Hacker News new | past | comments | ask | show | jobs | submit login
KDE Connect removed from Google Play store for violating new policy on SMS (twitter.com)
434 points by coolgoose 30 days ago | hide | past | web | favorite | 170 comments

It's kind of ridiculous that Google is very active in shutting down legitimate apps like KDE Connect but paid clones of open source apps, or apps that promise to upgrade Android the version [1], are still happily up for download.

[1] https://old.reddit.com/r/Android/comments/b1ske7/stupid_apps...

That's definitely the impression those apps were going for, but the wording is careful on most of them. They're not technically saying you'll get 4 more GB of ram, just that the app can clean up some of the 4 GB of ram. They're awful, but it's not clear to me that they're violating a rule.

And that's precisely why Smart Contracts and other types of automated moderation are doomed to fail. There will always be loopholes in the letter of the law to exploit, which requires people able to enforce the spirit of the law instead.

I find it extremely scary to make business with Google. Their robot would get your account banned, all cloud, play and every other thing with it. Every hour it is banned would be lost money and lost customers.

This is not my problem, really. It is Google's public image as I seen it soulless support for last 10 years, and stories like this pop up time to time. Too sad they pretty much locked in Android app market, and with every version it is harder and harder to sideload apps. I am not using any Google cloud services if I can find alternative.

I understand that it may be my perception, but I do not understand why company would build such image of itself.

Ech at least on android you can easily install apps outside of google play. _I_ find it scary to make business with as you can be pretty much _snapped_ out of existance in a single decision.

I don't really follow the argument. If you are a commercial company, the Play store is pretty much all that matters in terms of business viability. At a commercial level, the fact a few geeks can side-load apps is next to irrelevant. Who builds a business on side-loaded apps?

The alternative to google play would presumably be the apple app store which, if they ban you, there is no side channel.

If your desire is to build a mobile app, you don't really have a lot of options.

True that. It's the blessing and curse of app stores. On iOS everyone complains there's only one App Store. On Android everyone complains the vendors and networks keep pre-loading their multifarious crappy app stores. People, eh?

Maybe the problem is the tight coupling.

An app store is really many things. It's client software for installing apps, it's a service for verifying apps, it's a hosting service for apps, it's a payment processor.

If you want to replace any piece of it you currently have to replace the whole thing, and do so all at once. Even if you create a good alternative app store, it has few apps in it, which matters if it's a separate client/interface than the main one. And you have to replicate every piece of it well for it to be any good.

So what's needed is better modularity. You don't have an "Amazon app store app", you just have a "software installer" app that shows all apps from enabled providers and then lists individual apps as "verified by Google", "verified by Amazon", etc. in the same software. When you buy one you get a list of enabled payment processors and choose "pay with Google" or "pay with Paypal" or "pay with Visa" etc. (the list being all the ones that the app developer accepts).

Then you can put your app in Google Play and let them do everything, or you can host it yourself and pay a verification service that charges a one time fee rather than a percentage and accept five different payment services but only the ones that charge less than a 5% commission, and either way it's not a significantly different experience for the user.

And whether or not Google would join in on something like that, at least Amazon/Samsung/F-Droid could do it with each other (and anyone else who shows up).

The thing you're ignoring is developer reputation. Google (or any app-store runner) doesn't want to allow you to use parts of their service—for which they could be held liable if those services take your money and give you nothing in return, or give you a virus—unless you're also using their identity system and thus their developer-reputation system.

And if you are using Google's identity system—in what way are you not just back to publishing on the Play Store? Through the identity system (and associated developer-reputation system) they can control who can or cannot publish on your app store. So it's really just their app store. It's your UX, but it's their guiding hand, just as if Google were on your board of directors.

Really, there's no point in them letting you have your own app store which relies on parts of their infrastructure, since they can tell that any implementation their legal dept would okay is a lose-lose that no dev would ever be interested in taking part in. To detach any liability for the results from them, you have to do it all the app-store stuff yourself. Which is exactly what mobile OEMs do.

> Google (or any app-store runner) doesn't want to allow you to use parts of their service—for which they could be held liable if those services take your money and give you nothing in return, or give you a virus—unless you're also using their identity system and thus their developer-reputation system.

Amazon doesn't require you to use their payment system with your customers to host your app on AWS. Paypal doesn't require you to host your apps with them to use their payment system. Mozilla doesn't try to stop you from using Firefox, or the Firefox-based Tor browser, to visit arbitrary "dark web" sites, and Debian doesn't try to stop you from adding arbitrary third party repositories to apt. Let's Encrypt doesn't even require you to use their own software to verify your site. This concept of "you can't just sell someone a screw driver because what if they kill someone and you were liable" has no basis.

