You're getting a lot of indirect responses. If you've ever tried to mod your android phone the answer is simple. Its google play services and hardware attestation for things like banking websites.
Its really easy to make a custom rom but hard to do serious "real life" stuff; companies don't want to make it easy. To most regular users, if they cant download apps from the google play store, and they can't use venmo\cashapp, then the OS is dead in the water from day 1
Yeah but lots of phones you can't get ROMs for from a reputable source, and I sure as heck don't have the know how or time to build one, even if possible, which a lot of times is not due to locking down bootloaders, drivers, etc.
When you buy a Windows PC, the first thing a lot of tech people will do is format it and put on a clean install of Windows without all of the OEM crapware, or in these days install Linux if grandma is just using email and Facebook anyway.
If you try to do that on your Android device, your bank app is broken, most importantly not because of anything the alternate OS is doing wrong, which causes the vast majority of people to not want to do it even if it means suffering the OEM crapware, with no way for the alternative OS to fix it. And that in turn allows the OEMs to get away with locked bootloaders etc., because then they're not losing sales to a competitor that lets you remove the crapware when nobody can do it either way.
The thing is they are the best e-scooters provider in town. They have fantastic support, few times agreed to my feature requests. They have very forgiving policy for when you forgot to lock the scooter and so on. I really believe that if I messaged them off season (when they work on the app, like now in winter), and suggested changing the way they attest phones, they would consider using the attestation that GOS can pass.
I think you're not asking for enough here. A scooter rental app does not need to attest phones. It doesn't even have a bad excuse for wanting to attest phones since payment information is surely stored server-side and it would be surprising if the scooters didn't have their own network connections and GPS trackers.
They kind of do - you can have bad actors messing with scooters. Myself I used GPS spoofer once to park out of the allowed zone (just a few meters, for lulz).
There can be people messing with the system, and limiting the OSes that can access your network looks like low hanging fruit. Just like Riot (League of Legends) banned Linux users to "solve" botters. But like with botters, there are better alternatives that don't exclude legitimate users.
Most of the larger scooter companies don't do it, so it seems unlikely operating such a system requires trying to get around the first rule of network security.
I feel like we (that is anyone nerdy enough to post on HN) have been far too patient with people who are choosing to wage a war on general-purpose computing, and it's past time to push back harder.
Years ago I used to love playing around with roms on my phone on XDA and it worked OK. I don't know what folks use these days. But as recently as a few years ago I merely rooted my phone and I couldn't use a lot of apps, not just banking, but even some games.
There are tools to make your device appear to every app as running in a non-rooted environment. Here[1] is a tutorial on how to bypass Google/Samsung Wallet detections. There are threads for different apps and it will quickly turn into a cat and mouse play when Playstore app itself updates, but as the phone is rooted, someone will continue to find a way to bypass attestations and will post a comment on Reddit or XDA explaining how to do it.
This just shows that the barrier of entry of a new phone OS is more than $0. You can pay app developers to port their apps off of play services, you can pay developers to add support for your attestation keys. Considering how many billions of dollars Android makes for Google, there is a room for a return on investment for an alternate OS to enable investments into a new OS.
> You can pay app developers to port their apps off of play services, you can pay developers to add support for your attestation keys.
microsoft literally tried this back in the day when android/ios was rising against windows mobile... spoiler: it didn't work
an additional anecdote from my time then: they came to where i was working at the time and proposed funding a windows mobile version of our app (quite a large sum) but our supervisor finally said no, because the upkeep of now 3 apps would be too much for too few customers
you cant just throw money at devs and expect much unless you have the user base (potential market) to back it up
That's akin to creating a new browser and pay site owners to support your client. You can do it for a few dozen sites but that can't be your primary strategy.
We actually saw this play out twice with Microsoft's return to mobile (Windows phone) and web browsers, money is a pretty small part of it.
How much do you want to pay? Who will be paying? Big companies will probably laugh such an effort out of the room, nay, they will not even let you into the room to talk with them.
Have you ever tried to pay a bank to do something for you ?
Trying to get some scale, you're hypothesizing about giving 10 millions to HSBC to make business with your startup, when they're throwing away 500+ millions every year just to cover their money laundering.
