Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Welp, I guess my current Android phone will be my last one.

At least half of the apps I use on a daily basis come from f-droid. This enforced 24-hour wait is simply not acceptable. Android has always been a far inferior overall user experience compared to iPhone. Android's _only_ saving grace was that I could put my own third-party open-source apps on it. There is nothing left keeping me on Android now.

I'll probably get an iPhone next, but I do sincerely hope this hastens progress on a real "Linux phone" for the rest of us. Plasma Mobile (https://plasma-mobile.org) looks very nice indeed. I'll be more than happy to contribute to development and funding.



Switching to an iPhone will put you in an even worse walled garden that respects you even less. Even simple things like setting your default navigation app in iOS are gated behind moving to the EU.


True, but the point is, once you've sucked it up and given up, you may as well get other benefits back in exchange for turning tail. And the iPhone is unfortunately THE primary platform most applications develop for.

Personally, I am willing to just ditch the Android, get an iPhone as a "contact- and banking-only" device, and drag with me some sort of small computer everywhere. I've already dragged a linux retroconsole to a large number of places and have watched videos and listened to music and even edited code through it. May as well do the obvious and call it quits on phones-for-non-phone purposes entirely if phones will be so dedicated to being shitboxes.


I also had a similar thought after these announcements. The main issue is seamless synching that syncthing provides between Linux and Android. There are alternatives like Mobius Sync etc but what I've heard is that they do app-specific sync, not like e.g., sync all my files in this folder X in Linux to a folder Y on iPhone. I'm not an iPhone user but this has always been the main hurdle for me to switch over despite the increasingly locking down of Android.


For files I use the open source Material Files, which supports SFTP servers. So I just have a little file server. For calendar, because Google doesn't reliably support background services, it's best to use a calendar app with builtin caldav sync. For carddav, I use a background sync app though (davx). Super lame that this is not built into android, not even into lineage. You'd think someone would implement native caldav/carddav sync? Maybe this is my calling haha.


I'm telling that someone who comes up with a decent file sync setup between iPhone, Android and Linux/Windows without charging a monthly fee will make some good money on one-time buy fees alone. Dropbox etc can do things like these but I'm not interested in paying monthly fees for using my own storage across devices.


For my desktop systems I do a nighly rsync to a central onsite server, which does nighly encrypted ZFS send to an offsite archive. I suppose a script could trigger on file change using Linux file watch features (exposed via CLI and C headers). What I'm not sure about is wether two way sync with rsync is possible. This could run as a simple daemonized bash script. On error the script would just retry. Rsync would have to handle conflicts, it probably has features for it. Paste this comment into a coding CLI and boom, you have your solution :). Does need rooted Android for running shell scripts on boot. But a good coding CLI can log into your phone and set everything up.


Have you tried KDEConnect?


Every day, its great. But it is more suitable for adhoc sharing, not keeping pairs of folders in sync like Syncthing does.


Banking and govt. on a cheap, locked Android. The rest (mail, calling?, SMS, web, on an unlocked Android). You'd need two SIMs, one for the banking/govt google play stuff, and one for the regular phone. My bank does support a physical reader device though. That may eliminate the main Google Play dependency. Open Android will still exists right? But it won't have the Play Store and Services. You could also download the APK on the official phone, then pull the APK off it and install that on the open phone. Won't work if the app requires play integrity, but I think there are alternatives for that. Pretty lame that this is needed, but I'm used to this crap anyway.


If it helps, the 24-hour wait is a one-time process. You do it once, click the toggle to allow installing unregistered apps indefinitely, and then install whatever you want. You can even turn off developer options afterwards, per my understanding, and it won't impact your ability to install unregistered apps.


It does not help. This is friction imposed to reduce and eliminate sideloading in the name of safety.

I own my device, I choose the software running on it. Create friction points and I will chose another platform to execute my software.


different strokes i suppose. normally i like being able to use something the same day i buy it

95% of the apps i use are ''side loaded''. that includes a web browser, file browser, all the fossify apps for things like messaging, phone/contacts -- so the phone would be basically be a paperweight until that restriction is removed


For now.


Is the next prioritized epic to disable 24 hour wait for undesirable apks?


