This trend of being actively hostile toward your user base is so confusing to me.
this post was submitted on 28 May 2025
274 points (98.6% liked)
Technology
72739 readers
1523 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
They project that they'll make more money by forcing people to accept surveillance so they can run their apps, even if they lose a few users and app developers by doing so.
I've always been of the opinion that apps are almost always useless because there is usually a way to do it through a web browser and if there isn't I don't need it. And its usually better because then I have more control (in firefox anyway).
For example the youtube app is entirely unuseable but if I open firefox and use ublock and no script then suddenly I can actually use the website.
load more comments
(1 replies)
Is users stop using custom ROMs, Google loses nothing.
One of the reasons to always cheer on (new) competitors and why we should give new companies a fair chance to establish something
The problem is that systems like this have strong network effects working in favor of the established options, nobody develops for platforms without users, nobody wants to use a platform without apps, development has more resources (existing libraries, tutorials, reference documentation,...) on existing platforms,...
So, help break the circle. You can target any of the nodes you mentioned.
- develop for the platform even if it has no issues (file it as "future-proofing", "engineering concept", whatever).
- use the platform while waiting for apps to come up, provide feedback on what apps are needed (and provide feedback on what can be done app-less, which is even more important).
- provide resources for develpopment (this one is somewhat more restricted).
None of the technologies that are abusing the network effect today started with a full charter of users.
That´s standard enshittification. They know they´ve got users locked in without any alternative.
Their goal is to ensure OEMs only bundle Google-approved Android for which Google charges licensing fees and which funnels users into Google services. If a phone won't run your banking app, you probably won't buy it.
load more comments
(5 replies)
Their user base is not who you think they are. The people you think are users are just assets, it's okay to be hostile to your assets
It would be confusing if everyone didn't simply tolerate it.
load more comments
(1 replies)
Google’s updated Play Integrity API
How can these people talk about "integrity" when they break real existing phones?
I call this the opposite of integrity.
load more comments
(8 replies)
on devices running Android 13 or later.
Sounds easy then: stay on the latest Lineage that does not incorporate A13.
While I wouldn’t say Google is actively hostile towards these power users,
Author is obviously sold out. Are they even trustable?
on devices running Android 13 or later.
Sounds easy then: stay on the latest Lineage that does not incorporate A13.
This isn't viable. You can't run an older android version than a device ships with and eventually older hardware will become obsolete enough that it won't be able to connect to current gen mobile networks.
For now, sure, you can run android 12 on an older device and bypass integrity easily, but sooner or later that won't be viable.
That's true of anything in technology (that is not designed to last; see: typewritrs and radio still work), so not really a variable. By that poiont you'll either have a dedicated "updated" phone for current-gen slop, or have shifted over to a more private stack, or even have gone fully off-grid.
Fuck Google Play
Time to get downvoted to oblivion.
I see a lot of people questioning why Google would do this and the answer is pretty simple.
Google created a tool a long, long time ago which was meant to make sure traffic from a device was "legit". This tool is 100% optional and app developers can use it if they would like. However, the tool was easy to bypass, so over the years Google has been making the tool harder and harder to bypass.
This article is just sharing news that Google is once again making this tool harder to bypass.
So why is Google doing this? They are doing this because they don't want their tool to be bypassable. Their tool is worthless if it can be bypassed.
The tool in question here is the Play Integrity API (previously known as the SafetyNet Attestation API). This is a tool that is offered to app developers that app developers can take advantage of if they want. The selling point of the tool is if you have operation in your app that is critical, you can try to prevent some abuse by verifying that the app is running on a "trusted build of Android" and that the app itself has not been modified from the original. That's all the tool does.
This isn't a new API. This isn't something Google is trying to force app developers to use. No. From Google's point of view, they are just making sure their tool does it's job properly.
As for why companies might choose to use this tool, a big reason is because Android is a huge target for fraud. Apple has locked all their stuff down so it is much harder to commit fraud on iOS (not impossible though). Although Apple offers something similar, there is generally less fraud coming from iOS devices vs Android. It's the double-edged sword of having a more open platform.
