[HN Gopher] A theoretical way to circumvent Android developer ve...
___________________________________________________________________
A theoretical way to circumvent Android developer verification
Author : sleirsgoevy
Score : 184 points
Date : 2025-10-31 20:20 UTC (1 days ago)
(HTM) web link (enaix.github.io)
(TXT) w3m dump (enaix.github.io)
| gruez wrote:
| Sounds like the UEFI shim loader that's signed by Microsoft but
| can load an arbitrary EFI executable (with some signing checks).
| The difference is that the UEFI shim loader is endorsed/condoned
| by Microsoft. What about Google? This seems easily patchable,
| ostensibly for "security purposes" (eg. disabling loading dynamic
| code).
| p_l wrote:
| Microsoft also forces manufacturers to provide an option to
| reset Platform Key aka SecureBoot "root of trust" key - which
| is supposed to be not possible in spec-compliant UEFI system.
|
| They don't do it out of goodness of their hearts, which is why
| it's more solid than relying on goodwill - Microsoft simply has
| an offering that _depends_ on that for certain high profile
| clients.
| XorNot wrote:
| I suspect it's also a defense against antitrust law suits -
| lock in was how they got sued for things circa Internet
| Explorer.
|
| Frankly they should still be getting sued for the way Edge
| and Cortana are bundled.
| leptons wrote:
| Then Apple should get sued for bundling Safari, and also
| for forcing all browser engines on iOS to use Safari -
| which is way worse than anything Microsoft ever did with
| IE.
| torstenvl wrote:
| Apple does not have a platform monopoly on smartphones
| the way Microsoft did on PCs.
| AnthonyMouse wrote:
| Microsoft was convicted of monopolizing the market for
| IBM-compatible PCs, i.e. not Macs.
|
| Which makes a lot of sense, because you couldn't run
| Windows on a Mac nor MacOS on PCs from the likes of Dell
| or IBM, and you couldn't run third party software for
| Macs on Windows or vice versa. By contrast, you _could_
| run various types of Unix on a Dell, and run Windows
| software on OS /2 or DOS software on DOS competitors
| other than MS-DOS.
|
| That distinction seems like it might be relevant to the
| current situation.
| torstenvl wrote:
| This is utterly irrelevant. I don't know what point
| you're trying to make.
|
| It remains objectively inarguable that Apple does not
| have a platform monopoly on (ARM-compatible) smartphones
| the way Microsoft did on ("Intel-compatible") PCs.
| AnthonyMouse wrote:
| _Are_ Apple 's phones compatible with other ARM
| smartphones? Can you install Android or LineageOS on one,
| or install Android apps on iOS, or get iOS apps through
| Google Play or the Epic Games store?
| torstenvl wrote:
| No. Also irrelevant.
| AnthonyMouse wrote:
| It seems extremely relevant to the market definition that
| the alleged alternatives aren't actually substitutes for
| one another.
|
| If you have a car that runs on diesel fuel and there is
| only one company that sells diesel fuel, it seems like
| you want to claim that it's irrelevant and isn't a
| monopoly because there is another company of the same
| size that sells gasoline. Is it not relevant that you
| can't actually use that in your car?
| jcelerier wrote:
| Yes
| asimops wrote:
| While it is technically feasible, it is not a good idea to try
| and find a technical solution to a people/organisation problem.
|
| Do not accept the premise of assholes.
|
| I hope we can get the EU to fund a truly open Android Fork. Maybe
| under some organisation similar to NL Labs.
|
| --- edit ---
|
| Furthermore, the need for a trustworthy binary to be auditable to
| a certain hash or something would make banning this a simple task
| if Google would want to go that route.
| thaumasiotes wrote:
| > I hope we can get the EU to fund a truly open Android Fork.
|
| How are things in the EU on whether it's legal to buy a SIM
| card without showing ID?
| jraph wrote:
| I'm confused, how are those two things related?
| peterhadlaw wrote:
| Nanny state
| vik0 wrote:
| More like surveillance state
| ulfw wrote:
| Which states aren't? And for the love of god do not write
| US now
| semolino wrote:
| The commenter you replied to was implying that the EU does
| not respect the privacy/freedom of mobile device users.
| jraph wrote:
| Okay, thanks.
|
| I was confused bexause anonymity against the state is
| hardly the only, or even a main point of android forks.
|
| Privacy usually is, but against big tech typically.
| remix2000 wrote:
| It is neither illegal nor hard to obtain such a prepaid SIM
| card.
| kube-system wrote:
| That very much depends on the country, many require ID.
| Kwpolska wrote:
| The ID presented at time of purchase does not have to be
| the ID of the actual user of the card. Your local
| drunkard will be happy to get $10 to buy a SIM card for
| you. Or you could visit eBay (or local equivalent) and
| get a valid SIM card without leaving your house.
| kube-system wrote:
| The suggestion above wasn't a statement of practicality
| but rather of EU motivations. Maybe you can also find a
| drunkard to fork Android for you.
| noosphr wrote:
| >While it is technically feasible, it is not a good idea
| to try and find a technical solution to a
| people/organisation problem.
| logifail wrote:
| > The ID presented at time of purchase does not have to
| be the ID of the actual user of the card
|
| In some EU member states this might be fine, but
| definitely not all.
|
| > Your local drunkard will be happy to get $10 to buy a
| SIM card for you.
|
| Buying a SIM card was always the easy bit. Getting it
| activated may not be, it depends on which country you're
| in.
