Post AxY1uJVkI0cYcDC9Vg by StaticR@guild.pmdcollab.org
(DIR) More posts by StaticR@guild.pmdcollab.org
(DIR) Post #AxXV1E4vaZppJ3L7IW by lauren@mastodon.laurenweinstein.org
2025-08-25T20:04:21Z
15 likes, 12 repeats
***** Google's plans to restrict sideloading on Android are an authoritarian wet dream come true *****Let me be really clear about how horrifically dangerous #Google's plans are to restrict #Android sideloading to "verified developers" (that is, entities for which Google has full verified identity and associated information that they could hand over to authorities on demand).This means that even though you own your Android device, you cannot install apps obtained from ANY source (except perhaps apps you build yourself that will only be permitted to run on your own device) unless Google knows pretty much everything about who created that app.The ways that this could be abused are so numerous I won't even start listing them here, other than to note that it is absolutely horrific overreach by Google and at least appears to be Google bending over for abusive government demands, and could put already vulnerable individuals and groups at even more risk.Absolutely disgusting.L
(DIR) Post #AxXV1FOog7L1P1eVw8 by cryptgoat@fedifreu.de
2025-08-25T20:29:39Z
0 likes, 0 repeats
@lauren Source?
(DIR) Post #AxXVYLI1nZAdECG4FE by lauren@mastodon.laurenweinstein.org
2025-08-25T20:35:41Z
0 likes, 0 repeats
@cryptgoat I provided a link in an earlier post. Please just look it up. Easy to find.
(DIR) Post #AxXVaS1vi18CiCjYq8 by cryptgoat@fedifreu.de
2025-08-25T20:36:03Z
0 likes, 0 repeats
@lauren Ye sorry, found it. Ughhhhhhhh....
(DIR) Post #AxY1uJVkI0cYcDC9Vg by StaticR@guild.pmdcollab.org
2025-08-26T02:16:39Z
5 likes, 2 repeats
@lauren the term "sideloading" in of itself is complete whack, it's just downloading and installing software. Imagine you were calling shopping from somewhere other than amazon "sideshopping". same energy.Don't legitimaze their practices by legitimizing their terminology.
(DIR) Post #AxY7jcB39FLf2ynQn2 by ainsworth@tsundere.love
2025-08-26T03:43:35.705221Z
1 likes, 1 repeats
@lauren At that point why not just buy an iPhone? Google has copied every single thing Apple has done. At least Apple is an actual hardware company, and their software complements it. Android/Linux is a clownfest.
(DIR) Post #AxYeUSln8hRg0wMg1g by Suiseiseki@freesoftwareextremist.com
2025-08-26T09:50:35.940885Z
0 likes, 0 repeats
@lauren The plan isn't to restrict sideloading - it's to restrict installing.`adb install` to install apk's will be restricted further.(Yes, there is also an `adb sideload` command, but maybe that will be unchanged).
(DIR) Post #AxYnVR97Yq5yr5oeqe by georgia@netzsphaere.xyz
2025-08-26T11:31:22.852941Z
0 likes, 0 repeats
@lauren I hope I can still use magisk
(DIR) Post #AxYs8YwYu5gc9IqzoG by rzeta0@mstdn.social
2025-08-25T21:19:57Z
1 likes, 0 repeats
@lauren does this mean alternative OS's like @GrapheneOS won't be possible on Pixel phones?(I realise there's a difference between side loaded apps and side loaded OSes)
(DIR) Post #AxYs8dnspmiPDppdTc by GrapheneOS@grapheneos.social
2025-08-25T23:51:28Z
2 likes, 0 repeats
@rzeta0 @lauren The changes have no impact on GrapheneOS.
(DIR) Post #AxYs8z9vR1pBSHJ2FU by lauren@mastodon.laurenweinstein.org
2025-08-25T21:21:16Z
1 likes, 0 repeats
@rzeta0 @GrapheneOS For rooted phones all bets are off (but expect rooting to become more difficult over time). But this doesn't help 99.999% of people who don't root their phones, they are the ones I'm concerned about who are at risk.
