Freedroidwarn
Posted4 months agoActive4 months ago
github.comTechstoryHigh profile
heatednegative
Debate
80/100
AndroidGooglePrivacyOpen-Source
Key topics
Android
Google
Privacy
Open-Source
The FreeDroidWarn library alerts users that their Android device will stop working due to Google's new policies, sparking a heated discussion about Android's freedom and Google's control.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
1h
Peak period
151
Day 1
Avg / period
53.3
Comment distribution160 data points
Loading chart...
Based on 160 loaded comments
Key moments
- 01Story posted
Sep 1, 2025 at 11:01 PM EDT
4 months ago
Step 01 - 02First comment
Sep 2, 2025 at 12:04 AM EDT
1h after posting
Step 02 - 03Peak activity
151 comments in Day 1
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 13, 2025 at 12:58 AM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45098722Type: storyLast synced: 11/20/2025, 8:18:36 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
https://github.com/woheller69/FreeDroidWarn/blob/master/libr...
I don't think this meets the bar for copyrightable code. Copyright protects creative expression. Displaying a single dialogue does not take creative expression, and pretty much any developer given the task would produce code identical to this.
Also you're misquoting. The license is GPL-3, not AGPL.
Something that is too small to be considered creative should be a documented example you copy and adopt into your app, not a dependency.
The only exceptions to this are things like "A dependency that contains all unicode planes and categorizes characters", which isn't creative, but is useful and too large to copy-paste, and also updates over time.
Or the timezone database file, another case of something that should be "public domain" knowledge (uncopyrightable), but makes sense as a dependency.
This is not that sort of thing.
That I doubt; it seems more like it's deliberately large and complex enough to be copyrightable, because otherwise it wouldn't be.
This easily meets thresholds for creative work. The basic concept is nigh-trivial, but the concrete implementation is still creative.
1. doxx yourself of they kill your account
2. re-build every app with pointless newer api version literally every year or it gets taken down.
3. Push an update or a new app or they kill your account.
..
My guess is enshittification, some random exec is trying to save a few pennies in server and storage costs.
..
I'd also say that google makes so much money from ads and data-brokering that everything else they do is not vital for their survival and thus undergoes a sort of "genetic drift" where they just make random decisions.
Combat abuse. I don't think this is a solvable problem, so obviously this won't be a silver bullet. But maybe will it impose more cost on the abusers creating a nicer app store experience for everyone. Or maybe this only imposes cost on the honest ones? I don't know how much validation they do.
> 2. re-build every app with pointless newer api version literally every year or it gets taken down.
Fix vulns. This also gets rid of abandoned apps. It also probably provides an "opportunity" for the dev to agree to new T&C.
> 3. Push an update or a new app or they kill your account.
This one seems shakier to me, but it might feed into an effort to get rid of abandoned apps. But I disagree with this being healthy for the ecosystem, if that's actually the reason.
I'm not trying to defend google, but from working in FAANG, some of this is obvious. None of these things save a significant amount of server or storage costs. Some of it is clearly anti-abuse and efforts to defend themselves from the constant stream of crap that tries to make its way into the app store.
> everything else they do
Google isn't like some dude (sundar) making decisions. It's a bunch of millionaires and billionaires making decisions. There's some high level guidance, but the difference between different divisions is 100% based on who's running that particular show.
When an app works but keeps getting updated, that means the enshittification is starting. How else do you extract money out of a completed app?
Thats okay, they jumped the shark when the imperative for ads took over.
Why not? Freedom isn't a given --- you need to fight for it.
A society which value freedom should of course give a lot of it to its citizen, and expect them to defend and improve it for everyone.
A society where freedom is never a given, is not going to foster much of it.
If you would factory-reset your device right now, it would reset to the version of Play Services that came with the installed device firmware, but upon startup the services framework would likely fetch information that it is outdated and won't continue until you have upgraded it.
In this state you could probably use your device and sideload apps, but none of the Google Mobile Services (Play Store, Gmail, Maps, YouTube,...) and 3rd party apps which require Google APIs will work
If you want to know if your Banking App is compatible: https://privsec.dev/posts/android/banking-applications-compa...
https://shop.fairphone.com/the-fairphone-gen-6-e-operating-s...