|
| https://www.telekom.de/prepaid-aktivierung/en/start
|
| "For the Selfie-Ident you identify yourself with your
| identity card, passport or residence permit. (Selfie-
| Ident is currently possible worldwide with the German ID
| card, residence permit and passport. Alternatively, you
| can use Video-Ident and identify yourself in a video call
| with an employee.)
|
| Important: Temporary identification documents are not
| supported due to internal check. You need a tablet or
| smartphone with a camera and an internet connection."
| econ wrote:
| Surely others may use your phone?
| logifail wrote:
| If you're happy to purchase a SIM card, register it in
| your name, and hand it to someone else for them to use,
| go right ahead.
|
| Q: Who's paying the bills for that SIM?
| codedokode wrote:
| In my country, giving a SIM card to another person who
| does something illegal, is a crime. No doubt EU might
| soon have the same law - they are pretty good at copying.
|
| As a result, sites where I could rent a number for
| verification, now don't offer local numbers anymore.
| asimops wrote:
| Germany requires ID for all SIMs (for "normal" people).
| You can buy activated SIMs in every bigger city if you
| know what to look for though.
| remix2000 wrote:
| You can use any country's SIM card in any other country,
| regardless of its registration status.
| kube-system wrote:
| ... if you have roaming coverage.
|
| And even in that case, doing this for a long period of
| time violates most roaming policies
| pohuing wrote:
| There's eu(maybe even EEA?) wide free roaming legally
| mandated since I think 2017 or so? But it's not a
| permanent solution, your second paragraph still holds
| true.
| kube-system wrote:
| I know of some UK SIMs that do not roam.
| scarlehoff wrote:
| As far as I know it is only EU. Both UK and Switzerland
| have some operators that roam and some that do not. fwiw,
| fastweb in Italy provides roaming in both and has a very
| generous fair usage policy.
| Digit-Al wrote:
| That's because we are no longer in the EU. Before Brexit
| they were legally mandated to allow free roaming in the
| EU. Now they are back to charging whatever outrageous
| prices they wish.
| gambiting wrote:
| The only thing that happens is your data becomes a lot
| more expensive, the card still continues to work as
| normal. I've not lived in Poland for over 15 years now,
| and I still have a polish SIM card that I use almost
| daily - the only thing that I've lost due to roaming long
| term is cheap data packs, I can still call and text as
| normal from my monthly allowance.
| kube-system wrote:
| Maybe in the countries that you are familiar with that is
| the case.
|
| In some places your plan will be cancelled for roaming
| beyond a certain number of days or quantity of usage.
| Telecom laws and polices vary widely.
| qilo wrote:
| Even with fair usage policy violations (like long term
| roaming) the prices are still quite reasonable: 1.30
| EUR/GiB (+VAT); from next year 1.10 EUR/GiB (+VAT).
|
| https://en.wikipedia.org/wiki/European_Union_roaming_regu
| lat...
| asimops wrote:
| A secure OS is a prerequisite for secure digital services. We
| can agree on that, right?
|
| The task, therefore, is to convince enough politicians to
| establish an independent unit that can address this issue
| without direct political influence.
|
| Fund the unit with enough money so that it can take care of
| the cybersecurity and sovereignty of _all_ citizens.
|
| A side effect of this would hopefully be that these
| politicians would then be digitally literate enough to
| recognize nonsense such as chat control as such and reject it
| outright. I hope that most politicians would not really want
| such omnipotent surveillance tools if they could truly grasp
| their scope.
| IlikeKitties wrote:
| I must sadly inform everyone here that the EU is pozzed
| beyond recovery in regards to Google. The reference
| implementation for the euid project is only available for
| android and ios and uses the play integrity api which makes
| usage of it on non google-certified devices impossible.
| https://github.com/eu-digital-identity-wallet/eudi-app-
| andro...
| TeMPOraL wrote:
| > _A secure OS is a prerequisite for secure digital
| services. We can agree on that, right?_
|
| Secure for who, and from whom?
|
| Remote Attestation and Developer Verification both make
| Android OS and platform more secure against malicious
| actors that would want to defeat the guarantees the
| platform gives, guarantees that enable secure digital
| services.
|
| Yes, this includes protecting the banking services and DRM
| media services and advertising platforms from malicious
| actors _like you and me_ , who pose a real threat to the
| revenues of the aforementioned players, by:
|
| - Expecting banking to do security right on their own side,
| instead of outsourcing it to mobile platform and society at
| large (like with "identity theft" trick);
|
| - Enjoying entertainment and education in ways the vendor
| or IP owner does not like or can't be arsed to support, and
| thus not spending extra on the inferior ways that are
| supported;
|
| - Not looking at the ads.
|
| Same is with Chat Control. Chat Control improves security
| of the society against threats such as sexual predators who
| want to hurt children, or citizens who disapprove of how
| the current ruling class is governing the people. To
| effectively provide that security, Chat Control in turn
| _relies on a secure OS and platform providing secure
| digital services_ - in particular, secure against those
| malicious actors that would want to circumvent Chat Control
| protections.
|
| Is the larger picture clear now? _Security technologies are
| not inherently good_ , they're morally ambivalent. They're
| "dual-use". It's important to consider their deployment on
| a case-by-case basis, always asking who is being secured,
| and what are the actual threats they're being secured from.
| exe34 wrote:
| did you understand and disagree with the third paragraph?
| if so, could you say in what way it didn't completely
| answer the question you just asked?
| immibis wrote:
| > Chat Control improves security of the society against
| threats such as sexual predators who want to hurt
| children,
|
| no it doesn't. Chat Control is single-use.