(DIR) Post #AxYs9LTAUAHyeKTiIS by GrapheneOS@grapheneos.social
2025-08-25T23:52:07Z
1 likes, 0 repeats
@lauren @rzeta0 GrapheneOS is not rooted and installing it doesn't involving rooting. Devices can be purchased with it preinstalled already. There will be devices with official support from the OEM for GrapheneOS in the future.
(DIR) Post #AxYsA2jzbUISqxgFzU by rzeta0@mstdn.social
2025-08-25T21:26:07Z
1 likes, 0 repeats
@lauren @GrapheneOS I agree with your focus on the vast majority of non-techie people.I feel sad about it but that 99.999% are easy victims of surveillance and control.I sometimes think there must be a gap in the market for secure tech that is usable by that 99.999% ... but on thinking further, I think the established interests have the capability to kill any such venture quite easily.If democracy depends on everyone being a PhD in electronics and software then that democracy is broken.
(DIR) Post #AxYsAJOzeobIWkzE7U by GrapheneOS@grapheneos.social
2025-08-25T23:54:07Z
1 likes, 0 repeats
@rzeta0 @lauren GrapheneOS is gradually working towards making the out-of-the-box experience better, overhauling or replacing the legacy AOSP apps and also launching phones with official support for GrapheneOS with an OEM. It's not at all intended for only technical people. We aren't going to take problematic shortcuts which massively sacrifice privacy and security though. We're only willing to launch a device with an OEM able to meet our official requirements (https://grapheneos.org/faq#future-devices).
(DIR) Post #AxYsAiQGdDTS7wm64m by lauren@mastodon.laurenweinstein.org
2025-08-26T00:20:18Z
1 likes, 0 repeats
@GrapheneOS @rzeta0 Ordinary, non-techie people are not going to unlock their bootloaders and screw around with this stuff, especially when they find that key apps they depend on (for example, financial) will not run outside of the official Android environment. I have over the years run many nonstandard systems on Android and unlocked the bootloader on many of my devices, but these are not fixes for the vast numbers of people who could impacted by Google's pro-fascist sideloading decision.
(DIR) Post #AxYsBULIT01EkQonzc by GrapheneOS@grapheneos.social
2025-08-26T00:32:40Z
2 likes, 0 repeats
@lauren @rzeta0 Devices can already be purchased with GrapheneOS preinstalled. The vast majority of Android apps work fine on GrapheneOS. Very few Android apps disallow using a non-stock OS. GrapheneOS is used with a locked bootloader, not an unlocked one. The installation process is very easy via a web-based interface at https://grapheneos.org/install/web but people can purchase a device with it from multiple companies around the world already and there will be official options eventually.
(DIR) Post #AxYsBtRt7d96c75vEm by lispi314@udongein.xyz
2025-08-26T02:36:35.681692Z
2 likes, 0 repeats
@lauren @rzeta0 @GrapheneOS People really should stop using the bank apps.The websites should be preferred.
(DIR) Post #AxYsC5mBI0VaqWgIXA by GrapheneOS@grapheneos.social
2025-08-26T02:51:12Z
1 likes, 0 repeats
@lispi314 @lauren @rzeta0 Their websites are increasingly leaving out functionality people want to use or are requiring using the app to authenticate things for it.
(DIR) Post #AxYsCTKLj8VRt9qPU8 by lispi314@udongein.xyz
2025-08-26T02:53:51.195864Z
2 likes, 0 repeats
@GrapheneOS @rzeta0 @lauren Huh. I guess between my lack of a TV, avoidance of corposcum streaming platforms and refusal to use their apps, I was never even made aware of those features.
