Will F-droid continue when Google bring in their changes, soon?
microtonal 3 hours ago [-]
Even with Google's changes, F-Droid will continue to work with Android phones that do not use Google GMS.
If you care about your actually owning your device, install something else than stock OS. I would recommend GrapheneOS, since the security of some/most other alternatives is pretty bad.
scrollop 3 hours ago [-]
Would love to ditch google and use grapheneOS, however have so many banking and (stupid) outlook for work.
ekjhgkejhgk 5 minutes ago [-]
Why do people need banking on their phones though? Banks have websites too.
The outlook webapp is quite decent. I've never used their native app, but I've manahed to get by fine with their webapp, even though notifications don't work (I just check it regularily). IIRC K9/Thunderbird also has support for exchange now.
ninjasmosa 2 hours ago [-]
The outlook app works for me on GrapheneOS, is there something about it that doesn't work for you?
Many banking apps do work on GrapheneOS, the list had already been linked to by others
sheiyei 3 hours ago [-]
Apparently a lot of banking apps work with the sandboxed Google malwares. Not sure though, I'm not a user (wrong hardware)
microtonal 1 hours ago [-]
Correct. I am using my Dutch bank and credit card apps without any issues. Someone linked the curated GrapheneOS banking list already. If your bank does not support it, you could either contact them. If they require remote attestation, this can be implemented for GrapheneOS as well:
If the bank is very hard-nosed about it, you could consider keeping an old iPhone or Pixel (because long security updates) for banking if it is practical to do for you. 95% without big tech is also a big win. Of course, if you need to have it with you at all times, that might not be a worthwhile option.
wafflemaker 2 hours ago [-]
can confirm. And there are even some pages that list banking and other apps working on GrapheneOS. It's actually very few that don't work with sandboxed Google Play API.
I don't much like the official Outlook app. Been using Nine for ages, it does everything I've needed.
kgwxd 1 hours ago [-]
Can you not setup your work email through a regular email client? I thought the days of being locked into Outlook specifically went away with Exchange. Everywhere I've worked since has been able to.
Also, what kind of banking are people doing that requires an app? I genuinely don't know what it could be.
duozerk 41 minutes ago [-]
> Also, what kind of banking are people doing that requires an app? I genuinely don't know what it could be.
Close to every bank in the EU requires their user to have an app, for MFA (both for logging in and for validating transactions - transfers, payments). They use the smartphone's TPM. I have yet to see one that allows you to use your own MFA app.
The few I've seen that don't require it will validate the same through text messages (not everyone has a smartphone); though if you associate their app even once, you're screwed - the app it is from now on.
wafflemaker 58 minutes ago [-]
It's way more comfortable to login with fingerprint and not going through a longer login to the website.
Especially since in many countries it requires a national e-ID that is an app on your phone.
miroljub 2 hours ago [-]
GrapheneOS works only with Pixel devices, which doesn't make it much useful for the vast majority of Android users.
microtonal 1 hours ago [-]
Indeed. Sadly the reality is that most other Android devices are simply not secure enough. Many Android phones do not have a separate secure enclave (outside Pixel and IISC Samsung flagship and A5x range), so they are vulnerable to breaking PIN-based unlocking, side channel attacks, etc. Besides that they often only provide old vendor kernel trees, old firmware blobs, etc.
So, you have to wonder whether you want such a phone anyway if you care about security and privacy. If you don't care about security anyway, you could as well run /e/OS, etc.
Above-mentioned Samsung phones could perhaps make the cut, but don't support unlocking anymore (and when they still did, would blow a Knox eFuse).
RealStickman_ 35 seconds ago [-]
Perfect really is the enemy of good when it comes to GrapheneOS
echelon 2 hours ago [-]
This piddly open source effort pales in comparison to what we should really be doing:
Horizontally splitting Google into multiple companies.
Not division via department splits, but equal partitioning across the company into multiple horizontal businesses that compete on the same offerings.
