Android’s new sideload settings will carry over to new devices

3/28/2026 at 9:25:27 PM

It's a very small concession. The high initial friction still means when someone comes to me with a problem and I tell them the solution is in F-Droid, they have to wait a day. Most give up and pick a different, less trustworthy solution from Google Play.

by Zak

3/29/2026 at 3:38:50 AM

Incredibly small concession that doesn’t warrant this article’s absolutely insane framing: “Even less of a problem than we thought,” “very, very good news,” “already sounded perfectly manageable.”

The author is so giddy to defend this monopolistic restriction on Google’s part. Hackers can use F-Droid without annoyance, but this really does kill any chance at normies using it. They absolutely will use the worst spyware on Google Play instead, and the author seemingly loves it.

by malicka

3/29/2026 at 11:42:13 AM

I've given up on getting normies to care. So long as we can use these things on our own terms, it's fine.

by matheusmoreira

3/29/2026 at 11:48:40 AM

"On our own terms", as long as it's approved by Google,.. for now. Surely we bear no resemblance to frogs in warming water, and we do not find ourselves praying that the deal is not further altered.

by rolandog

3/28/2026 at 9:38:45 PM

Given the Epic settlement means Google is allowing alternate app stores, and also the delay only applies for unregistered developers, I'm not certain it won't actually get easier to get folk set up on F-Droid.

It still remains to be seen what the actual requirements are, and even if F-Droid could become "approved" that doesn't mean they want to. Time will tell.

by andrewaylett

3/29/2026 at 1:06:56 PM

"only applies for unregistered developers" but remember the whole point is to allow Google to pull your "registered developer" status on a whim. Something they've shown over and over again they cannot be trusted with

by singpolyma3

3/29/2026 at 3:42:19 PM

But if there's a court order saying Epic and F-Droid have to be registered developers, they can go to jail for doing that.

by gzread

3/29/2026 at 4:35:53 PM

Sure. But there isn't.

by singpolyma3

3/28/2026 at 9:45:43 PM

Why the hell should we "mother may I" with Google for running apps on our own phones if it isn't sourced from the Play Store?

The "security" rationale is horseshit given just how much malware is readily download able on the Play Store. Google never cleans its own house before going after others.

by rockskon

3/29/2026 at 7:15:23 AM

It's not just the US, story through the grapevine is that Google is under a lot of pressure Asian governments over "online scams".

(Allegedly the main actor behind this push is Singapore)

by Onavo

3/30/2026 at 3:03:21 PM

Singapore is not big enough to dictate terms to Google. If Singapore wanted this change and Google didn't, Singapore's most extreme option would be to ban the import of standard Android phones to a market of a few million people.

by Zak

3/30/2026 at 4:21:18 AM

They're free to make changes to Asian country phones and not let the political pressure of Asian countries impact non-Asian countries.

by rockskon

3/29/2026 at 3:02:58 PM

Poor, poor Google

by tosti

3/29/2026 at 6:10:47 AM

It's not about malware. It's about Google complying with USA's geopolitical adventures.

Basically, Google needs an answer when men in suits ask them why they have technology that enables users to install sanctioned Iranian banking apps.

by otabdeveloper4

3/28/2026 at 9:57:31 PM

Don't you know? If one elderly person gets scammed we all deserve to be infantilized.

by hparadiz

3/28/2026 at 10:48:05 PM

Wouldn't it be something if, given all the surveillance already in place, law enforcement punished the scammers instead of the innocent?

by RedComet

3/29/2026 at 8:50:05 AM

But then how would they police what you install?

Maybe you have the criminal idea of installing an adblocker, for example.

That is not allowed since corporations need to make money.

The government and ad networks need to track you for your benefit.

Ads are needed before listening to each minute of a song.

You must submit to crpyto miners running in the background from the ads, increasing your electricity bill and pollution.

Only USA sanctioned and approved ads are allowed, also. We wouldn't want you seeing an ad from a competing entity, right?

If you install an ablocker, you are a terrorist and broke 324582 American laws.

by Ms-J

3/29/2026 at 12:31:21 PM

The scammers are often in a very different country than the victim. Finding the scammer is only 50% of the work, the other 50% is diplomacy and hoping the other side is willing to extradite. This is not made easier if the police force in the scammer's country is extremely corrupt.

This is why those scams so often rely on gift cards (or sometimes on cash which a local mule converts to crypto).

by miki123211

3/29/2026 at 3:09:12 PM

Many banking scams involve fake checks and deposits into other accounts, but I don’t see the government or banks taking active steps to stop them.

by cute_boi

3/29/2026 at 3:43:08 PM

Maybe they can just sanction that person? Block them from making phone calls to the country and publishing apps?

by gzread

3/28/2026 at 10:08:08 PM

(nevermind that the scams are extraordinarily likely to come through Meta, Google, Apple, Amazon)

by benoau

3/29/2026 at 2:51:45 PM

They don't want users to find out who's the real scammer.

by tosti

3/28/2026 at 10:17:40 PM

The scams are likely to some from outside Play. In the US, these scams don't run because iPhone is the dominant platform and side loading in iOS is not possible. In the rest of world they are widespread.

by fluidcruft

3/29/2026 at 3:36:28 AM

"Likely"? Do you mean that based on actual data, or are you using it as a weasel word so you can present whatever convenient "facts" that benefit Google as truth?

I’m betting on the latter. No Kitboga video mentions custom Android apps. What actually appears on almost all videos are online ads/spam or fake celebrity accounts messaging random people on Facebook.

It's funny how you aggressively push solutions that ignore the most common scam vectors investigators encounter. Could it be a coincidence that your proposal conveniently places every aspect of people’s lives at the mercy of big businesses? Or that the scam vector you downplay, ads and social media, just happens to be cash cows for some of the richest companies in history?

We already have plenty of paid lobbyists cheering the transfer of wealth from the poorest to the richest. There's no need to do that dirty work for free. Weaponizing the elderly being scammed of their life savings while protecting those that benefit from it is beyond messed up.

by soraminazuki

3/29/2026 at 11:35:21 AM

My proposal? Who exactly do you think I am? lol

by fluidcruft

3/28/2026 at 10:29:38 PM

Outside Play, on YouTube or via Google Ads for many of them. Likewise for Meta ads.

by benoau

3/29/2026 at 12:46:05 AM

The scams that are happening in the rest of world are calls posing as bank support about urgent security issues and telling people to install apps to protect their accounts.

by fluidcruft

3/29/2026 at 5:33:33 AM

All the scams are for apps that are already in the Play and App store.

by happymellon

3/29/2026 at 6:45:52 AM

Absolutely! Never had one problem with apps on FDroid. Not even when tbe Simple Mobile Tools suite was sold to a shady company without a heads up to its users. And that safety isn't an accident.

by goku12

3/29/2026 at 11:36:32 AM

I don't disagree about that.

by fluidcruft

3/29/2026 at 5:13:00 PM

Ah, sorry there seem to be a lot of people that seem to think that side loading is an issue to anything other than Apple and Googles profit margins.

They let so much malware in their stores already.

by happymellon

3/29/2026 at 3:30:08 AM

In the USA they tell you to install AnyDesk and remote access your computer. Or they just ask for your password. Or forge a check.

by direwolf20

3/29/2026 at 11:38:15 AM

Does not sound like an Android problem. Maybe ask Microsoft or Apple about that.

by fluidcruft

3/29/2026 at 12:57:41 AM

Sideloading is very possible on iOS and there's an entire subculture surrounding it.

by LocalH

3/29/2026 at 1:16:43 AM

Not widespread enough to be a viable grift target.

by fluidcruft

3/29/2026 at 6:52:22 AM

And how much grift happens through Android side loading? (BTW, I hate that weasel word used to vilify a perfectly reasonable activity.) Practically all grift on Android happens through apps on the Play Store. People who know how to 'side load' are also usually careful and smart enough to think about what they're putting in. That's not a useful target for grifts either.

As somebody put it, Google goes after others without cleaning their own house first. It's just abuse of power at this point.

by goku12

3/29/2026 at 11:30:49 AM

Apparently it's widespread in Asia and South America.

by fluidcruft

3/29/2026 at 9:22:14 AM

Are Debian repos a viable grift target?

by fsflover

3/29/2026 at 1:01:05 PM

They absolutely are and that's why they're tightly curated by maintainers.

by izacus

3/29/2026 at 2:29:15 PM

Exactly like... you guessed it... F-Droid. Not Google Play.

by MarsIronPI

3/29/2026 at 6:24:12 PM

FDroid has 0.2% of app volume of Play Store.

Don't mistake obscurity for security. FDroid isn't the size to even be noticed by problems that Play Store and AppStore are dealing with.

by izacus

3/29/2026 at 11:48:37 PM

F-Droid at least does a quick review to make sure there's nothing malicious in the app before adding it. Since we know Google does something similar and there is still malware on the Play Store one might reasonably conclude that Google doesn't actually care about malware.