Google could refuse your business for an individual component if you tried to use that component from them, but then you could just get that component from someone else. It would still be an advantage to be able to use one service for hosting and another for payments, even if zero of those services are Google.

And the problem with Google Play is the weak competition. If it was easier to use something else then they would lose more business from making poor refusal decisions (harming their reputation), by charging a high percentage, etc. Then they would either have to improve or lose their status as the dominant player. Reduced barriers, more competition.

> Really, there's no point in them letting you have your own app store which relies on parts of their infrastructure

The proposal was to host your own app store which doesn't rely on their infrastructure.

The pre-loading doesn't bother me as much as them making it impossible to delete this bloatware without rooting the phone.

By rooting and deleting apps , or any other modification of the /system partition, you are making it impossible to apply any patch released by the manufacturer (it is a binary delta of the volume).

Consider disabling the apps; if the manufacturer doesn't allow disabling the app through Settings, you can always do it via adb. When you disable the app, the system will ignore it and behave as if it wouldn't be there. You can't get any additional benefit from the deleting, you won't gain any additional free space, as no app can write to /system partition for the above reason anyway.

Yeah, exactly. I honestly wouldn't care much if they preloaded a bunch of crap so they can get kickbacks (which would probably translate to a slightly lower-priced phone, due to all the competition in the Android phone market), as long as I could just go delete it like any other app.

> The alternative to google play would presumably be the apple app store which, if they ban you, there is no side channel.

It depends on what you mean by "side channel". You can do a PWA instead, or use tools like Test Flight (up to 10,000 users), or leverage the Apple Developer Enterprise Program, etc.

Unless or until Apple bans your account, at which point you can't even deploy to your own phone anymore.

It's very common in rural Asia. Users share apks via P2P file sharing. Typically one person in the village will set up everyone's phone for them. Usually with all apps preloaded, but they're actually quite savvy about adding and removing apps once they get going, since they're on phones with such low internal storage. If you want to make it into these markets, you need to make your app side-loadable

But is that a model that producers can build a business on?

With a few billion people in Asia, probably.

I actually would wish more companies had a repository that was compatible with F-Droid. F-Droid makes.it possible for anyone to make a repository and then it will handle all of the app store side of the house.

Epic Games, apparently.

And whatever the Amazon Fire devices use as an app store.

Amazon runs its own app store. It took years even with their resources to make it useful. Developers originally tossed up buggy, incomplete, and/or outdated versions of their Android apps just to say they had one on Kindle Fire.

And WhatsApp, direct download on their website

A lot of companies do. I've actually found it's pretty difficult to get mobile apps deployed inside bigger companies WITHOUT delivering a custom build that enterprise IT rolls out on their own, even on iOS.

We do because we have android hand scanners for the production areas and handhelds for the drivers, side loading is the simplest way to get stuff onto them.

> Who builds a business on side-loaded apps?

Epic Games. https://techcrunch.com/2018/09/07/fortnite-hits-15-million-i...

> a few geeks can side-load apps

Do you mean being able to click a link on the app author's website and press "allow" makes you an elite sort of geek?

GCP will no longer just shut down your projects without a human approval.

But they will still keep your credit card number forever if you ever give it to them.

Once it's been added, it can't be removed.

They claim it's for auditing purposes, but those "auditing purposes" shouldn't require keeping it attached to the account as an active payment method (which is what they enforce).

Yeah they could totally keep it for no more than 2 or 3 months and 99.999% of any problems with "auditing" would also be handled.

What about my google account? Would it run, but I won't be able to access it?

I think Google lost trust, which is hard thing to get back. I just speaking how I feel. And I don't get such feel using AWS.

> I find it extremely scary to make business with Google

Isn't Apple scarier? They can block your app for particular country and if they do there is no way around.

> and with every version it is harder and harder to sideload apps

How is it hard to click a link on an app author's website and press "allow"?

And there also is F-Droid.

Google is by orders of magnitude better than Apple in this way.

Don't build mobile apps. Build web apps.

I believe that you will have a harder time collecting the user's contact list and GPS data with a web app, not to mention showing advertising on the user's lock screen.

> with every version it is harder and harder to sideload apps

Really? How?

I just had the same issue last week when my app with SMS permissions for cross-platform syncing was rejected, but after some back and forth with Google I found out what they needed to let our app through.

When publishing a new release on the Google Play Console, you need to create a video showing how the permissions are granted as well as the functionality that uses the permissions, making it clear that this functionality is a part of the core functionality of the app. After that, they approved it pretty quickly.

You have to take into account that the Google reps that approve or reject the apps don't spend much time checking if the app is compliant, so if they don't see this evidence in the video, the app won't be approved.

