha what the faaak 😂
(DIR) Post #AY5Ej1VURtTpBU7Doe by eighthave@social.librem.one
2023-07-26T10:32:45Z
0 likes, 1 repeats
Looks like the latest release of #FDroid, v1.17.0, does not get flagged by #Google, at least in the #Android 14 emulator. I heard some reports that v1.16.4 also isn't flagged. I don't really know why its flagging F-Droid then. v1.16.4 has an unchanged #targetSdkVersion, but v1.17.0 has it bumped to 28. I have found no way to get info on why they are flagging the app, just this silly "unsafe" warning screen. Is F-Droid being flagged by Google Play Protect on your devices? Please let me know.
(DIR) Post #AY5GReTd1L8Ck95aFc by mark22k@layer8.space
2023-07-26T10:51:59Z
0 likes, 0 repeats
@eighthave No, because I have an ungoogled device with CalyxOS.
(DIR) Post #AY5OyGVxvqjpcCFE48 by MyWoolyMastadon@toot.community
2023-07-26T12:27:31Z
0 likes, 0 repeats
@eighthaveThe Play store tells me that F-Droid was made for an older device.
(DIR) Post #AY5QrwQDvHIhTBff3Q by eighthave@social.librem.one
2023-07-26T12:48:48Z
0 likes, 0 repeats
@MyWoolyMastadon F-Droid Nearby is actually a different app, it is not the #FDroid client app, it is just the nearby app swapping functionality, nothing else. #GooglePlay does not allow other app stores in.
(DIR) Post #AY5QxznEInWPf8JpTc by eighthave@social.librem.one
2023-07-26T12:49:54Z
0 likes, 0 repeats
@mark22k yeah me too, that's the hard part. We want to make it easy for users stuck on #Google to escape. That means making things work well on Google devices.
(DIR) Post #AY5RfDcwk7hn1K7SWe by MyWoolyMastadon@toot.community
2023-07-26T12:57:40Z
0 likes, 0 repeats
@eighthaveThanks for clarifying. I was confused.
(DIR) Post #AY5i4HgoNIl07qtwC8 by Diogenes@fuerth.social
2023-07-26T16:01:29Z
0 likes, 0 repeats
@eighthave Never had a notification on Android for FDroid. Used a Honor 8x, now a Pixel 6a, allways with all available updates and Fdroid-App.
(DIR) Post #AY5oXfluW3f4wEgPBY by liberloebi@digitalcourage.social
2023-07-26T17:01:17Z
0 likes, 0 repeats
@eighthave no flagging here yet, on three devices.
(DIR) Post #AY63qEpaP64KCJiGQa by voks@social.tchncs.de
2023-07-26T20:05:29Z
0 likes, 0 repeats
@eighthave F-Droid 1.16.4 is flagged as unsafe. 1.17.0 isn't.Fairphone 4 with Android 12.
(DIR) Post #AY7AbICOUf5z8WA4lU by erdnaxeli@framapiaf.org
2023-07-27T08:55:52Z
0 likes, 0 repeats
@eighthave F-droid 1.16.4 here, not flagged (android 13)