(DIR) Post #AxYsoNgx7yupPmUdyi by condret@shitposter.world
2025-08-26T12:31:05.596996Z
0 likes, 1 repeats
@lispi314 @GrapheneOS @lauren @rzeta0 yes, but we now live in an awful world where some banks require you to authenticate with their app to use the website
(DIR) Post #AxYt1V9mgU34KdEeI4 by GrapheneOS@grapheneos.social
2025-08-26T03:40:52Z
0 likes, 0 repeats
@dalias @lispi314 @lauren @rzeta0 EU law mandates attestation by law.https://www.eba.europa.eu/single-rule-book-qa/qna/view/publicId/2018_4047> The mitigating measures shall include each of the following:>> (a) the use of separated secure execution environments through the software installed inside the multi-purpose device;>> (b) mechanisms to ensure that the software or device has not been altered by the payer or by a third party;>> (c) where alterations have taken place, mechanisms to mitigate the consequences thereof.See (b).
(DIR) Post #AxYt1W0FXQ12xLmY4G by GrapheneOS@grapheneos.social
2025-08-26T03:42:32Z
1 likes, 0 repeats
@dalias @lispi314 @lauren @rzeta0 There was a loophole provided where banks could use SMS to authenticate transactions but it's being phased out. EU banks are increasingly implementing the Play Integrity API to comply with multiple EU laws. They're essentially not allowed to allow you to send transactions through their websites anymore unless you authenticate it with the app, or temporarily with SMS. Right now people are still largely prompted to confirm via SMS but that's going to go away.
(DIR) Post #AxYtNhesssWLTYMuno by dictatordave@poa.st
2025-08-26T12:37:29.009560Z
0 likes, 0 repeats
@lauren notice how there isn't a pink pussy hat brigade out yelling in the streetsno gays marchingno blacks out screaming no groups of brown foreignersno screaming fake crying politiciansthey can do this now btw, its a fallacy that any data on a smart phone, or any isp network is safe or secure, and people have already died for questioning the hoovering up of information daily
(DIR) Post #AxYuLd2PBziuWIwejg by lispi314@udongein.xyz
2025-08-26T04:06:28.555719Z
0 likes, 0 repeats
@GrapheneOS @rzeta0 @lauren @dalias ...Doesn't the bank's ownership of their own server fulfill every single of those conditions, leaving the client entirely unconcerned?
(DIR) Post #AxYuLeLELUNMYylCiW by GrapheneOS@grapheneos.social
2025-08-26T04:08:10Z
0 likes, 0 repeats
@lispi314 @dalias @lauren @rzeta0 They require ensuring that the device and browser are not modified. There is currently no way to do this for a browser, so it's not permitted. It's only still usable via the temporary loophole of SMS authentication or delegating approval to the mobile app. They require that someone with the user's credentials has signed off on the transaction on what they consider an unmodified device with unmodified software. What that means is largely open to interpretation.
(DIR) Post #AxYuLfN2WFPvkscAAy by GrapheneOS@grapheneos.social
2025-08-26T04:11:00Z
0 likes, 0 repeats
@lispi314 @dalias @lauren @rzeta0 A dozen EU banks have decided to allow the official GrapheneOS releases based on it being substantially more secure software that's unmodified due to our users pushing for it being allowed. There's nothing in these financial regulations which says they can't allow GrapheneOS but nothing saying they need to allow it. Not allowing it lacks a justification and is a clear violation of the Digital Markets Act forbidding doing a bunch of stuff Play Integrity API does.
(DIR) Post #AxYuLfycGXTVdQCAkK by GrapheneOS@grapheneos.social
2025-08-26T04:12:07Z
0 likes, 0 repeats
@lispi314 @dalias @lauren @rzeta0 The issue is that there are these regulations and newer ones being put in place which require validating the device and OS integrity which are interpreted as meaning using the Apple/Google APIs and not permitting anything else. There are also laws which forbid what Google does with the Play Integrity API but it would mainly be Google at fault and the EU has simultaneously also forced this to exist, although not in exactly the way that it does exist.
(DIR) Post #AxYuLgCnPookLOpUqe by lispi314@udongein.xyz
2025-08-26T04:14:16.382345Z
0 likes, 0 repeats
@GrapheneOS @rzeta0 @lauren @dalias Aren't those laws mandating monopolies at the same time as antimonopoly laws exist?How do they square that circle?