Great. I always wanted Google to ban the apps that demand permissions beyond those they obviously need to do the very job I want them to.

That's why runtime permissions and the ability to revoke permissions exist in the first place.

A couple weeks ago Google removed one of my apps for the same violation. I rebuilt the same application with the SMS feature removed and the Play Store Developer Console was very unclear and buggy on how to resolve the issue and get my app out of the rejected status.

I spent the better part of 2 hours just to get everything up and running again and it's frustrating to know that you cannot easily contact anyone @ Google to ask for help.

"I rebuilt the same application with the SMS feature removed and the Play Store Developer Console was very unclear and buggy on how to resolve the issue and get my app out of the rejected status."

Holy cow I had the same issue. Ended up having to just make a brand new one with a new name. It was a horrible experience.

A version on a beta channel had SMS permissions requested, but there was no way to get rid of it. You can never just delete a version of something, only replace it. But you couldn't 'replace' until you'd 'fixed' the problem of the SMS perms.

What they were asking for was a description of the fix, a login/password to view the fix, a video of the old and fixed versions in action and some checkboxes stating that I accepted the new SMS policy. Except... the existing versions didn't have any SMS functionality in the first place. There was no way to 'video' a fix for a problem that never existed.

But it was worse, and I forget exactly how. I could never get it to accept a new uploaded version because an existing version somewhere wasn't 'fixed'. I think this was part of it. There was a 'beta' channel version, and regular channel version, and each one wouldn't accept an update of a new version because there was still a 'broken' version on the account somewhere.

Truly a horrible experience.

I was afraid of having to do exactly that, create a new app with a new name and move all of the customers over...

I ended up fixing it eventually by somehow clearing all versions in alpha/beta channels and uploading a new fixed version without the SMS permission with increased version number multiple times, and then bubbling that up to production.

For reference, we only used READ SMS permission in this app to improve the phone number validation process so it was easy to remove, with the downside that now it is harder for our users (mostly over 45) because they have to switch to the SMS app and back to complete the validation. Our helpdesk has seen an increase in support calls about the validation process since then.

  we only used READ SMS permission in this app
  to improve the phone number validation process
What's wrong with the SMS Retriever API [1] which seems to be designed explicitly for this purpose?

[1] https://developers.google.com/identity/sms-retriever/overvie...

Yes! This kind of thing is what we want to see _more_ of in phone permissions.

Remember how crazy it was back when "flashlight" was an app on your phone that you had to give the "camera" permission to this random crappy app because the lamp is built into the camera and so that's the permission needed?

The same is true for so many features in so many apps, why does this app say it needs permission to _make phone calls_ when it's actually just measuring 3G signal strength? Why does this other one want to "read and write files" when actually it just wants somewhere to store a 40 byte ID?

In some cases the answer is Android / iOS didn't create the right permissions to reflect what's actually needed. But in plenty of others the problem is app developers don't use what is offered because they found a "simple" way (often pasted from a 5 year old Stack Overflow answer) to achieve what they wanted.

That API looks great, but it is not part of the Android API. It is Google Play services API (i.e. won't work on Kindles and Chinese phones, you will need separate solution for them).

I was not aware that existed and it looks like it can improve our situation. Thanks!

>it's frustrating to know that you cannot easily contact anyone @ Google to ask for help.

This is completely normal for anything with Google.

The #1 reason I do not recommend Google to work with for anybody. The users are just accidental for them.

Youtube is another prime example of this. Just look how they've treated even their biggest content creators when it comes to copystriking and user comments (something they have no control over). Users are just a nuisance.

I'm sympathetic with regard to Youtube. They have been effectively forced to adopt these policies by (1) major movie studios and (2) recent news coverage.

There's too many videos for a manual process, so Youtube has to rely on algorithms and that's always going to be a broad brush.

To be fair, the App Store review process can often be similarly opaque.

Yea, but Apple has support. Google doesn't really do support.

I don't bother with GP anymore, just look on F-Droid for anything I need.

Better/faster app store app.

Better warnings about undesirable app behavior.

Better quality apps in the store.

And no nag screen for billing info every time I download a free app.

This seems to be a general trend in software, and perhaps life in general: an abusive, lower quality default option for those not "in the know", and better alternatives for anyone who is savvy or has a savvy friend.

The app updating process in F-Droid is fairly buggy (I can’t tell if I’ve tapped the button or not from the upgrade page and sometimes it just doesn’t work), but in general it is a big improvement.

I’m guessing the “average” person wouldn’t be too happy about losing the Play Store since proprietary apps aren’t available in F-Droid (by design).

An average person doesn't need to remove Play Store to install F-droid.

But if that average person want to remove Play Store (and Play Services blobs) completely from his devices, he still can use and update the most of his apps using Yalp. https://f-droid.org/en/packages/com.github.yeriomin.yalpstor...

Thank you for this!

I have been making it a "soft transition", where I don't waste my time trying to remove PS, just look in FD for anything I need.

This will help.

I had forgotten about Yalp. Wouldn’t you still encounter compatibility issues with apps that require Play Services functionality?

An average person would be amazed by the fact most of apps he is using actually work perfectly without Play Services, despite the fact almost all of them declare Play Services in their manifests as absolutely required.

This stay true even for the games, although some functions like in-game purchases and 'social' things may not work.

> "although some functions like in-game purchases and 'social' things may not work."

Some may even consider that a feature.

No in-game purchases is a dealbreaker but if they are available from the Amazon store that would solve that issue. In-app purchases are way cheaper on Amazon since you can just buy $500 of coins at once and get a significant discount.

I used LineageOS with microg on my Nexus 5x for a long time, and it mostly worked. With Magisk Hide I could use my bank apps. But I never got Lyft, Uber, or Bird to work properly.

Have you tried the Uber PWA? It should work with Mozilla's location API (which microg uses).

For that you want microG: https://microg.org/

Works fine for me.

So KDE Connect (with all features) joins NewPipe, AdAway and other amazing Android applications that are on F-Droid and not on Google Play.

Any other great apps on F-Droid?

I'm using all of the above except AdAway and:

- Orgzly: Org-mode brought to your phone. I use it for capturing TODOs and push notifications for reminders.

- Revolution IRC: IRC Client

- Syncthing: Syncs files between my computer and phone. Mostly used for .org files

- Goodtime: Pomodoro technique time-management

- Loop Habit Tracker: Track habits (reading, exercise, etc.)

- Slide for Reddit: Reddit client

A few more:

- Blockada - VPN-style ad blocker

- Drum On! - Drum machine

- Firefox Klar - Small privacy-focused browser

- RedReader - Reddit client

- Shattered Pixel Dungeon - Roguelike dungeon crawler game

- Tuner - Guitar and instrument tuner

How does Firefox Klar differ to Firefox Focus?

Edit: Looks like it is actually available on the Play store and not an F-Droid exclusive.


It's just the German version of Focus, and I think it has one minor feature removed because of German law or something. I use it because it sounds cooler and I like FDroid.

A selection of F-Droid apps:

- AFWall+ (firewall, useful to block traffic to limit mobile data usage when I still need to enable it)

- Amaze (File Manager)

- AndIodine (Iodine client, use internet through wifi guarded by captive portals that still let DNS queries pass)

- Barcode Scanner (scan QR and bar codes, share things through QR codes)

- Clementine Remote (control the Clementine music player)

- Draw (to write scores when playing games)

- Easy xkcd, Simple Dilbert for comics

- E numbers, OpenFoodFacts (to know what you eat)

- Clip Stack, a Clipboard manager

- DAVx⁵ (formerly DAVDroid), to synchronize contacts and calendars with a Nextcloud instance (or any CardDav / CalDav provider)

- ForceDoze (to force the phone to really sleep when the screen is off)

- Drowser (to kill chosen running apps when the screen goes off)

- Document Viewer and PDF Viewer Plus to display PDFs. The former seems to segfault quite frequently but is nice when it works.

- Fennec or Icecat (Firefox Mobile)

- ForRunners (to keep track of running sessions, offline)

- LogCat Reader (to show Android's debugging log)

- LibreOffice Viewer (useful when people send office documents by mail) - K-9 Mail (Mail client)

- Maps and OsmAnd (for Offline GPS), OpenVegeMap (helps finding places where to eat)

- NextCloud (access files from a NextCloud instance, auto upload pictures)

- OpenCamera, a nice application for taking pictures. Works better than Lineage's stock app on my phone.

- oandbackup: backup data and applications.

- QKSMS: a really nice SMS app that is able to synchronize with the default Android SMS app, which is important for me for backups

- Riot.im (not using it at the moment though)

- Red Moon, which I use to make the screen even darker (and it works well with an AMOLED screen). I don't actually use it to filter blue light.

- SMS Backup +: to backup SMS and call logs to an IMAP account. I also copy files from /data/user_de/0/com.android.providers.telephony/ for that, which provide a perfect backup, MMSes included.

- SatStat (to debug GPS, and show a compass)

- Sky Map, to see the stars and constellations.

- Sound Recorder

- Termux: provides a GNU/Linux like environment, and a great terminal emulator which can be used with a real GNU/Linux distribution installed in a Chroot or from SSH.

