An anonymous reader quotes a report from Heise: Pay securely with an Android smartphone, completely without Google services: This is the plan being developed by the newly founded industry consortium led by the German Volla Systeme GmbH. It is an open-source a…
There are also appropriate links with contacts for many other jurisdictions that are important to google. Thank you for contacting us and sharing your concerns regarding the impact of Googleâ(TM)s plans to introduce a developer verification process on Android. We appreciate that you have chosen to contact us, as we welcome feedback from interested parties. Given the recent EU rulings about allowing alternative app stores I can't imagine any additional EU rules will need to be passed to stop Google from blocking side loading.
I suspect a court would simply find that a ruling which forces the allowance of running an an alternate app store can't block the choice that alternate app store places on what runs on the device. You're not understanding what is being blocked here. Google plans to block anything from being installed, sideloaded or via an alternative app store, that wasn't written and signed by a developer Google has given permission to.
So the days of being able to write your own app and sideload it are basically fast closing. Technically you can do that, but you have to identify yourself to Google and pay them hundreds of dollars, which is out of the question for anyone that values privacy or doesn't have a huge wad You're not understanding what is being blocked here. Google plans to block anything from being installed, sideloaded or via an alternative app store, that wasn't written and signed by a developer Google has given permission to.
The EU Digital Services Act [europa.eu], requires developers to display their contact information. The DSA requires Google to provide / enforce this on Android. They do so by requiring developers to register and then linking that registration information to Android apps, whether distributed via the Google App Store or an alternative app store. My phone is like 4 years old and hasn't gotten security updates for over a year, but i can us tap to pay and my banking app even though there may be vulnerabilities on my phone.
if i were to install e/OS on it to get security patches… i couldn't get tap to pay (or my banking app ) to work because of the attestation thing.There is no workaround afaik.It's kind of a weird situation. It's great that this is getting government level attention. I hope it bears fruit and that US credit card companies and banks if i were to install e/OS on it to get security patches… i couldn't get tap to pay (or my banking app ) to work because of the attestation thing.
Switch banks. This has nothing to do with Google's Key attestation API and banking apps have no problem at all using tap to pay on e/OS. Any bank that implements its own tap to pay system on their app works just fine. It's only apps that defer to Google Pay to manage payments which don't work. But if you're using e/OS you've made a conscious choice to avoid anything and everything Google in the first place so lay in the bed you made.
My daughter has an electric toothbrush. There's an app for it that supposedly makes brushing your teeth a fun game and she wanted to try it. So I grabbed an old OnePlus running LineageOS from the drawer and installed it for her. It's a type of "flex" where you're saying to everyone around you: "look at me, I'm associated with this brand." When you pay with your phone–or even your watch–you're signaling that you're part of an in-group.
And because these corporations exploit our innate tribalism, it's an inherently rewarding experience… even if ultimately you're just a walking, talking advertisement. Practically speaking, I guess it's convenient if you're already on your phone 24/7. But for people who haven't been infected by the In this particular case it IS an example of innovation rather than legislation. That is, they're developing a competing API, and the software and service to implement it that apps MAY use.
The government part so far is just saying that their government apps are eager to use this new service if it pans out. That's kinda like saying they're willing to use OpenOffice instead of Microsoft Office. â¦none of which are German nor Brussels-technocrats, and they are not involved in this. Linux is EXACTLY the way it SHOULD be going, instead of bureaucratic political regulation.I am not advocating for Google and Apple, I am against this weird EU regulating everything to death.I wish there were way more examples like Linux!
THAT is my point. Attestation is stealing control from the owners of the device. That is why google wants it so badly. They want you to pay for the device, but then have full control over what you can and cannot do with it. That a consortium wants to take that control from google is understandable, but still evil. All the apps started refusing to work. And it wasn't just banking apps. Even parking apps wouldn't work.
I reached my limit when my savings provider notified me on a 3-day notice that I would lose access because my phone ran a non-compliant OS. All the apps started refusing to work. And it wasn't just banking apps. Even parking apps wouldn't work. I reached my limit when my savings provider notified me on a 3-day notice that I would lose access because my phone ran a non-compliant OS. I would have told them to get fucked and immediately started looking for a new bank.
Seems a very odd situation where you'd lose access to your own money simply because the bank doesn't like your OS. Pretty sure that kind of thing would be well and truly illegal in most developed nations. I would have told them to get fucked and immediately started looking for a new bank. You think you're going to find a bank which doesn't require vendor-provided app security? Seems a very odd situation where you'd lose access to your own money simply because the bank doesn't like your OS.
It's extremely normal for banks to have requirements like these. Mine has informed me that my Android version is too old so I will lose access next year or so. They've been trusting this device, but it's now becoming a pumpkin. It does if I want to deposit checks, like every other bank I'm aware of. If I just want to check my balance, I can do that through the website. But sometimes I do get checks, several times per year typically including at tax time (since I am not stupid enough to trust the feds with permission to empty my bank account) and I like to have a way to deposit those.
These schemes serve little purpose other than serving as an excuse to enforce vendor control and planned obsolescence. If a device is compromised all it needs to do is lie to the software or modify its execution. These are just additional hoops with no basis in reality and have never been able to provide useful guarantees about state of systems. Even with hardware attestation whatever someone did to compromise the system they can simply redo later after device startup.
So,I run /e/OS, and have done so for years. I don't understand what this will validate. At present, Play Integrity is a means of telling apps that the software that's *actually* running on a phone, is the software that Google *expects* is running on the phone. Now, *in and of itself*, I don't see that as being a problem, because if Google says "this is a modified OS" or "this is a modified bootloader", apps can ignore this fact if it's simply informational.
I submit that there should be a requirement for app Correct. This is attempt to use the literal FUD caused by the Trump administration. to see if its possible to have a real alternative to running banking/parking/id apps on custom rom sets.The catch is that either the writer or the press publisher do not understand the distribution mechanics at play. Play Integrity exist to make a man in the middle attack via distributing preinstalled phones harder.
If they could get a larger OEM like Xiaomi or Samsung on board, this is a very different issue, but at the end There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Summary
This report covers the latest developments in android. The information presented highlights key changes and updates that are relevant to those following this topic.
Original Source: Slashdot.org | Author: BeauHD | Published: March 10, 2026, 3:30 am
Leave a Reply
You must be logged in to post a comment.