How much MB (kb?) does this dependency add to apk?
EDIT: The AAR file is 26KB: https://jitpack.io/com/github/woheller69/FreeDroidWarn/V1.3/... But most of it looks to be from R.txt and I think that file gets deduped/compressed during app packaging?
But we don't have anything like FF as an alternative to go from Android. Especially considering banks require "certified OS".
https://grapheneos.org/releases
(Pixels only)
Go for Calyx or any other android distro, they have zero difficulties in supporting more devices.
It's not our fault that the only other devices providing the security features we need don't allow GrapheneOS to be installed or to use those features. Massively lowering our standards and using low security hardware missing the basics we depend on and have built major protections around wouldn't make sense. It's not what GrapheneOS exists to provide. People can use LineageOS if they don't have the same priorities we do.
Personally, I wish there was an open/libre device on the market that GrapheneOS could target.
You mean, Pinephone and Librem 5?
Also: Android. If I didn't need Android/iOS apps, I'd be using a Nokia 3210.
> Also: Android
Waydroid can run Android apps.
Waydroid has a very outdated fork of Android with the privacy/security model largely disabled. It has poor Android app compatibility. The apps are no longer isolated from each other and the kernel is far less protected from them.
The last cellbrite leaks show it as more secure against attacks from le than the current iphones, and that's more important to me than abandoning google hardware.
https://github.com/chenxiaolong/avbroot/issues/299
We previously tried to work with a much smaller company which was a startup and ended up going bankrupt. The current partnership with an OEM is a new thing entirely separate from that and it's not a small company or startup.
Our requirements are listed at https://grapheneos.org/faq#future-devices. The devices we're working on with this OEM will meet these requirements and provide an alternative to Pixels for GrapheneOS. They may not initially be quite on the same security level as Pixels, but they will provide what's listed there and can get better from there.
So many apps even refuse to be installed on older versions of iOS/Android.
That's because they see older versions of Android decrease in usage so they think it's fine to lock them out and potentially lose customers[1], but they're not going to do that to the majority of them.
If the majority stops falling for the propaganda and "upgrading" to a worse experience, other businesses will follow.
[1] I have told businesses that changes to their site have made me no longer want to do business with them, and seen responses ranging from complete dismissal to quick reversion.
Kicking banks off the internet/apps would make Android and Apple less cushy.
Here's my attempt at future history: Firstly they'll require you to prove your current location, to ensure that the request isn't made by a remote hacker; they'll do this by integrating their own cellular modem, as well as scanning local wi-fi networks. Then, at a second phase, they'll integrate a camera and microphone to perform a face identification, asking you to speak out a particular phrase while performing a particular motion. At the start they'll only require you to turn the mic and camera on during active usage, but eventually they'll say that these have to stay on continuously so that they can ensure that the device wasn't tempered with. And if we aren't careful, we'll accept every single small added requirement, until we're boiled alive.
However, if it sits at home in a drawer, it can keep its camera on all it likes, transmitting images of darkness, and tell the bank repeatedly where your home address is, and sometimes (when in use) confirm what your face looks like. Not a privacy issue I think?
Probably it would become expected that you carry the thing around and it replaces cash and cards, but that seems to me to be the crucial step if it's going to have meaningful potential for spying.
It's not relinquishing control, but separation of concerns for hardware.
Bank should manage their hardware, not your hardware.
Okay, I guess more to the point, I don't want the banking app forcing the OS that I use. They can provide their own damn hardware!
The devices will cost "a reasonable amount" and have GPS tracking "for your safety".
Those devices have no network, no connectity, no gps, and no interface besides a tiny 7-segment lcd display and some 0-9 buttons for pincode entry.
Cash is positioned as suspicious. In 10 years, it might very well be illegal.
Know Your Customer is acceptable. Nanny Your Customer is not.
There's also systems like PaySafeCard, which is accepted by Steam.
That sounds... fine? Like... there are actually alternatives. Sure, if their plan is to phase out those alternatives, then that's bad, but... the current situation seems fine?
