@alexia I guess I've bought my last smartphone then. Can't deal w/ Apple's walled garden. If Android goes there too, I'm out. Fuck this shit.

@RyanHyde @bigzaphod if your issue is not trusting J Random Developer you already have a solution that mostly works. Get your apps from a trusted and vetted app store and never side load. You never need to trust J Ransom Dev ever again.

If one decides to forego that protection then it's on them. Google is pretending to solve a problem that barely exists likely to get around recent court rulings. If they actually cared about security they'd vet play store apps more thoroughly.

@RyanHyde @alexia @bigzaphod

whats cool about centralized authority figures is that they are universally serve the express purpose of causing harm, and being oppressive; and violating human rights.

*gestures the everything*

@thamesynne @RyanHyde @alexia @bigzaphod

can't forget- they also rely on deliberately and guaranteeing to 'not playing nice' (i.e *violence, abuse, and mistreatment, and human rights violations*) when people don't follow their idea on what 'playing nicely' is, and at the same time perpertrate a soceity where that is seen is completely fine and acceptable as long as their the ones doing it, and that fosters dehumanization towards its victims; and promotes a system that actively incentivizes not being altruistic;

see libertarianism: ok lets look at it, so basically they say that all that is bad if the one doing it is called the state, but if its called a corperation then it's magically fine, (and some variants of it say the state should ONLY cause harm; and not things like healthcare or running libraries)

yeah so the issue is that your saying its magically fine to do that,

but of course; this logic only applies if your supporting the status quo.

(for OP: confidential information being leaked is good.)

@alexia As one of those independent developers that make zero money from my project... fucking hell.

This doesn't really "affect /me/" directly (I (also) publish to Google Play, so I already had to go through this, and thankfully I'm in a place where I can afford to do so while staying relatively safe).

But goddamn does this shit still make my blood boil. I care about what people *in general* can do, not just me. I care about people having the easy option to fork it, for that matter. I also happen to be in a place where a decent chunk of my contributors don't have a development background at all, let alone for Android specifically.

And goddamn does it leave a bitter aftertaste, making me reluctant to give them more of my free labour.

But I also have no realistic plan B, or any real idea what it would look like. iOS is just jumping out of the ashes and into the fire. Mainline phone Linux (Pine, Librem, etc) is just wildly impractical as a sole phone (I can't even file my taxes without BankID..). And what else is there?

@zoee @RyanHyde @bigzaphod @alexia this is the free reign in question, and probably why these stories are breaking at the same time: https://www.bleepingcomputer.com/news/security/malicious-android-apps-with-19m-installs-removed-from-google-play/

@RyanHyde @thamesynne @alexia @bigzaphod

not endorsing the first idea-- is endorsing anarchy, otherwise your just endorsing the first one again;

there is no 'middle ground' on this -- that's just unironically doing the centrist meme where its like "what if we murder half the jews"

.. either you support actual human rights (i.e where they arent violated just because an authority figure said so) .. or you don't ...

it sounds like you don't.

@RyanHyde the middle ground already exists, and it's the current side-loading process, which requires you to *explicitly* choose a somewhat obscure setting, to allow installation of apps of "unknown sources"

someone who is sideloading will generally already know what they're doing, since they have to flip this permission on. even if done permanently, it's not a global option but a per-app option to allow such installs from, say, the file manager. malware detection via Google Play Protect is *also* already a thing, mentioned in the linked article

you appear to have assumed that arguing against centralized signature verifiers to be *allowed to develop for Android,* means arguing against *any* attempt at verification. instead, it's really just: "Android, let's not do exactly what Apple is doing to wall in the garden, thanks"

seems like the best middle ground would be for Google to simply, not do this thing

@alexia I can't wait until there's a ready for prime time mobile Linux distro. Maybe it's time to try some of the alpha alternatives to Android that I understand are out there?

@alexia Thanks for the tips, Alexia! I looked at postmarketos but my old devices have not been tested with it. I can hack a bit, but I'm not up to doing it from scratch. I'll checkout UBPorts when I get time. Thanks!

@RyanHyde @bigzaphod @alexia and all the software by vendors who have been approved would never ever track me around the internet and essentially act like spyware right? RIGHT?!

@alexia figured. Pos really keep speed running getting sued.

@alexia Yeah, absolutely.

@RyanHyde @bigzaphod @alexia fun fact: lots of trojan horses on google play with verified status. grammarly is one example. does "ai-powered text correction", and sends all text you enter into any form to its servers to achieve that.

the fallacy here is seeing google as a trustable arbiter.

@alexia Yes, Android is getting more and more broken...

Just support #PostmarketOS or something, which is (except audio xD) really well usable

@RyanHyde @beeoproblem @bigzaphod @alexia

> There are reasons regulation exists, and while many regulations go too far, eliminating them would be worse than having them.

"regulations" are enforced through systemic violence and harm from the state & the entire purpose of ' verifying identity ' of developers is so you can inflict said violence and harm onto them, using said weapons given to those whom '"""have to"""" make sure thats not your aim;'

the world is and always will be, better off without large power authority figures with the ability to cause harm to people and pretend its fine,

eliminating regulations would be eliminating systemic violence and harm being done to people in the name of 'enforcing' said regulations, thus the world would be infinitely better off without them

doing so is harm reduction which is good; - what we need is standardization

you don't trust every random developer in the world? cool dont install their software then. don't demand they dox themselves to an authority figure