• Nawor3565@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Aw shit, it says this is supposed to detect when an app’s binary has been tampered with… That means it’s probably gonna be used to block stuff like ReVanced. I hope they can find a way around this that doesn’t require root.

  • Xenny@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    That’s fine I rarely download apps that want to be on the Play store anyway

    • KomfortablesKissen@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      So no banking apps for you? I agree that this is shit, but pretending we are not hit by this is not helping.

      Also, I don’t really use banking apps anyway because they already pull similar shit and I can get around it. For now.

      • Ghoelian@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Fortunately so far I haven’t come across a bank here in the Netherlands that wouldn’t work because my phone was rooted or because I’m running grapheneos. Hope it stays that way too.

        • Skull giver@popplesburger.hilciferous.nl
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Unfortunately, ING is getting rid of mobile payments and is the last to move to Google wallet. You can hack around the attestation requirements for Google Wallet but without hacks wireless payments are going to stop working for every Dutch bank it seems.

          • Ghoelian@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            True, but that just means no more contactless. They don’t entirely block you out of the app afaik, like many other foreign banks I’ve seen do.

      • themachine@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Correct. I’ve never used banking apps in the first place anyway. If my bank doesnt have a functional website then I would change banks.

        And i say this not to be difficult or contrarian. I just really hate using apps for every business in existence and simply refuse to do so. Yes I have absolutely sacrificed convenience on many occasions due to this principal.

        • KomfortablesKissen@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Very good. I don’t like using apps for every little shitty website like discord or WebEx either.

          Just know that this is a step forward in the direction of making it technically possible to force people to usw the app. Ask yourself if you trust them to not try and profit from this.

          • themachine@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            Just know that this is a step forward in the direction of making it technically possible to force people to usw the app.

            I disagree. There is nothing stopping that as it is. What this really does is remove one more level of control from the end user on their device.

            Ask yourself if you trust them to not try and profit from this.

            Im not sure what you are getting at here. Of course i don’t trust “them”. Nor do i trust any corp. It’s those reasons among others why i have completely removed google from my computing life and almost exclusively use open source software as well as self host functionally all network services.

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        With banking apps in particular this lock down is ultra-stupid.

        Like, I have to use your super secure app, or I can just… visit your page in a web browser running on god-knows-what with whatever extensions in any computing environment or OS of my choosing? But not using Google Play is where they draw the line.

    • pe1uca@lemmy.pe1uca.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Well, the issue will be developers of other apps would force us to re-google since any build of the app would be useless unless installed from the play store…

        • doctortran@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          1 year ago

          For every single app where the developer tries this?

          Yeah right. That’s unsustainable.

          They’ll also just increase ways for the integrity to verify it hasn’t been patched. This announcement already says they’re checking the app’s binary for tampering.

        • doctortran@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          1 year ago

          Are they? Other comments in different PRs seem to indicate they have no intention of trying to subvert play integrity. Is there something more recent than this that indicates they’re trying?

          • sunzu2@thebrainbin.org
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            LineageOS with microg works for most devices

            Issue is that it is no secure. People should be buying pixels flashing calyx or graphene going forwaed in ther next upgrade IMHO

            • doctortran@lemm.ee
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              1 year ago

              Issue is that it is no secure.

              Explain. I’m tired of hearing this boogeyman, tell me exactly how Lineage is “not secure” but Graphene is?

              Then maybe give me some examples of cases where that difference has actually been a problem.

              Because it feels like a lot of these “unsecure” things people hand-wring over are really just user freedoms they may user to hurt themselves, not actual vulnerabilities that can’t be avoided with common sense.

              • sunzu2@thebrainbin.org
                link
                fedilink
                arrow-up
                0
                ·
                1 year ago

                Primarily because bootloader is not lockable, plus delayed updates.

                Also, they do some weird thing with how it is developed. I think it is always in some weird “developer” state but I don’t remember details.

