this post was submitted on 03 Oct 2025
616 points (99.2% liked)
Technology
75758 readers
2375 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is why we need the ability to sideload apps.
I have become convinced by Cory Doctorow's (tech writer and inventor of the term "enshittification") argument that the fact that we're even discussing this in terms of "sideloading" is a massive win for tech companies. We used to just call that "installing software" but now for some reason because it's on a phone it's something completely weird and different that needs a different term. It's completely absurd to me that we as a society have become so accustomed to not being able to control our own devices, to the point of even debating whether or not we should be allowed to install our own software on our own computers "for safety." It should be blatantly obvious that this is all just corporate greed and yet the general public can't or refuses to see it.
There are groups to support:
And in the UK:
Some political groups are better than others, but most politicians are clueless.
The key is to get muggles to understand we are living in Technofeudalism and why being digital serfs is bad. The problem is ineffective competition law and that monopolies are bad. That monopolies and standards are not the same thing. I have no idea how. Most people are just naturally compliant and unquestioning of something seemingly so abstract.
In the 80's (I'm that old), many home computers came with the programming manual, and the impetus was to learn to code and run your programs on your own device. Even with Android it's not especially hard (with LLM's even less so than it used to be) to download Android Studio, throw some shit onto the screen, hit build, and run your own helper app or whatever ~~sideloaded~~ installed via usb cable (or wirelessly) on your own device.
In certain cases (cars, health related hw etc.) I get why it's probably for the best if the user is not supposed to mod their device outside preinstalled sw's preferences/settings. But when it comes to computers (i.e. smartphones, laptops, tablets, tv boxes etc.) I fully agree with Cory here. Such a shame everything must go to shit.
TBH I was confused when I came across the term "sideloading" for the first few times because I thought it was something new. Part of the plan I guess. Damn.
Most of the general public buries their head in the sand. They are convinced being politically involved is either a waste of time or makes you crazy.
Tbf both are true.
Source: I have gone mad and everything has only become worse.
That means nothing when the servers stop taking EU traffic. I get your point, but the real solution here is putting a bullet (double tap) in Chat Control, once and for all.
Yes, please.
LOL, no. They'll come back again with some other bullshit to Save the Children!™, it's a never-ending whack-a-mole.
We need to get the right to privacy and control over our own devices enshrined as fundamental rights, like so many other rights the EU protects.
And they only have to win once, we have to fight and win every time they introduce a new variant. Its exhausting.
I don’t use any of these apps, so I’m not quite sure how they work. But couldn’t you just make an app that keeps a local private and public key pair. Then when you send a message (say via regular sms) it includes under the hood your public key. Then the receiver when they reply uses your public key to encrypt the message before sending to you?
Unless the sms infrastructure is going to attempt to detect and reject encrypted content, this seems like it can be achieved without relying on a server backend.
That is how the signal protocol works, it's end to end encrypted with the keys only known between the two ends.
The issue is that servers are needed to relay the connections (they only hold public keys) because your phone doesn't have a static public IP that can reliably be communicated to. The servers are needed to communicate with people as they switch networks constantly throughout the day. And they can block traffic to the relay servers.
Signal does have a censorship circumvention feature in the advanced settings on iOS which may work when this hits provided you already have the app installed. Never had to use it though.
I think they're suggesting doing it on top of SMS/MMS instead of a different transport protocol, like Signal does, which is IP based
Which is what Textsecure was. The precursor to Signal. Signal did it too, but removed it because it confused stupid people.
It is potentially doable:
A short message is 140 bytes of gsm7-bit packed characters (I.e. each character is translated to "ascii" format which only take up 7-bit space, which also is packed together forming unharmonic bytes), so we can probably get away with 160 characters per SMS.
According to crypto.stackexchange, a 2048-bit private key generates a base64 encoded public key of 392 characters.
That would mean 3 SMSs per person you send your public key to. For a 4096-bit private key, this accounts to 5 SMSs.
As key exchange only has to be sent once per contact it sounds totally doable.
After you sent your public key around, you should now be able to receive encrypted short messages from your contacts.
The output length of a ciphertext depends on the key size according to crypto.stackexchange and rfc8017. This means we have 256 bytes of ciphertext for each 2048-bit key encrypted plaintext message, and 512 bytes for 4096-bit keys. Translated into short messages, it would mean 2 or 4 SMSs for each text message respectively, a 1:2, or 1:4 ratio.
Hope you have a good SMS plan 😉
That makes the assumption you want to use your phone number at all. And I'm sure the overhead of encryption would break SMS due to the limits on character counts.
Can't use Signal without a phone number.