Now, it might be a problem of vetting at scale or malware being really subtle, but if that's the case Google should focus on improving their process before locking down Android for "security".

by MarsIronPI

3/29/2026 at 7:27:30 PM

This is exactly why I gave the example of Debian repos.

by fsflover

3/29/2026 at 8:42:18 PM

Which again work on a model of a single entity having all the curation power.

by izacus

3/29/2026 at 9:15:08 PM

My point is that Google does not want to protect users by restricting "side loading". If they actually wanted that, they would remove all the malware in their store. They are just building higher walls in the walled garden to lock you in.

by fsflover

3/30/2026 at 2:28:00 AM

Right, but the Debian Developers don't prevent you from installing (installing, not "sideloading") other programs. If you want to install malware you're free to, but they don't distribute it.

by MarsIronPI

3/29/2026 at 11:29:47 AM

What does that have to do with Android and iOS?

by fluidcruft

3/29/2026 at 7:51:41 PM

Free software protects from malware, not walled gardens.

by fsflover

3/29/2026 at 7:55:28 PM

If you don't want Play Store, don't use it?

by fluidcruft

3/29/2026 at 8:31:56 PM

"Google is slowly removing such option "for your safety", and "hackers" on this website really believe them.

by fsflover

3/29/2026 at 8:35:48 PM

You can still install any ROM you want. Not having Play Store has some downsides, but those trades offs should be familiar to a free software enthusiast.

by fluidcruft

3/29/2026 at 8:41:15 PM

You can only do this on a tiny number of devices supporting free drivers (and mainline kernel), otherwise you are tied to an ancient Linux kernel. I'm using Librem 5 btw and don't believe that Android, whose development completely depends on Google, is a viable long-term solution.

by fsflover

3/29/2026 at 11:08:34 AM

Ha if we follow that to it's logical conclusion we should ban smartphones.

by expedition32

3/28/2026 at 11:44:35 PM

Ok, but the vast majority of people do need their hand held because they're incompetent, naive, or both. IMO this is pro consumer move

by packetlost

3/28/2026 at 11:55:44 PM

We shouldn't let naive or mentally disabled people to dictate how computing should work. That's the same logic behind the age verification shit that's happening worldwide.

If you (not you specifically) are unsure of your abilities to use computers, let a friend or a family member buy a dumbed down device for you or install parental controls or something. Or maybe have clicking the build number 7 times reveal "toddler mode" where you can lock your device down irreversibly as much as you want.

by AlBugdy

3/29/2026 at 5:54:29 AM

It might be pro consumer if the power were lying in some kind of democratically justified organization, which then decides which apps are allowed and which are not.

This way, consumers are helpless victims of the same megacorporation, which will use its near-absolute power over the mobile ecosystem (shared with one other megacorporation) to profit on the back of consumers.

by schubidubiduba

3/29/2026 at 12:17:16 AM

No. Society should not be holding the hands of adults. It's unnecessary and it's insulting.

by bigstrat2003

3/29/2026 at 7:17:07 AM

If Google actually wanted to protect people from malware, they would not approve Facebook, Instagram, TikTok, …

by xigoi

3/29/2026 at 7:17:55 AM

This is as pro-consumer as cutting off one's nose to cure a cold. Let me say this for the... I don't know how many times, that security, child protection, scam prevention, terrorism, miniaturization, sophistication, etc are all lies peddled by trillion-dollar megacorps to justify their cash grab, and by despotic governments to justify their consolidation of power over citizens. Nobody wants to know why all those problems still occur despite these unpopular measures. Meanwhile, NONE of those draconian restrictions on users' freedom and privacy are technically necessary to achieve any of those ideals. It's a lie that they convince the people by repeating incessantly.

This is 2026, for God's sake! How long has this grift been playing out? At least two decades? What will it take people, much less the tech savvy ones, to learn that all these are designs of greedy and power lusting minds?

by goku12

3/29/2026 at 3:57:05 AM

Somehow if you replace Google with Apple in the same sentence you'll get cursed to hell. Go figure.

by jojobas

3/29/2026 at 7:20:55 AM

Says who? The fanbois? What makes you think that ordinary people are any happier with Apple's abuses than Google's? This is not a worthwhile justification for what either one of them does.

by goku12

3/29/2026 at 3:48:12 AM

The rationale behind this move makes no sense either - most of the scams happen via some instruction to install Anydesk or some such remote-support software, not some shady apkg downloaded from some third party website.

Seems like a move to get around the Epic Games ruling (and assorted rumbles from countries like India).

by thoiweurewrwe

3/29/2026 at 4:33:48 PM

Not to mention that the "concession", such that it is, will presumably only work if you sign into a Google account. Presumably, this will require that you have Google Play Services installed.

Of course, many people who want to de-Google their phones won't want to do either. This is an attack on people who want to keep their lives separate from Google.

by Sophira

3/29/2026 at 5:32:59 AM

Do you have to wait a day, or do you have to set your clock forward a day?

by toast0

3/29/2026 at 5:37:32 AM

Cell phones know what time it really is.

by Dwedit

3/29/2026 at 3:32:49 AM

I'm biased, but I don't think less trustworthy is a fair assessment. I think you can suggest that open source software provides a different trust model than closed source and distributed by Play, but to conclude it's less trustworthy is a real stretch.

by danpalmer

3/29/2026 at 3:42:08 AM

The vast majority of software on Google Play is absolute spyware-laden slop. There are turstworthy apps, sure, but they are drops in an ocean. F-Droid’s trustworthy-to-ad-ridden-slop ratio is pretty much definitionally lower than Google’s, by virtue of it being actually curated. That everything on it is libre and they are working hard on reproducible builds just makes it all the better.

by malicka

3/30/2026 at 12:52:51 AM

This is a bunch of opinion though. I'm not saying I disagree, but I do think it's bad faith to state as fact what is opinion. Is Play a "walled garden" or is it not curated? It can't be both depending on what suits the argument. You may disagree with the policies, but suggesting there are no policies in favour user privacy is just false. You may think they aren't enforced sufficiently, but again this is opinion. The policies are there.

F-Droid has the benefit that it essentially doesn't have to deal with malicious actors. It's very easy to have a high quality library when there are no malicious actors.

by danpalmer

3/30/2026 at 1:15:21 AM

It can be both - a walled garden full of malware, that rejects many apps which are not malware.

by gzread

3/30/2026 at 2:32:07 AM

Sure but it's very obviously not that, so we're back to opinion and bad faith arguments.

by danpalmer

3/30/2026 at 7:41:34 AM

Have you just presented your opinion as a fact?

by fsflover

3/30/2026 at 5:28:18 AM

Um, it obviously is that. Have you used it recently?

by gzread

3/29/2026 at 8:29:40 AM

You can bypass the wait time with adb install at least.

by sunaookami

3/29/2026 at 5:24:00 PM

From the article:

> While sadly, it doesn’t look like there will be any ADB command you can send to your phone to make it immediately jump to the end of that 24-hour delay

There's also no evidence that adb-sideloaded app stores will be able to skip PackageInstaller's developer verification enforcement, so no, you will have to wait 24 hours to install F-Droid and actually use it.

by NotPractical

3/29/2026 at 9:48:18 AM

> have to wait a day

The horrors!

by tasuki

3/29/2026 at 8:52:48 AM

Play store is the largest distributor of spyware and viruses for Android.

Not even a small fraction of a percentage of scams come from installing software normally, but only from Google Play store.

by Ms-J

3/29/2026 at 4:06:37 PM

This raises the question: Why publish web pages that discuss topics such as "sideloading". Who would be interested in that information

Who (besides you, dear HN reader) reads googleblog.com, androidauthority.com and other sites that discuss these topics

Is it only a small fraction of a percentage of Android users

When Google makes the obviously bogus claim that Google Play policies, e.g., "sideloaoding" restrictions, are intended to "protect users", who is it addressing. Who is the audience. Is it the "average" Android users that Google claims to be protecting. Is it the Android users who prefer F-Droid that do not need Google's "help" to avoid scams

What if Google Play policies protect Google from competition (cf. protecting users from scams) and this could have an effect on the stock price or on the profits of "app developers" or "ad tech" companies. Who would be interested in that information. Who would accept bogus claims about "protecting users" without question

by 1vuio0pswjnm7

3/30/2026 at 1:40:54 AM

*sideloading

by 1vuio0pswjnm7

3/29/2026 at 11:29:17 AM

Yeah. I had to remove malware from family phones because they installed the wrong "QR Code Scanner" out of the trillions of copies on the play store, which contained malware that somehow replaced the launcher on a Samsung phone and then showed ads all over the place. The Play store is fucking malware, Google services are malware, and the family member now uses a Pixel 9a with GrapheneOS which makes normie phone usage riskless and clean again. Fuck Google for Gaslighting us all with this Sideload change.

by lpcvoid

3/29/2026 at 12:09:30 PM

I really like f-droid in this case because I can be so much more sure about using an app there than from play-store

> Play store is the largest distributor of spyware and viruses for Android.

I think all companies are taking part in somewhat of a double-speak. Meta is lobbying for child safety and so many other things.

I feel like they really can't come up loud and say what exact reasons they are doing this (for locking down Android) and thus have to use this as an excuse.

It's all smokescreens and mirror to a certain degree.

by Imustaskforhelp

3/29/2026 at 12:27:45 PM

They are (primarily) doing it because a few governments asked / forced them to. THe scams you see in the iPhone-heavy US are very different than the scams you see in other places.

by miki123211

3/29/2026 at 1:29:32 PM

Stories like this is all my family members get iPhones. If Google wants to move to a walled garden too it should at least deliver on the walled garden benefits. No point otherwise.

by internet2000

3/29/2026 at 4:45:38 PM

Apple will enshittify at some point. The only long term way to go is open source.

by lpcvoid

3/30/2026 at 6:42:30 AM

Indeed, unfortunately most manufacturers are against it, even the smaller/niche ones. I am waiting for more people to wake up so we get good hardware with open firmware/OSs.

by anonzzzies

3/29/2026 at 12:25:43 PM

Oh man, my grandpa also had an app replace the launcher on his phone! I forget what exactly it was pushing but needless to say it's been removed.

by LorenDB

3/29/2026 at 2:30:04 PM

> Not even a small fraction of a percentage of scams come from installing software normally, but only from Google Play store.

This change is not about stopping malware/scams. Malware/scams is just the gaslighting excuse for the change.