- UnicodePad (look for unicode characters / emojis)

- VLC (a good music and video player)

- 2048, Open Flood, PipePanic (games), DroidFish (chess)

XServer XSDL is a good free X11 server for Android that is unfortunately not in F-Droid but now there is an X server in F-Droid (which seems to have less features).

Etar looks like a good calendar app. I've come across Wi-Fi Reminders, which can be used to display notes when connecting to a particular Wi-Fi, which seems nice and useful. There are apps to avoid leaks when using Wi-Fi. And also notes / tasks apps that I don't use regularly. TrebleShot looks nice to exchange files between devices.

[edit : added oandbackup]

If we're making an F-Droid list and checking it twice:

- FreeOTP+ for 2FA

- Wireguard for use with Mullvad VPN

- AnkiDroid flashcards

- AntennaPod for podcasts

- Telegram for messaging

- Twidere twitter client

Plus a few already noted above.

Anki is amazing, highly recommended. I use it to study everything from human languages to programming languages.

If it were not for Ankidroid, I would be satisfied with a dumb phone.

Wow, this is an amazing list! Thank you for taking the time to compile it. I'll be trying a number of these out.

There's some apps on this list which are in the regular Google Play store. OsmAnd and Google Sky Maps are ones I use from the Play store.

OsmAnd~, free on F-Droid, is the paid version OsmAnd+ on the Play Store with unlimited map downloads and probably other features. Which does not prevent from donating to OsmAnd.

I didn't know Sky Map is a former Google app!

Most apps on my list are probably on the Play Store indeed :-)

Always go f-droid first. have installed over 50 great apps from there.

Google doesn't have support even if you pay them (other than for Google Ads, Google Ads has an actually existing support), pretty much that, everything is done by robots which will tell you everything is fine.

Not even Google Ads when you’re not actually an Ads user, they screw something with your account during a migration and you’re effectively banned from unrelated services like AdMob because they decided to force an integration with Google Ads and creating a new account doesn’t work because “same address policy”.

I personally decided that it is easier to integrate a Google competitor to Flutter than to actually contact a human at Google, but I’ve nightmares about Google acquiring whichever advertising provider I integrate.

Remember this the next time you don't get that job at Google. Somehow the most selective and elite of tech institutions can't bother to do customer service.

It's one of the reasons I'm convinced that Google et al don't hire the best engineers/programmers, but really just the best interviewers.

This is not a Google engineer problem - it's a Google management problem.

Managers, theoretically from the top down, are deciding how to allocate resources (as in, almost no live customer service people), what automated policies to put in, etc.

I think there's a fundamental problem with any company that refuses to provide some human contact for problem resolution (with customers, partners, vendors, etc.)

Or maybe they hire the best engineers who interview well? Being a great engineer and being a great interviewer aren't necessarily mutually exclusive. You can be both.

Also, after 20+ years in business, google engineers are still highly respected and sought after by every company for their tech expertise. If google didn't hire the best, that luster would have faded a long time ago.

Google has always been great at tech and poor at customer service. Though that seems to be a industry wide problem, rather than a google specific one.

"sought after by every company"

certainly not sought after by my company, and i hate to speak for others, but i can name at least a handful of others where having any of the FANGs will usually get your resume circular filed. :x

If I was hiring currently been former FANG wouldn't shift the needle one way or the other.

At the scale they operate been one developer amongst tens of thousands on it's own isn't a good metric.

Not surprising, all the money is in treating users as cattle, not as customers.

> Somehow the most selective and elite of tech institutions can't bother to do customer service.

I'm not at all surprised that an organization that prides itself on elite engineering above all else falls down hard in other areas and doesn't even recognize how much of a problem it is. (Though, to be fair, Google Express, IME, has had superlative customer service, so it's not that Google can't do customer service.)

I think they do recognize how hard of a problem it is. 10,000 people write in complaining that their virus was taken down, 1 person writes in complaining that their legitimate app was taken down. How much money do you spend answering email that's 99.99% spam? $0 seems about right, and there you go.

They author of this post didn't take his app and make it Apple exclusive. He removed the feature that was flagged and re-uploaded it. How much money did Google lose on that ("I'm going to buy an iPhone to protest this!")? $0. So again, spending $0 on support seems about right.

If it were an app that mattered, I'm sure they'd find someone to reply. But the app doesn't matter, at least at the scale Google cares about.

And google is supposed to launch a gaming console today that streams from the cloud. It's bound to generate a ton of support cases, I wonder how they will handle that.

I also wonder how they deal with the countries that require a publicly listed phone number and address to be able to contact them.

The phone number will go to a recording directing people to use the online support form that routes to /dev/null, while anything mailed to the PO Box listed that isn't a legal notice will go in the trash.

These large companies do not care about local laws beyond doing the bare mimimum to appear somewhat compliant.