(DIR) Post #AxYuLgihVCL1wLkyZs by GrapheneOS@grapheneos.social
2025-08-26T04:16:44Z
0 likes, 0 repeats
@lispi314 @dalias @lauren @rzeta0 The laws do not actually specify that the Play Integrity API must be used. They only say that device and OS integrity must be verified and apps must ensure that the device, OS and app are not modified through it. They have no standards defining what that actually means and have no minimum bar for security at all. It's up to banks to interpret what it means and decide how to implement it. Some do not use attestation for it but it's widely viewed as required.
(DIR) Post #AxYuLgrCzZ8yMjjlq4 by condret@shitposter.world
2025-08-26T12:48:13.351214Z
0 likes, 1 repeats
@GrapheneOS @lispi314 @lauren @rzeta0 verified, by who?
(DIR) Post #AxYuLmVRzNIvszbTl2 by GrapheneOS@grapheneos.social
2025-08-26T04:26:42Z
0 likes, 1 repeats
@lispi314 @dalias @lauren @rzeta0 It's worth noting though that multiple EU standards have been explicitly requiring using the Play Integrity API in the documentation defining the requirements. Both the digital wallet and age verification standards did this. There are likely cases of it elsewhere we don't know about and can't push back against since we aren't aware. EU governments should be disallowing what Google is doing but instead are the biggest pushers of it in the world.
(DIR) Post #AxYzBsBaW6mANNPKxU by mischievoustomato@tsundere.love
2025-08-26T13:42:34.095810Z
0 likes, 0 repeats
@ainsworth @lauren I'm gonna do that next
(DIR) Post #AxZ9NNSLatD25PN4Nc by CapitalB@noauthority.social
2025-08-26T15:34:53Z
0 likes, 0 repeats
@dictatordave @lauren The usual globohomo NGOs are all in Uncle Sams pocket.
(DIR) Post #AxZ9NOOU6jiIziZUzw by dictatordave@poa.st
2025-08-26T15:36:37.339516Z
0 likes, 0 repeats
@CapitalB @lauren oh for sureone way or another, its just the method of wealth transfergreat trick, didn't even need to call it communism or do muchthey just use bullshit like emotional manipulation and lies to get their way nowtheyve learned since the ussr days
(DIR) Post #AxZPepr8r6Y4MAJb8q by GrapheneOS@grapheneos.social
2025-08-26T15:48:39Z
0 likes, 0 repeats
@condret @lauren @rzeta0 @lispi314 EU law says the banking app must verify the device and OS to ensure they're not modified. It doesn't describe how verification should be done and which devices or operating systems can be permitted. Some banks interpret it as not being allowed to permit GrapheneOS but most we've actually been able to talk to have been willing to permit GrapheneOS once they understand what it is and that there's an API they can use to verify a non-stock OS or other devices.
(DIR) Post #AxZPerdOFCjjs5tdz6 by condret@shitposter.world
2025-08-26T18:39:07.001800Z
0 likes, 1 repeats
@GrapheneOS @lauren @rzeta0 @lispi314 but doesn't non-stock imply modified. the nature of doing anything on a phone is modifying it in some way. Install an app - storage got modified. What the fuck does this legislation even mean?
(DIR) Post #AxZPew47lkUxcAR3D6 by GrapheneOS@grapheneos.social
2025-08-26T15:50:20Z
0 likes, 0 repeats
@condret @lauren @rzeta0 @lispi314 EU is creating a far bigger problem by encouraging most banking apps to adopt the Play Integrity API. It's gradually expanding and is perhaps at around 10-20% adoption by EU banking apps right now. This is gradually eroding compatibility with GrapheneOS but we've convinced some major banking apps to add explicit support for GrapheneOS. We convinced one to roll this back entirely for now but it seems likely they'll add it back with specific alternate OS support.
