Imagine if your car was locked to certain manufacturer-permitted destinations.

That's what our smartphones have done.

not to mention paying your car manufacture a 30% cut on anything you purchase

This surfaces in many types of discussions, including discussions where they may be prompted to defend the locked down nature of mobile devices.

I say it's just pockets. A vocal pocket. It's not everyone here. But it elicits comments justifying that stuff, which can feel surprising for those who don't share those views.

Alternatively, we've spent our lives helping our parents out. Last year my mom just got completely owned, total taken over of all her financial accounts. The most likely vector was that her phone was out of date and not receiving security patches anymore.

Luckily her bank's anti fraud systems kicked in before too much damage was done.

Prior to smart phones, many of us remember making monthly, or even weekly, trips to family members houses to remove malware and viruses from personal computers.

Things were bad.

Any evidence this was caused by "sideloading"?

It is the equivalent of restricting car use to paved roads only as a "solution" to car crashes.

  > The most likely vector was that her phone was out of date

Perhaps, as a fellow developer and a HACKER News user, you can understand that the underlying problem is the device security. Amplifying the problem is the surveillance capitalism ecosystem. Your data is valuable, to the trillion dollar companies and to hackers. Which means they need to collect that data and try to drive a fine line of giving them access but no one else. I thought we were all aware that trying to make backdoors is a foolish endeavor.

  > Prior to smart phones ... to remove malware and viruses from personal computers.

I also want to stress, the enforcement of app stores is the death of phones and general purpose computers.

What makes computers (phones included) so great is that they are an ecosystem. You can't make a product for everyone, but you can make an ecosystem that can be adapted to anyone. Without programs these things aren't very useful. We're back in the old days like with the IBMs. Just remember, it took Google and Apple years before they put a flashlight app on their phones, but it only took weeks for developers. If we wait for them to build everything we're going to wait forever and won't get half the stuff we need.

  >>> You have the right to install whatever you want on your computer, regardless of whether that computer is on your desk or in your pocket. That's a hill I'll die on

Apparently this idea that security and user control are a trade off has been sold pretty well, and it's bull shit. Nothing about a phone which isn't locked down to the user precludes all the security features you'd want on by default for your mother.

But I doubt you'll catch Apple or Google going out of their way to explain that. They're better off having you believe that the trade off is necessary, and you probably wouldn't miss the freedom anyway.

Perhaps you meant Leviathan instead of superego?

I mean, I have had instances that controlled resistance with like a manual knob, but these new devices won't let you set levels without some $30+/month subscription. It's like the planned obsolescence of the light bulb cartels of the 1920s on steroids.

Personally, I have a hard time believing markets support this kind of stuff past the first exposé. I guess when you don't have many choices or the choices that you do have all bandwagon onto oligopoly/cartel-like activity things, pretty depressing, but stable patterns can emerge.

Heck, maybe someone who knows the history of retail could inform us that it came to software "from business segment XYZ". For example, in high finance for a long-time negotiated charging prices that are a fraction of assets under management is not uncommon. Essentially a "percent tax", or in other words the metaphorical "charging Bill Gates a million dollars for a cheeseburger".

EDIT: @terminalshort elsethread is correct in his analysis that if you remove the ability to have a platform tax, the control issues will revert.

But yeah agree, this subscription thing is spreading like a cancer.

EDIT: and, shucks, @kragen beat me to it! :-)

[1] https://en.wikipedia.org/wiki/Phoebus_cartel#cite_ref-USvGE-...

This is my problem. My house has a lot of enclosed overhead light fixtures, and LEDs just do not last long in them. And renovating all of them to be more LED friendly would be quite expensive.

My Mum converted her homes down lights to LEDs over a decade ago. Hasn't lost a single one.

I moved into my current house 5 years ago, haven't lost a single one either.

I got one of these free energy audit things which included swapping out up to 30 or so bulbs with LEDs. Whatever contractor did it seems to have gotten the cheapest bulbs they could, and the majority of them have failed by 4 or 5 years later. So far so good on the name brand ones I replaced them with.

https://atx-led.com/

Whilst that's certainly true the Phoebus cartel's most negative aspect was that it was a secret organisation, its second was that it was actually a cartel. These disadvantaged both light bulb consumers and any company that wasn't a member of the cartel—a new startup company that wasn't aware of or a member of the cartel would be forced out of business by the cartel's secret unfair competition.