| TeMPOraL wrote:
| It does, to some extent. These projects wouldn't have the
| support they had if they didn't have a plausible way to
| deliver _some_ improvement along the metrics they market.
| It 's the outsized harmful impact that's usually just
| left unspoken.
|
| Also, I'm not saying Chat Control is dual-use, I'm saying
| _crypto_ is. Chat Control actually needs working crypto
| to be properly implemented.
| sigio wrote:
| In many EU countries you can walk into many a supermarket or
| phone-store and just buy a simcard with cash without
| questions asked.
| WhyNotHugo wrote:
| > How are things in the EU on whether it's legal to buy a SIM
| card without showing ID?
|
| It varies per country. In some you can just buy one (or more)
| SIM cards at a supermarket without any ID.
| supermatt wrote:
| There is no such requirement in the EU - it is entirely up to
| the individual country.
| singpolyma3 wrote:
| What's wrong with lineage?
| hilbert42 wrote:
| You have to get some of the big names to unlock the
| bootloader first. The trend towards locking it off
| permanently is alarming.
|
| _Edit: Google could ultimately use that as a lever in
| licensing deals with manufacturers. It 'd marginalize
| everything._
| IlikeKitties wrote:
| It's not a good, secure project by a longshot. There's a good
| comparison floating around:
|
| https://images.squarespace-
| cdn.com/content/v1/60f1421e1afcf4...
| AnthonyMouse wrote:
| That looks like someone made a list of mostly features
| specific to GrapheneOS so they could make a chart where all
| of the other alternatives (including stock Android) are
| full of red boxes.
|
| Several of those are the _opposite_ of security features,
| like SafetyNet support, which might be a convenience in
| some cases but it mostly makes it so you can 't upgrade
| certain parts of the system to newer versions even when the
| old versions have security vulnerabilities.
| IlikeKitties wrote:
| >That looks like someone made a list of mostly features
| specific to GrapheneOS so they could make a chart where
| all of the other alternatives (including stock Android)
| are full of red boxes.
|
| No one else even bothered to make a list.
|
| >Several of those are the opposite of security features,
| like SafetyNet support, which might be a convenience in
| some cases but it mostly makes it so you can't upgrade
| certain parts of the system to newer versions even when
| the old versions have security vulnerabilities.
|
| Citation needed
| AnthonyMouse wrote:
| > No one else even bothered to make a list.
|
| That doesn't make the biased list good.
|
| > Citation needed
|
| Are you not aware of what SafetyNet is? It's the thing
| where Google certifies that the phone is running the
| software produced for it by the OEM. The problem, of
| course, being that the OEM stops issuing updates and then
| the certified version has known vulnerabilities. Which is
| a lot of the point of wanting to install a newer ROM on
| such a device, except that then it won't pass SafetyNet
| because you replaced the vulnerable but certified code
| with third party code that has the patch but not the
| certification.
| Itoldmyselfso wrote:
| Or, far more playsibly, they added to the table features
| GrapheneOS has, but others don't.
|
| Here's the up-to-date comparison:
| https://eylenburg.github.io/android_comparison.htm
|
| As far as I know, there is no significant features other
| distros have that increase their privacy or security over
| what GOS has. I'm not entirely sure about the SafetyNet
| thing, but GOS is by far the most up-to-date to the AOSP
| out of these distros.
| AnthonyMouse wrote:
| The point isn't that GrapheneOS is bad but rather that it
| doesn't imply there is anything wrong with LineageOS when
| it's still better than Android itself.
|
| Moreover, some of the stuff with green boxes is still
| kind of a privacy fail. For example, with GNSS (i.e. GPS)
| your device calculates its location from the timing of
| radio broadcasts emitted by a network of satellites. It
| has extremely good privacy properties because your device
| is a passive radio receiver and neither the satellites
| nor anyone else know you're there when you use it.
| "Network-based location" can sometimes work when you're
| somewhere you can't hear the satellites, but now you have
| Google or someone else building a database of nearby
| wireless APs etc. in order to make it work, and in the
| process you're effectively uploading your location to
| them.
| Itoldmyselfso wrote:
| GOS developers have said on multiple occasions that they
| think LineageOS is worse for security than the stock OS
| on multiple devices, as it doesn't keep up with current
| privacy/security patches or provide all of the standard
| protections. The comparison also does bring up these
| faults. See also https://www.kuketz-blog.de/lineageos-
| weder-sicher-noch-daten...
| numpad0 wrote:
| Active installs of LineageOS[1] as reported on official
| tracker is 4.3m instances right now. An MAU of 5m is like,
| less than Bluesky, Switch 2 shipped so far, most F2P phones
| games you've heard of, etc. The leverages it has is that of
| _a game_.
|
| 1: https://stats.lineageos.org/
| closeparen wrote:
| The same EU that's doing Chat Control?
| rf15 wrote:
| The same EU of which parts are trying to make chat control
| work and are once again abandoning it. Politician get this
| particular fancy idea every other year in all kinds of
| countries, not just EU. Overreach out of desperation for a
| problem that cannot simply be solved is wrong but
| understandable.
| igor_akhmetov wrote:
| Desperation for what exactly? More control?
| ForHackernews wrote:
| They are trying to stop crime, including sex/drug
| trafficking and child exploitation. If you want to have
| an intellectually honest debate, you need to be clear
| that private communication apps do make it more difficult
| for police to conduct legitimate investigations. You do
| yourself no favours painting all politicians as power-
| hungry caricatures.