The actual reason for the change is to try to protect playstore profits. With the lawsuit that forced them to allow alternate "stores" they saw the money stream shrinking, and this is their attempt at propping up the money flow for as long as possible.

by pwg

3/29/2026 at 4:27:30 AM

We hereby grant you a conditional right to install software on the device you "own", subject to conditions, and terms, but only under certain circumstances and only so long as it pleases us.

Modern handheld computing is such a shitshow...

by Havoc

3/29/2026 at 5:53:14 AM

Yeah, to me android is another Linux machine. I can change the date and for the device it's tomorrow. At least should be. What then? Will it accept the apk I just installed because it's tomorrow? Or reject because of no lease token from the one-almighty-Google? Or maybe it won't work at all when offline even with offline apk?

by p0w3n3d

3/29/2026 at 9:24:41 AM

So Google proved that Android is not Linux. Time to switch to actual (GNU/)Linux phones?

Sent from my Librem 5.

by fsflover

3/29/2026 at 8:38:26 AM

If I was a hostile phone OS designer, I would make it use the time reference given by nearby cell networks, GPS, or an RTC in the motherboard rather than the local clock. That’s closer to ‘true’ time if you want to make sure a day has actually passed.

by plausibility

3/29/2026 at 8:05:37 PM

Yeah but android runs on a number of devices that have no GPS and network. Car radios, tablet etc. Location can be turned off too

by p0w3n3d

3/29/2026 at 7:39:31 AM

"hand held computing" indeed.

by 28304283409234

3/29/2026 at 8:51:41 AM

Come on, this is a totally reasonable approach that should help a bit with high pressure scan tactics but doesn't really hurt side-loading.

As long as they keep it like this. The existence of the "only allow side-loading for 7 days" option is definitely worrying.

by IshKebab

3/29/2026 at 11:33:45 AM

I find it unacceptable, and they will not keep it like this. They will boil the frog slowly, as usual.

by lpcvoid

3/29/2026 at 5:32:20 AM

None of the comments here seem to discuss or even mention how this situation looks from googles perspective? I feel like HN readers are not aware of the scale of the problem they face or their motivation behind these changes.

If you look at the rate of growth of the call/text scam industry I think it's entirely possible that android owners are getting scammed out of more money than google themselves makes on the android platform as a whole. It's at least not that far off. Which doesn't even account for the humanitarian issues which they probably feel partially responsible for.

by Taterr

3/29/2026 at 7:26:35 AM

Google’s perspective is that they don’t want people to install NewPipe so that the CEO can buy more yachts.

by xigoi

3/29/2026 at 9:41:29 AM

I would bet the amount of people getting scammed is probably higher than those installing NewPipe.

by ChocolateGod

3/29/2026 at 9:58:18 AM

The difference is that Google doesn’t mind scam apps being on the Play Store.

by xigoi

3/29/2026 at 1:57:33 PM

Because we hear so many stories where the scammer directed their target to install an app so that their scam works

I know a lot more people that install newpipe than people that got scammed by any means, and have never heard of anyone being asked to install an app by a scammer

by lucb1e

3/29/2026 at 3:10:17 PM

But I was scammed by newpipe! It said I can watch YouTube, but there aren't any ads! Now I don't know what to buy. It even had CCC Media, so now my videos are informative and insightful. Where's my influencers?!

by tosti

3/29/2026 at 8:55:09 AM

Google's perspective is that they want full control on Android.

If they really care about scams, the first result when I search for chatgpt is a fake app with a fake logo. Maybe they should start by tackling the scams on the play store as the play store is the far west.

by realusername

3/29/2026 at 1:55:08 PM

I don't find the assertion credible that people are getting scammed out of more money than the entire platform is worth. But given that Google does not make the revenue for Android public, what kind of numbers do you think you're talking about here?

Also, I think it's disingenuous to say that scams are predominantly powered by sideloading. I think the vast majority of the scams that are perpetrated use apps directly from the Play Store.

by rpdillon

3/29/2026 at 11:06:23 PM

They've been claiming since 2023 that sideloading has been a favored attack vector.

"The Global Scam Report also found that scams were most often initiated by sending scam links via various messaging platforms to get users to install malicious apps and very often paired with a phone call posing to be from a valid entity."

https://security.googleblog.com/2023/10/enhanced-google-play... https://security.googleblog.com/2024/02/piloting-new-ways-to... https://blog.google/intl/en-in/products/launching-enhanced-f...

by Taterr

3/29/2026 at 10:45:10 PM

Googles total revenue in 2025 was about $400 billion across their entire company. It's hard to estimate how much money scammers steal in general but if you take an estimate[1] that each of the 300,000 forced laborers generates $300-400/day then you end up at a figure of 40 billion in scams, and considering android has most of the market in the regions the scammers target you can be pretty sure those are android owners being scammed through android devices.

They're also growing rapidly, so those numbers might already be double in 2026

1. https://www.theguardian.com/technology/2025/dec/02/scam-stat...

by Taterr

4/1/2026 at 12:44:09 AM

These numbers aren't credible. Total credit card fraud globally is projected to reach $43 billion in 2026. You're arguing that fraud on Android alone is equivalent to that. Doesn't smell right.

by rpdillon

3/29/2026 at 7:42:54 AM

Their solution to every problem is to take away more control of the smartphones each time from the users who own them. Meanwhile, I have much less problems with scam and security issues and more freedom with software off FDroid. Makes you wonder if the actual problem is perhaps the one coming up with these solutions and their malevolent intentions behind a thin veil of laughable PR. Besides, I don't get people's habit of justifying trillion dollar corporations that can't seem to come up with any non-dystopian solutions.

by goku12

3/29/2026 at 1:23:31 PM

my bias former android and java dev....

Google choose an OS using a VM by design is insecure by default....

ITS NOT US USERS FAULT!

by fredgrott

3/29/2026 at 5:58:50 AM

Why does nobody ever think of the poor megacorporation?

I mean maybe you're even right and they care a little bit about people being scammed. But if you believe that the scamming thing is any more than a pretense for further establishing Google's absolute control over the Android ecosystem, that is just very naive.

Their goal is to make money. Apps installed outside of Google mean less money for them. Ergo, consumer's right to install what they want on their devices must go.

by schubidubiduba

3/29/2026 at 7:23:24 AM

I understand usually the megacorporation is simply being anti-consumer with these kinds of changes, and who knows maybe this is the same. But I think this might be an actual exception. They seem to be actually implementing a lot of high effort scam protection features recently in android so unless they did all of that just as an excuse to make side loading harder then they've fooled me.

https://security.googleblog.com/2026/02/strengthening-androi... https://blog.google/innovation-and-ai/technology/safety-secu...

For more context, the the "reason" they're increasing the friction in sideloading is to prevent one extremely specific scam where someone instructs you over the phone to download a malicious android app, which then steals your banks 2 factor verification code from your notifications and sends it to the scammers. The 24 hour limitation does seem specifically designed to prevent that so I'm inclined to believe them.

by Taterr

3/29/2026 at 1:59:46 PM

You don't need to side load a specific app with malware. All you do is tell the person to go to the Google Play Store and install any Anydesk. Heck, even the reviews for that app point out that people that are scamming you often tell you to install it. Kelly Walters' review from '23 has 215,000 upvotes for warning people about this.

by rpdillon

3/29/2026 at 2:34:55 PM

> They seem to be actually implementing a lot of high effort scam protection features recently in android

This all happened recently because a court case was recently decided that broke Google's monopoly on play store money flows (Google must now allow alternate play stores). These recent changes are simply to try to prop up as much of their play store profit center as they can by restricting what you can do with the computer you purchased.

by pwg

3/29/2026 at 8:17:33 AM

It's pretty easy to make up a reasonable sounding excuse for something you do for your own profit as a company. If they don't even provide any statistic on how frequent these scams are, it can be just words

Also, if your bank 2fa code is in your notifications, you should switch 2fa methods to something other than sms, or switch banks.

by procaryote

3/29/2026 at 9:53:31 AM

So we should just accept that all apps must treat android notifications as a compromised communication channel?

The scammers will find some other way to abuse the very generous permissions allowed by an android app if you prevent the notification attack.

by Taterr

3/29/2026 at 2:34:27 PM

> So we should just accept that all apps must treat android notifications as a compromised communication channel?

Look, that's an OS issue, not an app distribution issue. If I could use the trusted, vetted software from F-Droid I wouldn't need to worry about this sort of attack.

by MarsIronPI

3/29/2026 at 10:44:04 AM

I wouldn't be surprised if the people at google implementing this genuinely believe this to be the case. It was the same thing with AMP, the people doing it really seemed to believe it was entirely a good thing and there were no negative consequences whatsoever. But it doesn't really matter when the thing also blatantly concentrates power within themselves that can later be used to their own interests.

(Here's another reason it's a bad idea: scammers tend to be very good at navigating the roadblocks you put in to do a thing, often moreso than the people who legitimately want to do the thing, so I wouldn't be surprised if the scammers still have a healthy supply of malicious apps now signed by google. If they can't keep malware off of the play store where they see the malicious code, why do they think they can stop scammers registering as developers to sign their malware?)

by rcxdude

3/29/2026 at 8:31:11 AM

Do you also believe mass surveillance is necessary to protect children?

by sunaookami

3/29/2026 at 1:03:44 PM

That's some nasty debate tactic, unworthy of this website. Don't do that.

by izacus

3/30/2026 at 3:26:33 PM

You seem to love buying bridges.

by sunaookami

3/29/2026 at 9:32:26 AM

No. Their stated implementations should be also privacy preserving as they are using on-device LLM models. Not sending your calls or texts to a datacenter.

by Taterr

4/1/2026 at 1:23:54 AM

Large language model models

by Timwi

3/29/2026 at 11:20:52 AM

There will always be scammers who through human engineering get people to transfer money or hand over their jewellery.

(My bank doesn't use SMS by the way everything goes through the official app with biometrics).

by expedition32

3/29/2026 at 6:01:48 AM

That may be, but I think you are missing the point of the outrage: this solution is not good.

by eloox

3/29/2026 at 6:31:57 AM

So let's discuss a good solution instead of this boring repetitive outrage.

by izacus

3/29/2026 at 8:14:23 AM

First we need to understand what the root cause of the problem really is then we can discuss solutions. All we've been told is that "Android users are getting scammed, we are going to make side loading impossible". There is no clear cause and effect established, no data shared with the public on what percent of scams were caused by sideloaded apps and how the scams actually operate for us to be able to accept the solution.

by elwebmaster

3/29/2026 at 9:00:10 AM

> no data shared with the public on what percent of scams were caused by sideloaded apps and how the scams actually operate for us to be able to accept the solution.

They will not share the data because the data goes against their public stance.

Apks are already very annoying to install for your average user. The scams will target the web, the playstore and then as a very last resort, direct installs

by realusername

3/29/2026 at 1:59:53 PM

What public stance do you mean? Did they say somewhere that sharing statistics about Android is against their morals or what do you mean?

by lucb1e

3/29/2026 at 5:16:13 PM

Their stance is that they want to lock up Android, if they start sharing the truth, it just doesn't support their goals

by realusername

3/29/2026 at 7:41:13 AM

Look at the attack vectors that are actually being used, and address them specifically, with minimally invasive measures.

If the problem is apps that allow remote control of your device, that people can be socially engineered into installing, put up barriers to gaining just that permissions. That approach would actually help motivate the problem (as scammers can now just use Google-approved apps for such things).

If the problem is ads that are pushing scams, Google could start with eradicating them from their own network. They seem to be the primary source. And, god forbid, perhaps even offer an ad blocker integrated in Android. (Yeah, I know.)

If the problem is scammers pretending to be a friend or family member in need of help though social apps, Google could force these apps to help users identify these cases (using local privacy friendly heuristics is course) for inclusion in the Play Store. And no, they wouldn't be able to demand the same from apps installed from elsewhere, but that should be firmly outside of their sphere of responsibility. And casual users would be extremely like to stick with the default app store anyhow.

Note that all three of these proposals provide a measure of safety from the problems they are addressing much larger than what Google is attempting by banning all non-Google-authorized applications.

by vanviegen

3/29/2026 at 7:57:24 AM

I am quite genuinely curious what you think the best solution to prevent someone instructing a tech illiterate person over the phone to click through every permission warning about a malicious app they're installing is? No amount of scary menus will work. I feel like they only have 2 options, which is to limit some permissions without any exceptions (making their platform more closed), or make it harder to install apps as a whole.

Do you have a better idea?

by Taterr

3/29/2026 at 2:03:04 PM

If there is literally "No amount of scary menus will work." then those people cannot use computers. So long as they can transfer money with it, or do another action that a scammer may want to do, then the scammer can tell them to do it. They should not be allowed to install banking apps with that logic and need a legal guardian to manage their digital belongings

If the solution is that nobody has control of their digital life anymore (see also attempts to require client-side scanning and verify user age, which don't work if said user can override it) then we've lost sight of the bigger picture

by lucb1e

3/29/2026 at 2:04:31 PM

It's not clear at all that a scammer is on the phone, instructing people to click through every warning that they see while sideloading a malicious app. As I stated up thread, the majority of these scams are happening through apps in the Play Store.

To address your question, there should be a straightforward option during device setup. If you're first attaching your account to the device, you simply check a box that says this is an advanced user's phone. You can put it behind the same kind of scary pop-ups that web browsers have when they're about to serve you an HTTP page, or when the HTTPS certificate is self-signed.

It's the most obvious, straightforward, user-friendly approach, and it was never even discussed.

by rpdillon

3/29/2026 at 2:06:42 PM

> the most obvious, straightforward, user-friendly approach, and it was never even discussed

Fwiw, it was "discussed" in the sense that the person we're arguing with meant upthread ("let's discuss a good solution instead of this boring repetitive outrage"), but it's not like Google listens to that so any such discussion is pointless anyway. It is indeed the obvious solution and it comes up in each of these threads, but believers like GP can always be new rationalizations of why Google doesn't implement one proposal or another

by lucb1e

3/29/2026 at 11:20:12 PM

> It's not clear at all that a scammer is on the phone, instructing people to click through every warning that they see while sideloading a malicious app.

Google claims this to be a very common or majority attack vector.

https://security.googleblog.com/2024/02/piloting-new-ways-to...

> If you're first attaching your account to the device, you simply check a box that says this is an advanced user's phone.

I completely agree this is a perfectly valid solution but what about those who already setup their device? The security of the checkbox only works if you click it before someone attempts to scam you.

by Taterr

3/30/2026 at 5:43:19 PM

All they say is that the apps are malicious, though. The majority of malicious apps distributed on Android are through the Play Store. I really wish they would provide concrete details here because I just don't believe that this is all hinging on sideloading.

by rpdillon

3/29/2026 at 10:52:20 AM

I think it's a problem where the only solutions are worse, on the whole, than the disease.

Probably the best option would be the ability to lock down your own device somehow (i.e. put the toggle in the opposite direction by default). This at least lets others around someone vulnerable to this protect them (and probably much more effectively, as the controls can be a lot tighter than 'we once saw an ID we believed was real')

by rcxdude

3/29/2026 at 7:17:52 AM

The problem with that thought is that Goole isn't creating a good solution, it's creating this specific one.

by TuringTest

3/28/2026 at 10:23:22 PM

What's the phone OS landscape now? What can someone who values their agency and wants FOSS choose?

* iOS - walled garden, so no

* Android:

* * with a Google account and Play Services - a bit less of a walled garden, but still no

* * Android without Google:

* * * GrapheneOS - root or adb not supported, so no

* * * LineageOS - (edit: root or adb not supported, so no - just learned) seems like a viable option although it seems like it depends on Google's development of Android and keeping it FOSS. How's the situation with security updates? Which phones would you recommend? I don't count Samsung or whatever crap as they're generally quite user-hostile.

* Linux - IIRC only PMOS supported FDE. Is that still the case? Are there are good Linux phones? I tried PinePhone a few years ago, but it was crappy. The OS also lacked basic features like new windows showing up inside the screen.

* anything else?

by AlBugdy

3/28/2026 at 11:19:09 PM

> GrapheneOS - root or adb not supported, so no

Like the other poster said, you can get root on GOS. However it's highly ill advised and severely breaks the security model of devices. 99% of the time nobody, especially the average person, needs root on their phone (imo). Allowing that easily just opens up the average person to getting duped into getting their phone rocked with exploits and possibly persistent malware.

There is no reason that a lack of root access should be viewed as a negative within the context of GrapheneOS. In that case why even mention or choose GOS? Just choose an Android fork with poor security or a Linux phone with zero security instead.

by armadyl

3/28/2026 at 11:32:59 PM

> 99% of the time nobody [...] needs root on their phone

Do you also not have root on your laptops or desktops? I don't get why it's so different. I don't just want to open TikTok and Instagram, I want to use my phone computer as a computer. I assumed HN folks would get it.

I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to.

Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?

And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?

I probably don't get it, but it's like people see 2 extremes - run nothing ever in root or run everything in root all the time.

I want to run like 5-6 apps I trust.

Maybe if I wanted to secure a billion dollars worth of Bitcoin, I would be OK with a separate phone without root, but then again I would likely use a hardware wallet. What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?

by AlBugdy

3/29/2026 at 12:57:08 AM

> Do you also not have root on your laptops or desktops? I don't get why it's so different. I don't just want to open TikTok and Instagram, I want to use my phone computer as a computer. I assumed HN folks would get it.

The security models of desktop operating systems are far, far behind those of mobile operating systems (Android/iOS). ChromeOS, followed by macOS are the closest to mobile security but are still severely lacking. Windows is farther behind and desktop Linux might as well be minimum security. It’s not even an equivalent comparison as you’re comparing mobile OSes to ones on a platform with a fundamentally worse security architecture.

I mean, even to an extent some of the Linux distributions understand the security problems with the traditional model. Look at what Universal Blue is doing with their images and leaning more into Flatpaks and containers for any developer like etc tooling while actively discouraging installing things via rpm-ostree.

> I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to. Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?

The first sentence is inherently incompatible with the security structure of GrapheneOS (for example). The point is to not give applications root, giving them root circumvents basically all of the protections GrapheneOS and Android give the user. Yes, mobile operating systems were designed sandbox first to treat all applications as untrusted. However it doesn’t matter if you’re only giving “trusted” apps root, all it takes is one supply chain exploit, one malicious developer, one anything to make that app with root do something its not supposed to do.

Not having root is the best way to harden security. Mobile OSes are designed to be heavily compartmentalized, each application runs in its own sandbox. Giving an application root circumvents the entire thing, allowing that application in theory to see into other sandboxed apps etc. If you want a real world example look at all the malware exploits that come into iOS via iMessage, one of the only apps on iOS that’s not fully sandboxed like normal apps.

> And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?

The problem is that we don’t know how they could leverage it, so the solution is to eliminate that pathway entirely.

This is also my issue with the push for Linux phones onto the average person (instead of the community coming together and forking AOSP if they want to escape Google). The platform has zero real sandboxing, and the average person still wants to use Meta apps as shit as they are. These big tech companies’ and governments’ apps would go absolutely crazy on Linux phones.

> What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?

To not get unknowingly pwned. Realistically even if you have a trusted app, you or the community can only verify that it’s trusted at a specific point in time. Realistically a community cannot verify that an app or package etc is consistently not malicious and will more often than not lag behind in the implementation of the exploit vs its discovery, it doesn’t matter if its closed or open source.

To be clear though my view is that we shouldn’t be pushing root-capable mobile operating systems onto the average person and that no root is infinitely more secure than having it. Maybe companies could provide alternatives, i.e. offering devices with rooted versions available but offering no customer support if something goes wrong with the software. But it certainly shouldn’t be a default available feature for the majority of the population.

—

An edit: Also preventing root allows devices to pass attestation checks. I know it has a dirty connotation in light of how companies are behaving recently, but it really is a security benefit for a device to be able to prove that it’s base operating system is unmodified (i.e. no persistent malware is present).

by armadyl

3/29/2026 at 4:27:39 AM

Can't edit my other reply.

Edit: I looked at your other comments to see if you had discussed Linux or Android security before (and to avoid repetitive threads). I'll reply to this post of yours here as you'll likely not see that I've replied there:

> Also linux only really has block level encryption, not file based encryption like iOS/Android. It would be trivial for LEO to access your device unless it was totally powered off and then the only protection is LUKS. Or really even if you lose your phone and someone was so inclined to they could just extract all the data if it was powered on but on the “lock screen,” as most if not all desktop (and I’d imagine linux phone) environments do not actually do any encryption or anything when the system is locked, it’s just a cosmetic lock for all intents and purposes.

With LUKS or plain dm-crypt unencrypted data never touches the storage. Small parts of the storage are decrypted in RAM, but what gets written is encrypted. FDE at the block level gives less info to the adversary than file based encryption. With detached /boot (and maybesome other stuff) (like on a USB stick), and plain dm-crypt, you can even have plausible deniability that the storage medium was just overwritten with random data. LEO can't do anything for LUKS or dm-crypt if they can't bypass the lock screen, short of a cold boot attack. That's true for file-based encryption, too. The lock screen (on Linux, at least) isn't related to disk encryption and doesn't have to be.

by AlBugdy

3/29/2026 at 3:43:27 AM

I don't agree with you, but I appreciate the time you took to reply. Apologies if I may appear terse.

> The security models of desktop operating systems are far, far behind those of mobile operating systems

What about Qubes? That's my standard. Everything else has worse security almost by definition (since you can virtualize it and increase its security that way).

> The first sentence is inherently incompatible with the security structure of GrapheneOS (for example).

My mistake - sorry. I wanted to say something like:

> I would choose something as locked down as GrapheneOS (no root) for its security if I were to use it to install random apps or to run JS from random sites - examples of exposing myself to unnecessary danger like someone who doesn't know what he's doing. I would choose something with root but wouldn't run random apps with root permissions or JS on a browser started with root permissions.

I somehow mixed both sentences when editing.

> it doesn’t matter if you’re only giving “trusted” apps root, all it takes is one supply chain exploit, one malicious developer, one anything to make that app with root do something its not supposed to do.

That's where we differ on our views of security, agency and responsibility. I own the computer so I should be able to give root to whatever I trust. I already trust the the hardware, the myriad of developers writing the OS, the libraries they've used and so on. Yes, trusting less things is better, but there's a tradeoff and we can easier restrict the OS further and further until we're left with nothing. The OS shouldn't restrict what I can trust and what I can't trust. Why is the OS trying to force me to not trust any app but only the millions on lines of code of the OS itself and the hardware?

> The point is to not give applications root, giving them root circumvents basically all of the protections GrapheneOS and Android give the user.

Giving all applications root might circumvent all protections in GrapheneOS and Android. How does giving 1 application I trust circumvent all protections? Let's say I wrote the app (and I trust myself) and then formally verified it - just for the sake of argument. Although I'd give root to apps I didn't write or verify because I am an adult who can choose what code to trust. We already have important information and already give important permissions to apps that, if compromised, can ruin our lives easily (browsers, communication apps and so on).

> The problem is that we don’t know how they could leverage it, so the solution is to eliminate that pathway entirely.

So apps are both sandboxed and there are robust permissions which make Android much more secure than most desktop OSes, but we can't even give an app root because it might somehow wreck the whole system? I don't get this. By that logic we don't know if any app could compromise any of the system processes that have root (or functionally equivalent access). The solution would be to not run untrusted apps in the same OS at all, to have different computers or some hardened virtualization like Qubes? I get that it's not black and white, but my hypothetical terminal app with root permissions won't be the only process with root permissions running on the OS, so why is it THAT bad to give it root? Especially when I'd run it with root only for certain tasks, just like I don't "sudo ls ~" but just "ls ~".

> This is also my issue with the push for Linux phones onto the average person (instead of the community coming together and forking AOSP if they want to escape Google). The platform has zero real sandboxing, and the average person still wants to use Meta apps as shit as they are. These big tech companies’ and governments’ apps would go absolutely crazy on Linux phones.

Why not try to use existing security mechanisms in various Linux distros (or Qubes) to prevent Meta's apps from going crazy? Additionally, why can I load facebook.com in Firefox on Linux and be relatively certain I won't get pwnd by Facebook even though I have root on Linux? That would mean we trust browser sandboxing more than Android sandboxing. Yet we have root on Linux and can do anything with the browser. What I mean is, you state that Android is so secure, yet we trust it less than untrusted JS on a browser on desktop. If we don't, should we disallow people to run JS (or even CSS, as there have been attacks via CSS) at all?

> my view is that we shouldn’t be pushing root-capable mobile operating systems onto the average person

My view is that we should default on root-capable devices for anyone. If a user doesn't feel sure in their abilities, they may select "I am not sure of my abilities to operate a computer, lock it down for me permanently" option. Otherwise it's on them. We shouldn't be nannies for people. People will eventually learn when enough people get burned. We should be nannies for obvious cases of mental retardation where the person requires round the clock care, but not for everybody. We're not sheep and shouldn't all be treated as sheep even if a lot of us are.

> Also preventing root allows devices to pass attestation checks. I know it has a dirty connotation in light of how companies are behaving recently, but it really is a security benefit for a device to be able to prove that it’s base operating system is unmodified (i.e. no persistent malware is present).

I might see a benefit for workers in a company for work-provided computers because they're company owned, but any attestation for user-owned computers that is imposed on a user will almost inevitably lead to a dystopian future where computers get more and more controlled, locked down and even backdoored without a way to even see if they are. For example, in many jurisdictions you're required to have phone, to use Android or iOS, to have an account with Google or Apple, to not have root and to not run a custom ROM in order to use basic public services or banking (even if my bank account has like 5 bucks in it and I wouldn't care less if it got hacked). That is absolutely wrong and if we don't do something it's going to get much worse in the future. We should fight these restrictions whenever we encounter them. We the people own our lives - we should own our computers and we should own (as in responsibility) our choices.

by AlBugdy

3/29/2026 at 2:07:16 PM

You need root to get around all the stuff that Google won't let you do. There's tons of examples I've encountered over the last 20 years, but the one I encountered most recently is that without root, when I plug in an external display to my phone, I can't actually make the phone display go off. So it sits there powering the external display and its own display (that I'm not using) because of permissions.

by rpdillon

3/28/2026 at 11:11:41 PM

GrapheneOS - does allow you to root/ADB. It's just not official, just like LineageOS. You can even sign your own images and relock the bootloader and have root i f you put in the effort.

by KetoManx64

3/28/2026 at 11:16:21 PM

So I misunderstood about LineageOS - I haven't read anything about it for a while. Everyone on GrapheneOS's forum is really anti-root, they even mention it's not GrapheneOS anymore. From what I saw you can't get any support whatsoever if you have an issue with root or adb, which seems like a core component to any OS to me. Would've been nice if there was a community that gave each other support for rooted LOS or GOS. There could be one, though - I haven't researched it.

by AlBugdy

3/29/2026 at 9:45:06 AM

I had the first two iPhone models, but then moved to Android. So I've been an Android user for ~15 years. This will probably be the drop that makes me go back and try an iPhone again. If all phone OSes are going to be walled gardens, might as well go for the best one.

Android has always been lagging on usability/performance/polish, but I stuck with it for the openness and because it generally was first to tryi new things. I remember how people at work laughed at me when I got a Samsung Galaxy Note ("It's so big it looks like you have an iPad in your pocket"), yet a few years later every phone was that size. And now Android is leading with foldables. I love my OnePlus Open, but OnePlus seems to be pulling out from the Western market so further support is looking "iffy", so might as well get an iPhone.

by kivle

3/28/2026 at 10:33:33 PM

fairphone support for pmOS is improving. What DE were you using? It was probably just slow on the pinephone.

librem 5 is also an option. It is sorta expensive and weak but is the most capable.

https://wiki.postmarketos.org/wiki/Devices

right now im on calyxos but development has been paused for like a year

by Hasslequest

3/28/2026 at 10:54:03 PM

It was a long time ago, so I don't remember. Phosh or Plasma. I tried to like Sxmo, but it was really unintuitive, unlike tiling WMs on Linux.

Fairphones seems OK, although for €549 I'll probably stick to a dumb phone and invest in a better laptop for now. I'm not saying it's too expensive for what it is, though - it's still a tiny computer with all kinds of periphery.

I just wish there was a version with a shitty camera for €50 less or with no Bluetooth for €10 less - you get the idea.

Interestingly, when I went to

https://www.fairphone.com/shop-home

the prices for the headphones were lower for a few seconds and got higher afterwards.

€186.75 -> €249

€74.25 -> €99

while the phone price remained the same. Both are increases of 33.(3)%. Probably a script that determined my location and added a VAT.

by AlBugdy

3/28/2026 at 11:23:51 PM

I think a problem is that phones, as a concept, are communication first, rather than general computing first.

If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.

I'm sure FOSS can make a feature equivalent Instagram (or Whatsapp, or whatever) but the people aren't in there.

by kace91

3/28/2026 at 11:41:49 PM

> I think a problem is that phones, as a concept, are communication first, rather than general computing first.

I use all kinds of computers for communication. I'm communicating with you on my desktop. I had a call earlier on my laptop. And a phone IS a computer, so why pretend it's not?

> If you want to partake in social networks, messaging, work communication, banking, etc you're at the mercy of the service's owner and their moat. You can't access Instagram in any other way than their app, and at that point an open OS doesn't help a lot.

I wouldn't use proprietary work tools on a personal device. It's not good hygiene.

I don't care if Instagram requires an app on a non-rooted phone with verified Google attestations because I don't use it and it's not essential.

Banking apps ARE a problem because a lot of banks don't let you use their site without their app at all. That should be solved with regulations - give people a FOSS banking app or, better yet, an API, so they can bank however they want to. Let us create FOSS interfaces for the different banks. Right now we need to revert the regulations who more or less force us to rely on Google or Apple's attestation. Internet banking is important both because there's a trend, even in countries where cash is still widely used, to have places that don't take cash, and because it's a highly regulated system paid for my taxes - I should be able to participate in a modern way with bullshit restrictions allegedly made to prevent someone's grandpa from getting hacked or phished.

But if I can't access my bank online, I'm not going to bow my head and buy a bank-approved phone with a bank-approved OS and a bank-approved $tech_company account. Who banks that often that they really need to do that, outside of places like Sweden where cash is almost dead?

by AlBugdy

3/29/2026 at 11:01:30 AM

> Who banks that often that they really need to do that, outside of places like Sweden where cash is almost dead?

I often pay cash in physical stores, but when buying things online I (and every other Dutch person) use Ideal (Wero). That means authorising each payment via my bank, and that means either using my smartphone (GrapheneOS) with the bank's app, or using the bank provided OTP device with my debit card inserted.

Using my smartphone is, unfortunately, the easiest way. I hate both options for the fact that I need to fetch either my smartphone or my debit card though.

Banks want their stupid app because it is the easiest way to keep some client-side secret secure in a nearly fool-proof manner. I can do everything I want in any browser, but authorisation and authentication happens by means of that app, so even just logging in means scanning a QR code with the app, and then continuing in the browser of any device I want.

I think most people use bank several times a week at the very least. Some do it constantly and put debit cards on their smartphones and concentrate everything financial on that single device, but even folk who keep ready amounts of cash on hand and don't buy things online too often bank several times a month, even if just to pay taxes and keep an eye on their finances.

by Freak_NL

3/29/2026 at 12:26:09 AM

>I use all kinds of computers for communication. I'm communicating with you on my desktop.

Sure, now get a date, connect with old friends, get invited to a party or join your children's school parent groups exclusively on free software.

>And a phone IS a computer, so why pretend it's not?

I agree we shouldn't, I'm just saying that it's unlikely for that need to meet a large enough demand.

You might consider Instagram, whatsapp or similar apps personally not essential, but for many (I would say most) people they are - if not truly essential for living, at least essential in the sense that they don't have much use for their phone outside of those apps.

Which was my point, as long as the main use of a phone requires passing through meta's (or whoever else's) hoops, it's going to be a hard battle.

The only minimally mainstream uses of a phone that currently lie outside the walled garden are piracy and emulators, and that's already a stretch.

by kace91

3/29/2026 at 3:55:11 AM

> Sure, now get a date, connect with old friends, get invited to a party or join your children's school parent groups exclusively on free software.

It's tough, but that's a normal part of trying to change the status quo and fight for something you believe in. The people who I truly care for (and who care for me) have actually installed secure FOSS apps to connect with me and invite me to parties. They were reluctant and in some cases it took months of prodding, but it happened. And slowly there's a network effect - friend X and friend Y both have app Z. They might continue to use Meta to communicate between each other, but if and when they realize they want to move away from Meta, they can use Z.

I haven't had to deal with school parent groups in particular, but I have, in just a few cases over the years, managed to convert small groups from proprietary to FOSS solutions. It's hard, it's not the usual outcome (often they stay in their walled garden and I don't join them), but sometimes, just sometimes it works. That means there is actually hope and we can keep fighting the good fight. If we win, everyone wins.

I also understand if someone agrees with me, but reluctantly uses a closed proprietary solution to connect to the school parent group if it's important to them to be in that community. But losing a battle doesn't mean we have to forfeit the whole fight.

by AlBugdy

3/28/2026 at 11:14:45 PM

You can root GrapheneOS, they just don't recommend you doing so.

by garciansmith

3/28/2026 at 11:24:04 PM

In their forum they repeatedly say stuff like:

> If you choose to root, then I believe its not considered to be "GrapheneOS" any longer and assistance will not be provided for issues you face

Getting no support would suck. Obviously it's a FOSS OS, so it would be community support for the most part, but it's still invaluable when you run into issues.

by AlBugdy

3/29/2026 at 9:36:00 AM

Obligatory mention of Sailfish OS.

Website: https://sailfishos.org/

Main forum: https://forum.sailfishos.org/

Recently on HN: https://news.ycombinator.com/item?id=47216037 / https://news.ycombinator.com/item?id=47311456 / https://news.ycombinator.com/item?id=41749296

by raphman

3/28/2026 at 11:30:17 PM

Why do you want to root? I didn't really feel the need for the past few years.

by PufPufPuf

3/29/2026 at 9:47:14 AM

Backing up all app data.

by rudhdb773b

3/29/2026 at 1:00:46 PM

That breaks Android's security model and reduces overall security.

by charcircuit

3/29/2026 at 2:09:24 PM

I think those are features, not a bug.

by rpdillon

3/30/2026 at 11:46:10 AM

Maybe for your threat model. Not mine.

by rudhdb773b

3/29/2026 at 2:13:14 PM

Ah yes, getting access to your own data would be a massive problem, can you imagine such a world?! /s

Such data should be put in (or encrypted by) the hardware-backed keystore. You get to have full access to what the OS does, including seeing what data gets passed into this secure element for encryption or signing (you retain visibility and control), and yet secrets can't be leaked to you or an attacker who tries to extract those secrets

See e.g. your bank card: it's yours, you can choose where to stick it and what transactions it authorizes, but you can't get at the token that serves as proof of possession nor reset the PIN attempts counter. Your phone('s banking app) could work in the same way and has the hardware on board that makes this possible. So you see, it's a choice that you don't get to see what apps are doing and people are scared into believing that access to their own phone is bad. It's a matter of conflicting incentives on the vendor side, not technical risk

by lucb1e

3/29/2026 at 4:15:18 PM

There is an API for backing up all app data that requires authorization. This is different from giving the user root, so any malicious can back up all app data at any time.

by lern_too_spel

3/29/2026 at 9:55:17 PM

Which API do you mean?

by lucb1e

3/31/2026 at 8:55:37 AM

adb backup

If you control the build, you should implement your own Backup Service. You should not just open all apps' data to any app.

by lern_too_spel

3/31/2026 at 7:17:54 PM

Oh, that useless thing. I was very confused about something which can "app data that requires authorization" (thought maybe it's some Google service that extracts your secrets for device migrations) but you just mean the old adb backup that the security industry (that I'm part of, and fighting from within :p) destroyed in the name of people's own good

Like, yes this exists, but it doesn't back up half the things you need :(

by lucb1e

3/31/2026 at 12:47:51 PM

"adb backup" is buggy and deprecated.

It's easier and more reliable to use adb root to rsync everything. No apps need root access that way.

by rudhdb773b

3/28/2026 at 11:48:17 PM

Because my new phone would be my new phone. And a phone is a computer. That should be enough of a reason.

I'm quite surprised people who post here don't get that. I've been lurking for years even though my account is new and even though general hackerishness here has gotten a bit reduced over the years, but it's still HackerNews, not ConsumerNews. No offense implied - I just hoped I'd see more people willing to claim their right to own and modify their OS like a true hacker.

by AlBugdy

3/29/2026 at 3:28:33 AM

I do (re-)root my phone (after each update I have to flash the Magisk-modified boot.img again), but FWIW almost nothing needs root on Android, it lets you do way more by default than iOS. I think some people equate jailbreaking and rooting when there's not really a jail to begin with. You can install a custom ROM without having root and I think that's what most people really want to do. Cleaner base system, maybe some new features. I run LineageOS without gapps and it's great. I can use `sudo` inside termux since I have root. I don't really use it for anything except to verify that Magisk reinstalled okay (I do `sudo ls /` as a quick check). Installing F-Droid doesn't need root. You can even do it on locked down TVs and Amazon tablets usually. adb works as well, not sure why someone was saying it doesn't. Hell, adb should work even without either root or a custom ROM. I use it to reboot my phone into fastboot without the button combo and then flash Magisk right after.

by opan

3/29/2026 at 4:00:41 AM

I agree you might not need it, but the issue is one of principle. I want it because I might need it. I don't want to find another OS that supports root if I realize I need it.

Just how I may be OK with staying at home for months with deliveries and internet access and everything else provided for me, but I want the freedom to go outside. There is rarely anything I need that's outside, to be honest. And outside is more dangerous. But I want to be able to sudo outside whenever I want for whatever reason I want.

by AlBugdy

3/30/2026 at 1:30:32 PM

Well, as far as I know, none of the popular Android custom ROMs prevent root, though what you found about them not wanting to support you when you run into issues is probably somewhat true everywhere. I think the idea is that if something you're doing to get root or after getting root is causing problems, it would be outside the scope of the ROM itself and not their problem. I do still get help in the #LineageOS IRC channel and mention issues in there despite being rooted. I don't mention it unless it seems relevant, but I've seen bug report forms where they specifically ask. Ultimately it's gonna come down to whether they can reproduce it, consider it an issue, and if it's a problem with the ROM or something else. I don't think they intend to be malicious. I used to work in tech support for some enterprise backup software, and if there were signs that the customer's issue was because of their OS or network or someone else's software, that wasn't our problem to fix, and as soon as we could prove that, we could usually close the case. We were only there as support for a specific piece of software, it was their problem, or at least someone else's to keep the general servers and network working. I imagine the volunteer maintainers of LineageOS don't want to help you with things unrelated to what they do either. Have not used GrapheneOS as I've never owned a Pixel, but I imagine it's a similar situation.

by opan

3/29/2026 at 5:40:13 AM

I think you are answering not quite what's being asked.

I think it's completely reasonable to want to be able to get root on your device. For the exact reasons you mentioned. GrapheneOS allows that.

To actually do so, it's reasonable to have a reason. Otherwise what you're doing is basically running commands with sudo "because you can", which will bite you.

To have a rooted phone just for the sake of the trophy of having a rooted phone is something generally considered worse. Better to have a rootable phone, which you root if or when you have need of it.

by margalabargala

3/30/2026 at 1:32:28 PM

>To have a rooted phone just for the sake of the trophy of having a rooted phone is something generally considered worse. Better to have a rootable phone, which you root if or when you have need of it.

This is indeed pretty reasonable. Very easy to root at any time after flashing LineageOS, for example.

by opan

3/29/2026 at 8:34:08 AM

Exactly. It is my device. End of story.

If I could point out, the vast majority of people you see writing things as stupid as that are either have a huge stake in the company/industry or the government.

Thanks for all of your other comments in this thread I read them all and it is such useful advice for everyone, even seasoned security people.

It isn't natural to want less freedom.

by Ms-J

3/29/2026 at 6:42:32 AM

An alternative if you are using Graphene would be to build your own image with the changes that you want, without or without root.

by drnick1

3/28/2026 at 9:52:59 PM

When typos are inadvertently funny:

> Google’s been working hard to relive everyone’s fears...

by sgbeal

3/29/2026 at 3:30:55 PM

I came here to say something similar.

I somehow doubt there's a team at Google dedicated to roleplaying the nightmares of all living people :-D

When I saw your user name, I was like "I wonder if that's the C++ s11n guy", and sure enough, confirmed it by viewing your profile.

Glad to see you're still alive and kickin' -- hope you are doing well, despite life's challenges.

by nocman

3/30/2026 at 1:36:22 PM

>"I wonder if that's the C++ s11n guy"

That's a name i've not heard in ages. That project was abandoned back in 2012 or so for lack of interest on all sides. The domain and site were sold back in 2014-ish to someone who blatantly misrepresented themselves as wanting to keep that piece of internet history online, but turned out to be a SEO operation which only wanted it because the domain had a decent reputation with Google. Lesson learned.

> Glad to see you're still alive and kickin' -- hope you are doing well, despite life's challenges.

Thank you and right back at you!

by sgbeal

3/29/2026 at 7:28:50 AM

Two steps forwards and one step backwards in the never-ending march to dytopia and you celebrate it as a show of your generosity and benevolence! I don't know who you're trying to fool. But I'm certainly interested in finding out, because that person must be both naïve and incredibly powerful if you think that it's worthwhile to pull off a public charade like this.

by goku12

3/28/2026 at 11:36:10 PM

I thought that even after the 24h wait, you will have to go through some annoying dialog to install (or maybe even update) anything not from the play store. So installing from F-droid will become an obnoxious process. Even worse if updates also become obnoxious. F-droid often wants to update several apps at once, so I click "update all". If that becomes multiple dialogs, that sucks.

by throwaway81523

3/29/2026 at 7:31:17 AM

The first thing I do with any new phone is to enable developer mode. If it is weekend, I will use adb to sideload, if not, I will do it in next weekend as I don't have much time at workdays. In any case the sideloading will be done on the same day as now. Problem solved.

by tsoukase

3/29/2026 at 7:44:49 AM

they will make you wait 1 week to enable developer mode

by slim

3/29/2026 at 6:30:02 AM

Key point from the article:

> ADB would be unaffected, and any power users who needed to install an app straight away could always connect their Android device to a computer and use ADB commands to manually install - no delay at all.

So in practice this won't be an issue for anyone tech-savvy who uses their Android device with apps outside of the Play Store, as they can simply install through the ADB mechanism via a separate device. It can even be done using WebUSB.

However, the many, many people worldwide who lack such technical knowledge, and are more susceptible to being scammed via malicious app installs because of it, are still protected by this new process Google are introducing.

by bedrizzled

3/29/2026 at 2:29:46 PM

I would agree, but

- accepting that they take the finger now makes me worried about the rest of the hand

- it seems like a complete strawman argument: I have never heard of anyone getting scammed by being guided through system menus to enable app installations and then downloading and installing an apk from the scammer, as opposed to just going to the play store and installing e.g. teamviewer

- apps are already a pain about users with access to their own devices. If they can somehow detect that you're in "advanced flow" mode... that's going to be a real joy and further discourage/scare away people from using this

- my current understanding of the finger they've given us is that it does not include publishing apps via the play store and outside of the play store unless you change the app ID. One signing key is bound to one app ID when the developer does the verification to be in the Play Store and their code is not installable after compiling by an independent party. F-droid still can't exist in its current form

by lucb1e

3/29/2026 at 3:06:40 PM

One thing I've never been able to understand about this new sideload "flow" is whether it will be applied to older devices, or just from some (future or recent) version of Android. Does anyone know?

by andyjohnson0

3/29/2026 at 10:49:08 AM

Guggle et all, are starting to panick, as the whole adversurvielance scam is unraveling, there is NO concievable end game. The surviving frogs, having been cooked en mass are getting ready to spontainiously evolve, AI is destroying vulnerable peoples ability to make descisions and the knock on effects as basic infrastucture erodes while costs spiral and actual knowledge is lost, but AI will be cheering them on by telling them walking and chewing gum are seperate activities that should be scheduled sequentialy after rest periods.

by metalman

3/29/2026 at 10:56:47 AM

Google is going to keep tweaking this because they have two conflicting goals. They want to cut off alternative app stores where they don't get their 30% cut, and they absolutely do not want to push people to other operating systems like graphene etc. They need it to be very high friction to accomplish the former, but if they make it too high-friction they'll trigger the latter. It's a catch-22, and they're going to dither in an infinite loop.

by phendrenad2

3/29/2026 at 12:32:22 AM

How will the transfer occur? I'm assuming via Google account?

So this is vendor lock-in to an online account being sold as a way to "win" against a problem _created_ by said vendor? I would prefer a per-device wait time and I sincerely hope a Google account will not be a hard requirement. I didn't consider this initially.

Google is in the process of stealing the shirts from our backs and selling them back to us. Whoever wrote this article is drinking the kool-aid. This should NOT be presented as a positive thing. Some of us use Android without a Google account and would still like to sideload.

by branon

3/29/2026 at 1:50:18 PM

How is that setting supposed to carry over if I don't even have a Google account on my phone?

And even if I disregard that for a moment, what's up with the author being a mouthpiece for Google?

> Google's latest concession makes the sideloading controversy a big nothingburger

> Opting out is going to be even less of a problem than we thought

> This afternoon, Google’s Matthew Forsythe shares some answers to questions he’s gotten about the minutiae of how this process all works — and he’s got some very, *very* good news for us.

(emphasis theirs)

> Doing that once with every new phone already sounded perfectly manageable. But now Google clarifies that even that won’t be necessary, with the opt-out able to be transferred as we upgrade phones. That is maybe just the best news we could have gotten here, and hopefully it’s enough to calm everyone down about the sideloading-sky falling.

by codethief

3/28/2026 at 9:36:50 PM

You still seem to need a Google account to be able to use the hardware you just paid for. I don't have one, don't want one either. I've been using Android without Google for about 15 years now but will hold off on getting a new device until I'm sure I can continue using it without getting a Google account.

by hagbard_c

3/28/2026 at 10:20:41 PM

Do you run a custom ROM? I can't imagine bothering with the hassle of running a vendor OS without signing into Play.

by fluidcruft

3/29/2026 at 12:25:12 AM

On some devices I run custom distributions (mostly LineageOS), others I just root and de-fang by removing all objectionable content including the Google bits. In all cases I put on F-Droid with a few configured repos to get the applications I want. On a few devices I also add some proprietary apps which are more or less mandatory - electronic ID (BankID) being the main one - either by manually installing it or through Aurora Store, an alternative play store front-end which does not require a Google account. No Google, no problem and no real hassle. My current main phone - a Xiaomi Redmi Note 5 Pro - is 8 years old, I already have a replacement in a drawer but have not configured it yet because I first want to make a cover for it. Even though it is 8 years old it works fine, the battery holds for 2 days and all applications I need still run on it. The oldest device in use is 15 years old and also works fine but it can no longer be used as a phone since 3G was switched off where I live.

by hagbard_c

3/28/2026 at 11:33:59 PM

I'm using stock Android with a bunch of F-droid apps and no Google account. I've never installed anything from Play and don't feel like I'm missing anything.

by throwaway81523

3/28/2026 at 11:59:24 PM

I don't use F-Droid, but I've been an Android user for several years on two different devices and I've never associated a Google account with a device. I've installed all my software from APK downloads from the open source project site releases they came from.

It was really nice last year when I moved to a new device. I restored my last SMS, call log, and contact backup with the open source app I use for that, then loaded the rest of the apps I use from their APKs. It was a lot like getting a new PC. Very enjoyable.

by EvanAnderson

3/28/2026 at 11:10:21 PM

Aurora store make it pretty seamless. Used to run my Samsung without any account, no Google nor Samsung and things worked perfectly.

by aucisson_masque

3/29/2026 at 10:06:56 AM

this is awesome! because i get a new phone every week, this will save me so much time.

WAT? how is that even better than the ability to skip the wait time?

you are right, i am not seriously bothered by the wait time, i'd just activate it on a new phone, wait a day and be done with it. i have had to wait two weeks to unlock a xiaomi phone, so this is not that of a big deal. (besides i am not going to be affected anyways because i use a custom rom, but that's besides the point. let's assume i will be affected)

who changes their phone so often that being able to carry over the setting to skip the wait is a win?

i am embarrassed that i fell for this article, believing that there would actually be a genuine improvement to sideloading.

by em-bee

3/28/2026 at 8:28:03 PM

Google clarifies that this status can carry over to new devices, so you only ever have to go through it once.

by croemer

3/28/2026 at 8:36:46 PM

Which makes no sense, if the property is in Android itself.

For example, lots of people use phones without any google play framework installed. Without that framework, how does it "carry over"?

This just raises more questions about how this whole process works.

Is it only the play api doing so? If so, then if you de-google, this entire problem goes away?

If not, then how can you 'carry over' to a phone unless you also install the play framework? Seems like that's unhelpful.

by b112

3/28/2026 at 8:59:19 PM

If you don't have the framework, you don't have to worry about any of this (you also don't get the benefits, bank apps that require validated OS, tap to pay etc, without the framework).

by fluidcruft

3/29/2026 at 5:13:54 AM

AFAIK, all current versions of Android have Google Play Services. It's an essential part of the "official" Android.

If you run GrapheneOS, LineageOS or whatever, then it's not real Android, and the entire problem of your OS restricting you from installing apps does not exist.

by diego_sandoval

3/28/2026 at 9:29:45 PM

This change was never relevant for devices without Play Services.

by izacus

3/29/2026 at 4:17:55 PM

This notarized apps restriction only exists on Google Android builds, so the workaround also only needs to exist on Google Android builds.

by lern_too_spel

3/28/2026 at 9:42:23 PM

Thanks for stating in one sentence what this slop article danced around for 10 or so paragraphs.

by silisili

3/31/2026 at 5:48:18 PM

This is still unacceptable.

by ottah

3/29/2026 at 8:52:36 AM

Maybe Im a conspiracist but it seems there is a recent concerted effort to lock OS platforms down. Just last week apple added an age verification system to uk iPhones. No legal req. as far as I can tell

by wisplike

3/29/2026 at 2:43:44 PM

They're tightening the noose. Fight, or lose computing sovereignty forever.

by underlipton

3/29/2026 at 2:56:30 PM

I’m only marginally aware of how these systems work, can someone more knowledgeable tell me the difference between Google’s implementation of this restriction and the restrictions already present on GrapheneOS? Is it correct to say that both are implemented for security reasons?

by 46493168

3/29/2026 at 3:25:20 AM

Bring back keypad based phones with J2ME, they were way too fun.

by inxode

3/29/2026 at 3:40:27 PM

> Google's latest concession makes the sideloading controversy a big nothingburger

Ah yes, having to now send in a government ID to publish apps on the Play Store is a "big nothingburger". Kindly piss off, megacorp bootlicker Stephen Schenck.

by deaux

3/29/2026 at 3:41:30 PM

Didn't you always have to do that? I remember having to pay $25 by credit card (for which I had to get a credit card) and also show ID. When they banned me for bullshit reasons, now they can stop me circumventing it because they have my ID.

by gzread

3/29/2026 at 3:55:27 PM

No. Paying yes, ID no.

by deaux

3/29/2026 at 8:30:34 AM

What is this steaming pile of shit? Android and Google are bending their customers over a table and ramming it into their asses.

If a device doesn't allow the user full control, then it isn't your device.

You are renting it from a duopoly that will bend over backwards to give all your data to the government! Also selling it to other corporations.

It is no excuse that an extremely small amount of ancient people over 85 who have never used technology in their life got scammed by some foreigner who worked them over for a full day or two.

That will happen regardless of whatever immoral restrictions are placed on our devices.

If you aren't smart enough to use the tech, don't use it.

by Ms-J

3/29/2026 at 4:52:49 AM

> Google's latest concession makes the sideloading controversy a big nothingburger.

It's really not. Try to realise that it's not meant to be Google's phone and they shouldn't be "letting" me do things

by nabogh

3/28/2026 at 8:45:25 PM

There is no win. They are winning 50-0 and they just scored an own-goal; so what?!

by Pooge

3/28/2026 at 10:50:39 PM

Can't agree with you enough.

They're still moving the Overton window on making Android a walled garden. They're playing a longer game.

by EvanAnderson

3/29/2026 at 6:02:43 AM

They didn't score an own goal, they just killed a guy and then put sunglasses on him so that the people around do not notice he's dead and complain

by schubidubiduba

3/29/2026 at 6:27:18 AM

"Government gives citizens a win by allowing them to breathe air."

by Razengan

3/31/2026 at 7:24:40 AM

"Just log into our online account" is not a concession at all. This sideloading drama is laughable anyways since the bigger issue should be there rootkit access and appstore monopoly.

by akimbostrawman

3/28/2026 at 9:27:34 PM

can't wait until this is just completely bypassed and we can ignore Google again.

by yesbut

3/28/2026 at 9:35:32 PM

There's not really a way to bypass Google if they don't want there to be, and that's what they're moving towards. The only long-term solution is to cut Google out entirely.

by idle_zealot

3/28/2026 at 9:48:46 PM

Motorola with GrapheneOS is an interesting prospect. The space is ready for disruption and the tools to do it are more available than ever. Maybe it will come from the EU. Who knows, but Google overplayed their hand, IMO.

Also, let's be clear about the mobile landscape right now. Many apps aren't written in Java or Swift, but instead are being transpiled from other languages like TypeScript and using UI libraries that aren't locked to the mobile platform itself.

When a new mobile platform enters the space it will require some react-native and capacitor glue code and we are in business.

by ddtaylor

3/28/2026 at 10:22:00 PM

Motorola with GrapheneOS has all the same failings of any other custom ROM.

by fluidcruft

3/30/2026 at 3:42:58 PM

Which failings in particular?

by ddtaylor

3/31/2026 at 4:45:23 PM

I have seen tap to pay work before with other ROMs

by ddtaylor

3/30/2026 at 7:55:49 PM

Not being able to use tap-to-pay, various banking apps, some work apps, for example.

by fluidcruft

3/29/2026 at 8:58:34 AM

I despise how this incredibly user-hostile move is spun in the title: "Google just gave Android power users a huge sideloading win", as if it was a good thing that Google did for some portion of its users. That's such a blatant, incredibly damaging lie, on all levels, that it's probably called journalism at this point.

by animuchan

3/28/2026 at 11:25:39 PM

[flagged]

by scuff3d

3/29/2026 at 7:09:07 AM

Please don't fulminate on HN. The guidelines make it clear we're trying for something better here. https://news.ycombinator.com/newsguidelines.html

by tomhow

3/29/2026 at 5:12:56 PM

I try to be fair minded, but some things warrant strong reactions in my opinion. Journalists shilling for corporations exerting more control over a platform they already have too much control over is one of them.

The mods or whoever are welcome to remove my comment if they think it's too far out of line.

by scuff3d

3/29/2026 at 5:18:11 PM

You're literally replying to "the mods" .

by rkomorn

3/29/2026 at 5:56:29 PM

Lol. Wasn't paying attention, my bad.

by scuff3d

3/29/2026 at 3:32:41 AM

[flagged]

by direwolf20

3/29/2026 at 6:29:10 AM

Very, very good news everyone! Google has agreed to only gently fuck us in the ass! They were even kind enough to offer to use lube!

by bitwize

3/28/2026 at 9:34:37 PM

WTF win? Sounds like I will need a tracking google account because it can "carry over" when I "upgrade my phone" "Google giving a concession" is no win.

WTF Concession? Why are we asking google for permission to use the devices we bought as they see fit?

Ok, google is doing what is best for them, abusing users. But the manufacturers are really to blame here because the devices are by default locked to what google and them decide. There is no Market Choice here.

by catlikesshrimp

3/28/2026 at 9:50:02 PM

Hopefully other vendors will adopt GrapheneOS like Motorola is prepared to.

by ddtaylor

3/28/2026 at 11:10:54 PM

Yeah, but then banks need to be pushed to support it. And while we're at it it would be good if people responsible for European eID also stopped recommending Google device attestation.

by dzikimarian

3/29/2026 at 3:31:29 AM

Graphene's policy is to work on one phone at a time. If other vendors want to support it they'll have to pay for the work to be done to Graphene standards, themselves.

by direwolf20

3/28/2026 at 9:15:03 PM

How long before there is a "we've detected your account has been used multiple times to re-setup a phone.. we've re-enabled the Google Nanny Safety mode.. also we've locked your google account just in case.. " I mean other than hackers, who has needed to factory reset their phone more than once in a year you must be doing something shady... right right?

by xt00

3/29/2026 at 4:32:22 AM

step 1: make situation very bad

step 2: make situation tiiiny amount better

step 3: proclaim this as "a win"

...really?

by NooneAtAll3

3/29/2026 at 6:04:14 AM

Big companies have gotten scaringly good at manipulating the media and general public to avoid many people getting too angry at the same time.

by schubidubiduba