(DIR) Post #AxZsK9hImw1YTzChZA by GrapheneOS@grapheneos.social
2025-08-26T19:21:54Z
1 likes, 0 repeats
@condret @lauren @rzeta0 @lispi314 They only care about whether the hardware, firmware or OS is modified. Installing an app isn't doing that. GrapheneOS can be considered to not be modified if they've chosen to permit GrapheneOS as a secure OS and are verifying it isn't modified. They could also permit arbitrary other operating systems. They can similarly permit alternative hardware. It just needs to be considered secure enough and provide a way to verify that it hasn't been modified.
(DIR) Post #AxZsKAj6xh47ft3f1c by condret@shitposter.world
2025-08-27T00:00:19.218162Z
0 likes, 1 repeats
@GrapheneOS @lauren @rzeta0 @lispi314 I really wonder where these people draw the line between software that is part of the os and software that is not part of it. For sure there must have been deep and intense debates about this in the eu parliament.
(DIR) Post #AxZsdet92qrcip2jNQ by lauren@mastodon.laurenweinstein.org
2025-08-26T14:10:06Z
0 likes, 0 repeats
@lispi314 @GrapheneOS @rzeta0 I agree websites should be used in preference to apps in a wide variety of cases -- and I have frequently said this explicitly publicly. When it comes to bank apps though, there are some functions (like check deposit) that are probably going to be restricted to apps for technical reasons.
(DIR) Post #AxZsdgKpfObbCz0MAi by lispi314@udongein.xyz
2025-08-26T20:03:32.809012Z
0 likes, 0 repeats
@lauren @rzeta0 @GrapheneOS That is actually one of the ones that has been annoying me, because I *know* how to do it myself.Browsers do have the proper APIs for webcam use and uploading pictures taken with such.So there is, in fact, no technical reason /not/ to permit it on the site too.
(DIR) Post #AxZsdhGcCYpI6C2VEm by GrapheneOS@grapheneos.social
2025-08-26T20:23:42Z
0 likes, 0 repeats
@lispi314 @lauren @rzeta0 They don't permit it on the site because they consider attestation to be a requirement for it. EU has made attestation into a requirement for making transactions so that's not going to be available via web banking anymore either. Web banking is going to end up as a view-only service in the EU for the most part. They're only allowed to permit transactions if they confirm them via mobile devices. SMS was temporarily allowed as a loophole but that's going to go away.
(DIR) Post #AxZsdi7n0rMQl6uy7U by lispi314@udongein.xyz
2025-08-26T20:28:10.690551Z
1 likes, 0 repeats
@GrapheneOS @rzeta0 @lauren I got that much, but it's not a technical reason, it's a bullshit political reason resulting from laws based around a profound misunderstanding of how anything works (or a purposeful and malicious understanding).
(DIR) Post #AxaIFp3KCVmU6V6Dke by GrapheneOS@grapheneos.social
2025-08-27T00:27:27Z
0 likes, 0 repeats
@condret @lauren @rzeta0 @lispi314 Android-based operating systems have a set of firmware and OS images which are updated by the OS and have cryptographic verification so there's a clearer line. A large number of components in those can be updated via out-of-band package installations (APKs and APEXes) and the images can be updated separately to the extent desired. Everything else can only be installed as sandboxed apps in a standard, versioned app sandbox so there's a fairly clear division.
(DIR) Post #AxaIFqOdCmQ0Gs4kbI by GrapheneOS@grapheneos.social
2025-08-27T00:30:15Z
0 likes, 0 repeats
@condret @lauren @rzeta0 @lispi314 They're not going to be allowing people to do banking from desktop or laptop systems unless they move to a design more similar to Android and iOS such as ChromeOS with Android apps. ChromeOS likely doesn't support these things for Android app compatibility right now, but it could. macOS has gradually moved to a design where for users who haven't disabled the relevant features, it can provide something similar. That's how macOS can do the Safari attestation.
(DIR) Post #AxaIFqx18vvLzWADCK by lispi314@udongein.xyz
2025-08-27T00:40:48.108229Z
1 likes, 0 repeats
@GrapheneOS @rzeta0 @lauren @condret This war on general computation is getting rather infuriating, I think.cc @pluralistic