Now the phone is running stock firmware from 2020, with Android security patches from 2020, and with numerous publicly known vulnerabilities. The banks work fine, Google Pay works fine, every Play Integrity check passes, even the strongest one (device integrity).
The only reason I see for it being implemented this way is not to lock the bad guys out from your phone, but to prevent you from doing anything to the banking applications, even through it is still possible through said vulnerabilities.
One of said banks also refuses to run if it detects remote assistance clients on your phone (like TeamViewer), or even Discord, because apparently these were used in scams over the past few years, and we need to protect even the stupidest at the expense of everyone else. How did we come to this "future"? The worst days of desktop Windows weren't even remotely close to this nonsense.
Nobody's willing to pay for it, so only Google, who have to do this for a bunch of other reasons, actually does it.
On the contrary, governments are imposing other restrictions on OS'es (like EU Chat directive), as well as making more and more critical government functions (like eID, and the various equivalents, and the banks) that can never work without OS certification, are utterly dependent on the App stores (it requires the ability to replace apps on user's devices without being detected), and thereby driving people deeper into Google and Apple's arms. Despite the fact that this makes the EU totally dependent on yet another US company, making this stupid. And, of course, it makes securing anyone in the EU against US spying an exercise in futility.
But it saves a little bit of money now, and gives the US, ie. Trump, yet another loaded gun aimed at the head of the EU economy. What could possibly go wrong?
Sell your airbus stock.
It's also Deep Web, not Open Web.
Furthermore, it's US-based, with an unknown amount of Tencent backing, going back to before even its creation.
Rooted. Usually with unlocked bootloader. Safe.
Also phones on Android 9 unpatched since 2009. Etc.
:)
business account can request such devices so if any malicious people cant withdraw funds without pressing a same combination in all devices (there are multiple devices) so there is no rogue employee
sorry, we can't do anything for you then
BankID in Sweden and similar in other European countries.
The last one applies in my country. You can of course go to the bank branch for every little financial operation, which is bad enough by itself for us living in cities, but is practically impossible for my relatives in the rural area, who would have to drive 100 km to the nearest bank branch, and then back just to move some money between two accounts.
Even if you don't care for anyone else but your country, it will come to you also, I promise.
Forcing you to use foreign megacorps for essential services should be illegal if not already.
The only realistic thing left for me is moaning about it on the ole 'net and hoping (probably in vain) that this disease doesn't spread further to other countries. Western democracies are already in the process of copying several bad ideas we implemented 10+ years ago (and China more than 20 years ago), I don't see a reason why this also wouldn't be ported over.
And the digital sovereignty argument doesn't really work, one of the banks uses its own payment system — mostly copied from Chinese AliPay — and it's the most popular one here. Zero dependence on "the West" other than the phones themselves, where they think they have an alternative in Huawei and friends, and you're gonna have to depend on someone in any case, even just for internet infrastructure, or even cash printing machines.
A smartphone today is the most essential and private thing you have. This is as far from "zero dependence" as you can get.
> they think they have an alternative in Huawei and friends
Do Huawei phones work for banking in your country? If yes, does it mean, Google Play / integrity isn't necessary?
> Forcing you to use foreign megacorps for essential services should be illegal if not already.
The only two major mobile operating systems are developed by American companies. The two most popular global payment processors are maintained by American companies. The hardware is jointly developed by a bunch of countries, basically all of them in North America and Western Europe.
If one brings up digital sovereignty, should I think not of "the West", but of Tokelau, South Africa, or Brazil?
CBDCs solve this in theory, but the government would add the requirement back just for funsies.
I can't see them changing this in the foreseeable future, major parts of their userbase run the cheapest phones one can buy, and they're much more interested in as much data as possible, so near 100% device coverage has to be important for them.
They even have Linux versions:
https://aur.archlinux.org/packages/warsaw
https://aur.archlinux.org/packages/warsaw-bin
Who even knows what this malware does? I sure as hell don't want to find out.
For the bank, things like "fraud prevention" override literally everything. There is no limit they wouldn't cross and there is no freedom they wouldn't trample in the pursuit of their goals.
So, like, legislate it?
Prior art exists on this point.
162 more comments available on Hacker News