Companies are obviously not going to be happy to be the target of fraud so they have to weigh their options. Either they block a small percentage of their users that are possibly legit by implementing Play Integrity API or they risk losing a % of their income to fraud.
Now you can disagree with the tool's job, I'm not trying to argue whether the tool is good or bad. That is extremely subjective, but hopefully this answers why Google is making this change.
load more comments
(1 replies)
If I don't have Play Integrity spoofed, my iPhone friends get an error when they try to RCS message me. This pretty much breaks communication for me.
This is the future of the Big Tech Internet if we're not careful. Attestation to be able to use communications and other websites.
load more comments
(1 replies)
It doesn't make it "tricky", it makes it impossible.
Stares at rooted A13+ phone passing 2/3 new integrity checks
It's possible, but it's annoying.
Those are the wrong integrity checks
No, they're absolutely not. Check out tricky store and play integrity fork to see how we're faking a trusted environment on custom and rooted roms. You can pass new basic+device integrity (equivalent to old strong) with a valid unrevoked keybox on A13+ and strong on <=A12.
It's a new stage in the arms race for sure but it's still possible to bypass until all of the keys used to sign keyboxes are revoked.
Edit: the device fingerprint is just as important as the keybox too, either can cause you to fail integrity checks. It's way more annoying to manage than the legacy "just flash PIF" bypass ever was.
load more comments
(1 replies)
Okay? Like, ive been rawdogging this no Google GrapheneOS thing for 2 Years now, and Ive Bad not a single Problem until now
Same. The vast majority of my apps are from F-Droid or directly from the dev, and only a handful are from Google Play, and those are all on a separate profile. There's only 2 or 3 I actually need, and I can probably work around those.
Screw you Google, my next phone will probably be a Linux phone so I don't need to deal with this crap anymore.
I ain't clicking on an android authority article. Does anyone know if/how this would effect Graphene?
Already does. Some apps just don't work. It'll notif. And say Google api failed to validate login to your Google account. Example app EBay.
Interesting. If I just don't use any apps from the play store and only use stuff from fdroid with no play services I should see no issues though yeah?
There's always a chance any app, even from fdroid, will require play services, but that's still highly unlikely. You should be fine with fdroid alone, yes.
can confirm, I'm running GrapheneOS right now with F-Droid and some extra repos as my only app store, it works fine for me. but I don't use banking apps (web browsers do fine for that), and I'm using a de-Firebase-d version of Signal (Molly F-Droid) so no issues so far with no GMS and no SafetyNet.
edit: I should add that a new GrapheneOS update just released, this is in the release notes:
- disable anti-competitive code being injected by the Play Store into apps choosing to enable "App integrity > Automatic protection" when there's a valid Play Store source stamp signature (proving that it's an unmodified app from the Play Store, so we aren't disabling an integrity check) since it prevents using the apps on GrapheneOS when apps also choose to enable "App integrity > Store listing visibility" with either the "Device integrity checks" or "Strong integrity checks" values enforcing having a device licensing Google Mobile Services and running the stock OS (circumventing this is protected by the DMCA exemption for jailbreaking)
so it looks like the devs are actively working around this issue and making changes to allow those checks to pass even without the ROM licensing GMS.
load more comments
(1 replies)
load more comments
(1 replies)
load more comments
(2 replies)
This seems like it'll break things like revanced, which honestly makes me sad mostly for Duolingo :(
Really hope folks find a way of spoofing this too. I'm hoping to switch to a custom ROM in the future and this doesn't bode super well
At this point I'm leaving a paper trail in my comments. Sigh, I'll keep it short and sweet.
If you're using ReVanced to hack and get through Duolingo, then I think you should just drop the service. There are countless free resources out there that do a better job, and aren't predatory or make you hate learning. Duolingo is good for beginners and about a month or two of learning. Please let that app go, especially since the CEO thinks AI is a suitable replacement for the education system...
load more comments
(1 replies)
view more: next ›