      • Jalapeño Popper@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        If a phone can’t be flashed to a different OS, then it can be degoogled with adb via pc, or Shizuku + Canta directly on the phone. There are other apps besides Canta that also work, but Canta is the easiest for non-techies to use.

        Never buy an Apple product if you value sovereignty. Androids can be tweaked to cut out big brother.

          • Jalapeño Popper@lemmy.ml
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            Google is overreaching, yet again. That’s the gist of it. They want to be a monopoly. Better to get out now, than to wait until they’re so engrained in our lives that they become a shadow government. Our best short-term fix is to break up the company like we did to AT&T. Our best long-term fix is to erraticate money and corporate influence from politics entirely.

              • Jalapeño Popper@lemmy.ml
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 year ago

                There are more options, you just have to look. GrapheneOS, LineageOS, CalyxOS, DivestOS, /e/OS… Android is not synonymous with Google. Android is open source. All the OSs I’ve listed are based off of Android, and are open source. Google has their own version of Android, which is closed source. But it’s just another OS based off of AOSP.

  • Ghoelian@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Not a single app on my phone was installed through Google Play, it’s all Aurora. Guess if apps really do this i’ll just have to stop using them, cause I’m not installing the play store.

    • Read Bio@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I wish i can degoogle my phone but its a few months old so no rom support and its a samsung :<

      • Raptorox@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        How is it being a samsung making things worse? I’ve never flashed a samsung phone before so I may be very wrong, but isn’t unlocking the bootloader easy?

        And now that I think about, does samsung have their own system file format or something? Is that the issue?

      • Jalapeño Popper@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 year ago

        Step 1: Shizuku

        Step 2: Canta

        Step 3: aShell You

        Step 4: SaverTuner

        You WILL want to remove Samsung Device Care, which also controls battery usage, and just so happens to be one of Samsung’s worst offenders when it comes to phoning home. SaverTuner is your foss replacement for it. After that, you can find a list of safe-to-remove apps for your particular device and start debloating. Be careful; some apps you’ll need a replacement for before you remove the stock counterpart.

      • ReversalHatchery@beehaw.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        this is the reason phone selection for me is based on what it supports.

        but samsungs are ruled out anyway. their service centers desttoys your phone if you have asserted your ownership of it, their software is way too unnecessarily complicated (not the part you see, but the low level part that complicates the flashing process), and they are generally a garbage company.

        • Read Bio@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          1 year ago

          oh yeah you have to use their own software to flash but i never had samsung destroyed by them and they killed samsung dex pc app for mac but i think in a few years rom support for my phone will improve and there is also gsi roms you can use

          • ReversalHatchery@beehaw.org
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            its a relatively recent development. possibly it only applies to when you open it up, replace something inside but even if they are not searching for software modifications, the distinction is very small and you’re not likely to hear it in the news before experiencing it

    • cordlesslamp@lemmy.today
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Quick question: what is the advantage of using Aurora to get apps instead of the Play Store?

      I have Aurora but i don’t understand that, afaik both use the same APKs and can update interchangeably?

      At first I thought Aurora remove some of the app’s tracking beacons but that’s not the case.

  • Zak@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    The whole tech world saw Microsoft Palladium as a nightmare scenario, but was quiet ten years later when Apple and Google did the same thing to our phones. That was a mistake.

    • jbk@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Maybe everyone was just OK with mobile devices being locked down heavily from the start, and now it’s more or less the same level for most

      • Zak@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        We had several years of Android that mostly wasn’t. Now it’s hard work to get Android that isn’t.

    • lud@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      This is the individual app’s fault and not Googles. It’s like getting mad at Steam for allowing apps with DRM. Is feature is entirely optional and requires extra effort to implement.

      Also didn’t Google already get sued in the USA for Android not being open enough or something like that.

    • Clent@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Are you suggesting such an app can be purchased outside Google play but not used?

      Having an app check a license server isn’t exactly new. Google play is simply a third party license server.