They'll suggest you use a community forum, and that forum will be full of people who love the product and the company and who have never seen your bug and who will tell you you're holding it wrong or that you're lying about the product and you must be a shil from that other company.

They'll just spin up more instances of support_agent.py

So that's what Google Duplex was for.

I always find it slightly funny that there is a movie [1] about working at Google and a big part of the challenge is how they handle support cases.

[1] https://www.imdb.com/title/tt2234155/

>It's bound to generate a ton of support cases, I wonder how they will handle that.

They would have to try hard to be worse than Xbox Live Support. Customer service is dead for most consumer electronics.

I've found Live to have great support. Console arrived with a broken disc drive - shipping label seen sent within an hour, and a free (download) game for the trouble; wanted to cancel a transaction and the site was bugging out - sorted in about five minutes in the online chat; controller broke - free shipping label and back in about a week; console developed a fault in use - ditto.

I've actually found that Microsoft has great support. I've had some asshole from Russia actively trying to steal my LIVE.com email for the last year (for whatever reasons). And every time he finds a way to get in I just fire up the chat and they reset my account.

I imagine like most of their end-user products they just won't handle that.

Horror stories like this one crop up every now and then. The other time they locked all the G Suite accounts of an entire company just because one of the employees has made a couple of bad chargebacks for some Android apps on his private account that was supplied as a recovery email for his company account. And they didn't even provide a reason, the company had to investigate and find out on their own.

That particular story was completely made up. It was implausible to begin with, given that G Suite is a business product with contracts that doesn't just get "banned", and Google confirmed that they weren't aware of any such incident and failed to get in touch with the author.

This comment is a great example on the effectiveness of spreading unsubstantiated FUD.

Last discussion: https://news.ycombinator.com/item?id=17115643

Google response: https://www.reddit.com/r/google/comments/8l231x/google_banne...

> The original poster on Reddit (OP) did not identify him/herself or the customer account. We have made several attempts to reach out to the OP through PM, but have yet to receive a response. (If the OP or someone from his/her company is reading this, please get in touch with me. We have tried to identify the customer based on the information in the original post, including an extensive review of recent support cases, but have not found any cases resembling the description.

There are small companies, running on grandfathered free Google Apps for domains accounts. It is still somewhat different product than the current G Suite.

My current phone has been falling apart for a while and I've already replaced the back 3 times and the camera. With the battery going out and the back starting to crack again under the case, I decided I'm getting sick of Android.

My next device needs to be something I can easily run Plasma on. Maybe I'll pre-order a Purism phone. I want a real open source phone, similar to running a Linux distro on my PC in the late 90s.

I'm willing to write applications to fill in the gaps for my needs to get away from the toxic Google ecosystem. I want a phone with real open source software, not some crippled Android minus the Play store.

>I decided I'm getting sick of Android.

How does Android and cracked hardware fit together? No such thing as android hardware. Just buy a better one next time.

>I want a real open source phone

Purism isn't "real open source". Lots of locked down proprietary binary blobs in it and no way to no use them (modem for one). If you want it because of FOSS installing Ubuntu or LineageOS on any other phone would be just as good and no need to pay someone to do it.

> Purism isn't "real open source". Lots of locked down proprietary binary blobs in it

Could you cite this, please?

With regard to the modem, its inner workings may be opaque, but it is isolated from the system and communicates over a bus (whereas ordinarily the modem on a mobile phone uses shared memory), which is what security-conscious open phone enthusiasts have been waiting years for. What other phone will give that to you?

> What other phone will give that to you?

Samsung Exynos variants - starlte, herolte, etc.

Sadly I think the Purism phone just was pushed back wasn't it?

The release was pushed from Summer 2019 to Fall 2019.

I was in the same boat as the grandparent. I ended up getting a cheap phone that I could put lineageOS on, I installed F-Droid, and I didn't install any of Googles Apps. Its working out very well actually.

If you need another cheap phone I can heartily recommend the Nokia 6.1 at 199.99 it was an absolute bargain.

I know HMD isn't the original Nokia (though it has a lot of the management) but it's an excellent phone and with AndroidOne you get security updates immediately which was a big thing I wanted after Moto-G's

Nice! I got a Sony xperia XA2, I found it open box for $150

It will start to ship in Q3 this year.

KDE Connect is one of my top five favourite / essential apps.

Sure, I'm on KDE desktop (have been since the late 1990's) so I'm aware I'm in the (tiny) minority, but the functionality is hard, perhaps impossible, to beat.

This kind of craziness isn't helping anyone.

I don't use KDE as a desktop environment, but KDEConnect works just fine outside of KDE in my experience.

