For now.

When they change that optional setting they introduced recently which blocks sideloading applications outside of the official store and make it non-optional, what are we going to do? Use special Chinese Android builds with Ali store (or whatever it's called)?

Boiling the frog slowly and all.

> When they change that optional setting they introduced recently

What setting was introduced recently? I remember such settings all the way back to the Nexus One.

In fact, things were more closed back then as Android phones bought from AT&T had it hard coded to disable third party apps. I'm not aware of a US carrier doing that any more.

Might be talking about their "Advanced Protection Program": https://landing.google.com/advancedprotection/

It would be interesting to know if the APP protections "bleed" from APP profiles to the regular kind when they're both on a given device.

I could be mistaken, but I'm not seeing a connection between that and third party app support.

To be fair, from a security standpoint if you want *the highest security* allowing third party installers is one of the first things I would disable as well.

Oh, thanks, I somehow missed that line.

GrapheneOS, on whatever devices have proper security models at the time.

The builds your phone comes with are not, and replacing them with your own assumes availability of things like unlocked bootloader.

And then, of course, applications like your banking won't work, because they require Google SafetyNet attestation for your security.

If your bank decides that your business is worth less to them than a compliance checkmark, that's on them.

All my phones are rooted and it has never been an issue with any banking app I use. It's all about priorities. For some people, that's going to be the roman numeral name suffix dropdown in the registration form. For me it's the bank not telling me what I can do with my devices.

It is not just what the bank wants and pushes on its clients, because f them. At least in EU, they are pushed into it by PSD2 ("Payment Services Directive 2"). Even if you are happy with accessing the bank via browser on the computer, you are going to need the second factor for auth, and SMS isn't going to be it.

Because it is pushed centrally, banks do not have a choice. Hence, you as a customer, won't have a choice either, unless you consider not using the bank online at all as a choice.

Actually, the EU is being used as a scapegoat here (as usual). SMS is perfectly allowed by the directive. As would be even a old Google Authenticator-style OTP code which does not need any propietary software to work.

Banks are forcing you to run proprietary software on proprietary operating systems with draconian "security measures" that would make the latest DRM-enforcing-rootkit look like a children toy. They check whether your device is rooted, whether it has any non-Google-approved programs installed, whether Google Play notifications work, etc. And if you fail any of these checks, good luck using your credit card!

Open-source operating systems are basically dead in the water at this point, since failing to run these proprietary programs is not going to be a minor "I can't play this game" level- nuisance, but rather a life critical issue. And so far more and more banks keep enforcing these measures.

And for some reason there is no big outcry about this.

Even Korea's "all banks require ActiveX" situation was very mild compared to where we're going...

Moving away from SMS is good. SMS is cleartext, equipment to fake a number and get their messages is maybe hundreds of dollars at this point.

Encrypted push notifications are much better.

PSD2 lets you do basically whatever you want. Fingerprint is enough, or confirm in phone app if making a transfer from a desktop banking UI.

U2F would be nice but with banks being banks that's not going to happen this decade.

I hate to say it, but if you have a phone that you can flash, I sincerely encourage you to do just that.

Why? Because even with "Google" phones, installing pure AOSP cripples the phone (and by that mean SMS breaks with LTE, you lose voLTE, Wi-Fi calling, etc.) A lot of Android ROMS have to scrape official images to get the binary bits (and it is nor a fun needle in a haystack excerise) to get basically phone functionality in Android.

What is your point?

This kind of response completely ignores the fact that the vast majority of the drivers required to just run on modern hardware are closed source and that the vast majority of phones these days have their bootloaders locked.

> that the vast majority of phones these days have their bootloaders locked.

I don't know if that is actually still true. Back in the day nearly every phone in the US was bootloader and carrier locked. Now basically every phone is carrier unlocked and anything besides Samsung can have the bootloader unlocked very easily. I guess Samsung phones are the most common but there are certainly many other options that are more open.

This seemed unlikely since S10 is maybe the most mainstream flagship phone but it appears that Samsung does indeed make it painful to take control of your device: https://topjohnwu.github.io/Magisk/install.html#samsung-syst...

Many manufactures make it easy to unlock and root your device (shout-out oneplus), but many others do try to make you brick it if you try doing anything out of the ordinary. Like the HMD rebrands Nokia, Sharp, etc.

Oneplus requires you to wipe your phone to root it. Add to this that there is no way to backup the phone without rooting it.

You can get the same backups you would have if you never rooted it to start with. I agree in some cases that's not enough but it's not no backups of any sort. Mostly just more hassle to restore.

Of course, everyone requires a wipe. That's to protect normies' data when they inevitably get their stuff stolen on a trip to Paris. Easy to live with, just root it first thing after unboxing.

Samsungs are locked there?

Here in europe, you go to developer mode, check the OEM unlock button, reboot and hold some weird button combination while booting, phone asks you again if you want to unlock the bootloader, does a factory reset for security reasons, another reboot, and it's unlocked.

Only by the letter of the law, the android that ends up on your phone consists of mostly closed source binaries from Google that you don't get without installing the play store as well.

You mean the Google add-ons to Android.

Regular Android works great in GrapheneOS/CalyxOS/other AOSP variants.

You may as well celebrate TiVos running Linux. If the device is locked down, it's hardly a victory that it's running obstensibly free software.

Is there an easy way to make F-Droid install updates automatically? I use both F-Droid and Google Play on my phone but manual updates are a huge usability pain.

That permission is only available to preinstalled system apps. If you have root, you can install the F-Droid System Extension and it'll do all it automatically.

Otherwise: send complaints to support@android.com (jk, there's no actual support)

If you opt into Google's Advanced Protection Program you can no longer install apps from F-Droid.