| ipaddr wrote:
| So do private in person conversations. Going the route of
| North Korea putting two way speakers in each house would
| help make those conversations available to the
| government. Think of all of the child exploitation you
| could stop by removing any sense of privacy. Of course
| they would figure a way around this and everyday citizens
| would have to deal with the lack of privacy but at least
| they thought of the children so we should keep voting
| them in.
| 0xDEAFBEAD wrote:
| If chat control is a good-faith effort to stop crime, why
| can't Android developer verification be a good-faith
| effort to stop cybercrime?
|
| If politicians are not all power-hungry caricatures, is
| it possible that the same is true for businesses?
|
| Android has millions of users worldwide, many of whom are
| far less computer-literate than HN users. I think it's
| very reasonable for Google to put speed bumps in front of
| malware developers trying to distribute through the Play
| Store. If you're a half-decent dev, $25 is nothing
| compared to the opportunity cost of your time in
| developing your app.
|
| This whole thing seems to be a fairly recent announcement
| on Google's part, so it's unsurprising they're still
| hammering out details for hobbyist devs? How about making
| constructive suggestions for ways that Google can protect
| ordinary people without stopping power users?
| ForHackernews wrote:
| I think the issue is not about distribution in the Play
| Store (I don't actually have any problem with that: their
| playground, their rules) but the fact that they are going
| to break sideloading and alternative app sources like
| F-Droid.
|
| I struggle to see any good-faith need to erect additional
| barriers to protect users from running the programs they
| want on devices they own, when you already have to be
| fairly expert to enable developer mode, install via adb,
| etc.
| deaux wrote:
| The same EU that's doing NL Labs, the org mentioned in the
| comment you're replying to.
| exe34 wrote:
| The EU is a big place, run by a lot of different people, with
| true separation of powers. They don't have a president-king
| who can just ignore court decisions.
| jmnicolas wrote:
| So we're gonna get access to Von Der Layen Pfizer sms
| right?
|
| Were you offered to vote for Von Der Layen by the way?
| StopDisinfo910 wrote:
| For all the disdain I have for her, Von Der Layen is the
| candidate put forward by the PPE, the majoritarian party
| in the EU parliament. So, yes, people were indeed allowed
| to vote.
| wqaatwt wrote:
| She was primarily nominated by the EU council.
|
| The parliament would have picked Weber, but nobody cared
| since its just there to rubber stamp predetermined
| decisions.
|
| He was the leader of the party which won the plurality in
| the elections and had its support. EU had a real chance
| to move towards becoming a real parliamentary democracy
| if it went that way.
| StopDisinfo910 wrote:
| That was the election before the current one. She was the
| one out forward by the PPE this time and even then she
| was the second candidate put forward by the PPE after
| Weber was vetoed by France the previous time.
|
| That's the new Spitzenkandidate system. The council is
| supposed to pick the candidate put forward by the main
| political force in the parliament.
|
| The EU is a real democracy anyway. All the members of the
| council are themselves democratically elected. It has a
| weird three parts political system but everyone in it is
| elected or appointed by people elected.
| Certhas wrote:
| The EU is a parliamentary democracy. Von Der Leyen was
| proposed by the democratically elected heads of the
| member states. She was approved by the democratically
| elected parliament.
|
| The chancellor in Germany is also not directly elected by
| majority vote but by parliament.
|
| Its a reasonable criticism that the EU structures make
| democratic legitimisation very indirect, but that is at
| least partly a result of the EU being a club of sovereign
| democracies. The central tension was extremely evident
| during the Greek debt crisis, you have a change in
| government in Greece, but due to EU level constraints
| they can't enact a change in policy. More independent
| power ininstitutions less dependent on the member state,
| means the sovereign democratic national governments can't
| act on their local democratic mandates.
| immibis wrote:
| FWIW EU members are sovereign. If they disobey EU laws
| they can have benefits withheld but they won't be
| militarily invaded for ignoring EU law the way a US state
| would (unless they do something military themselves like
| invading another country).
| wqaatwt wrote:
| > The EU is a parliamentary democracy
|
| Except the are a couple degrees of separation between the
| democracy part and in the running the EU institutions.
|
| The EU parliament is also a very superficial imitation of
| a real parliament in a democratic state. It has very
| limited say in forming the "government" or decision
| making.
|
| > result of the EU being a club of sovereign democracies
|
| So either revert to it just being a trade union or
| implement fully democratic federal institutions. The in
| between isn't really working that well.
| saubeidl wrote:
| > Except the are a couple degrees of separation between
| the democracy part and in the running the EU
| institutions.
|
| That's what parliamentary democracy means, yes.
| wqaatwt wrote:
| No, of course not...
|
| In parliamentary democracies the parliament is elected
| directly and is generally sovereign (optionally
| constrained by a constitution or some set of basic laws
| and powers delegated to regional governments and such).
|
| In no way does that describe the EU. It has no equivalent
| body. Its imitation "parliament" is extremely weak and
| barely has a say in who forms the closest EU has to a
| "government".
| saubeidl wrote:
| But the parliament isn't the government in a
| parliamentary democracy.
| wqaatwt wrote:
| Yes, and? It forms the government and can dismiss it.
| exe34 wrote:
| They can also vote on bills, while we're bringing up
| irrelevant gotchas.
| Certhas wrote:
| So this is typical of criticism of the EU democratic
| structure: It's just factually wrong. The EU Parliament
| can dismiss the commission. From Wikipedia:
|
| "The Parliament also has the power to censure the
| Commission by a two-thirds majority which will force the
| resignation of the entire Commission from office. As with
| approval, this power has never been explicitly used, but
| when faced with such a vote, the Santer Commission then
| resigned of their own accord."
