> It is interesting though how this same conversation doesn't exist in the same way in other areas of computing like video game consoles

Historically, when the first game consoles with game cartridges existed, the hardware was much more niche than the available personal computers. Game system developers designed hardware specifically for games, and game developers developed for those specific systems. Also, physical media for games provided an ownership model and DRM.

In 2003, Apple released the iTunes Music Store partnering with music labels to counteract the prevalence of music pirating. That was the first major digital marketplace with DRM and way before the App Store in 2008!

In 2005, digital distribution for video game consoles came with the Xbox 360, PlayStation 2, and Wii. Being game consoles with unique hardware, they kept their restricted licensed development model of previous generations.

The iPhone and App Store just followed that pattern. Unique hardware and a licensed digital marketplace to go with it.

Now, the hardware between video game consoles, smartphones, and personal computers are mostly unified; and the only real difference is software, but the restricted marketplace model still remains.

---

> The fact that mobile phones aren't yet just a standard type of portable computer with an open-ish harware/driver ecosystem that anybody can just make an OS for (and hence allow anybody to just install what they want) is kind of wild IMHO. Why hasn't the kind of ferver that created Linux driven engineers to fix their phones?

DRM. There are already devices where you can unlock the bootloader and install any OS on it. But then you won't be able to install apps that use the Play Integrity API to ensure DRM. Companies/developers want revenue and develop apps that require Play Integrity.

Any device that doesn't have DRM will never support a paid digital marketplace or paid content streaming.

> Is Android and iOS just good enough to keep us complacent and trapped forever?

Probably. Microsoft tried a DRM supported OS with Windows Phone and that failed.

---

That being said, digital marketplaces and DRM have there place to prevent piracy and allow developers and creators to make a living.

If someone has a solution to prevent piracy without a root of trust that would be ideal.

> I can't help but think there might be some effect here that's locking us all in similar to how the U.S. healthcare system can't seem to shake for profit insurance.

Yup. The Amish have had no trouble implementing a single payer healthcare system in the USA. It can be done, where the people want it. But, by and large, the people really don't care. In the back of their minds they might think it would be nice to have in the same way they think it would be nice to have a muscly six pack, but when it comes down to putting in the effort to see it happen...

> It is interesting though how this same conversation doesn't exist in the same way in other areas of computing like video game consoles

Yes, there needs to be a lot more uproar for these cases as well. One of the most appalling cases is that of macOS. To distribute your app (as a .dmg for instance), you need to sign up and pay for a Developer ID, sign the app with a Developer ID certificate and then notarize it, EVEN if you don't intend to use their App Store.

> It is interesting though how this same conversation doesn't exist in the same way in other areas of computing like video game consoles

This is part proprietary pedigree too.

You had to buy Nintendo cartridges to play Nintendo games, so no one ever questioned the Nintendo seal.

> Why hasn't the kind of ferver that created Linux driven engineers to fix their phones? Is Android and iOS just good enough to keep us complacent and trapped forever?

I obviously can't speak for all "Linux driven engineers", but only about myself, as someone who's daily driven linux for a long time and who enjoys tinkering with computers.

I consider phones in the same category as a gaming console: a "single purpose" device.

I find they're not practical for much more than mindless scrolling and the occasional text (and even that's a pain, to the point I usually do it from my computer). I just hate staring at a tiny screen and obscuring half of it with my hand when I need to interact with it.

I'm all for geeking out on things, and love to tinker. But the phones are simply not attractive to me. I used to have Android phones with custom roms, but that was only because samsung had atrocious support for older devices. My current iphone is supported until it can't be used anymore and does everything I need.

Whenever I get the itch to tinker, I'll do it on a computer with a full keyboard and big screen.

> Is Android and iOS just good enough to keep us complacent and trapped forever?

I think they are, especially since us "linux driven engineers" are a tiny fraction of the market. Basically nobody but us cares about these things. Just like almost nobody wants a small phone, or thick phone. Even with regular computers, most people didn't tinker, they would just install a few programs, which would have been on an hypothetical app store anyway.

> The fact that mobile phones aren't yet just a standard type of portable computer with an open-ish harware/driver ecosystem that anybody can just make an OS for (and hence allow anybody to just install what they want) is kind of wild IMHO. Why hasn't the kind of ferver that created Linux driven engineers to fix their phones?

It's because each phone SoC is essentially its own bespoke architecture. You can't build one arm64 Linux ISO that will work on all phones like you can an x86_64 ISO on a PC. Each and every model of phone requires 0) unlocked bootloaders and either 1) full support from the vendor for Linux or 2) dedicated hackers willing to reverse engineer the board to get it to boot Linux in the first place & then developers willing to write missing device drivers & then maintainers willing to keep the fork up to date or mainline the changes.

It will always be cheaper for phone manufacturers to develop bespoke SoCs than it is for them to implement protocols and interfaces that make booting and hardware discovery standardized like they are on the PC. Making a phone as accessible as a PC to booting generic operating systems inherently means increasing costs at every level from the design up.

> I'm sometimes surprised at the plethora of cheap handheld gaming systems coming out of China that support either Linux, Android, or sometimes both, and seem to be based on a handful of chipsets. If anybody ever slapped an LTE module and drivers onto one of those things we'd have criminally cheap and powerful, open phone ecosystem.

On the surface it seems like that, but all of those devices suffer from the same issues I described above. There will be thousands of devices that "support" Linux, but only nominally.

