this post was submitted on 14 Oct 2025
748 points (99.5% liked)

Android

20466 readers
24 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

πŸ”—Universal Link: !android@lemdro.id

πŸ’‘Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

πŸ’¬Matrix Chat

πŸ’¬Telegram channels / chats

πŸ“°Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More

founded 2 years ago
MODERATORS
ijeff@lemdro.id
ladfrombrad@lemdro.id
Paradox@lemdro.id
multimoon@lemdro.id
mikestevens@lemdro.id
Devgard@lemmy.world
limerod@reddthat.com
Netrunner@lemdro.id
748
GrapheneOS could break Pixel exclusivity in 2026 with major OEM deal (piunikaweb.com)
submitted 5 days ago by baatliwala@lemmy.world to c/android@lemdro.id
172 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] 01189998819991197253@infosec.pub 8 points 5 days ago (1 children)

But if google goes on with locking out the app store with the developer verification bs, how would would this play into that? If Aurora won't install the app or the app won't run, then we've accomplished little in that area. I'm really hoping I'm missing something.

[–] kuhli@lemmy.dbzer0.com 19 points 4 days ago (3 children)

Custom ROMs should be able to disable the checks. My bigger concern is what it does to the open app ecosystem as a whole.

[–] Andromxda@lemmy.dbzer0.com 1 points 3 days ago

Nothing needs to be disabled, since it isn't present in GrapheneOS in the first place. The sideloading checks are implemented in Play Protect, which needs elevated privileges to function. On GrapheneOS, Google Play services run with normal privileges, just like any other user-installed app.

[–] cmhe@lemmy.world 3 points 4 days ago (2 children)

TBH I would actually expect GrapheneOS not to disable these checks. GrapheneOS devs pride themselves to have the best implementation of the official Android security model, and enforcing signature checks is likely part of that...

They might add additional certificates I guess, to allow their own apps, and maybe a selected few others.

[–] Fiery@lemmy.dbzer0.com 8 points 4 days ago (1 children)

Except this 'signing' is more of a control feature than a security feature. Just because Google markets it as a security feature doesn't mean it is.

[–] cmhe@lemmy.world 3 points 4 days ago

Well... The Android security model, as it is implemented in stock android and GOS, is about top down control, the full trust is given to the system vendors, not the end users. No rooting for instance. From this perspective not allowing installation of apps that cannot be blocked by the system vendor, fits well with that model.

TBH, I am not a fan of that security model. And this is my critique of GOS. It doesn't allow the user full access to their device, so that they can check and control what each application is storing or sending to third-party servers. Instead it is on full security and allows apps to store and transfer information to which the user has no access to.

But the system vendor/developers would have that access, because they control the whole base system.

The focus of the Android security model and in turn of GOS is on security, at the cost of privacy or freedom.

[–] Andromxda@lemmy.dbzer0.com 1 points 3 days ago* (last edited 3 days ago) (1 children)

This is incorrect. The sideloading checks are implemented in Play Protect, which needs elevated privileges to function. On GrapheneOS, Google Play services run with normal privileges, just like any other user-installed app. This means, there are no Play Protect checks in GrapheneOS, and there will never be. It would only be possible on ROMs, such as LineageOS with Gapps, where Play services are installed as system apps, running with higher privileges than all other apps.

[–] cmhe@lemmy.world 1 points 3 days ago (1 children)

Well, good to know.

I was thinking more about the way of Android security models, and that it would make sense for GOS to restrict available storefronts to stay consistent with their way to implement them. But good to know that it will not automatically happen just by updating the google services.

And I would also think that people would likely complain if they where to implement it in a different way.

[–] Andromxda@lemmy.dbzer0.com 1 points 3 days ago* (last edited 3 days ago)

Sandboxed Google Play is one of the key features of GrapheneOS. So far no other OS has allowed users to enjoy the full functionality of Android Auto, the Pixel LPA for managing eSIMs, and the Google Mobile Services suite (not talking about the other Pixel OS stuff) with the only exception being GPay, without full sandboxing, and without granting excessive privileges (SGP is unprivileged, the eUICC LPA obviously requires higher privileges for managing eSIMs, but it's fully sandboxed and can't communicate with Play services, or access the internet)

[–] 01189998819991197253@infosec.pub 1 points 4 days ago

But the app might refuse to run without those checks being done. Or a new format, apkx2 I don't know, might only be able to be decrypted with the proper key and only once verification. It's not a new tactic. I'm very, very glad to see this type of development finally happening (though, admittedly, a couple decades later than of hoped), but it's now a new ballgame, and google owns the stadium, the seating pricing, and concessions, the parking lot, and ticketing counter. I'm concerned we've waited too long. What's GOS's plans for this? They're, essentially, going to have to create a new ecosystem, with most of the growing pains of new ecosystems.