|
| The fact that the whole democratic setup is highly
| complex is in itself a problem. But the concrete deficits
| people mention are never true or don't apply to other
| democracies either...
|
| In practice the EU Parliament has been a lot more trouble
| for the executive than is typical in national bodies. The
| one valid point is that the parliament does not have the
| right to initiate legislation itself. That is unusual,
| but in practice many people who are actually close to
| political processes seem to say this is mostly symbolic,
| as national bodies can't really draft effective
| legislation without cooperation from the executive
| either... Stil definitely something I would love to see
| addressed.
| Certhas wrote:
| The parliament approves and dismisses the commission.
|
| In the last cycles the candidate who led the party who
| won the parliamentary elections became head of
| commission.
|
| So this is just wrong. The EU parliament has more power
| than US Congress or the UK parliament in this respect.
| Certhas wrote:
| It isn't working well by what standard?
| exe34 wrote:
| I'm not in the EU! I can explain when somebody is wrong
| without having a horse in the race myself.
| victorbjorklund wrote:
| technically people didn't vote for Trump they voted for
| electors which voted for him.
| saubeidl wrote:
| The same EU that shut down another attempt at Chat Control.
|
| Bad legislation gets written everywhere, the difference is,
| in the EU it doesn't pass.
| supermatt wrote:
| It appears that you are an American who has conveniently
| forgotten about FISA, EARN IT, CLOUD act, PATRIOT act, LAED,
| etc, etc, and wants to take a dig at the EU for what,
| exactly? NOT passing Chat Control? Seriously..
| 0xDEAFBEAD wrote:
| It's interesting how so many online discussions of internet
| privacy devolve into nationalist chest-beating. I'm
| beginning to suspect that people don't inherently value
| privacy all that much -- they just want to brag about how
| their country is the most private.
|
| Recall that the premise of this thread is that the EU
| should sponsor an alternative to Android. The EU vs US
| question isn't really topical, since no one suggested that
| the US government should sponsor an alternative to Android
| instead.
| closeparen wrote:
| I do not think it is righteous or enlightened when the
| American government flexes control over the tech sector. I
| can see how Europeans might have thought this about the EU
| when it was just GDPR, but subsequent developments have
| recast all of this as being about government control and
| keeping the tech industry "in its place" rather than a
| commitment to privacy and freedom in and of themselves. I
| think that ought to temper the righteousness.
| AnthonyMouse wrote:
| > Furthermore, the need for a trustworthy binary to be
| auditable to a certain hash or something would make banning
| this a simple task if Google would want to go that route.
|
| This is actually the advantage of doing it. You make the thing
| (call it a "personal app loader" or something rather than a
| "circumvention tool"), they ban it, now you campaign against
| them or make antitrust arguments presenting the ban as an anti-
| competitive practice or use the ban to refute claims that
| they're not inhibiting third party app distribution.
|
| Even if you know they're going to be the villains, you still
| want to make them actually do it so that everyone can see them
| doing it.
| ekianjo wrote:
| > hope we can get the EU to fund a truly open Android Fork
|
| The same EU that keeps pushing for breaking encryption and
| chatcontrol? No thank you
| TeMPOraL wrote:
| > _breaking encryption and chatcontrol_
|
| The two are not equivalent issues; the first one is ill-
| formed as stated.
|
| Cryptography is a _tool of control_. It 's "dual-use", in the
| same sense like a knife or nuclear fission is - its moral
| valence depends on who is wielding it, and to what end.
|
| In the context we're discussing, encryption is being used
| _against the people_. Working encryption is in fact needed to
| make chat control work - it 's fundamental to it, the same
| way it is to Developer Verification and Safetynet/Remote
| Attestation. It would be _great_ if EU decided to break
| _that_ set of encryption applications. Alas, chat control
| only wants to break E2EE on messages, and _uses encryption
| elsewhere_ to guarantee E2EE stays broken.
|
| A more general comment about this thread, and related ones in
| the past: people really need to stop thinking about
| "encryption" and "security" as inherently good. They're not.
| Most of the social problems with computing, the attempts at
| user disempowerment and disenfranchisement, persist _because_
| they apply cybersecurity solutions.
|
| The core question of security is always: who exactly is being
| secured, and from who.
| StopDisinfo910 wrote:
| I hope the EU actually enforces the DMA and forces Google and
| Apple to stop their non sense.
| jezek2 wrote:
| Unfortunatelly DMA is the reason Google is doing this. It
| allowed Apple to require notarization for "security". Google
| is just copying the same approach as it's now clear what the
| requirements by the governments are.
|
| Before it was unclear so it was better to allow installation
| of apps without any verification to appear as more open.
|
| Remember any regulation/law has unintended consequences. At
| one point Apple decided that PWAs would no longer be
| supported in EU so they don't have to provide equal
| capabilities to implement them in alternative web browsers,
| fortunatelly they changed their mind by obtaining an
| exception. PWAs is the only alternative choice for making
| "proper" apps on iOS (no hacky sideloading methods).
|
| I think overally DMA is more a loss than a win (good on
| paper, terrible in practice). It codified worse things. The
| EU app stores are still fully controlled by Apple (harder to
| install, they can just decline or drag notarization of any
| apps or revoke your license to dev tools, you need to still
| pay them, etc.).
|
| For various apps the EU market is too small (esp. for things
| that need to be global) to invest into the development so
| while you can for example theoretically develop a real
| alternative web browser to Safari/WebKit (forbidden by App
| Store rules) nobody is willing to do it.