That does not help. That is a fundamentally fucking insane limitation that will completely destroy any developer's ability to develop without getting approval from Google. Regardless of my feelings of the annoyance of going through this process myself, 90% of users simply will not go through this process to install apps, killing any potential userbase. Google has no goddamn right to be the sole dictator of who is allowed to develop software for the largest platform in the world, to decide who is allowed to have a career in mobile software development and who is not, and you should be utterly ashamed of yourself for accepting a paycheck to defend this. I hope your shitty company and Apple both get their comeuppance in court for these monopolistic practices, and may we some day get a future where anyone is free to develop software without approval of a central police corp.


GrapheneOS phones are still an option, it’s unaffected by these rules.


If they manage to expand their lineup a bit, that'll be my next phone. Or, if a company makes a phone with GrapheneOS preinstalled, I'm giving them my money.

Fuck Google for doing this, and Play Integrity making me unable to use banks is even worse.


> if a company makes a phone with GrapheneOS preinstalled, I'm giving them my money.

FWIW you can buy a Pixel (new or 2nd hand) and install GrapheneOS via the Web https://grapheneos.org/install/web with nothing (genuinely nothing) installed on your computer and get it working in ~15min (depending on your connection to download the ROM) out of which maybe ~2min will be your interacting with the setup process.

I initially bought an /e/OS precisely with your requirement, namely I "just" want a phone that works when I receive it, no tinkering, but having installed GrapheneOS myself few days (or weeks?) ago I can tell you, it's really straightforward.


> with nothing (genuinely nothing) installed on your computer

Not 100% accurate. You need a browser that supports WebUSB[0] which are just Chromium based ones, not Safari or Firefox.

[0]https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API


Agreed but that's in the requirements. I meant to say assuming your setup matches the requirements but that's indeed a shortcoming. Thanks for clarifying.


They're actually partnering with Motorola and have phones coming out next year! It sounds like they'll be the Motorola Signature, Razr and Fold (iirc).


That's great news, thanks! I can keep my phone for another year.


It's pretty crazy to trust such project to run your phone.


They have terrible support for banking apps and any app that needs play integrity


And what kind of support do you think a Linux phone will have? While also having trash tier security. I don’t see that as an issue (for Americans at least since most banks here don’t use NFC/wallets in their apps), just use the web browser to access your bank.

Also GrapheneOS has in my experience decent banking app support outside of a handful of apps (including, ironically, my main bank which disabled GrapheneOS support a week or two ago). There is a maintained list of working apps that you can see for yourself: https://privsec.dev/posts/android/banking-applications-compa...


Does/do your bank/s absolutely always require you to use an app? Is there a desktop/website that you can use? Do they have a brick and mortar location?


Typically the website requires you to use the mobile app as 2FA. Typically also there are less and less brick and mortar locations.


Help me follow.

Which bank, specifically, requires an app for the purpose of 2FA? Further, what is the 2FA process for logging in to the app itself - wouldn't you need a second form of authentication that's not the app in that instance? If so, is that form of 2FA not allowed when logging in via desktop/laptop?

I inquire because I use multiple different banks, CC providers and financial services, but have never once been required to use an app, even with "mobile" banks like Simple or One.


Sure, just an example ING (part of ING Group, 34th bank in the world according to https://en.wikipedia.org/wiki/List_of_largest_banks only highlighting this to show it's not a tiny random "weird" corner shop) requires to use either their mobile application or ItsMe (details https://fr.wikipedia.org/wiki/Itsme if you want but basically also 2FA as a mobile app) in order to login to their consumer/professional website. You can from the mobile app scan a QR-code which in turn will ask for authentification, e.g. biometrics.

Yes indeed registering the mobile application itself requires first another form of authentication, typically an SMS confirming the number plus a physical card with a physical card reader. You then input the resulting token in the app which validates it and then you don't need the card reader anymore while you rely on the mobile app. AFAICT the physical card reader options is not offered on some mobile payment options. I do not know if they are phasing it out of if it is because another method exists, namely if you have NOT registered their mobile application as a 2FA method, can you still use the physical card and card reader. I do not know that.

To be clear they do NOT require an app per se. They do though if you want to use online services, including payments, bank transfer, reading specific kind of documents, adding specific recipients for recurring transfer, transfer above thresholds, etc.

Hope it helps. If I missed something happy to try to clarify. Also FWIW and AFAICT it's getting more and more common for online services from bank in the EU.


You are badly informed.

GrapheneOS has full support for Play Integrity[0].

[0]: https://grapheneos.org/articles/attestation-compatibility-gu...


