It's a shame that we are now back to the times when microsoft made IE4 (or 6?) part of the OS and completely impossible to remove it.
On windows98 and later I would install windows, open IE, disable every single setting to make it completely broken (no JS, no activeX, require latest SSL or bust, etc... pretty much made it impossible to use or be exploited in the background) ... win10 still insists on opening Edge when I click a link from the settings application despite firefox being my main browser.
Now I try (and fail) to do the same with google on android: Reset my phone, disable a bunch of System apps that completely break everything (i have to press OK twice on a "google service stoped working" every time i enable wifi) And I still cannot prevent any app that want to access the web directly or via chrome "web view" and load anything they want and keep cookies no matter my say on the issue. ...not to mention that it makes it a pain to get updates to the bloatware apps I still have to run to make the phone minimaly functional as the app store insists on me having those Advertisement services running to get updates to the bloatware i already bought with the phone.
So, yeah, you can install APK without Google blessing and their captive store, but that is an option for less than 0.1% of users that will want to put up with that.
I'd love to, but mobile phones are bad-compromise-all-the-way.
I can't live without a proper SSH client, and that requires a proper keyboard where you can actually do key combinations.
Any phone with a keyboard (and not ancient) can't receive an unofficial OS. e.g. blackberry Key2
Either because they do not have unlocked/vulnerable bootloaders, or because you must have the closed source driver running to be usable. Android is not opensource and even lineage OS still requires TONS of closed source binary blobs to even boot. There is zero open source android alternatives.
It needs patches that allow faking the app signature. They consider this bad practice/a security risk and they are kinda right. I patch my lineageos to support signature spoofing though and use micro g.
> open IE, disable every single setting to make it completely broken (no JS, no activeX, require latest SSL or bust, etc...
Personally, I usually just delete the .exe (and .dll, etc) files. The most secure code of all, that never has bugs and can't be exploited, is code that doesn't exist.
Installing APK outside of Google Play and breaking system libraries on your phone is different things. First is easy and plenty of people do it. Certainly more than 0.1%. Second might not be easy and I don't know why even 0.1% would want to do that.
It worries me that one day Google is just going to decide to remove that feature from a future version of Android for "security". 99 percent of users won't notice or care.
Just the way the functionality's in there now shows it's treated as a second class feature. It's buried down in the special access settings labelled as 'install unknown apps and granted or removed on a per app basis. Notably, the google play store is not on this list.
The whole setup makes installing apps from other sources obtuse and 'scary' to the average user.
I'm not sure how say an app from f-droid is more 'unknown' than an app from the play store myself. Then of course, just to install f-droid, I have to download it, allow installing apps from my file manager, which comes with some scary popups, then I have to again enable the setting for f-droid, again after some scary popups.
The goal really does seem to be do make the idea of installing software one acquires outside the 'official garden of known apps' to be something terrible and scary nobody should ever want to do.
So on every single thread about apple's walled garden when someone suggests that Apple should allow installation of 3rd party apps, everyone immediately goes "oh no, now my mother/father/grandma will install some dodgy app and it will steal their data".
To which I say....have you seen how complex the process is on android?? I can't imagine that that is going to be a problem. They will be just sent a dodgy website link that will steal their bank details, not some app that most people won't figure out how to install.
> Then of course, just to install f-droid, I have to download it, allow installing apps from my file manager, which comes with some scary popups, then I have to again enable the setting for f-droid, again after some scary popups.
Not only that, but every now and then when trying to update an F-Droid installed app, Android pops up an unexpected dialog asking if I want to enable "Play Protect". Its unpredictable, breaks the flow of the update process, and seems to have no way of disabling it.
This really bothered me too, so much so that I downloaded some unofficial LineageOS source code for the latest version, patched it for signature spoofing to be able to use microG and flashed it to my device.
That play protect popup was the last straw. It reminded me that google is indeed watching every step on my android phone.
> The whole setup makes installing apps from other sources obtuse and 'scary' to the average user.
...yes? It's not a bug, it's a feature. For the average Android user, it SHOULD be obtuse and scary to install apps from a third party source. Power users can still use a third party app store.
yeah, I want to believe in the fundamental competence of humanity, but then I think back to all the browser toolbars I used to see on random people's computers..
Jesting aside, it's not a bug in the sense that Google also gains nothing and actively loses money from making it easier. At this point it's just to avoid PR nightmares that they are keeping it in.
How is it any more 'scary' installing an app from a website than the play store? There's plenty of malware on the play store. I'd actually be willing to bet you're more likely to install some malware from the play store than from an apk you get off a website or alternative store.
It's a tradeoff for freedom vs a false sense of security. On android at least, the walled garden approach hasn't seemed to stop malware, the majority of which, comes from the play store. All it's done is teach users to blindly trust apps just because they come from a supposedly trustworthy source. If anything it's taught people to think less about security and the kinds of apps they install. It's on the play store right? Must be ok.
Do you not remember the old days? I had a nightmare of a time lk dealing with adware and spyware infested pcs. Almost every person I knew had an infested pc. Browser hijacks, toolbars etc.
I remember. I killed my computer once with adware to the point where I needed to reformat my drive and reinstall everything. It sucked, but it taught me to always pay attention to installers and not to just randomly install anything and everything.
I've also helped other people deal with these problems before. I found that aftwr taking the time to show them how they end up inatalling that crap, the kinds of things to avoid and setting them up with some removal tools they tended not to make the same mistakes.
I keep being told on HackerNews that Apple's model of total control is so much better for all the users and it helps not ever having to care about software quality.
I can say Apple's model is not better for me and that's why I use Android. If Android didn't let me basically control my own phone, I would switch to a libre phone even if it was shit.
You can have different choices - one that's closed and one that's open -- both have advantages and disadvantages. I like the android ecosystem but I understand the apple one too. I can choose which one I'd like to be in.
It's the same crowd that keeps telling us that we shouldn't want root on our phones. It's better that some corporation somewhere has root to your phone, but not you.
I don't know, I'm still applying ointment from when Google decided nobody using Android 9 could ever need an app to scan for wifi more often than once every thirty seconds. Not like they operate their own fleet of wardriving vehicles that continuously scan and map access points.
The problem is they're fixing one thing and breaking another. While Android 10 might have sort of "fixed" the Wifi scanning issue, it started enforcing the half-baked Scoped Storage implementation, which creates its own share of problems.
I think things have become a bit more saner with Android 11 in that regard (though there might still be some pain points left), but instead the next random thing Google has broken is that you can no longer replace the default camera app - unless whatever random app you might be using specifically whitelists your favourite third-party camera app, you can no longer use it other than in standalone mode (i.e. if I understood things correctly, the same hare-brained situation you were in until very recently on iOS with regards to the default browser or other default apps).
Well, most of the tech media and people commenting on this site are "those guys" who always publicly and loudly criticize Android for being different from iOS. Repeatedly.
They won't. Allowing APKs is useful from a legal point of view because it allows competitors to theoretically distribute their own apps (unlike Apple). It's why Google has a stronger defense in the Epic Games' case than Apple imo.
But then you should just fork it and add it back? Isn't that the point of the whole custom ROM scene (Lineage, Mokee, AOSP etc.)? Adding features and support for phones.
But you can't install over an existing app from Google Play. You need to uninstall the app, lose your data, then reinstall with an apk.
Edit: above is wrong at least for Tor Browser, you can install over an existing Google Play installation.
And the many users who downloaded from Google Play (over 10 million installs per Google Play data) never get notified that there's a security fix being held up in review.
I don't think this is correct? Can't you install any prod build regardless of source as long as you sign it with the prod credentials (and do not opt-in to google managed creds)?
That's correct. As long as you have the correct apk with the same signature as the one you already have installed you can update without issue (I've done it myself several times).
The opposite also applies, if you install a signed previous version, play store will update it.
You're right, I just successfully updated Tor Browser with an apk. In the past I've had errors updating other apps, presumably because they used Google's signing services, I assumed it was the same for all apps but was wrong. Thanks for pointing that out, I edited the comment.