| immibis wrote:
| Technical things can affect people. Adversarial
| interoperability. They're using a technical thing to cause a
| social thing anyway, and fighting back with the same tactics is
| at least not surrendering.
| Lindby wrote:
| It would be hard to find manufacturers to use it. None of the
| existing Android phone manufacturers would be able to release
| phones with this fork without also abandoning the official
| Android platform on all markets. Google are very strict with
| this in their tos. You cannot release devices using non
| official Android builds without losing your right to use GMS
| and Android Brandice on your other Android devices.
| t_mann wrote:
| > verified loader apk, which in turn dynamically loads any apk
| the user wants
|
| Wasn't this kind of solution considered and sort of dismissed
| (because of too much centralization iirc) by F-Droid (can't find
| the reference now)? It seems like something that's worth trying,
| but in the end it's just a band-aid. If it gets any traction
| Google will shut it down. The real disease is dependence on a
| duopoly of (quasi)-proprietary OS for the dominant computing
| platform of our time.
| kevincox wrote:
| I see a handful of problems.
|
| 1. The loader will just get banned.
|
| 2. The application ID and permissions are that of the loader.
| To have different applications with separate data and
| permissions you would need multiple copies of the loader.
|
| 3. You miss out on other android security features such as
| application signing validation for updates.
| antiloper wrote:
| This will not work because the goal of android developer
| verification is to prevent running Google-sanctioned code. If you
| actually tried to publish this, Google will revoke the signature
| on the loader APK.
| NewJazz wrote:
| Ah yes sanctioned. A word that has two opposite meanings.
| layer8 wrote:
| Contronyms are awesome, yet people are nonplussed.
| zb3 wrote:
| Well, I'd rather verify myself with the government identity than
| accept a stock OS that literally woke me up with a fake message
| promoting Gemini despite me spending almost 2 hours turning every
| possible privacy-invasive setting off.
|
| To me, the attention to these verification changes seems
| misplaced. We need to defend the ability to unlock the
| bootloader, pressure Google to revive AOSP and then encourage
| people to switch to a more user-friendly OS.
|
| You're already unable to install what you want on a stock OS due
| to Android permission model treating you as a third-class
| citizen, after Google and OEMs.
| asimops wrote:
| In my opinion, the only solution while keeping Google and Apple
| as the developing entities is regulation.
|
| Despite that, there are some things that should not be for
| profit in my opinion. A good OS platform is one such thing.
| cageface wrote:
| I agree but I also think any meaningful regulation is off the
| table for the next few years in the USA at least.
| sleirsgoevy wrote:
| The issue with government IDs is that they are, for all we
| know, not trustworthy, but everyone treats them like they are.
| And you know, I am not going to "verify" myself with Google
| with this kind of toilet paperwork.
|
| If Google decides to pull this off, then I guess reflashing to
| a custom ROM with this crap patched out will be a very first
| step I'll be recommending to anyone who cares.
| zb3 wrote:
| It seems you missed my main point - the whole point is to
| fight for this right to reflash a custom ROM, because they're
| slowly coming for that too. First Play Integrity, now no AOSP
| releases and more vendors disabling bootloader unlocking..
| p1mrx wrote:
| I suggested this a couple months ago:
| https://news.ycombinator.com/item?id=45084296
|
| Android may ultimately win the arms race, but if they want to be
| evil, we should make their task as tedious as possible.
| neuroelectron wrote:
| Google doesn't need to make an argument to ban apps or
| developers.
| andrewcchen wrote:
| So like LiveContainer[1] which works around ios's signing
| requirements
|
| [1] https://github.com/LiveContainer/LiveContainer
| IgorPartola wrote:
| Whoa that is neat! How does that not get shut down by Apple?
| Wowfunhappy wrote:
| They don't allow it in the app store, so you have a chicken-
| and-egg problem...
| zzrrt wrote:
| It works with AltStore or SideStore.
| Wowfunhappy wrote:
| So you have to either live in the EU or have a helper app
| constantly running on a PC on your network...
| cyberax wrote:
| This "attack" is not even theoretical. Android apps can just
| download arbitrary binary code, mprotect(PROT_MAYEXEC) some area
| in RAM, link the code there, and run it.
|
| Google will simply revoke the keys for the "loader" APK. But
| that's fine for malware, its authors will just use the next
| stolen credit card to register a new account.
|
| That's also why this has nothing to do with security.
| clueless wrote:
| what does it really have to do with?
| baby_souffle wrote:
| > what does it really have to do with?
|
| Giving google control over what code runs on $device
| regardless of how that code got onto the device.
|
| A revoked key doesn't care about how the APK got there...
| Gander5739 wrote:
| Doesn't https://github.com/Katana-Official/SPatch-Update already
| handle this, and also support Xposed on top?
| bitwize wrote:
| > My vision of the hack is to distribute a verified loader apk,
| which in turn dynamically loads any apk the user wants. A user
| obtains the loader apk once and loads apps without installing as
| much as they want.
|
| And a day after you release, Google will say "Oh no you don't"
| and unverify your app, preventing it from being installed or run.
| Which is you know, kind of the point of this maneuver.
| immibis wrote:
| I'm already banned from publishing Android apps through Google,
| but apart from that, what would stop me making a server you can
| upload any app to and sign it with my certificate?
| maxloh wrote:
| That could actually be done solely on the device. You can
| develop an app to sign arbitrary APKs with users' own hobbyist
| certificate. Lucky Patcher have done that for a decade.