What happens is, if the manufacturer even releases the kernel source, you get a git dump of a forked kernel that was never modified to be upstreamed with the vanilla mainline kernel. That essentially means you are stuck using that fork unless you have the time, knowledge and skill to port that fork over to the mainline, which is a lot of work. This applies to every SoC, and SoC modification, in gaming systems. Barely any of this work crosses over or can be standardized like it is on a PC.

None of that makes a platform a real open ecosystem.

Source: I'm involved in porting and maintaining a Linux distro for those cheap Chinese handheld gaming systems. The only reason Linux runs on them is because weird nerds spent time getting it to run on them. When they get bored, your Linux "support" ends.

The best we can hope for is for ARM servers to scale down to the point we can use them in small form factors, as ARM servers implement the same standards PCs do to run generic Linux ISOs. We aren't going to get this from the mobile hardware ecosystem, there just are no incentives to make such an investment. Maybe we'll get them if ARM PCs truly take off.

> It is interesting though how this same conversation doesn't exist in the same way in other areas of computing like video game consoles or other embedded computing devices where the controls against arbitrary applications is even stronger.

The conversation takes place all the time, there are tons of people who want to, and do, run homebrew and Linux on their consoles, same thing with embedded devices. Getting Linux or Doom to run on an embedded device is a rite of passage.

> The fact that mobile phones aren't yet just a standard type of portable computer with an open-ish harware/driver ecosystem that anybody can just make an OS for (and hence allow anybody to just install what they want) is kind of wild IMHO.

It is worth mentioning that the push against open phones never came from big tech but from governments everywhere in the world. Tightly controlled communications was and still is the status quo. People sometimes forget that e.g. in Germany telecommunication used to be a government authority and it was prohibited by penal law to even open a telephone. Things like weak encryption standards and tightly closed down proprietary communication chips inside phones were always intentional.

None of this justifies or explains Google's actions but it puts things into perspective. Personal computing is an outlier, and if home computers had been connected to a network from the start they would probably have been as tightly controlled as all other communication devices have always been.

Unfortunately, the control authorities still exist and seek to gain more power over computing devices and their goals mostly align with the commercial interests of large tech companies, who have basically just become alternative telco providers. So, I estimate that personal computing will be more or less eradicated relatively soon.

> criminally cheap and powerful, open phone ecosystem.

It wouldn't, you need drivers for your modem, gpu, gps etc. It's encumbered with patents and "prohibited" software circumvention techniques, you're right about one thing it would be regarded as criminally offensive by our current legal system.

Speaking of android, if iOS had jailbreaking, maybe we need a bigger prisonbreaking from Google

>It is interesting though how this same conversation doesn't exist in the same way in other areas of computing like video game consoles or other embedded computing devices where the controls against arbitrary applications is even stronger.

Far less technical people from my perspective

Not fun if you work I.T. whatever you role is

> I can't help but think there might be some effect here that's locking us all in similar to how the U.S. healthcare system can't seem to shake for profit insurance.

Yeah. It's called capitalism, where the reasoning behind everything is "How can businesses make a profit?". And in the U.S., it's also, if the business doesn't make a profit I'll starve.

> The fact that mobile phones aren't yet just a standard type of portable computer with an open-ish harware/driver ecosystem that anybody can just make an OS for

Such phones exist:

https://en.wikipedia.org/wiki/Librem_5

https://en.wikipedia.org/wiki/Librem_5

First thing on the list for me is dramatically reforming the Digital Millenium Copyright Act (DMCA), which currently makes it a federal felony to provide other people any information or tools they might use to control the devices they own, ex:

> Thanks to DMCA 1201, the creator of an app and a person who wants to use that app on a device that they own cannot transact without Apple's approval. [...] a penalty of a five year prison sentence and a $500,000 fine for a first criminal offense, even if those tools are used to allow rightsholders to share works with their audiences.

https://www.eff.org/deeplinks/2020/09/human-rights-and-tpms-...

_____________

In some ways, I think this is even more important than attempting to bar companies from putting in the anti-consumer digital locks in the first place: It's easier to morally justify, easier to legally formulate, and more likely to politically pass. The average person won't be totally stuck lobbing the government to enforce anti-lock rules for them, consumers can act independently to develop lockpicks.

Plus it removes the corporations' ability to bully people using your tax-dollars and government lawyers.

Also, let's stop using the term "sideloading", as if it's something bad or shady.

It's called "installing apps".

"I then have 100% control over that device and the hardware maker, the retailer, and the OS maker have a combined 0% control."

the problem is transaction not done once you own the device, you must use the ecosystem

Google and Apple create this ecosystem and they own it, so even if you have 100% control of your device but you cant live without their ecosystem

OS is just "half the battle", if its so easy Microsoft would not let windows mobile died

What does this even mean? You don't want software updates? Or strictly only software updates that are 100% aligned with your wishes whatever they may be at the time?

That bar would require infinitely good software on the hardware. Then it will be your device. Otherwise, they will constantly need to improve it. then it will be their software on your device.

People always say things like these, and I wish it were that way too. Maybe if history had gone a little differently.

But what's the point of defining these standards now? Is the world where this is the reality still feasible? It seems nearly impossible, unless you're an extremely wealthy and influential individual. What I'm seeing is that we never will move to a world where a device that you bought is truly "yours" anymore. Instead, we'll be renting one of the approved devices, ran by one of the tech megacorporations and overseen by your government. They will give no real way to execute any random code that you want, unless you're also licensed and vetted as a developer. They will be tightly surveilled, all information will be saved, every interaction between these devices will be controlled for the sake of security. It will be an entire web of trust, defined by the powers that be. We're seeing early attempts at it now, but we still haven't hit full centralization. But once we do, what happens then?