You CAN use it to interact with people without them knowing your number. The only current requirement is specific to registration.
I think SimpleX removes the need for static relays.
It was so hard getting people to use signal im imagining thisll never catch on
That’s how signal started way back. Doesn’t work well - sms is terrible.
Signal has never done that. Whilst the app might not be available in some regions they've been proud to talk about how people can use it to avoid government barriers.
The CEO is saying they are willing to, that should be taken seriously.
You can run your own server for signal by the look of it
Not officially I don't think. And even if you did, you'd need a customized app to point to said server, and then you wouldn't be interoperable with the regular signal network
Most likely the reason, among others, they're fighting tooth & nail to remove side loading too.
Even the OPLus phones are planning to softlock their phones in newer models
Are they?
Google will soon stop you sideloading unverified apps – here’s what that means for you
ie, unsigned, so they are not
Sideloading is still available: you can sign it yourself or bypass verification with
adbas they documented.So, cool misinformation.
Bruh, you're trying to sanewash this of all things? Right now I can go to any third-party app store and click install on an app without me nor the developer having to kiss the ring of Google or by extension the regulators (EU with Chat Control) that they are beholden to.
After this I'll have to fucking install Google's SDK on my computer, manually download application files, and deploy them to my device over USB with CLI commands. I will never ever ever be able to get friends and family access to third-party applications after this change.
And fuck, man, there's not even a guarantee this solution will last, either. Google promised they would allow on-device sideloading back when they started adding deeper and deeper settings restrictions on enabling sideloaded app support, their word means fuck-all and you know that.
You misidentified your objection. It isn't sideloading removal, which isn't happening. It's developer verification, which affects the sideloading that remains available.
Just because you don't understand the value of verifying signatures doesn't mean it lacks value.
I recall the same alarm over secureboot: there, too, we can (load our certificates into secureboot and) sign everything ourselves. This locks down the system from boot-time attacks.
Then sign it: problem solved.
Developer verification should also give them a hard enough time to install trash that fucks their system and steals their information when that trash is unsigned or signed & suspended.
Even so, it's mentioned only in regard to devices certified for and that ship with Play Protect, which I'm pretty sure can be disabled.
Promise kept.
No, I don't. Developers are always going to need some way to load their unfinished work.
That's twice that you've missed the point that everyone else is saying. Read it again:
Google is irreversibly designating themselves the sole arbiter of what apps can be freely installed in the formerly-open Android ecosystem. It's the same as if they just one day decided that Chromium-based browsers would require sites have a signature from Google and Google alone. I honestly don't give a shit if they did it just on Pixel devices, but they're doing it to the phones of ALL manufacturers by looping it into Play services.
I just don't understand: why the fuck are you so pussy-whipped by Google that you're stanning their blatant power grabs?
Probably works at google or is a fanboy.
I don't understand why you can't read: (1) developer verification can be disabled, bypassed, or worked with, (2) you called it sideloading removal, which it isn't.
You just don't like the extra steps that limit the ease for ignorant users to install software known to be malicious that could have been blocked. I don't like handholding my dumbass folks through preventable IT problems they created.
In reality this is useless given the technical capabilities (or access to the technology necessary) of nearly every android user. What percentage of them do you think has the capacity and capability to use ADB?
Strictly it ticks the box, however effectively it is sideloading removal. Arguing otherwise honestly makes me think you work for them. It's such obvious marketing bullshit "Oh, we left this tiny window open to tick the box which people can use, but almost certainly not you and even if you are capable, it's a pain in the arse". There are lots of intelligent people in my house. I'm the only one capable of using ADB without enormous effort, making it a deliberately huge barrier and even I'm not going to do it to install a trusted open source app.
Let's be clear; the only reason they left that little window open was to have people like you say "no, sideloading is still possible" to cover their arses legally and also for actual developers, not because they care about an open ecosystem.
This does fuck all for "security". It's targeting, mainly, power users and puts just more hoops for developers. This has nothing with security (they should purge malware from Play store first) and everything to do with consolidating power over users.
It's a blatant power grab and I'm surprised to see this interpreted as anything else. Arguing about semantics just helps Google fuck everyone over.
So let me buy a goddamn phone that I can install what I want in it. Again, I do not give a shit about any phone manufacturers that want to make a walled garden out of their Android installations. I agree, it's perfect for the grandmas of the world. But Google is forcibly doing this to every goddamn phone, phone manufacturer, and Android enthusiast.
The only silver lining is that whenever Google decides that unregulated social media services like Lemmy are not family-safe I won't have to listen to your malicious horseshit.
They're being precise about their terms, while everyone else is being sloppy. Not stanning
Adb is functionally useless for most people.