And kdeconnect-cli is very handy in a terminal for sending files back and forth to phones

Google have completely messed up this SMS policy.

Someone senior needs to step in and fix this, it's utterly toxic for developer relations. The process is unreliable and doesn't work, and bluntly this sort of whitelisting of APIs for people "we think really need it" is a bad idea in the first place.

Anything that is behind such a whitelist should be a userland permission, approved (or not) by the end user, not Google.

> Anything that is behind such a whitelist should be a userland permission, approved (or not) by the end user, not Google.

You’re assuming that Google’s desire here is to protect the user. I don’t think that’s the case: I think that their desire is to control the user. Cf. how Android presents the user with a warning if he installs his own trusted HTTPS certificate (and how newer version of Android simply ignore his trusted certificate): Google claim that they are simply concerned about naïve users, but my contention is that they are motivated by a desire to prevent users from viewing the traffic of Google apps.

Try to consider the effect not just on yourself and the tiny number of people exactly like yourself, but on average non-technical users who were getting socially engineered into exposing their passwords and nudes to their bosses, stalkers, criminals, and public morality enforcers.

Yeah, why think about yourself instead of this handy strawman?

Why do people still use the "play store" when other repositories like f-droid are arguably better and perfectly available? This is beyond me. The terms of service of the google play store are callous and unacceptable.

Believe it or not, Joe public hasn't heard of f-droid.

Google Play is the app store for most android users (at least in the west).

I'm a software developer. I'm on HN daily, trying to keep tabs on new technology and such. I used to make android games as a hobby 8 years ago. I'm posting this from an android phone. I hadn't heard of f-droid until just now.

As an aside, there must be a better way to keep track of new technologies. I hate not recognizing something important.

Unless you have a device from Amazon (Fire tablet/stick), which runs Google-free Android.

Thank you, man.

This is KDE Connect, not Snapchat. Joe Linuxonthedesktop has definitely heard of F-Droid.

Speaking as a KDE Connect user who's heard of F-Droid, I installed F-Droid, then deinstalled it. It was too noisy and intrusive. When I told it I didn't want to replace an app with its version it kept asking again and again, every day at least.

Since then I've head that the F-Droid operators insist on signing all apps themselves, instead of the developers' signature. That's as bad as the TLS inteceptors that insist on accepting an extra CA.

Some people seem to think that F-Droid is obviously preferable to Googleplay. That is, at the very least, not obvious.

Fdroid maintainers require shipped apk's to have 0 non-free components. The only way to ensure that is to build the apps themselves (so that they can verify code and control dependencies). This means that they can only use their own keys.

Debian is also signing all Debian packages with in their own repositories with their own keys, and nobody takes this as an issue.

No it doesn't. They could check the developer's signature against an APK built from source. It's not that difficult.

BTW. In my case the app they urged me to replace the stock keyboard with a version that had been built without support for Norwegian. Is the language data in Android non-free?

They can, and they offer that, if the developer supports reproducible builds.

Most apps aren’t possible to be built reproducibly, though, as the Android developer toolkit was never designed for reproducible builds and relies on stuff like filesystem ordering of files (which differs between machines).

You’re even able to ship your own builds signed with your own developer key on F-Droid if F-Droid is able to build the exact same APK themselves.

Reproducible builds are the best option for such a store :)

> Since then I've head that the F-Droid operators insist on signing all apps themselves, instead of the developers' signature.

They do reproducible builds starting from publicly available source. Given the AOSP design where code signatures are mandatory and updates are only allowed if signed by the same key, they're taking the best feasible approach.

> When I told it I didn't want to replace an app with its version it kept asking again and again, every day at least.

F-Droid can't replace a version installed form GPlay with it's own version as they are (except a handful) signed with a different key.

It also won't even show you these versions anymore unless you enable an expert settings options.

I trust the F-Droid maintainers more than J. Random app developer, honestly.

Care to elaborate? You're trusting the developer to write the source code and do all the debug builds, what's the problem with building the production build?

Assuming you trust F-Droid, it eliminates the possibility that the developer isn't using their published source code. eg. they might hide their tracking code from their public github repo but build it into their release apk.

I'm a linux user, I've never heard of it and the friction would make me hesitate

What friction? It's easier to use than the Play Store.

It also doesn't come preinstalled on any devices I'm aware of, which adds a significant amount of friction.

Even once you've installed it, it can't auto-update apps.

So? Netflix didn't come preinstalled on my phone, but I still use it.

Installing F-Droid is easy, and installing and managing apps through it is also easy. I prefer it when I can find a suitable app.

> Installing F-Droid is easy

but nevertheless harder than installing Netflix

> installing and managing apps through it is also easy

but updates are not automatic (unless you root)

I don't dispute that F-Droid is not terribly difficult to use, but the original statement that "It's easier to use than the Play Store" is obviously false as soon as you take into account the mechanics of getting it installed.