> 2. Having an approved channel for verified app loading is a valuable security tool and greatly reduces the number of malicious apps installed on users devices

I would instead say that having a trustworthy channel for verified app loading is a valuable security tool. F-Droid is such a channel; the Google Play Store is not. So Google is trying to take this valuable security tool away from users.

> it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store

That's close enough to how Android already works. Google wants to additionally prohibit installation of apps unless they're signed by a developer registered with (and presumably bannable by) Google.

> Given that both of these things are obviously true, it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store.

It is an obvious solution, and it's a good first solution. This popup already exists.

A problem in security engineering is that when people are motivated (which is easy to achieve), they will just click through warnings. That is why, for example, browsers are increasingly aggressive about SSL warnings and why modifying some of the Mac security controls make you jump through so many hoops.

The usual take on HN is take the attitude that the developer is absolved of responsibility since they provided a warning to the user. That's not helpful. Users are inundated with stupid warnings and aren't really equipped to deal with a technical message that's in between them and their current desire. They want to click the monkey or install the browser toolbar. The attitude that it's not my problem because I provided a warning they didn't understand doesn't restore the money that was stolen from them by malware.

>Given that both of these things are obviously true, it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store.

Android already does this. It's the thing that's going away.

I don't trust the Google Play Store.

> a step so bold for an OS that even MSFT never even dared try in its worst Windows monopoly days

I don't think it's like "MSFT didn't dare to try", but rather "MSFT was too stupid to come up with the idea". They didn't have the ability to manage it either (and till this day their Windows Store app still sucks with tons of bugs). Not to mention that Windows was already wide open, never with a restriction "you can only install these approved apps" to begin with.

Basically, not that Microsoft didn't do it, but it couldn't.

This comment is very uninformed and misleading.

> Having an approved channel for verified app loading is a valuable security tool and greatly reduces the number of malicious apps installed on users devices

These are claims that Apple and Google make to justify their distribution monopolies, and you are repeating them as fact. I don't think it's true, and cite as evidence both major app stores and the massive amount of malware in them.

Don't parrot anti-competitive lies from monopolists.

> Given that both of these things are obviously true, it seems like a pretty obvious solution is to just have a pop up that has a install at your own risk warning whenever you install something outside of the official app store.

Google already does this. They've always done this, and it has always been a bad thing because it disadvantages app stores that try to compete with Google Play. Imagine you want to sell an app, and your marketing materials need to include instructions on how to enable "side loading" and tell people to ignore the multiple scary popups warning about vague security risks and malware.

> because they take a vig on all transactions done through those apps

This has already been litigated and federal judges ruled that they must allow devs to use third party payment processors. Look up the Epic Games cases against Apple and Google.

> In a normal market there would be no incentive to side load because...

This is nonsense. "sideload" just means to install something outside the Play store. In a normal market, there would be every incentive to do so, as consumers would be able to choose from multiple app stores. Users don't care where an app comes from, as long as they can figure out how to get it.

To me this seems analogous to the motivation of certain people, as soon as they were able to work from home during the pandemic, to move to some arbitrary other cheaper place only because they were no longer required to go into the office.

Specifically it's weird to me that those people, akin your statement about platforms, don't seem to have a sense of place within which they do their stuff, whether that stuff is talking to the friends in your neighborhood regularly or checking your email; there aren't any other reasons you prefer Android, iOS is the default?

I personally don't fucking like iOS at all, never have, but I've always let myself re-evaluate it when the opportunity comes up. I find the UI clumsy and primitive, lacking in personality, customization, versatility. It was just fine on my old iPad for a few basic tasks, and it's still just as fin and just as basic, relatively speaking, on newer devices. However I am a career-long macOS user by choice. I usually admire both macs and iPhones for their hardware design.

Likewise, even though I moved to my relatively high cost of living city for a job years ago, if my current one let me WFH exclusively, I'd move... nowhere, this is exactly where I want to be. There is always some threshold of course whereby favoring one choice over another is too costly to maintain, but even though this particular freedom topic is important to me, I'm not about to just switch platforms because I've secretly hated it otherwise.

Instead it would be great if you join the fight against Google (and Apple) by using FOSS and independent distributions like GrapheneOS. It is the most secure and private option we have today. Most apps work as it is except a few those who purposefully use Google Play Integrity API to block independent platforms.

> You have the right to install whatever you want on your computer, regardless of whether that computer is on your desk or in your pocket. That's a hill I'll die on.

I totally agree with that. BUT:

> Splitting hairs about the origin of the term "sideload" does not change

You can't start your article by splitting hairs about the meaning of the term, and then complain that people follow down that discussion :-).

This is mostly a framing war. Calling it "sideloading" makes it sound risky or unusual, but if we called it "installing software on your own device", Apple's and Google's restrictions would seem absurd - like telling homeowners what kind of light bulbs they're allowed to use.

This community has pockets of people who like authoritarian control, and genuinely believe in Apple or Google Play as some kind of superego that they need to defend, that they believe is protecting us.

This surfaces in many types of discussions, including discussions where they may be prompted to defend the locked down nature of mobile devices.

I say it's just pockets. A vocal pocket. It's not everyone here. But it elicits comments justifying that stuff, which can feel surprising for those who don't share those views.

I would say the situation is worse as this "subscription-esque" model is "spreading" to areas beyond software. Exercise equipment like ellipticals and bicycles - whose software is/could be borderline +/- resistance level trivial - has been moving to "only works with an online subscription" business models for a long time.

I mean, I have had instances that controlled resistance with like a manual knob, but these new devices won't let you set levels without some $30+/month subscription. It's like the planned obsolescence of the light bulb cartels of the 1920s on steroids.

Personally, I have a hard time believing markets support this kind of stuff past the first exposé. I guess when you don't have many choices or the choices that you do have all bandwagon onto oligopoly/cartel-like activity things, pretty depressing, but stable patterns can emerge.

Heck, maybe someone who knows the history of retail could inform us that it came to software "from business segment XYZ". For example, in high finance for a long-time negotiated charging prices that are a fraction of assets under management is not uncommon. Essentially a "percent tax", or in other words the metaphorical "charging Bill Gates a million dollars for a cheeseburger".

EDIT: @terminalshort elsethread is correct in his analysis that if you remove the ability to have a platform tax, the control issues will revert.

The correct term was always “download”. We should be allowed to download and run anything we want on our own phones.

Could you make the claim that F-Droid is actually safer than "Google Play Store"

The plea Google makes against so-called "sideloading" always refers to "malware"

But how much malware has been distributed via F-Droid versus "Google Play Store"

It could be that smaller, independent "app store" might be better managed than Google's

Regardless of its origin, its usage in context clearly implies it's supposed to be understood as a non-standard, non-default process. Making preferred software design choices feel like defaults, or making preferred app or distribution ecosystems feel like default is the product of extraordinary and intentional effort to set expectations, and so I don't see it as an accident that the nomenclature would be used for the purposes you describe.

I did make a comment in this thread about the historical usage of the term sideload, although for my purposes, I was noting a historical quirk frim a unique time in the history of the internet rather than disputing any premise in your post. It was the first and only comment at the time I posted it and I was not anticipating such an unfortunate backlash that seized on terminology for the purpose of disputing your point, or for otherwise missing your point.

But it is indeed missing the point. Requiring developer registration to install is exercising a degree of control over the software ecosystem that's fundamentally out of step with something I regard as a pretty important and fundamental ideal in how software is able to be accessed and used.

FWIW, thank you and the team for all the hard work. Me and my family use it to install, discover, and try out many of the genuinely useful and really cool, high-quality Apps on our de-Googled devices and truly appreciate it. I could never imagine using that ad-ridden, user-tracking, scam-infested, filth-flinging abomination they call Play "Store". The only thing that's worse is GCM - you don't even see it's there as a regular user.

Hey, I hope you have a nice day. F-droid is one of the communities which was really a key role in, what open source project should I recommend if given the power to, for people to gain maximum impact on, and f-droid was one of the tops in that charts, so much so that I really tinkered with android apps creation with rust/tauri just to create an android app for f-droid (building android apps is hard I must admit, which makes my appreciation for apps on f-droid even more lovely)

> You have the right to install whatever you want on your computer, regardless of whether that computer is on your desk or in your pocket. That's a hill I'll die on

I feel like there are some phones, I will say my honest experience, I had a xiaomi phone which required me to unlock the bootloader for me to root it/ remove the spyware that I feel it has, I never felt safe really (maybe paranoia?) but I wanted an open source operating system on it and that required me to unlock my bootloader

Which required me to create an MI Unlock / MI account which then later required me to open up a windows computer and try to do things with the windows computer

I didn't have a windows computer, I am a linux guy and I didn't want to touch windows and I tried any option available on linux (there was a java thing and some other exploit too but both failed)

Later, I tried to actually install win-boat and tried to install the mi tool in it after so many nights of work and I tried and it actually opened but it asked me for the otp to sign up but I don't know if I overwhelmed their system or not but their OTP just straight up didn't show on the phone's sim I had registered on.

That OTP not coming after 5-6 tries, I am not sure if they had detected it was win-boat or what, but idk, that effectively locks me out of ways to unlock the device and remove some spyware functionality I think it has.

I feel like this case made me feel as if although I had a device, it feels like a license when you think about it. This is true for many other consumer devices as well and thus, people accepting the fact that their devices have become similar to licenses, not hardware which they own, but rather software which they rent

> I'm dismayed to see that this sentiment is not more widespread in this of all communities.

I feel like your message is in the right heart, and its honestly okay, sad even, that some part of the community didn't respond to your message in agreement.

But Honestly, please don't lose hope because of this, You and people/foundations like f-droid,linux etc. inspire a sense of confidence for a good future while actively working on it. I was thinking of trying to host some f-droid mirror but I didn't personally because I was a little skeptical of getting any notices or anything after the f-droid team had created a blog post about something similar.

Also one thing, I would try to tell you is that you are trying your best. And that's all that matters. What doesn't matter is the past or the future or how the community responds but rather doing what you think is right with correct intentions which I think you do a perfect job in.

Doing the right thing can be difficult but maybe in a world where doing the right thing isn't rewarded as much in even mere appreciation or sharing the sentiment whereas doing the wrong thing is financially rewarded. its a complicated world we live in, but hopefully, we all can try to make it a little more beautiful for us and our future generations by trying to do things the right way no matter how hard they are, just because its the right thing.

I may speak these things but I myself regularly contradict these. So I don't feel the best guy speaking this stuff but I just want to say that f-droid really means a lot to me, a recent example is how I ditched that xiaomi phone, used my mum's old moto phone, tried to install termux from playstore but it couldn't download for some reason from play store because it was android 8 yet theoretically it should work, but I then opened up f-droid and installed it from there and I am running a termux/gitea server on it now :)

Please, have a nice day, F-droid/you deserve it, I just hope that you recognize that there are people's lives that you have touched (like my termux thing and there are countless other stories as well) and how impactful the project is.