The link you link literally explains how GrapheneOS doesn’t support Play Integrity and apps should use the Hardware Attestation API instead.


I think you are both kind of wrong :). There are different Play Integrity levels. GrapheneOS passes the basic level, which is enough for many apps, including a bunch of European banking apps. GrapheneOS does not pass the strong level, which does remote attestation, but Google does not want to add the GrapheneOS signing key fingerprints.

My European banking and credit card apps work fine on GrapheneOS because they don't require the strong integrity level.

Google is using Play Integrity at the strong level to shut down competition. It's kinda ironic, since GrapheneOS is much more secure than the many phones out there with abysmal device security and slow updates that Google does accept with strong integrity.


Yeah you're right, serves me right for writing that while busy doing other things this morning.

The intent of the comment stands though.

I meant to point out that GrapheneOS has perfectly good support for verifying device integrity via Hardware Attestation, just not the method which requires Google to acknowledge the OS signing keys.


Then keep Google crapphone for banking purposes in your drawer, like auth scratch code cards in the past. I don't get that idea of carrying device with bank access in your pocket constantly. Moreover, at least in EU, there is more and more banks which publish their apps in non Google app stores too.


All Swedish banking apps work without issue and many apps that use play integrity works well regardless. It's just some apps that use play integrity that in a certain way that doesn't work.


I've had multiple apps attempt to use Play Integrity on my GrapheneOS phone(it tells you when they try), and then just work anyway. Not sure why.


Then don't use those apps. I know it's easier said than done sometimes, but freedom is more important than convenience.


Yeah, just like, move to a country where banks still offer web banking, bro. Move banks. Got a locked down mortgage on good rates? Tough luck man.

Etc


What are you trying to do with your mortgage using a mobile phone?


"Terrible" is incorrect. Yes quite a few don't work but many many do . See:

https://privsec.dev/posts/android/banking-applications-compa...


Used Graphene as a daily driver for a year. It’s an unserious toy.


Can you elaborate? Why? I think many of us were hoping we could switch to it if/when Android becomes intolerable.


I have no idea what they are talking about. I have been daily driving GrapheneOS for almost two months now (coming from iPhone, but I have tested Pixels and Samsung phones on the side for a while) and there is no material difference in daily use from running the stock Pixel OS in daily use if you install Play (Services) and a bunch of apps. Of course, it is more secure and comes with no crap pre-installed, which is nice.

The only thing I have really found missing is Google Pay support for contactless payment (because Google doesn't want to allow GrapheneOS, but there are alternatives like Curve).


I'm using GrapheneOS as my daily driver you couldn't be more wrong.


If it really was, you wouldn't have used it for a year


What I'm about to say is probably going to be contraversial: but I think this is (long term) a good thing for opensource/freedom. The whole idea of 'apps' on a device that sits in your pocket and has access to a whole range of personal information was from the start, a bad idea. We have seen countless cases of 'verified apps' from the Playstore which hoover up all your personal data without your consent. I believe Steve Job's original plan for the iPhone was for apps to be web-based. This is good as web browsers run all the potentially dangerous code within a sandbox, with very restricted access to the host system's resources (storage, cameras, etc). Web technology has come a long way and even allows for GPU accelerated content to be used, and it's only getting better.

Phones, by their nature, are always internet connected (obviously there are instances where that isn't the case)...so if 90% of my apps are actually just web apps then that's fine. The opensource aspect of this should be: I build and run my own infrastructure (on cloud servers or my own servers) that serves up the web apps.

Sure, this isn't something that 'normal' people would do...but they aren't side loading apps anyway.

The web is decentralised, as long as we choose it to be. We need to take advantage of this property.


24-hour wait is a one time setup, I'd imagine that fdroid will keep working as usual after this super hidden don't enable me option is enabled.


If I understand correctly, the 24 hour wait is a one off. After the sideloading feature is enabled, it should stay on.


Good luck installing things from anywhere you want on an iPhone.


You're missing the point. I only use an Android because it lets me install whatever software I want. If that's no longer an option, then I'll pick based on other criteria, and then the iPhone beats the Android phone every time.


Probably f droid will become an official app store recognized by Google, and then you won't have to go through this flow to install f droid or its apps.


As I understand it, that would not bypass Google's requirement that the developer of each app be verified by Google.


Have you read their blog on the topic? It's the end of the project




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: