Sounds like Google Play is treating Tor Browser like any other app. Randomly rejecting every 4th or 5th release of a long standing app for some random minor reason.
I get they need to keep trojans, spyware, adware, etc out of the store, but as a long time app developer it just seems like the algo says, "We have not rejected this app in a while, so let's do it this time."
>I get they need to keep trojans, spyware, adware, etc out of the store
They don't keep out adware. Users have that benefit only when using the iOS app store. There are tons of apps on Android that just wrappers around ad SDKs
You might test out something like Guardian VPN and see just how much stuff your phone is trying to send over the wire without your consent. (Guardian is iOS-only, afaik, but surely there must be Android equivalents.)
Sure, but those are still very far behind software/support wise and you need to be really patient. People who believe in this, like me, have sent them my money, but my daily driver is a modern Android phone which was not only (much) cheaper, but miles ahead in stability and hardware. I send my money and bugreports in the hopes I will have a stable and open phone in my pocket before my death, but there are many years to go as it is.
If we manage to get something like the samsung a31, at a similar pricepoint, with all hardware working before 2025, I would be happy. But I am skeptical when installing yet a newer OS version on my pinephone and start writing bugreports for applications we consider trivial for a daily driver phone.
Edit; being able to performantly and robustly run Android applications in Linux could (sadly but it is a reality) help adoption a lot a well because of proprietary apps (it sucks but I need whatsapp for instance). That is not that close by either I think; anbox is slow and unreliable last I tried.
Nowadays, what's exactly "Adware"? Apps/Games with ads is now usual (remember Opera is called Adware). Possibly an app that forcely displays ads still can be called as Adware, but it's not possible on iOS and need manual additional permission on Android.
Exactly. Seems to be a trend at major corporations like Google. Create a fire, create enough noise to get your department noticed, extinguish it. Earn your paycheck.
>This release updates Firefox for desktops to 78.6.0esr and Firefox for Android to 84.1.0. This release includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.
>Note: This update is not available on Google Play at this time because the update was rejected during the review process. We are appealing the rejection and working with Google so this update is available as soon as possible.
This was published a week ago. As of today, the latest version available on Google Play is still outdated.
It's a shame that we are now back to the times when microsoft made IE4 (or 6?) part of the OS and completely impossible to remove it.
On windows98 and later I would install windows, open IE, disable every single setting to make it completely broken (no JS, no activeX, require latest SSL or bust, etc... pretty much made it impossible to use or be exploited in the background) ... win10 still insists on opening Edge when I click a link from the settings application despite firefox being my main browser.
Now I try (and fail) to do the same with google on android: Reset my phone, disable a bunch of System apps that completely break everything (i have to press OK twice on a "google service stoped working" every time i enable wifi) And I still cannot prevent any app that want to access the web directly or via chrome "web view" and load anything they want and keep cookies no matter my say on the issue. ...not to mention that it makes it a pain to get updates to the bloatware apps I still have to run to make the phone minimaly functional as the app store insists on me having those Advertisement services running to get updates to the bloatware i already bought with the phone.
So, yeah, you can install APK without Google blessing and their captive store, but that is an option for less than 0.1% of users that will want to put up with that.
I'd love to, but mobile phones are bad-compromise-all-the-way.
I can't live without a proper SSH client, and that requires a proper keyboard where you can actually do key combinations.
Any phone with a keyboard (and not ancient) can't receive an unofficial OS. e.g. blackberry Key2
Either because they do not have unlocked/vulnerable bootloaders, or because you must have the closed source driver running to be usable. Android is not opensource and even lineage OS still requires TONS of closed source binary blobs to even boot. There is zero open source android alternatives.
It needs patches that allow faking the app signature. They consider this bad practice/a security risk and they are kinda right. I patch my lineageos to support signature spoofing though and use micro g.
> open IE, disable every single setting to make it completely broken (no JS, no activeX, require latest SSL or bust, etc...
Personally, I usually just delete the .exe (and .dll, etc) files. The most secure code of all, that never has bugs and can't be exploited, is code that doesn't exist.
Installing APK outside of Google Play and breaking system libraries on your phone is different things. First is easy and plenty of people do it. Certainly more than 0.1%. Second might not be easy and I don't know why even 0.1% would want to do that.
It worries me that one day Google is just going to decide to remove that feature from a future version of Android for "security". 99 percent of users won't notice or care.
Just the way the functionality's in there now shows it's treated as a second class feature. It's buried down in the special access settings labelled as 'install unknown apps and granted or removed on a per app basis. Notably, the google play store is not on this list.
The whole setup makes installing apps from other sources obtuse and 'scary' to the average user.
I'm not sure how say an app from f-droid is more 'unknown' than an app from the play store myself. Then of course, just to install f-droid, I have to download it, allow installing apps from my file manager, which comes with some scary popups, then I have to again enable the setting for f-droid, again after some scary popups.
The goal really does seem to be do make the idea of installing software one acquires outside the 'official garden of known apps' to be something terrible and scary nobody should ever want to do.
So on every single thread about apple's walled garden when someone suggests that Apple should allow installation of 3rd party apps, everyone immediately goes "oh no, now my mother/father/grandma will install some dodgy app and it will steal their data".
To which I say....have you seen how complex the process is on android?? I can't imagine that that is going to be a problem. They will be just sent a dodgy website link that will steal their bank details, not some app that most people won't figure out how to install.
> Then of course, just to install f-droid, I have to download it, allow installing apps from my file manager, which comes with some scary popups, then I have to again enable the setting for f-droid, again after some scary popups.
Not only that, but every now and then when trying to update an F-Droid installed app, Android pops up an unexpected dialog asking if I want to enable "Play Protect". Its unpredictable, breaks the flow of the update process, and seems to have no way of disabling it.
This really bothered me too, so much so that I downloaded some unofficial LineageOS source code for the latest version, patched it for signature spoofing to be able to use microG and flashed it to my device.
That play protect popup was the last straw. It reminded me that google is indeed watching every step on my android phone.
> The whole setup makes installing apps from other sources obtuse and 'scary' to the average user.
...yes? It's not a bug, it's a feature. For the average Android user, it SHOULD be obtuse and scary to install apps from a third party source. Power users can still use a third party app store.
yeah, I want to believe in the fundamental competence of humanity, but then I think back to all the browser toolbars I used to see on random people's computers..
Jesting aside, it's not a bug in the sense that Google also gains nothing and actively loses money from making it easier. At this point it's just to avoid PR nightmares that they are keeping it in.
How is it any more 'scary' installing an app from a website than the play store? There's plenty of malware on the play store. I'd actually be willing to bet you're more likely to install some malware from the play store than from an apk you get off a website or alternative store.
It's a tradeoff for freedom vs a false sense of security. On android at least, the walled garden approach hasn't seemed to stop malware, the majority of which, comes from the play store. All it's done is teach users to blindly trust apps just because they come from a supposedly trustworthy source. If anything it's taught people to think less about security and the kinds of apps they install. It's on the play store right? Must be ok.
Do you not remember the old days? I had a nightmare of a time lk dealing with adware and spyware infested pcs. Almost every person I knew had an infested pc. Browser hijacks, toolbars etc.
I remember. I killed my computer once with adware to the point where I needed to reformat my drive and reinstall everything. It sucked, but it taught me to always pay attention to installers and not to just randomly install anything and everything.
I've also helped other people deal with these problems before. I found that aftwr taking the time to show them how they end up inatalling that crap, the kinds of things to avoid and setting them up with some removal tools they tended not to make the same mistakes.
I keep being told on HackerNews that Apple's model of total control is so much better for all the users and it helps not ever having to care about software quality.
I can say Apple's model is not better for me and that's why I use Android. If Android didn't let me basically control my own phone, I would switch to a libre phone even if it was shit.
You can have different choices - one that's closed and one that's open -- both have advantages and disadvantages. I like the android ecosystem but I understand the apple one too. I can choose which one I'd like to be in.
It's the same crowd that keeps telling us that we shouldn't want root on our phones. It's better that some corporation somewhere has root to your phone, but not you.
I don't know, I'm still applying ointment from when Google decided nobody using Android 9 could ever need an app to scan for wifi more often than once every thirty seconds. Not like they operate their own fleet of wardriving vehicles that continuously scan and map access points.
The problem is they're fixing one thing and breaking another. While Android 10 might have sort of "fixed" the Wifi scanning issue, it started enforcing the half-baked Scoped Storage implementation, which creates its own share of problems.
I think things have become a bit more saner with Android 11 in that regard (though there might still be some pain points left), but instead the next random thing Google has broken is that you can no longer replace the default camera app - unless whatever random app you might be using specifically whitelists your favourite third-party camera app, you can no longer use it other than in standalone mode (i.e. if I understood things correctly, the same hare-brained situation you were in until very recently on iOS with regards to the default browser or other default apps).
Well, most of the tech media and people commenting on this site are "those guys" who always publicly and loudly criticize Android for being different from iOS. Repeatedly.
They won't. Allowing APKs is useful from a legal point of view because it allows competitors to theoretically distribute their own apps (unlike Apple). It's why Google has a stronger defense in the Epic Games' case than Apple imo.
But then you should just fork it and add it back? Isn't that the point of the whole custom ROM scene (Lineage, Mokee, AOSP etc.)? Adding features and support for phones.
But you can't install over an existing app from Google Play. You need to uninstall the app, lose your data, then reinstall with an apk.
Edit: above is wrong at least for Tor Browser, you can install over an existing Google Play installation.
And the many users who downloaded from Google Play (over 10 million installs per Google Play data) never get notified that there's a security fix being held up in review.
I don't think this is correct? Can't you install any prod build regardless of source as long as you sign it with the prod credentials (and do not opt-in to google managed creds)?
That's correct. As long as you have the correct apk with the same signature as the one you already have installed you can update without issue (I've done it myself several times).
The opposite also applies, if you install a signed previous version, play store will update it.
You're right, I just successfully updated Tor Browser with an apk. In the past I've had errors updating other apps, presumably because they used Google's signing services, I assumed it was the same for all apps but was wrong. Thanks for pointing that out, I edited the comment.
And perhaps the issue is on the current version, or in the play store description, which Google doesn't like or noticed now.
That's right, sometimes you can't publish an update because the play store description, which was approved in the past, isn't now.
Sometimes it's the opposite, the app (which is published) has a problem and you can't change a dot from the play store description unless you send a fixed version.
Tor is available in an F-Droid repository [1], but that only removes problems for F-Droid users. You want to reach Google Play users with security updates as well.
Unless a detailed reason is given up front it's best to assume the heat death of the universe will arrive before you are told why your app got rejected in retrospect. The best bet is to reapply like they did and hope it doesn't get rejected. If it's still rejected now you hope you can generate enough noise on social media to get ahold of someone that can actually fix it.
The conspiratorial explanation is that the three-letters asked them to stall the update a bit. But most likely seems it was something completely boring and ordinary. A business motive seems unlikely.
Google should be broken up like the US did with AT&T. I suspect a Biden administration will interfere with this process and save them from being broken up.
AT&T you had no choice on your carrier or what you could even plug into the phone line. There are multiple app stores for android devices and you don’t even need an App Store to install an app on an Android device.
Using at&t is a very bad example to use against google because under at&t consumers had 0 choice. AT&T used this monopoly to raise prices and limit choice. Google doesn’t even charge for android.
Technically true but practically irrelevant in terms of consumer impact. The number of Android devices in the US without Google services is easily a rounding error. ~100% of the Android handsets in the US have Google's software preinstalled.
This is a fair point, yet I don't think it's good to disparage what's technically true here.
There are people attempting to take advantage of the fact that Android remains free and open source, and they need support. Perhaps I should have included that in my comment above.
It's not obvious to me that a legal solution would be better.
I think Google's bundled services cements their grip on AOSP more than it supports it being independent. All Android handset OEMs basically have no choice to install Google services because AOSP isn't mass marketable on its own, and nobody can really compete with Google's combination of Play/Gmail/YouTube/Chrome/search. Once you have a Google account, you get funneled into these other services, and it makes it difficult for any other services to gain traction. If we want AOSP to truly be free, then it has to be useable outside of the Google ecosystem.
Android is like a club with free drinks, but Google Services are the $150 cover charge.
It's not impossible to execute: You order them to do it, and it's on them to develop anything necessary to make it happen. And yes, that might entail having to split up Google accounts into different accounts for different services, uncoupling products, removing exclusive integrations, and in the end, the consumer will benefit.
I was at Netflix when we decided to undertake splitting DVD and Streaming. We had chosen to make that change, and had high motivation to do it. It still took about seven years to finish that task.
Google is even more entangled than Netflix was. I suspect it would take them at least a decade to execute a split like that.
It's likely such an order would include a deadline for compliance and a cost for noncompliance after that. I suspect that it would happen faster than you think.
Furthermore, companies like Facebook have actually made a point to deeply integrate otherwise disparate products (Instagram), solely to later claim it'd be "too hard" to spin them off if the court orders them to.
The simple answer is to continue to fine them until they accomplish the task: If a company goes bankrupt trying to comply with the court, perhaps they shouldn't have violated the law so flagrantly in the first place.
I think people are too hesitant to admit that companies that violate the law should be eligible for the "death penalty". It's absolutely fine for a very bad company to explode and die once brought to court.
I'm sure it would include a deadline. My point is the government's deadline would surely be unreasonable.
> I think people are too hesitant to admit that companies that violate the law should be eligible for the "death penalty".
I don't believe in the death penalty for people, and I don't believe in it for companies either. I certainly think that companies get away with too much, and that their leadership should be more personally accountable for fragrant violations of the law. But death is too extreme a punishment.
But at the same time it's the limited liability that allows for innovation. Companies would take far fewer risks, both good and bad, if the people running them were personally liable.
I am pretty against the death penalty for people too. But corporations are particularly immoral, and I feel that if anything, we should be vastly more comfortable executing companies than people.
I think personal accountability for CEOs and executives would help a lot. A CEO who knew an illegal business move might land them in jail would be much more hesitant to do it than a CEO that knew that move might cost investors some stock value.
But I also think a company's behavior can be endemic and cultural, and that perhaps rather than trying to turn them around, we should just "execute" them. Shut down operations, auction off property to pay any debtors and assist employees with the transition elsewhere.
One of the things I think about with Big Tech is that they are incredibly overvalued on their "too big to fail" status... that and the current reality that their illegal gains won't be meaningfully seized. If a company could be "executed" for it's misdeeds, investors would need to be real about the value of "rulebreaker" type companies, and the additional risk they carry. We'd not be in the situation we are now, where the crimes of Google and it's executives keep racking up... but so is it's stock price.
I don't buy the claim that we need to limit liability in order to foster innovation, because our limited regulation has led these companies to squander so much innovation, it's insane. For every innovative thing one of these tech companies has done, it's killed dozens or hundreds of startups that were doing something more innovative and not focused on circling the wagons around their core stock value.
Even if Google (or Facebook) are split into pieces many people will still do social logins, so no different accounts for different services. I don't do social login and I don't like the very idea of centralizing authentication and profile managment (probably also some of authorization) but I also don't think that there is any legal ground to forbid it.
That actually will likely be a short-term solution if companies are forced to unbundle.
Say Google is required to sell Chrome and/or Android. Problem is, billion people's Google accounts are signed into those devices. Solution is, you replace the "Google account" on an Android device with an "Android account" that uses Google auth for login. Then, if a user wants after that point, they can detach that, set different credentials, whatever.
The breakup of AT&T killed the most productive industrial research center of all time: Bell Labs.
South Korea seems to be totally fine with Samsung running the majority of the economy, monopolies — when controlled through regulation — are not always a net negative for society.
I have enjoyed the benefits of information theory, fiber optics, lasers, UNIX, the transistor, and many other things which came out at Bell Labs.
Industrial research which operates on the 5-10 year needs stable recurring revenue and reassurances that the company will still be around to reap the benefits of said research. Monopolies provide the environment for this research to take place. I think the proper way to mitigate the harm done to the consumer by the monopoly is to closely regulate the monopoly. For example, the fee structure for AT&T’s long distance rates was regulated to not exceed certain levels which were deemed to be acceptable. Customers payed a reasonable price for long distance rates, AT&T had a stable income, and there was no threat of their business being upended so they were willing to take on long term research to improve their margins on the fixed long distance prices.
Yes, consumers could have been paying less for long distance rates, but where would society be today without Bell Labs? I think the harm AT&T inflicted upon their customers is heavily outweighed by the engineering and scientific progress they achieved.
Biden during his tenure along with Obama displayed a propensity to utilize the "heavy hand of government" approach whenever necessary, in part due to the lame duck Congress, but nonetheless, the precedent has been set. If anything, we have evidence to believe he will intervene wherever he can.
What would that look like? Phone companies make some sense because they have to serve certain geographic regions which can't compete or collude with each other. Google serves the world, of which the US population is only 5%. Do you think the US government is going to split up Google such that "South American Google" is totally independent and brings back no revenue to the US? Same with "European Google"?
Or you you want it split up by US region? Maybe "US-East Google" gets to make money from Europe, "US-West Google" gets to make money from Asian countries, and "US-Texas Google" gets to make money from services provided to South America?
Is the goal to cripple Google so hard that companies like Baidu and Yandex can overtake the search market globally? Is that why the US congress should split up Google?
The only people who have a rational argument for another Google split up are governments of non-US regions that are financially invested in competing services.
Alphabet and Google is not really a split in the sense people are talking about.
Typically when people say Google should be split up they mean different parts of Google should split. Google has search, ads, Youtube, Gmail, cloud, Android, etc. These parts would be split into different companies. Some parts "go together" like search and ads so they may be allowed to be one company, but YouTube and Search don't go together so they would be separate companies.
But YouTube and ads do go together. Gmail would also presumably have to be Gmail and ads if it wasn't operated for data to feed to the ads engine. I could see Android becoming a product for carriers without ads, cloud doesn't need ads, how would Chrome operate as its own business without ads? Firefox is just paid for by Google search, would Chrome be the same, and would that be different enough to satisfy a breakup? Would you just split the ads team and data among multiple new companies and tell them they arnt allowed to talk to each other anymore?
YouTube could buy ads from a source which isn't Google. It's not immediately obvious that YouTube which uses full video ads is best served by getting ads from a company that focuses on text ads (Google) or banner ads (Google's DoubleClick).
Gmail could charge for account features like Yahoo mail and Fastmail do.
Android could be legitimately open source, like Linux is. Or they could sell carrier specific distributions, which is something carriers are doing themselves right now but badly.
Chrome would need to operate under the aegis of some company, but that needn't be the same company that runs Google search and Google ads. If that were the case, their abusive ad experiences code may actually be good and not merely reflect a desire to destroy ad companies that aren't Google's DoubleClick. Chrome could also then allow browser login integration into other companies. I'd prefer of Chrome integrated with my Apple accounts, not my Google accounts for example.
Ads itself could be split into two companies---Google search ads (which may or may no be owned by Google search), and DoubleClick which was its own company to begin with before Google bought them.
I was just providing an example of the different products vs a geographical split. How things actually are split would be up in the air.
Of course YouTube would need ads. My point was that YouTube doesn't need to be in the same company as search, not that YouTube doesn't need ads. The ad network would likely need to be split into the new companies that are formed so all the parts that need their own ad network could have it.
Chrome likely could not survive on its own unless search paid for it like they do with Firefox. I am not sure all the products/services that Google has and their individual ability to survive without Google. That is something that would need to be determined by the people involved with a breakup.
A geographic split of Google doesn't make sense. The right thing to do is to take each of the areas where Google is a monopoly and break them out, and prevent the broken up pieces from providing overlapping services (at least for 20/30/50 years).
I would break out at least:
Ad network
Web search
Operating systems
And put everything else in a separate company. That would contain their other consumer services (gmail, finance, docs), whatever g-suite is called now, cloud services (until they shut down), their internet balloons and what not and maybe Waymo.
You can allow the baby-Gs to contract with each other (web search needs an ad network), but require the terms to be public and frand; maybe with some sort of second source requirements.
This doesn't eliminate any of the monopolies, but it eliminates the use of one monopoly to entrench another.
I am not the person who said they should be split up.
I am pointing out that they haven't currently been split up at all. They are still a part of the same company.
Most people who have proposed a splitting up Google have obviously not suggested splitting it on geographical lines, because most of them understand how the internet works. Typically, the suggestions have been to split on product line -- not unlike how Alphabet has internally organized their divisions.
I get they need to keep trojans, spyware, adware, etc out of the store, but as a long time app developer it just seems like the algo says, "We have not rejected this app in a while, so let's do it this time."