Lets use this comment as a way to show our appreciation to f-droid in whatever ways it has touched our lives and how effectively google's recent moves are really gonna impact f-droid/ hurt us as well. How I wouldn't have been able to run git server on my phone if it wasn't for f-droid and so much more.

>You have the right to install whatever you want on your computer, regardless of whether that computer is on your desk or in your pocket. That's a hill I'll die on. I'm dismayed to see that this sentiment is not more widespread in this of all communities.

agreed, but i'm not going to die on any hill. i don't see much point in this discussion, these corps will do whatever they like. for me it is simple: iphone never was an option precisely because of this reason, and i've been quite content with android, but i don't think my current smartphone will run android for much longer, and the next one will definitely not.

It’s a hill you don’t have to die alone on!

I too am flabbergasted at the utter lack of integrity some show and vocally proclaim in this of all places… corporate shills every last of them.

Another supporter here, chiming in to let you know you're not alone on this hill.

Sorry about this. This hairsplitting is common on HN comment threads. We lose track of the main theme and nitpick at great length on some word.

.. A grateful F-Droid supporter and user.

put a fork in it, it's done,almost! android that is. linux phones are comming up fast, and will be set up to run the droid apps we like. but big props to fdroid just used "etchdroid" to transfer a linux iso to a thumb drive and boot a new desk top, and if I get a few bucks ahead I will buy a dev board from these guys https://liberux.net/ flinuxoid?, flinux?

I agree with your point about "install" vs "sideload".

> Google’s message that “Sideloading is Not Going Away” is clear, concise, and false

Given your(and my) definition, this statement is false. Google isn't taking away sideloading, you can still use adb. I'd say using adb to load an apk from another device is the proper use of "sideloading".

What Google is doing is much worse, they are taking away your ability to _install_ software.

And yes, HN loves splitting hairs. But if it wasn't for the hairsplitting, there probably would be be much discussion. Just most people agreeing with you and a few folks who would prefer to give up freedom for security.

I agree it's a pointless distraction, but it's a distraction you instigated by trying to language police your own supporters. I and most others who use the term sideloading don't use it because we want to make sideloading "feel deviant and hacker-ish", we use it because it's the commonly accepted term for installing apps outside the app store. I'm open to alternative phrasing, but "direct install" doesn't work because installing apps from F-Droid isn't a "direct install" and "installing" doesn't work because that doesn't distinguish from installing from the Play Store. "Sideloading" is simply the correct word, and I've yet to see a better alternative. There's no reason to be ashamed of it, or accuse people of being part of some conspiracy for calling it that.

If anything, the fact that Google feels the need to disingenuously argue "sideloading isn't going away" suggests to me that the term sideloading has a good reputation in the public consciousness, not a negative one.

Let's just focus on the fact that Google is trying to take away Android users' ability to install software that Google doesn't approve of, and not stress so much about what words people use to describe that.

I think it's better to shut down the project. I used to contribute to privacy projects, but then after being slandered for damaging youtube's "creators" by blocking the trackers, I realize that people enjoy getting f*cked by google and enjoy shilling google collecting personal data. So I stopped, it's better for my mental health and I have more free time for myself.

Hey, question. While I'm also miffed about Google's decision and see your point about the term sideloading, there is another elephant in the room you seem to not be addressing here.

You write:

> “Sideloading is Not Going Away” is clear, concise, and false_

But isn't Google saying that you will still be able to sideload via ADB? Which would mean their statement is true, and that your claim that Google's statement is files is itself false?

I'm so confused why you never even mention ADB or its relevance to sideloading, which they refer to rather explicitly in their blog post. At the very least, if you think ADB doesn't change anything, you could mention it and say so. Could you explain this seemingly critical omission?

> Splitting hairs about the origin of the term "sideload" does not change the fact that those who promote the term tend to do so in order to make it feel deviant and hacker-ish.

That is not a fact, that is your opinion. Lots of people say "sideload" without trying to convey such negative meanings. For better or for worse, the term has entered the common lexicon and I very rarely see it used with negative connotations attached to it.

Is there no line, in your opinion? At this point, there are computers (many of which run variants of Linux in many cases) in my:

1. Laptop

2. Phone

3. Car

4. Washing machine

5. Handheld GPS

6. E-reader

7. TV

Is there some intrinsic different between a device where the manufacturer has programmed it using an ARM/x86-based chip vs a microcontroller vs some other method that means in the 1st case I have the right to install whatever I want? Because that feels like what's happened with cell phones: manufacturers started building them with more capable and powerful components to drive the features they wanted to include, and because those components overlapped what we'd seen in desktop computers, we've decided that we have an intrinsic right to treat them like we historically treated those computers.

>Splitting hairs about the origin of the term "sideload" does not change the fact that those who promote the term tend to do so in order to make it feel deviant and hacker-ish.

Can you corroborate this? At least for me, the whole idea that "sideloading" has negative connotations only came up as a result of this debacle, and the only evidence I've seen are some very careful readings of blog posts from Google. The word itself hardly has any negative connotations aside from something like "not primary", which might be argued as negative, but is nonetheless correct.

>You don't "sideload" software on your Linux, Windows, or macOS computer: you install it.

Right, because those devices don't have first party stores. Windows and Mac technically do, as does some Linux distros, but they're sufficiently unpopular that people don't think of them as the primary source to get apps. Contrast this to a typical Android or iOS phone.

That's also a large part of the issue IMO. I currently _have_ root on my rooted and Lineaged Poco F3. But as hardware attestation is becoming the norm I am deeply worried about the future. I have been a pretty eager Android fan due to its achievable-if-savvy openness. If I lose root and sideloading, then Android is dead to me. There would be nothing valuable in it, just another corporate walled garden.