Without the cartel manufacturers could have competed by offering a range of bulbs based on longevity versus life depending on consumers' needs. For example, offering a full brightness/1000h type for normal use and a 70% brightness/2000h one for say in applications where bulbs were awkward to replace (such product differences could even be promoted in advertising).

Nowadays, planned obsolescence is at the heart and core of much manufacturing and manufacturers are more secretive than ever about the techniques they've adopted to achieve their idea of the ideal service lives of their products—lives that optimize profits. This is now a very sophisticated business and takes into account many factors including ensuring their competition's products do not gain a reputation for having a longer service life or better repairability than their own (still a likely corrupting factor that originally drove the formation of the Phoebus cartel).

Right, the philosophy's not changed since Phoebus but the sophistication of its implementation has increased almost beyond recognition. There's not space to detail this adequately here except to say I've some excellent examples from the manufacture of whitegoods and how production has changed over recent decades to manufacturers' advantage often to the detriment of consumers.

In short, planned obsolescence and the secrecy that surrounds it has negative and very significant consequences for both consumers and the environment. When purchasing, consumers are thus unable to make informed decisions about whether to trade off the reduced initial costs of products with a short service live against those that have increased longevity and or improved repairability. Similarly, shortlived products only add to environmental pollution, witness the enormous e-waste problem that currently exists.

As manufacturers won't willingly give up panned obsolescence or secrecy that surrounds it, one solution would be to tax products with artificially shortened service lives. In the absence of manufacturing information governments could statistically determine product tax rates based on observable service lives.

In fact, they could have chosen the latter just by wiring two lightbulb sockets in series, or in later years putting one on a dimmer.

It creates a powerful incentive to seek recurring revenue wherever possible. Since it affects things like stock prices and executives and sometimes even rank and file employees often have stock, it's an incentive throughout the organization. If something is incentivized you're going to get more of it.

In the past it was structurally hard to do this, but now that everything is online it becomes possible to put a chip in anything and make it a subscription. We are only going to see more and more of this unless either consumers balk en masse or something is done to structurally change the incentives.

Could literally replace the control software with a potentiometer (a resistor)! :)

That they've convinced everyone that this is okay, and that they've maintained regulatory capture to keep doing it, is absurd.

We need web downloads and installs on Apple and Android immediately. With no "scare walls" or deeply nested and hidden menu settings to enable it.

We need the ability to run any kind of tech, including JIT runtimes. Apple and Google shouldn't be able to tell consumers or the industry what type of computing is permissible.

Smartphones are the most important device category in the world. They're how people bank, work, navigate, shop, order, communicate, date, order food at restaurants, take photos, -- life without them is impossible.

It would be nice to see as much competition as we do with the automotive industry, but the next best thing would be to rid Apple and Google of their draconian overlording of the platforms.

Consumers do not have the expertise to articulate this or really understand what is happening to them. This requires regulators and industry professionals to push forward.

I totally agree with that. BUT:

> Splitting hairs about the origin of the term "sideload" does not change

You can't start your article by splitting hairs about the meaning of the term, and then complain that people follow down that discussion :-).

The plea Google makes against so-called "sideloading" always refers to "malware"

But how much malware has been distributed via F-Droid versus "Google Play Store"

It could be that smaller, independent "app store" might be better managed than Google's

That is essentially the assertion that we made in the prequel to this post (at https://f-droid.org/en/2025/09/29/google-developer-registrat...).

> But how much malware has been distributed via F-Droid versus "Google Play Store"

There's been only a single case of malware that we know of that has slipped into distribution on F-Droid (through a supply-chain attack on a transitive dependency), and it was caught within a day. So if we were feeling glib, we might have made the claim that "there is over 224 times as much malware on the Play Store than on F-Droid".

Because Google is suggesting that "malware" is a motivation/reason/justification for their new "sideloading" policy

It can be useful to show that Google's alleged justification is bogus

It's not about immediate safety, it's about safety in the long run.

I did make a comment in this thread about the historical usage of the term sideload, although for my purposes, I was noting a historical quirk frim a unique time in the history of the internet rather than disputing any premise in your post. It was the first and only comment at the time I posted it and I was not anticipating such an unfortunate backlash that seized on terminology for the purpose of disputing your point, or for otherwise missing your point.

But it is indeed missing the point. Requiring developer registration to install is exercising a degree of control over the software ecosystem that's fundamentally out of step with something I regard as a pretty important and fundamental ideal in how software is able to be accessed and used.

> You have the right to install whatever you want on your computer, regardless of whether that computer is on your desk or in your pocket. That's a hill I'll die on

I feel like there are some phones, I will say my honest experience, I had a xiaomi phone which required me to unlock the bootloader for me to root it/ remove the spyware that I feel it has, I never felt safe really (maybe paranoia?) but I wanted an open source operating system on it and that required me to unlock my bootloader

Which required me to create an MI Unlock / MI account which then later required me to open up a windows computer and try to do things with the windows computer

I didn't have a windows computer, I am a linux guy and I didn't want to touch windows and I tried any option available on linux (there was a java thing and some other exploit too but both failed)

Later, I tried to actually install win-boat and tried to install the mi tool in it after so many nights of work and I tried and it actually opened but it asked me for the otp to sign up but I don't know if I overwhelmed their system or not but their OTP just straight up didn't show on the phone's sim I had registered on.

That OTP not coming after 5-6 tries, I am not sure if they had detected it was win-boat or what, but idk, that effectively locks me out of ways to unlock the device and remove some spyware functionality I think it has.

I feel like this case made me feel as if although I had a device, it feels like a license when you think about it. This is true for many other consumer devices as well and thus, people accepting the fact that their devices have become similar to licenses, not hardware which they own, but rather software which they rent

> I'm dismayed to see that this sentiment is not more widespread in this of all communities.

I feel like your message is in the right heart, and its honestly okay, sad even, that some part of the community didn't respond to your message in agreement.

But Honestly, please don't lose hope because of this, You and people/foundations like f-droid,linux etc. inspire a sense of confidence for a good future while actively working on it. I was thinking of trying to host some f-droid mirror but I didn't personally because I was a little skeptical of getting any notices or anything after the f-droid team had created a blog post about something similar.

Also one thing, I would try to tell you is that you are trying your best. And that's all that matters. What doesn't matter is the past or the future or how the community responds but rather doing what you think is right with correct intentions which I think you do a perfect job in.

Doing the right thing can be difficult but maybe in a world where doing the right thing isn't rewarded as much in even mere appreciation or sharing the sentiment whereas doing the wrong thing is financially rewarded. its a complicated world we live in, but hopefully, we all can try to make it a little more beautiful for us and our future generations by trying to do things the right way no matter how hard they are, just because its the right thing.

I may speak these things but I myself regularly contradict these. So I don't feel the best guy speaking this stuff but I just want to say that f-droid really means a lot to me, a recent example is how I ditched that xiaomi phone, used my mum's old moto phone, tried to install termux from playstore but it couldn't download for some reason from play store because it was android 8 yet theoretically it should work, but I then opened up f-droid and installed it from there and I am running a termux/gitea server on it now :)

Please, have a nice day, F-droid/you deserve it, I just hope that you recognize that there are people's lives that you have touched (like my termux thing and there are countless other stories as well) and how impactful the project is.

Lets use this comment as a way to show our appreciation to f-droid in whatever ways it has touched our lives and how effectively google's recent moves are really gonna impact f-droid/ hurt us as well. How I wouldn't have been able to run git server on my phone if it wasn't for f-droid and so much more.

it's also a long run, the way things are shaping up i don't expect alternatives to become mainstream but nevertheless getting improved support over time.

if we indeed end up in a situation where there is no viable alternative then screw that, i might as well go completely off grid.

They want to punish customers for electing regulators who care about consumer protections.

This is large scale abusive boyfriend behavior, doubling down.

Anyone who defends google/Android has been heeled in fear.

It's really sad that Apple and Google (and to some extent MS though they're just behind in this race to the anti-consumer bottom) happened upon this "solution to malware" (note: not a real solution) of "OS vendor vets and controls all software." It's a lazy way, it's an ineffective way, and it has made computers - incredibly flexible, programmable devices - more like cable boxes or telephones from past decades, that you had to rent from a monopolist and had no control over.

If there's some ADB command that one can issue to install unsigned APKs for now, it's a temporary reprieve at best. Two Android versions later, the update from Google will read "Only 0.02% of users installed apps using adb, but the corresponding malware incidence rate was 873% more than the Play Store. Due to the outsized risk, we're disabling adb installations going forward"

Of course _maybe_ at some point google will also force you to submit your debug key to them. But I don't believe that's the case now.

0. Developer has valid signatures and in Google's good graces, and application hasn't been installed on more than 16 devices

1. Oh, you CI/CD signing infra won't let you? You better fix your workflows to match the Google way.

This is so far from a realistic and acceptable substitute that I question the honesty of anyone who claims that "adb will still work, so no problem!"

I hope that explains my seemingly critical omission.

If I recall correctly (I might be wrong, because this was 10+ years ago), but Apple did exactly this when the iPhone was first released. When the iPhone first came out, Apple released its XCode devtools for free, including an iOS emulator that you could use to test your iPhone app. But you had to pay a $99 USD per year "developer program" free in order to use the devtools to test the app on your physical device.

If Google is also blocking preventing you from loading your own software onto your own phone with adb unless you pay a free, then this would be a very important thing to call out explicitly.

The adb workaround for Android is essentially on par with being able to use Xcode's tooling to install apps on an iPhone: technically possible without paying a fee, but enough friction that no one would seriously consider as an alternative solution for publishing their apps to a general audience.

The Apple situation is still significantly worse than ADB, because (at least without a paid-for developer account) AFAIK you're limited to a certain number of in-development app that you can install simultaneously and you definitely need to reinstall them every few days. ADB currently has no such restrictions.

Note: Apple restricts apps uploaded with Xcode, (depending on how it is signed I believe) to 7 days or 1 year. adb currently doesn't have this limit.

But what if they find that somebody made 'sideloading' 'too easy' again. E.g. somebody could come up with the idea of running adb or an adb emulator on another phone, or even a small hardware dongle, integrating it with a pretty UI that looks like a regular app shop. Then their currently proposed new rule would become ineffective and due to whatever thought process they arrived at their current conclusion, could place similar limits on adb.

That idea already exists and is called Shizuku. You don't even need another phone, because ADB also has a mode for wireless debugging via the network, so you can just use that to locally connect to the ADB daemon running on your own phone.

I believe f-droid strives to be a simple platform of from-source builds for non-Googled apps that anyone can use.

You will continue to be able to build and run an app even if your identity is not verified. Android Studio is unaffected because deployments performed with adb, which Android Studio uses behind the scenes to push builds to devices, is unaffected. You can continue to develop, debug, and test your app locally by deploying to both emulators and physical devices, just as you do now.

If you see a loophole in the clear argument they're making there, I'd love to know. I don't see any obvious ones.

This is what they say in the quote this article is about:

"Does this mean sideloading is going away on Android?

Absolutely not. Sideloading is fundamental to Android and it is not going away. Our new developer identity requirements are designed to protect users and developers from bad actors, not to limit choice. We want to make sure that if you download an app, it’s truly from the developer it claims to be published from, regardless of where you get the app. Verified developers will have the same freedom to distribute their apps directly to users through sideloading or through any app store they prefer."

In this paragraph they don't mention ABD at all similar to how in your paragraph they don't mention sideloading.

As far as I now, historically, "sideloading" has always meant "installing from some mechanism other than the Play Store", and everyone has been referring to adb-based installations as "sideloading" as long as I can remember (example [1]). If Google or others don't call using adb sideloading, then I have no idea what they would call it, and I'm thoroughly confused.

[1] https://www.xda-developers.com/how-to-sideload-apps-android-...

Unless any government powerful enough has reason to make Google reject developers. Hell, doesn't even have to be a government. Do anything that annoys Google, goodbye rights for your app to be installed on any Android. Why would you ignore the obvious and main caveat? It doesn't matter what store it "continues to work on". Google can revoke privileges overnight with little to no recourse for the developer, regardless of the merit of such action, the usefulness of the app, or how much people want/need that app. This is literally heading in the direction of Kafkaesque.

No, it will not. Nothing will install an application without a Google approved signature on it. They will remove ad blocks from your Android and you will like it. "The beatings will continue until morale improves" sort of behavior.

I'm hopeful that the mystery OEM that GrapheneOS is targeting is in fact Sony Xperia. If it isn't, I'm just going to stop carrying a smartphone when all my installed apps stop working on it.

How do you interpret this then:

>> You will continue to be able to build and run an app even if your identity is not verified. Android Studio is unaffected because deployments performed with adb, which Android Studio uses behind the scenes to push builds to devices, is unaffected. You can continue to develop, debug, and test your app locally by deploying to both emulators and physical devices, just as you do now.

Isn't that the opposite of what you wrote? What am I missing?

>Lando: But that wasn't our deal!

>Vader: I have modified our deal. Pray I do not modify it further.

I too am flabbergasted at the utter lack of integrity some show and vocally proclaim in this of all places… corporate shills every last of them.

No morals can be expected from publically traded companies. Finding a "PR firm" willing to do the lowly dirty job of going on HackerNews, MacRumors or wherever people are and blatantly lie and make stuff up shouldn't be too hard either, I can imagine.

.. A grateful F-Droid supporter and user.

How much does it cost to build a barebones phone that (A) runs tuxracer and (B) makes phone calls? Librem: almost as much as an iPhone. PinePhone: You have to travel to the moon to find one for sale. FLX1: Not for sale yet (so PinePhone 2.0)

Maybe when I can buy a $100 barebones board that I can hook some AA batteries up to and make calls, and develop a little flappy bird clone, people will take notice of the market. As long as every Linux phone is some dude with too much money in his pocket thinking he'll make the next Android, it's not going anywhere. Even with tech nerds.

Did it "win" more of some metric of perfusion / capital versus the other big two? Perhaps some, mostly not. Who cares. The market is dumb.

What matters here is whether the capability exists at all. When it comes to phones, I'm still leery about linux. Support isn't quite wide enough and for a device that I need 110% reliability out of we ain't there yet.

I do know one thing - the effects of closed ecosystems that caused 99.99999% of servers to use linux, will eventually come for interface hardware. Companies have periodic bouts of psychosis that make their walled gardens inherently unreliable. It's just a whole lot slower in a realm that doesn't iterate at web-speed. Will that mean everybody uses linux phones in the future? Of course not. But I do hope it will mean I get to put my own phone together with an OS I own, someday. That would be an unequivocal good.

It was ported[0] by enthusiasts to literary almost every Android phone. I have it on my $100 Xiaomi.

[0] https://xdaforums.com/tags/google-camera/

> Google’s message that “Sideloading is Not Going Away” is clear, concise, and false

Given your(and my) definition, this statement is false. Google isn't taking away sideloading, you can still use adb. I'd say using adb to load an apk from another device is the proper use of "sideloading".

What Google is doing is much worse, they are taking away your ability to _install_ software.

And yes, HN loves splitting hairs. But if it wasn't for the hairsplitting, there probably would be be much discussion. Just most people agreeing with you and a few folks who would prefer to give up freedom for security.

  > and "installing" doesn't work because that doesn't distinguish from installing from the Play Store

You have defined installing to be specifically from play store and sideloading as everything except it.

Google isn't trying to prevent installing, just sideloading works in this sentence because of what you have already defined but you are using this sentence in defense of that....

As OP stated, installing can mean on debian as an example, installing from both apt or either tarballs. Both are valid installations

So it is the same for google/android as well yet google is trying to actively prevent one part of the installing or make it really extremely hard to do so.

It is a dangerous precedent. And I would say that it severely limits what you mean by installing.

I got an PC, and I got internet connection, usually it isn't trying to prevent what I install if I am on linux.

Yet I am on android and earlier it used to do the same but now its a slippery slope where it either requires me to use adb or keep another device at me at all times if I ever want to install software on it.

Not because its not that these phones can't do it, In fact that they already do but they are removing it, simply because they can.

It's a very dangerous precedent, but one that's difficult to discuss without having a name for the kind of installing that Google is trying to prevent.

If one limited the ability to "install from Play store", while keeping the ability to "sideload", would you say it's fair to say "installing is restricted"?

I feel like you are having this discussion in good faith which is really nice but I just feel like saying that google is oppressing other open source appstores or just using the word installing and later clarifying can make the people feel about how dangerous it really is.

Let me be really clear. If Google can prevent sideloading and the only feasable way for 99% users is their play store which uses their policy terms which can be ever changing, chances are, that they can also prevent people from downloading your app, and can remove your app etc. as well so they can very definitely prevent installing in general as well

The only escape hatch is maybe adb but please, for the 99% of use cases, I doubt how many people would operate a computer open up the terminal and try to use adb or other scenarios, but in all ways, I think that speaking of it as an installing itself isn't so bad after all.

If Google can genuinely go ahead and do this, it would definitely prevent installation of certain app in and in of itself because play store is also controlled by google and they can also remove/prevent apps installs from there too.

I would still recommend to you / the community to say it as an installation as earlier I was also used to saying sideloading but it was only while writing this comment when I realized of how google can actually prevent installation from play store as well since they own it, its an effective lock/restriction in installation itself for all purposes.

Have a nice day.

Because the Play Store is a proprietary ecosystem that's being often used as a political tool.

If Google starts to ban alternative stores then Android will fragment and much of the world will move to Chinese alternative OS's.

Sure, but they effectively do even if they're not trying to. It comes off like you're up to no good or doing something dangerous. Like GP said: deviant.

What specific acts are referring to? Is it just their recent plans to restrict sideloading? This feels circular. "Google is evil because they're trying to restrict sideloading. They're also extra evil because trying to demonize sideloading. How? By restricting sideloading!"

>It comes off like you're up to no good or doing something dangerous. Like GP said: deviant.

Yes, but only insofar as if you're not taking the primary route, you're taking the "side" route. Or you're "deviating" from the intended route. None of that actually implies you're a "deviant" for doing so, any more than a driver taking side streets to shave 30s is a "deviant".

No, it made all the pro-sideloading people (for lack of a better term) find any reason to hate google even more, including flimsy arguments about how "sidleoad" is some sort of sinister psyop. I still haven't seen any evidence to suggest "sideload" has any negative connotations to the average "normie", beyond its meaning of "install from third party source"[1]. All I've seen are endless speculation that it's a google psyop in techie/hacker[2] circles, like this post.

[1] see also: https://news.ycombinator.com/item?id=45738997

[2] as in "hacker" news

https://www.apple.com/tr/privacy/docs/Building_a_Trusted_Eco...

> Lots of people SAY "sideload"

It's almost like you didn't read the post

Phones get a lot of attention in this regard because they've replaced a large amount of PC usage, so locking them down has the effect of substantially reducing computing freedom.

> I'd say that if you figure out how to run software of your choice on them the manufacturer shouldn't be able to legally stop you.

That's already the case. The manufacturer can't come after you for anything you do to your device. They can:

1. Set up their terms of service so that things you do to alter the device are grounds for blocking your access to cloud/connected services that they host on their infrastructure

2. Attempt to make it difficult to run software of your choice.

3. Use legal means to combat specific methods of redistributing tools to other people that compromise things they do in number 2.

For all intents and purposes, a laptop computer and a smart phone are one. This is, for example, evidenced by the fact we run general purpose "applications" on them (not defined ahead of time), including a most general app of them all (a web browser).

For other device types you bring up, I would go with a very similar distinction: when you can run an open ended app platform like a browser, why not be able to install non-browser based applications as well? Why require going through a vendor to do that?

I'm not saying I dislike the concept of being able to run my own code on my devices. I love it. I do it on several devices, some of which involve circumventing manufacturer restrictions or controls.

I just don't think that because manufacturers started using the same chips in phones as computers, they magically had new requirements applied to them. Phones had app stores before they were built using the same chips. My watch lets me install apps from an app store.

Legislation like EU Cybersecurity Act hopefully pushes things into more of a fundamental rights thing by demanding that devices don't go into the trash pile as soon as the vendor stops issuing security updates by mandating an ability to keep operating these devices without negatively affecting Internet at large (by, for example, becoming a part of a botnet).

This is already possible with many general compute devices by putting a version of up-to-date GNU/Linux or FreeBSD or... on it. And for a smaller subset of GC smartphones, with AOSP-based Android.

I am not sure if you are disagreeing with me or ignoring my point :)

I'm asking why taking a device that uses a microcontroller and making a new model with an ARM chipset and a Linux-based OS seems to suddenly make people treat the ability to install custom software on it as a fundamental right.

Then consoles started shipping with recognizable internals, and we had waves of people very frustrated at things like Sony's removal of OtherOS, or Nintendo's attempts to squash the exploits that enabled Wii Homebrew.

Likewise, I'd be fine with banking apps on phones requiring some level of trust, but it shouldn't affect how the rest of my phone works so drastically.

Similarly, the banking app on your phone should be representing your interests, 100%. It may need to keep secrets, such as a private transaction signing key, from your bank or from your boyfriend, but not from you. And it definitely should not be collecting information on your phone against your will or without your knowledge. But that is currently common practice.

My washing machine could be programmed to do all of those things you're worried about without any writeable memory. Why does the parts the manufacturer puts into it turn it from an appliance that washes my clothes to a computer that I have a right to install custom code on?

Maybe in theory your washing machine could be programmed to do those things without writable program memory. Like, if you fabricated custom large ROM chips with the malicious code? And custom Harvard-architecture microcontrollers with separate off-chip program and data buses? But then the functionality would be in theory detectable at purchase time (unlike, for example, Samsung's new advertising functionality: https://news.ycombinator.com/item?id=45737338) and you could avoid it by buying an older model that didn't have the malicious code. This would greatly reduce the maker's incentives to incorporate such features, even if it were possible. In practice, I don't think you could implement those features at all without writable program memory, even with the custom silicon designs I've posited here.

If you insist that manufacturers must not prevent owners from changing the code on their devices, you're insisting that they must not use any ROM, for any purpose, including things like the PLA that the 6502 used to decode instructions. It's far more viable, and probably sufficient, to insist that owners must be able to change any code on their devices that manufacturers could change.

I don't think this is so much a question of sources & corroboration as it is of language.

Regardless of the origins of the term "sideload", the language implies a non-standard practice. The prefix "side-" may be used in some software contexts to describe normal, non-deviant software, but only in cases where the software in question is considered auxiliary. In general, anything described as "side-*" is connoted to be surplus / additional / non-primary at best - adding that to the term "load" & the loading action itself is surplus/additional/non-primary. It's automatically considered non-standard.

> those devices don't have first party stores

This only supports the argument. If somebody felt an alternative term was required on Android because the first-party store was the primary source of software, the only reason they could have for needing such an alternative term would be to explicitly differentiate that alternative source as unofficial/non-standard.

Because it is non-standard. Like it or not, the intended experience is that you get apps from the play/app store, and for most people that's exactly what they do. This is a descriptive statement, not a normative one. Accepting it doesn't imply you oppose the freedom to run whatever code you want. The language of "sideload" or whatever is directly downstream of this. Just because google is using language that reflects the current state of affairs, doesn't mean they're engaging in some sort of sinister psyop with their word choice, as the OP is trying to imply.

It's both. It's not like "sideloading" is a part of natural language that just happened to evolve this way to describe the practice. The terminology was consciously chosen by the same people who designed the OS to describe it. The people who argue against using this term aren't doing it in some accusatory way, like "you use this term, therefore you're an evil brainwashed minion of the enemy", but rather by using language to not set up their argument on the enemy's terms, no matter how insignificant.

It's like how "jaywalking/jay walking" was popularized - the term itself was pretty crass for the time, the word "jay" conjuring thoughts of some kind of drooling, unintelligent yokel. Back when car infrastructure was still in its infancy, how would you argue that cars shouldn't dominate all streets and cities when the government- and industry-approved name for your action was literally "stupid walking"?

That makes sense because as you said, "the word "jay" conjuring thoughts of some kind of drooling, unintelligent yokel". The same can't be said for "side", aside from vague accusations that it's not "official" therefore normies think it's bad, but I can't see how you can get away from that accusation without using meaningless phrases like "type 2 install" or whatever (though I'm certain that would get similar amounts of ire for being "second class citizens" or whatever).

Once again, this is the point.

> it doesn't imply you oppose the freedom to run whatever code you want

But it does.

Let's first look at what's good about "intended experience" & possible legitimate reasons to have a differentiation between "vendor-approved" 3rd-party apps & non-"vendor-approved" 3rd-party apps.

The connotation of an "intended experience" is that the experience is supported by the OS vendor. If you have issues with your experience, these are issues that can be reported & the OS vendor will endeavor to fix. Leaving aside the fact that Google has no user support to speak of, even if they did, this isn't something they would every offer for 3rd-party Play Store apps regardless. So 3rd-party Play Store apps are not doing anything for users to provide them with an "intended experience" that isn't equally available sideloading.

The only other legitimate reason to have a differentiation would be to ensure the user doesn't install malware. Play Protect currently does this with sideloaded apps, so once again there is no difference in the "intended experience" from the user's perspective.

If there are no legitimate reasons to differentiate the experiences, the only reasonable conclusion remaining is that they're differentiates to dissuade user freedom.

It's pretty obvious that they think the distinction is worth having because they can vet apps they signed, rather than random apks from the internet. You might think that's a flimsy justification, but that's not a reason to reject such a distinction exists at all.

>The only other legitimate reason to have a differentiation would be to ensure the user doesn't install malware. Play Protect currently does this with sideloaded apps, so once again there is no difference in the "intended experience" from the user's perspective.

That's purely reactive (you can't scan for stuff that you don't know about), and doesn't ensure identity validation. Again, you can argue how good those reasons are, but there's at least a plausible justification for it.

>The connotation of an "intended experience" is that the experience is supported by the OS vendor. If you have issues with your experience, these are issues that can be reported & the OS vendor will endeavor to fix.

When was the last time anyone got "support" for Android/iOS from Google/Apple? At best you have random forums that google/apple staff check once in a blue moon, if you're lucky.

This is an assumption made in exceptionally generous good faith. It's certainly possible, but I would argue this is far from obvious, & there's enough circumstantial evidence to support this being completely untrue.

Sure, Google can vet apps they sign. Whether having this ability is their primary motivation for having a distinction (or whether they will actually vet apps they sign) is a very different question.

Aren't those all considered first party apps? Sure, debian aren't the authors of nginx or whatever, but they're the people building, packaging it, and adding patches for it. It's a stretch to compare them to the play store or app store.

For one, it doesn't contain non-free software, and therefore can't be the primary source of software. Maybe you're a Stallman acolyte who only runs free software, but that's not feasible for the average user.

The average Ubuntu user doesn't even have those one or two non-free programs. After all, Autodesk doesn't provide a version of AutoCAD for Linux in the first place.

    sudo apt install vrms

No surprises on my system except for the firmware-intel-* packages. I thought those were free software? Must be binary blobs.

Calling all software installed through apt "first party" is a wild stretch, since you can apply the same logic to git, wget, or a web browser. For instance, it would probably be correct to say that most Windows software is downloaded and installed through Chrome, but nobody in their right mind would claim Google owns the largest first party store for Windows.

Android has an APK installer built in. Opening an APK file launches the installer and installs the application, just like opening an MSI file on Windows launches built-in Microsoft Installer and installs the application.

Google have gradually added impediments to this over this years, such as a requirement to toggle a checkbox in the settings to enable installation, and later some prompts about letting Google scan the package, but calling the system's built-in application installation mechanism "not primary" is absurd.

So you're arguing that because play store installs and random .apk installs both goes through packageinstaller, the concept of a "primary" install method doesn't exist?

If we're using "primary" to mean something like "most popular", then I don't see how the term "sideloading" would make any sense to describe "not primary". Are we side-commenting here, and side-submitting HTTP requests, because we're not posting to Facebook, the primary website?

And even when people install software on their user's home only, we don't call it anything different.

It's correct to say that "sideloading" was created to emphasize it's a deviant activity. I believe it was created by the people doing it, when they discovered hacks that enabled them. But I wouldn't be too surprised it was created by the companies trying to prohibit software installation.

>And even when people install software on their user's home only, we don't call it anything different.

But even on Android the word used is "install". When you try to install an apk, the button says "install", not "sideload". "Sideload" is only used in the context of google's blog post, where it's there to differentiate between installs from first party sources vs others. This is an important distinction to capture, because their new restrictions only apply to the latter, so something like "installing isn't going way" wouldn't make sense. "sideload" captures this distinction, and is far more concise than something "installing from third party sources". Moreover this sort of word policing reeks of ingroup purity tests from the culture wars, eg. "autistic vs person with autism" or whatever.

If you find yourself making a statement only to immediately contradict it, consider whether or not that statement is worth making at all.