| immibis wrote:
| I could even just give out my certificate and private key (if
| I'm allowed to have one). It's not like I need it to be
| private. Google would probably blacklist the certificate and
| then we get to sue Google based on the fact they said doing
| this would allow the app to work, but they didn't follow
| through with what they said.
| sleirsgoevy wrote:
| Making every user to "verify" themselves with a government ID
| is a no-go, because government IDs are no more trustworthy
| than a toilet paper.
| userbinator wrote:
| Or you could just tell everyone out there that there are already
| tons of older Android devices which will never get any of these
| hostile updates, and if you're a developer, make sure your app
| runs on those older versions. Spread the word about how hostile
| the newer devices are, and let the lazy masses do what they're
| best at doing. Of course there will always be rabid bootlickers
| who will gladly pay to put Google's noose around their necks, but
| if they become the minority, and the majority just stops
| upgrading, it could very effectively pull control of Android away
| from Google. Giving everyone yet another reason to not upgrade,
| especially given the huge Android marketshare in poorer
| countries, could become a powerful force.
| Aeglaecia wrote:
| i thought google was going to push this as an update to play
| services , thus affecting all models
| Random09 wrote:
| Good luck with unsecure phone This is clearly a bad idea.
| blueg3 wrote:
| If this is an acceptable solution, just run a modern
| uncertified Android instead.
| ianbutler wrote:
| I think this means we need to rely on web technologies more. PWAs
| are looking pretty good on mobile devices these days and you can
| publish any web app you want with no reviewing authority. The web
| has a bunch of crazy APIs now that let you build crazy things and
| for everything else you're a hosted server away somewhere that
| can run more complex jobs.
|
| I believe devices I own should let me do whatever I want with
| them and I agree that the verification is BS, but I'll work
| around it in the ways I can which means building more for the
| web.
|
| If that ever drops the open pretense (since both traffic and
| trust authority are largely centralized and thus easily
| controllable) then I'll only write for self hosted linux boxes.
|
| We as individuals can only do so much. We'd need actual
| organization and some measure of political power to do anything
| more since normal people do not care about this.
| Wowfunhappy wrote:
| I thought Brent Simmons did a great job laying out why PWAs
| don't work: https://inessential.com/2025/10/04/why-netnewswire-
| is-not-we...
|
| The tl;dr is that a PWA implies an app which is based in the
| cloud. So suddenly you need a server, and you need to store
| user data, which means costs and dealing with privacy and
| security.
| teraflop wrote:
| That explanation doesn't really make sense to me.
|
| If something could be built as a native app without depending
| on a central server, it could also be built as a PWA without
| a central server. You don't need to store user data centrally
| at all, just because it's a webapp. You can just have the
| clients use localStorage or IndexedDB or whatever.
|
| You still have to host the static files for the webapp
| itself, but that can be made very cheap.
|
| Of course, API feature parity between native and web apps is
| a separate issue. But the argument about server costs doesn't
| seem like a good one.
| Wowfunhappy wrote:
| Isn't localStorage limited to 5 MB of data?
| teraflop wrote:
| Sure, but localStorage isn't really ideal for storing
| large objects anyway, because it forces everything to be
| stored in one big string-to-string map. It's great for
| small amounts of data such as user preferences.
|
| There are other APIs that allow you to store binary data
| directly (which you'll probably want if you're storing
| large files) and also to use/request larger quotas.
| porridgeraisin wrote:
| Yeah, better is the filesystem API
| koiueo wrote:
| IndexedDB API is a bit more liberal in that regard
| twixstar wrote:
| I read the article, and I'm pretty certain he's talking about
| a traditional web application. When we speak of PWAs we're
| thinking of a set of APIs that let a web app behave like a
| native application. i.e 'installation' + service workers,
| background sync, IndexDB/FileSystem etc. You could probably
| make a self-sufficient RSS reader with what's available.
| charcircuit wrote:
| Practically you are going to have a server distribute a
| native application anyways.
| poisonborz wrote:
| Not the developer. This is all additional complexity and
| less privacy for the user.
| Jaxan wrote:
| Basically every native app has a server behind it to harvest
| user data nowadays. So I don't think it's an argument for why
| PWAs won't work.
| Wowfunhappy wrote:
| If the app is made by a company, sure.
|
| It seems to me that, ironically, PWAs are uniquely ill-
| suited for the type of non-corporate software where
| distribution outside mainstream channels makes the most
| sense.
| nine_k wrote:
| You need native apps to access specific hardware, and to run
| some native code. WASM may help but it's limited, too.
| Jaxan wrote:
| How many apps rely on specific hardware or native code
| though? I can only think of my banking apps when using nfc.
| rs186 wrote:
| Bad news for you, Google happens to have a tight grip on the
| entire web ecosystem -- browser, search, ads etc.
| ianbutler wrote:
| I obviously understand this and mentioned as much indirectly
| in the post. You can only do so much and the web is still
| more open than Android is about to be so again, you do what
| you can.
| morshu9001 wrote:
| PWAs are at the mercy of Gapple have always been handicapped in
| just the right places to not be viable vs installed apps. Most
| people don't even know how to install one.
| ianbutler wrote:
| Yeah but as I understand it Apple has become a lot more
| progressive on PWAs in the last few years. I'm under the
| impression theyre viable
| srcreigh wrote:
| This is harmful speculation. Many PWA features are broken in
| small ways which add up. The caniuse database does not test
| that a PWA feature meets the spec and there is no better
| database. Nobody can say that PWAs are "looking good" without
| such testing.
| fsmv wrote:
| Just use adb. You can do adb wifi on device. You don't have to
| distribute a signed apk just sign it fresh on device.