Yes it can, though it needs to be installed as a privileged app.

I need to look up what it is, if it's serious, how to install it, how to use it

It's on every android device by default; to use any other repository you have to 1) know it exists and 2) know how to get it.

Even if 2) does not require rooting your device or voiding warranty it's 1) that damps on the spread of the alternatives, because people in general don't know they have a choice; because they don't look for the alternative as the problem of "how do I get the apps?" is solved for them right at the start.

> it’s on every android device by default

Amazon tablets do not have the Google Play store.

Right, they have Amazon's app store which is arguably worse than Google Play (and I say that as someone who absolutely detests Google). Their "free forever" apps are only free because you're trading personalized analytics for them, which can't be turned off without removing the app in question.

That being said, Amazon Fire tablets are good cheap devices if you want to experiment with custom ROMs and truly Free app stores like F-Droid without spending a lot of money or sacrificing your main device. Just don't trust FireOS to be any less privacy invasive than Google's Android.

Can you point out a FireOS tablet that's still being sold and the custom ROM that supports it?

You'll note that I said "experiment", not use as your daily/production tablet. With that said, all but the latest generation Fire tablets are rootable, and they are available at the usual places (eBay, Swappa, etc.) in new, used, and refurbished conditions.

There are Lollipop based ROMs for all 2017 and older Fire tablets (Amazon's FireOS is based on Lollipop so it's an easy base to start from) and there is work in progress to port Oreo to the 2017 Fire tablets:


"Android device" as in devices marketed as Android devices.

Context is not hard people. Don't nit because you can.

I believe you’re picking nits over the description of a commercial OS used by Google and Amazon and countless other device makers.


f-droid isn't strictly better. It isn't really an alternative as a store for a ton of apps, as it will only accept open source apps as a matter of policy. Which is certainly their prerogative and might be good enough for some people.

But I use some apps that are non-free and are perfectly fine with those apps being non-free and want to use these apps anyway. So f-droid will never be a full replacement for me.

The real benefit of the F-Droid ecosystem is that it's easy to host your own repository. And the client is explicitly designed to have multiple package sources avialable, so the developers of these proprietary apps can easily host their own repo.

Afaik there's no readily available payment system. It's not impossible to build one and integrate it with F-Droid though I think.

Oh, so it's like Cydia then!

f-droid can't do automatic updates without the "privileged extension" which basically needs a rooted phone.


Because my mom is not an Android hacker.

You don't have to be an Android hacker. You don't even need root. It's just an app you install.

The inability to read SMS is flat-out user-hostile.

They could have a permissions UI with red/yellow/green indicators for privacy risk or similar, and let users choose. I want Lightflow and KDE Connect to have access. Why is that so hard to understand?

Oh wait, they do. They're just intentionally crippling their product.

Albert, the developer says it's now fixed:


God help you if you ever need support from a human being at google.

This simply needs more publicity. Up-vote so Google will find a human to do a proper support!

Or maybe let's talk about the root issue here and not just try to use social media and HN in the place of formal support paths.

I have read many articles where people got ban/reject and no human ever talked to them. No right to defend.

It seems to be here so I don't know what the post is about. https://play.google.com/store/apps/details?id=org.kde.kdecon...


> I'm about to upload a version of KDE Connect to the Play Store with the SMS functionality removed.

Google removes app from the app store until you upload new version.

Not sure if you know, but for KDE Connect SMS access is part of core functionality, allowed use of the API, and author wanted to call explain it as written in [0] but there is nowhere to call.

It's all in a thread.

But are you sure it is an allowed use of the API?

According to https://support.google.com/googleplay/android-developer/answ... an allowed use of the API is "connected device companion apps that enable sending and receiving of SMS or calls".

Did KDE Connect allow sending and receiving SMS from your PC? The only thing I see in the app description is getting "notifications for incoming calls and SMS messages", which might have been insufficient.

> Did KDE Connect allow sending and receiving SMS from your PC?

This was actually one of the more recent features they were working on, afaik, yes.

That version has the SMS feature removed.

Yes but the tweet says that Google 1) completely removed the app and 2) is ignoring their calls for support. Which seems to be false.

Yes, notice that it’s several hours since the tweet. They’ve obviously been able to work around issue after issue, but the problem still exists: they are a companion app and should not have been forced to remove the SMS feature. And as far as I can tell, google is still not supporting them, so how is that false?

1) They did, until he removed core functionality and re-uploaded

2) They are, hence the removal of functionality and re-upload

>Which seems to be false


I’m unsure how what was stated is false?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact