I am surprised that Google spends so much time tackling custom ROMs via it’s Play Integrity API. If only they paid that much attention to say, curating the Play Store more, it had be much better for everyone
I think the main reason third-party ROMs aren’t more popular is that Google and certain app developers fuck with people who use them. The article addresses the difficulties later on, but comes up short in my view on just how much of a hassle it is for someone who isn’t a tech enthusiast who wants, for example to keep an older phone up to date for security reasons.
I think the main motivation for Google is limiting user control over the experience. More user control leads to unprofitable behaviors like blocking ads and tracking, which is also the motivation for recent changes to the Chrome web browser that make content blocking extensions less effective. In all cases, companies that try to take away user control claim the motivation is security, usually for the benefit of the user.
“This is why I <lukewarm take> in <current year>”
Didn’t read the article, but I hate this style of headlines with a passion. Using custom ROMs isn’t even something controversial, yet they go out of their way to make it sound like they’re breaking some social taboo or something. Why not a simple and concise title like “Advantages of custom ROMs” or “Consider installing a custom ROM”. It sounds like a meme speech pattern straight out of 4chan, except they’re using it with zero self awareness or irony. How about an actual hot take: journos who write like this are pretentious pricks that deserve to get replaced by chatgpt.
I used custom roms for many years, but I now use my phone to pay almost everything, and I need my banking apps. magisk hide is unreliable do I won’t be rooting my phone again I think
I think people that take that approach to life are partly ruining it for us all. You’re selling your privacy for convinience and in the process legitimising the removal of (what I consider) more ethical and reasonable solutions.
No, phone payments can be much more private than a card payment.
Edit: who tf is downvoting this objectively true statement?
Perhaps, but I advocate against using both card and phone payment. Cash is the only truly private pay method, barring facial scanning cameras at the counter. Each to their own.
This is a very complex topic that is very hard to draw the line on.
As a technical person who follows hacking and security news i can understand google introduced the api and warnings, as phones are getting hacked and unlocked bootloader or root can be abused to keep your malware going, and has been abused in the past.But as a user of fairphone/lineageOS, who tells google, apple, meta, … all of them to fuck off when i can, this scares me. The lockdown of devices can and is going too far. Hell, i even consider samsung’s android ui changes to be going too far, as it changes a shit ton of stuff and really is not a stock android experience. It locks users in their environment…
I find it funny that Google and some banks are so worried about security on Android that I have to have up to date system, app and can’t be custom ROM, can’t be rooted and whatnot. And then they’ll allow you to login to their bank from Internet Explorer on XP or some shit.
This. This, this, this, this!
My linux computers are rooted. I can get root any time i need it and nobody is refusing to offer their sevices on linux because it is vulnerable.
Nobody ever points out that when any app wants root, you get a dialog to ask if it can have it. If you don’t know why it’s asking, say no. It ain’t rocket science.
Now, if you are going through customs and you don’t want them to copy your phone and read all your personal documents, that is a different situation. Lock your bootloader unrooted and encryped to the nines. Preferably use a phone with almost nothing on it.
nobody is refusing to offer their sevices on linux because it is vulnerable
That’s not quite true, though in that case it’s about the service provider being unable to verify that the user isn’t running a operating system configured or modified to work against the interests of the service provider.
Can you cite examples of rooted smartphones leading to significant data breaches or financial losses? When the topic comes up, I always see hypotheticals, never examples of it actually happening.
It seems to me a good middle ground would be to make it reasonably easy (i.e. a magic button combination at boot followed by dire warnings and maybe manually typing in a couple dozen characters from a key signature) for users to add keys so that they can have a verified OS of their choice. Of course, there’s very little profit motive to do such a thing.
Pre-locked bootloader times ive had multiple android devices be passed to me that were malware infected that changed the rom in a way that even a factory reset would not remove the malware. Locked bootloaders made it so the rom needed to be signed and unaltered on boot, fixing this. Root access also means apps can use and access api’s in android that it normally cant, changing settings and things inside android it shouldnt. What do you think happens when malware comes in? :p
Imo, i agree what you said. bootloaders should remain locked but you should be able to somehow, in the bootloader, be able to add the os’ signature/keys to the bootloader’s trusted stuff like how secure boot on a pc keeps os signing keys and verification stuff inside the tpm.
This way you can install lineage os for example, tell bootloader to trust it, and lock bootloader again so nothing can be changed anymore.
I wouldnt take this from user input, as that is controlable by malware, but rather come from the OS itself. Maybe even during installation, idk
If the day comes when LineageOS (with microG) becomes unusable for me, I will just switch to iPhone. I hate Apple, and I’ve been using custom ROMs since Cyanogen in 2010, but there’s no way I would raw-dog a Google device.
Luckily there’s GrapheneOS for the Pixels. I’m thinking about buying a refurbished Pixel since my Poco X3 Pro with Lineage OS is having ghost touch issues. The only thing holding me back is less screen real estate.
I would probably switch to Huawei os device. No Google by design.
In fact - I might in either case, there is just too much shitty things Google does to android.