The EU and next DOJ/FTC need to force this.
microtonal 59 minutes ago [-]
I agree, but the probability that this is going to happen anytime soon is near-0. The current US administration is not going to rein in the tech broligarchy and if they did, it would be done out of spite and the pieces wold sold to administration-aligned oligarchs (e.g. Ellison), which might end up being worse.
The EU is not going to force this, because it has enough fights to pick with the US, and this is not the hill that they are willing to die on. It would be far more likely for them to financially support an AOSP-based OS.
lukan 42 minutes ago [-]
The EU simply is not (and should not) be able to split up google who operate international. But they can regulate the EU market and declare that a monopolist cannot operate there as a monopolist and introduce any arbitary rule achieving it.
microtonal 25 minutes ago [-]
Yes, though I think that is what echelon was aiming at - the EU saying either you break up or you cannot do business here.
duskdozer 3 hours ago [-]
As of now, Google isn't destroying non-Google android installs, so F-droid will still work there (correct me if wrong). So until Google takes android fully closed or succeeds in getting popular/necessary apps to blacklist non-Google-verified devices, F-droid still has a role
izacus 56 minutes ago [-]
Is there a KDE/GNOME/kernel-like group forming to take over Android AOSP development and provide free alternative yet?
3 hours ago [-]
riedel 3 hours ago [-]
I hope so. The changes can mean two things: people can only use it easily in custom roms (I guess there is an overlap there) or they actually would play with Google: i guess technically they could as well register and sign the stuff with a Google key as the software is all FOSS and would allow defining another responsible developer (otherwise Google would have to through out all FOSS without CLA from their playstore). I guess quitting would be an option, but IMHO the outrage outside the bubble would probably be hardly noticable, so what would be the point?
brador 3 hours ago [-]
You always start open source at the kernel.
Linus knew this day 1 and it bows to no one.
iberator 3 hours ago [-]
what do you even mean?! start what at the kernel?
kernel is locked and most phones can't be rooted anymore
Rendered at 14:38:06 GMT+0000 (Coordinated Universal Time) with Vercel.
If you care about your actually owning your device, install something else than stock OS. I would recommend GrapheneOS, since the security of some/most other alternatives is pretty bad.
https://privsec.dev/posts/android/banking-applications-compa...
grapheneOS only works with google phones.
Many banking apps do work on GrapheneOS, the list had already been linked to by others
https://grapheneos.org/articles/attestation-compatibility-gu...
If the bank is very hard-nosed about it, you could consider keeping an old iPhone or Pixel (because long security updates) for banking if it is practical to do for you. 95% without big tech is also a big win. Of course, if you need to have it with you at all times, that might not be a worthwhile option.
edit: https://privsec.dev/posts/android/banking-applications-compa...
Also, what kind of banking are people doing that requires an app? I genuinely don't know what it could be.
Close to every bank in the EU requires their user to have an app, for MFA (both for logging in and for validating transactions - transfers, payments). They use the smartphone's TPM. I have yet to see one that allows you to use your own MFA app.
The few I've seen that don't require it will validate the same through text messages (not everyone has a smartphone); though if you associate their app even once, you're screwed - the app it is from now on.
Especially since in many countries it requires a national e-ID that is an app on your phone.
So, you have to wonder whether you want such a phone anyway if you care about security and privacy. If you don't care about security anyway, you could as well run /e/OS, etc.
Above-mentioned Samsung phones could perhaps make the cut, but don't support unlocking anymore (and when they still did, would blow a Knox eFuse).
Horizontally splitting Google into multiple companies.
Not division via department splits, but equal partitioning across the company into multiple horizontal businesses that compete on the same offerings.
The EU and next DOJ/FTC need to force this.
The EU is not going to force this, because it has enough fights to pick with the US, and this is not the hill that they are willing to die on. It would be far more likely for them to financially support an AOSP-based OS.
Linus knew this day 1 and it bows to no one.
kernel is locked and most phones can't be rooted anymore