But what what I'm asking for is only a small amount of engineering time to add 1 line to their gradle and change 1 line in their app's code. This isn't a deal spanning many engineering years doing on going work and having to measure how effective things are. It's a small change plus the overhead of making a deal and getting through the beurocracy.
I see it akin to the proverbial "not getting out of bed for less than XXXXX". You're getting out of bed every day, for free. But having someone make you do it for a specific reason will be an exponentially harder proposition.
> 1 line in their app
Aren't you asking them to maintain compatibility outside of Play Services and be on available on your platform ? That's a whole project, including their (or their contracting shop's) validating the whole new stack from a security and technical perspective, and a legal and business check on what that actually means to them.
Perhaps we can look at it from a darker perspective: if a random guy came to the bank to ask them support for their parralel phone ecosystem, the bank would at least want to know what they're getting into and what's in it for them. Especially if they're offered 10 millions for allegedly one line of code.
I just made up the figure. Perhaps 10 billion dollars is more enticing. Perhaps you have to purchase the company outright and then dictate they add support. My point is that it's not impossible to get the apps people need to work on an alternate Android OS. It is a matter of funding conpatibility. You can find a niche audience of people to start out with to make a competitive OS for them. And then overtime expand that audience more and more.
>Aren't you asking them to maintain compatibility
Typically the complaints about banks is that they use the Play Integrity library which doesn't trust other operating systems. So the ask is to support the Android API for integrity and to trust the key of the OS provider. This would be done via a new library to make integration easier and more foolproof.
Key clients requesting support for the alternative OS will be a way faster route IMHO. The same way nobody bribed banks to support android, they saw the market share and potential and decided by themselves it was a worth doing. Which is why it came so late.
I understand you're offering a way to get around the chicken and egg problem, I'm saying dealing with the supply part is crazy hard. Somewhat paying users to buy into your ecosystem despite the lack of support could be a better use of money (I'm thinking about Meta subsidizing Occulus until it got some traction, and I assume it's still in the red after so many years)
> the Android API
People loosely explain the lack of technical challenge, but from the institution's POV you're asking them to expand their trust from Google, a US company which will be solely responsible if anything critical happens...to potentially each single phone maker, whoever happens to be selling the device to your clients ?
If Google didn't exist that's what they'd do. But Play Services is a thing. The more I think about the less I see an incentive for any established player to do that move until customers are actively clamoring for it. There's just no upside otherwise.
Where do you think the creators will get this money from? Look at existing ones, they are cash strapped as they are, paying a million to get an app over beyond their budget, let alone 10 million
Investors. Trying to become a new competitor in an established industry often takes a large amount of capital. If you tried to create a business to compete in another industry, you'd also need to find investors or other forms of financing if you are cash strapped.
Investors are not dumb. The current duopoly is entrenched and merely asking for money to create an alternative os won't give you investment. Microsoft and Nokia among others failed big time even though they had plenty of money and competing operating systems. Investors give you money if they think you will be successful and return a multiple of that investment within a reasonable timeframe.
You need to solve the 3 player problem before you even ask for money: getting device manufacturers in even though you have no operating system, no devs and no users, getting devs even though you have no operating system, no devs, no users and no devices, getting users even though you have no device, no operating, no devs and no apps.
You need an MVP that shows promise towards all the above if you seek money.
This is like taxi on demand app business or the takeaway delivery business but with more players and with a higher minimum funds requirement. Plus the fact that unlike taxi apps or takeaway apps, choosing an operating system is a zero sum game so you are competing in the most direct way against well known and well established brands like iOs and Android who are funded by the richest companies on earth. Unlike Uber vs Lyft, where a user can install both and use both, your battlefield only has one victor. And given that other companies with more funding that you will ever see in your lifetime still failed, you have a virtually impossible task of explaining (before they even consider giving you a single cent) how you are going to be able to capture market share with your own solution to the 3 player problem.
Nokia and Microsoft only understood this right at the end: to avoid losing in the mobile os market, you need an ecosystem. Miss any of the elements and it all crumbles. Read Elop's memorable Burning Ship note on the final days of Nokia.
Its really easy to make a custom rom but hard to do serious "real life" stuff; companies don't want to make it easy. To most regular users, if they cant download apps from the google play store, and they can't use venmo\cashapp, then the OS is dead in the water from day 1