The result of this is very deep. Apple/Google effectively control what consumer technologies and services are allowed to gain traction.

And if you do have root, there is a good chance you're blocked from using common services on your phone such as mobile banking.

This year, I discovered SideStore on iOS, and its wonderful auto-refresh feature. Since then, I have written two iOS apps and am happily using them daily with zero issues. This plus the new Google announcement mean no going back to Android for me any time soon.

Dear F-droid, please edit your article to be technically correct so that HN can like it. All you have to do is change "coined" to "popularized".

Sorry, but "welcome to HN?" Commenters here regularly miss the forest for the trees, ratholing on minutiae and nitpicking one or two words in a 1000 word article. Often totally missing the overall point. We're notorious for it.

> And weirdos like us can always just import a Chinese phone that doesn't have mandatory Google verification crap.

No, we can't. One of the first countries with that mandatory Google verification is Brazil, and we can't import phones which are not certified by ANATEL, they will be rejected by customs in transit.

Or just install an alternative AOSP-based OS. Ironically one of the best phones for that is the Pixel, because it runs GrapheneOS.

But the purpose of prohibiting sideloading isn't security. It's preventing of apps like NewPipe and Vanced.

But what would be the point when no one would bother writing an app for such a small user base?

I haven't tested it myself, but as far as I know you can run ADB in the phone itself via Termux. Perhaps it's possible to make a wrapper that install apps from F-Droid with ADB? It would mean that you would only need to be tethered to the your PC once.

Obviously they'll eventually remove this because Google is hostile to things like ReVanced / some spook wants this power.

Also recommended: BIRDMAN or (The Unexpected Virtue of Ignorance)

Done, thank you for the link.

Depending on your app this is not all.

If i send a golang binary to someone with a mac via signal or other mediums, apple simply displays a dialog that the app is damaged and can't be run.

You need to use chmod to manually remove the quarantine flag to run it.

That for me is something that should be fined ad infinitum, because it is clearly designed to disallow non technical people to run custom apps.

I believe they are saying that this update will remove the ability to decide if you want to install it and will require developers to register and pay for their applications to be installable at all. It's been several years since I developed for Mac, but they operated a similar way, secretly marking a file as quarantined and saying "XYZ Is Damaged and Can’t Be Opened. You Should Move It To The Trash" if you didn't pay to play. Maybe this has since changed, or maybe I'm just a dummy. Regardless, whether a platform has any business funneling a user into their walled garden is another philosophical argument altogether.

This is the key and only difference. Scanning is great, and security is great.

but macOS lets you override any system determination, iOS does not, and Google is proposing the iOS flavor.

macOS warns you literally about every downloaded app not from MAS (signed!), unless you build it yourself or remove quarantine manually.

I think it is mostly about expectations, macOS trained people that it is relatively safe to install signed apps. If your app is unsigned, Gatekeeper will refuse to run it.

If you install the binary directly, but obviously it does not ask when you are installing through a store like brew...

it also sometimes says `"Foo" Not Opened` `"Apple could not verify “Foo” is free of malware that may harm your Mac or compromise your privacy."` This is frankly pretty insulting to the intelligence of the user and /does/ stop them. I think the paradigm is flowing towards "less" rather than "more"

> Why should doing so on your phone be any different?

Because it's obscenely profitable for the platform holder to have complete control over app distribution.

Can we stop pretending it's about anything else than that? Just imagine if Microsoft got a 30% commission on every PC software purchase in the world...

> This segment is what is preventing the “green bubbles = poor” narrative from taking over.

In the US maybe. In Europe, not so much. With Apple having a market share of "only" about one third and WhatsApp being the de facto default messaging app, this discussion never happened here.

Therefore your argument doesn't apply to Europe at all. Android is more than the "hacky" part. Albeit I'd really love to keep that.

> A lot of power users who buy flagships will leave for iPhones if Android ceases to be an open platform.

99.9% of people who use Android have never, and never will, install apps outside the Play Store, and aren't even aware that they can do so.

It's not like they didn't try, but Google illegally smashed them.

> Judgment of the General Court of 14 September 2022 — Google and Alphabet v Commission (Google Android) > > The General Court largely confirms the Commission's decision that Google imposed unlawful restrictions on manufacturers of Android mobile devices and mobile network operators in order to consolidate the dominant position of its search engine

https://curia.europa.eu/jcms/upload/docs/application/pdf/202...

Press release:

https://curia.europa.eu/jcms/upload/docs/application/pdf/202...

I have never seen people in the EU talk about the bubble colours. Texting is virtually dead in the EU as I know it, it's all in messaging services.

Samsung's fought Google on a few different fronts over the years and conceded most of those fights.

why would I leave for IPhones? I want the other direction of freedom.

The EU page is also no longer accepting new feedback

* https://ec.europa.eu/info/law/better-regulation/have-your-sa...

Nah screw it, it's late and I'm unable to sleep and gonna rant a little more.

Microsoft made changes to force consumer users to create Microsoft accounts to login to their PCs and you can go on Youtube and see 500 videos on how to use some bespoke tool to bypass this that has racked up thousands of views because some 'nerd' who literally walks around with a Macbook and an iPhone told them that it's the most evil thing Microsoft could make you do.

Meanwhile, once Google completes this transition on Android, you'll basically be forced to have a Google or Apple account to install any software on your devices, backup and restore the device, etc. And yet folks that dominate these boards are just like "yah that kinda sucks but like, ya know, ya know? ya know!?"