| Retr0id wrote:
| This is the way. You can also do adb-over-webusb with a second
| device.
| Permik wrote:
| With apps like Shizuku you can do the whole nine yards all
| locally untethered with one device :)
| Telaneo wrote:
| While neat, it glosses over the actual problem, while maybe not
| even solving it (depending on what you deem the problem to be in
| the first place). It solved the immediate problem today, but not
| in a way that's going to remain solved.
|
| I'd imagine Google would plug any major holes in their soon to be
| closed garden, assuming that is their intention. So this and any
| other fix to the problem of 'install app through not-Google Play'
| that goes via technical means that Google can just cover up after
| a month or two doesn't actually move the needle any meaningful
| amount.
|
| In the same vein, using adb isn't a real solution to that same
| problem for most people, since having to use adb is a massive
| jump in required effort that's going to leave all the normies
| behind, with only the super-dedicated willing to go through the
| hassle, and an equivalent amount of developer effort is going to
| be left behind as well, since their audience just got decimated,
| and they themselves might not even bother to develop something
| that even their dad or sister is going to bother/be able to
| install. Anything that's much more complicated than 'go to
| website, download thing, run thing, click your way through'
| doesn't solve for this.
|
| The actual problem is to have Google not be knobheads about it,
| and the only way that's realistically going to happen is through
| the law, but that's not looking all that likely in my view.
| numpad0 wrote:
| > My vision of the hack is to distribute a verified loader apk,
| which in turn dynamically loads any apk the user wants.
|
| Right back to Symbian signed AppTRK and rolling back hardware
| clocks. Great.
| whatshisface wrote:
| > _My vision of the hack is to distribute a verified loader apk,
| which in turn dynamically loads any apk the user wants. A user
| obtains the loader apk once and loads apps without installing as
| much as they want._
|
| Google's not going to let you keep your signing key if you do
| this with it.
| fifticon wrote:
| these holes will be closed and turning into flaming jumping
| hoops, so this is not viable. fight the people designing the
| game.
| nacozarina wrote:
| yeah, googs can get rekt, I'm not even
| charcircuit wrote:
| >Google assures that it would be possible to install applications
| locally using ADB, but there are no details on this
|
| It's going to be the same as Play Protect using the
| PackageVerifier API. Even if won't trust that Play Protect will
| continue to allow adb installs, if you go to the developer
| options you can disable package verifiers for adb installs.
|
| >the concept
|
| This would not really work considering you can't do a lot of
| things at runtime. You can't create activities, you can't create
| services, you can't declare permissions, you can't use
| permissions, etc. Pretty much everything in your manifest can't
| be done properly. You can't really do a job faking it. You would
| have to declare a ton of dummy activities with all different
| permutations of things like launch mode, document launch mode,
| intent filters, etc.
|
| What you can do are things like game engines like how the android
| godot editor works where you aren't loading full android apps,
| but projects into the editor.
| Permik wrote:
| This is actually a non-issue with tons of unnecessary fear
| mongering going around, see my comment here:
| https://github.com/enaix/apk-loader/issues/1
| baby_souffle wrote:
| The OP addressed this: `adb` works ... *for now*. Other than
| google's pinky promise, what assurance do we have that adb will
| continue to work in a year or five?
| VladStanimir wrote:
| I am not a app developer however from what I read on the android
| developer site you just need to provide some form of id, the
| singing key and the app id.
|
| You don't have to distribute via the app store, you dont have to
| get Googles permission to publish the app or have them sign it.
|
| This looks like purely app validation, we only run apps we can
| prove originate from the author.
| huem0n wrote:
| Under that logic, even if the app is "malicious" it would still
| be possible to install it. And thats not true, if somthing is
| deemed malicious, its blocked. Is app that hurts Google's
| dominance "malicious"? Who is it that decides what is
| malicious?
| m-p-3 wrote:
| So if Google doesn't like the app in question (such as
| ReVanced, NewPipe, etc), they can simply target that signing
| key to completely disable the app on all devices, even if it's
| not distributed by them.
|
| Having the file signed by a relatively centralized authority
| makes it much easier for Google to gain control outside of
| their realm.
| sleirsgoevy wrote:
| What about this idea? Make a movement among the devs who are
| _willing_ to distribute "legitimately" (via Google Play or
| "authorized" sideload), to sign their apps with intentionally
| insecure private key. Then some community will just mine up these
| certificates in already published apps and publish them somewhere
| on GitHub.
| thr0w4w4y1337 wrote:
| LlamaLab's Automate has a non-root privileged service via network
| adb service. Would it be possible to simplify app installation
| via adb the same way? An app that reads apk, sends it over pre-
| paired ADB. Sounds like a much simpler solution.
| SiDevesh wrote:
| Isn't a better solution here to build an app that signs unsigned
| apks with the end user's self provided signature ?
| codethief wrote:
| > So an apk may just load some zip/apk/dex code from external
| storage and execute it in current context.
|
| Wouldn't this break all kinds of things, like app sandboxing, the
| permission system, app intents, ...?
| iggldiggl wrote:
| ... launcher shortcuts, launcher widgets, storage management,
| multi-process set-ups or even services (those need to be
| declared statically in the manifest), so yeah it would.
|
| So interesting as a fun exercise, but not really useful for
| probably quite a few apps.
| jchw wrote:
| The more I think about all of this nonsense, the more I wonder if
| Google's entire goal with this is actually to kill ReVanced, of
| all things.
___________________________________________________________________
(page generated 2025-11-01 23:01 UTC)