      • accideath@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        No, but you can download the APKs anyways. Which is most likely exactly why this is being implemented. I doubt many developers of free apps are going to turn this feature on.

        • doctortran@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Yes they will. This tool would force users to always use the Play Store which would increase the download count on their app, which would help its ranking in the Play Store. Every last single developer is incentivized to use this.

    • jbk@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Kinda makes sense. A paid app on Google Play is a license to download the .apk file(s). Then a user could make copies, and without DRM, it’d be the same situation as with copyrighted movies and whatnot.

      I’m not saying I support them, it’s just that they are like this for a reason

  • cleverusername@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    What if I sideload purely to downgrade a bugged app? Just seems like yet another kick in the teeth by Google.

    • Chozo@fedia.io
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      Google’s only providing the option, it’s up to individual devs to enable it on their app. If the app developer has chosen to block sideloading, then they probably have a reason for going out of their way to do so. Whatever you find that reason to be should inform your decision whether or not to continue using their app.

      • Virkkunen@fedia.io
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        Explain to me what would be the good reasons McDonald’s has to block their app from running on a rooted device because it doesn’t pass SafetyNet or whatever Google is calling it now

        • Chozo@fedia.io
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          Why would I explain something that has nothing to do with this discussion? This has nothing to do with rooted devices.

          • Ghoelian@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            It’s the same system, it’s all part of play integrity. And that also applies to this bullshit, why does McDonald’s care if I didn’t install their app from the play store?

            • Chozo@fedia.io
              link
              fedilink
              arrow-up
              0
              ·
              1 year ago

              Why should I know? I’m not a McDeveloper.

              If I had to guess, I’d assume it’s because there’s a payment system in their app and they don’t want people monkeying around with it and stealing food.

              • sunzu2@thebrainbin.org
                link
                fedilink
                arrow-up
                0
                ·
                1 year ago

                🤡

                If apps like fidelity will run on aurora store withithout safety net and other bullshit, then shiti McDonalds app can take the risk too.

                You are poorly educated on the iseue or a bootlicker

              • Ghoelian@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 year ago

                McDonald’s was just an example, the point is most apps don’t need to do that at all.

                I do happen to know how payment systems like that work, and thankfully those are all cloud-based, the only thing the app does is start transactions and check with the server if they’re paid. If they implemented it well, as I suspect a big corpo like McDonald’s probably would, their own order screen also checks server-side if orders are paid. Not much you can do from the app side to mess with that.

                • ℍ𝕂-𝟞𝟝@sopuli.xyz
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  edit-2
                  1 year ago

                  the only thing the app does is start transactions and check with the server if they’re paid

                  Yeah, but the whole PCI DSS thing means that the app must still be secured. That doesn’t necessarily mean that it has to be tied to Google Play, but explain it to them.

            • limerod@reddthat.comM
              link
              fedilink
              English
              arrow-up
              0
              ·
              1 year ago

              Can’t you use the website instead? Is the MCDonalds app necessary for orders? I use hermit to sandbox webapps for services which do not require a app.

              • ℍ𝕂-𝟞𝟝@sopuli.xyz
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 year ago

                IIRC they did coupons exclusively in their app a few years ago where I lived (haven’t checked since), and they hiked the price of everything, so if you don’t install the app, you get a 20% surcharge in effect.

                That goes for every single shitty chain store as well.

              • Ghoelian@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 year ago

                Oh I don’t know if mcdonald’s specifically does this, I’ve never used the app, I just used it as an example because that’s what the guy above was talking about as well.

      • doctortran@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Their reasons means nothing. It’s my device. I shouldn’t have to worry about an application installed on my device being policed because the developer got a hair up their ass about people downgrading.

        • Chozo@fedia.io
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          Sure, it’s your device. But it’s their app. Ultimately, it’s the developer’s call to make. You don’t have to use their app.

      • ReversalHatchery@beehaw.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        without uninstalling. that had a reason, safety, as apps are often not prepared to handle their “future” (relatively) config files and data formats