I agree that open software and even open hardware is a good thing. But both Apple and Google have done an incredible amount of damage to the open ecosystem of the web over the last 20 years in so many more ways than Microsoft could have ever dreamed of doing back in the 1990s.

And nerds not only let it happen, but embraced it, camped out in days-long lines wearing diapers to buy the latest shiny overpriced brick they could put in their pocket so they could look cool to all of their friends for a whole 12 months before the next one came out and made them look like a povo. And now walking around with a Macbook at college is like wearing the latest fashion trend because everyone has to show off that they're completely irresponsible with money and spend $2000 for something they could realistically get for under $1000 just so they can show off that they're in the same social class as everyone else.

It's the most infuriating thing to happen to the internet and technology.

Oh, and then to add on, they all get jobs in the tech industry and throw a fucking entitled childish hissy fit when their company hands them a $1000 Windows PC that's got monitoring and security software with no Admin rights on it instead of the $2500 Macbook Pro that they get root access to because mommy and daddy never told them no.

This sort of public complaint is the first step towards an European Commission finding of non-compliance with the Digital Markets Act.

Most (some sources say ~80%) Linux contributors are paid by their employer.

I bought the hardware, for the price they chose to sell it at. Why should I be obligated to use any of their services, if I can avoid it?

I'm not sure if your comment is satire. So I'll respond as is.

"Not providing potential further income" is not "robbing"... what is being stolen from them? Something they never had in the first place? When I lose a bet I willingly entered, am I being "robbed" of the gains?

Furthermore, who is losing if I go to F-Droid to install an open source app people wrote with no expectation of income? If Google had a better app, I would have installed it from there. Too bad everything is riddled with ads detracting from the core purpose.

> who worked hard to make windows phone die

You mean Microsoft? No backwards-compatibility with Windows Mobile to begin with (so companies can't reuse their existing investment into line-of-business apps on actually nice modern devices either), then they reset the ecosystem 2 times (once during the WP7->WP8 transition, another time during the Windows 10 transition).

I was a telco product manager at the time and I can tell you right away that it wasn't developers that killed Windows Phone. This book (https://asokan.org/operation-elop/) tells part of the story, but the telcos I worked for (and competed with) definitely played a big role.

Let's not pretend that MSFT would have been one tiny bit better here.

I am, mostly because Windows Phone 7 always did what Google is attempting to do here.

https://stackoverflow.com/questions/4229029/can-you-install-...

At least we got 10+ years of real sideloading on consumer devices thanks to WP7's death.

Windows RT "sideloading" denied for ordinary users, costly for Line-of-Business apps (2012).

Microsoft UWP only Microsoft Store. Microsoft backtracked their walled garden Windows plans for a while as result of Windows Phone fiasco.

Yes, we are.

I don't understand this sentence. Can someone rephrase?

Currently it seems that Google is pushing for hardware attestation, so you might be able to install Graphene/Lineage if your phone manufacturer allows you to unlock your bootloader, but many Play Store apps won't work as they'll detect your root. It's actually gotten pretty insane how every low-value app considers themselves the centre of the world and unable to run on a rooted device.

Example: the loyalty card app for a local store chain - there's no money in it, I can just get some discounts when I use it. So an attacker would have to steal my phone, somehow unlock it, and then they can use my loyalty card (btw which is free to obtain for anyone and there are no tiers) to get some discounts. And for that, they have implemented a pretty decent root checker which i had to put in some effort to overcome. And there are many more like it.

Yes (but see my comment about the permission system), however, the future of bootloader unlocking and AOSP is uncertain... :(

With one switch, one nasty update (disabling bootloader unlocking on Pixels), Google could kill GrapheneOS..

It is the latter. The app has to be signed, and the signer has to register "real" identity with Google. Approval of the app itself is not a part of the process.

Yes, sideloading will still be viable from known developers.

Probably malware developers will still be free from prosecution -- what moron is going to distribute malware with their own identity attached to it? But it means when the malware gets caught (which it does) you can't just roll a new APK with a different signature. You've burned a developer identity and need a new one. Those are harder to come by, and so it rate-limits malware distribution.

Approval is tied to individual apps. From https://developer.android.com/developer-verification:

> You'll need to prove you own your apps by providing your app package name and app signing keys

Needless to say, Google will throw out NewPipe, ad-blockers and anything else that might endanger their profits. For example, Google does not allow F-Droid to be published in Google Play (distributing competing app stores is against their ToS). This policy was in action as long as Google Play/Android Market existed.

> The latter means side loading is still viable for apps from known developers. This way anyone who is known who may create malware and will not be free from prosecution

Important corrections:

This way anyone who is known to create malware or any software which interferes with Google's current or potential future revenue, strategic interests, and unpredictable whims will not be free from prosecution in the case of distributing malware, nor from digital exile and unpersoning in the case of causing inconvenience to Google.

A great example of this is the 'networking' permission. Being able to control which app can speak to the WAN/LAN is a very important security consideration. Instead, every Android app can send any data it wants without the user being able to have a say in the matter. A lot of apps work just fine without being able to 'phone home'.

Thankfully there's the likes of GrapheneOS, however, with Google's recent changes, unless their OEM partner pulls through, their days are likely numbered.

Perhaps an unintentional one: https://lithub.com/what-we-talk-about-when-we-talk-about-thi...

You may be looking for something more specifically targeted, but here two somewhat relevant ways to donate money:

- https://f-droid.org/en/donate/

- https://supporters.eff.org/donate/join-eff-today

chinese phones usually don't have gapps installed, but many of them also have their bootloader locked and not unlockable.

> The only reason Google has decided to lock-down Android is because of apps like ICEblock and the ability for anonymous individuals to mass distribute information that governments do not like.

That's why the solution CAN'T be more regulation ...

Again, I don’t really see Google as a ‘moral’ or ‘pro-user’ company since they just pushed out Manifest V3. But unlike ad blockers, they’re not losing millions from sideloaded apps, so the only reason for their sudden policy shift is probably government pressure. With all the ongoing antitrust lawsuits, they’re just trying to stay on the good side of whatever the current or next administration wants.

> The only reason Google has decided to lock-down Android is because of apps like ICEblock and the ability for anonymous individuals to mass distribute information that governments do not like.

Nah. The only reason Google has decided to lock-down Android is because they think they can get away with it. They would have done it from the first minute except that not doing it gave them a competitive advantage in the market over Apple - back when pretending to be into FOSS and to "not be evil" was a major part of their marketing. They're ready to make the move. If it fails, they'll try to make the move again a few years from now. They don't give a shit about ICE or whatever.

seems well coordinated with the recent escalation of aggression around google accounts without a cell phone number attached “to help make sure you don’t lose access to your account.” complete horseshit, but they can get away with it.

Yes, I think quibbling over the origin of the term and attempts to coin an alternative are a useless distraction. The term emerged organically for good reasons, and doesn't have any negative connotations as far as I'm concerned. Trying to talk about "direct loading" instead is confusing and doesn't even make sense because alternative app stores like F-Droid don't count as "direct loading" under their own definition.

I think defining sideloading as "the transfer of apps from web sources that are not vendor-approved" is a good definition, because "not vendor-approved" is precisely the part I care about. The owner being able to install stuff without Google or anyone else's approval is a good and important capability for every computing device to have.

In any case, I fully agree with the substantive portions of this article. What Google is doing here is a terrible attack on consumer freedom.

While I wont argue about it feeling like a conspiracy theory, I will argue that pretty much no one knows sideloading as a term with regards to what i-drive meant by it.

And the fact that `adb sideload` is where the concept originated does nothing to dispel the way the term is frequently used in a derogatory fashion these days. It's wielded as a bogey man to make people afraid of unsigned applications. Despite the fact that many perfectly signed applications are full of malware and dark patterns.

Also, FFS, this is hacker news. Why on Earth would be arguing in favor of Google locking down how I can install software on my device.

> The phrase after the "but" in the second sentence isn't the "summary definition". It's the part of the definition that best supports your argument. Cutting the Wikipedia definition down to that part is deceptive.

Wat?

Everything after the "but" is what Google means when they use the term sideload and is the only important part of the definition for f-droid's purposes. The other definition is completely irrelevant and, I would argue, hardly ever used anymore.

You argue here that google is technically correct because they’re correctly using sideload.

But that isn’t the point people are angry about. The point is that sideload was a misnomer. Correctly Android users were able to install packages and now cannot. This is anti consumer and breaks the social contract.

Anyway this is so disingenuous that I think it’s astroturf. Here’s the meme we should’ve spreading: Chrome and Android should be broken off from Google. Apple should be forced to allow sideloading, at a minimum, same as any other computer. Phones and tablets should be valid targets for custom OS.

Maybe they meant coining the usage of "side load" for any non-appstore method of acquiring an app.

Per the original definition, how exactly am I "side loading" if I go to the epic games store and download and install their epic game store APK?

It's a proper argument on its surface, complete with claim, warrant, and impact.

"Features aren't rights" > see: Consumer Rights.

"Force of the state making sideloading mandatory is bad" > ...Except we have antitrust laws? The Play Store becomes the only source of apps, all transactions are routed through Google Billing? Not a problem for you?

"99% users won't use" > Except for when Google demands that transactions happen exclusively through Google Billing, which resulted in the release of the Epic Games Launcher for the world's highest grossing games by download.

"Sideloading is too nice" > Listen, either it's the case that "sideloading" is a threat to normies or it's not. Are normies your 1% or 99% of users? I thought according to you 99% of users won't sideload.

"You don't get to decide" > That language ties in pretty well with your fear of the use of the 'force of the state'; that tells me that you support freedom. Great-- you're right, why not let corporations be corporations and do anti-consumer things, they'll be very good to us (while they lobby the state).

> You don’t get to decide how others people’s devices work.

Perfectly reasonable. It's important that people can decide how their devices work for themselves. No one else should decide for them.

But I'm genuinely curious how you see this principle working in practice when there's effectively a duopoly. What's the path for someone who wants to still have any choices for their device? I'm not seeing an obvious answer, but maybe I'm missing something.

I always buy this argument....to the extent that the more powerful, dangerous capabilities are still allowed but locked behind some (one time) process that indicates you have a base level of knowledge and understanding. If you want to make it default safe for normies, fine, but let me turn my own device into the dangerous thing it is capable of being.

The version of the your view that we are actually getting is _incredibly_ paternalistic and condescending to the general populace. The kind of society that is capable of protecting everyone from every conceivable harm comes with the kinds of tradeoffs that no one, not even the people who actually need the protection, are going to want.

So are we going to download APKs from fDroid to our computers and then adb install them to our phones? For every update? I see a lot of people, even developers, giving up.

"adb install" is such a far cry from a normal install that it's laughable to call it an alternative or jumping though hoops "within reason". I imagine it won't allow to update an app without another adb install, for one thing. And controlling adb is even easier for google, so how long till you can "adb install" only from within Android Development Studio and only if you have a verified account? Because otherwise all the spooky skammers would be installing stuff on people's phones willy-nilly!